Archive for the Encryption Category

Checking MD5 checksums

Posted October 23, 2009 at 4:17 pm in Encryption | No Comments

Message Digest 5, or MD5, was created by Ronald Rivest in 1991 to replace his previous version, MD4, which was deemed insecure after the results of cryptanalytic work by Bert den Boer and Antoon Bosselaers showed MD4 weaknesses. Interestingly enough, MD4 is the algorithm behind the computation of NT-hash password digests on Microsoft Windows NT, XP and Vista.

MD5 is a cryptographic hash function that takes an arbitrary block of data and returns a bit string of a fixed size commonly called the hash value or the message digest. Think of a hash like a digital fingerprint. MD5 produces a 128-bit message digest that is represented in 32-bit hexadecimal format. The basic operation of a hash function takes a message (input data) and encodes it using a series of rounds where algorithms modify the data to produce a hash value (bit string).

Recent MD5 flaws have been disclosed and as a result of these disclosures, US-CERT has stated that MD5 “should be considered cryptographically broken and unsuitable for further use”. As a result of these flaws, U.S. government applications will be required to move to the SHA-2 family of hash functions by 2010. Another interesting side note: the U.S. National Institute of Standards and Technology (NIST) held an open competition to find a new hash function capable of replacing SHA-2. This new hash function will be called SHA-3 and is expected to become a Federal Information Processing Standard (FIPS) sometime around 2012.

Continue reading..

GWEBS MailCloak secures your webmail for free

Posted June 13, 2009 at 11:25 am in Encryption | No Comments

GWEBSWe looked at securing your email yesterday using PGP but what if you use a web-based email provider such as Google, Yahoo!, or Windows Live? The PGP method is great for securing your email client but won’t help you much when you’re using webmail. So how can we encrypt and digitally sign our webmail for free? By using GWEBS MailCloak, that’s how.

Why would you want to do this? You never know who may be eavesdropping and reading your email. Many webmail providers also store and index every email message their systems create, send, receive, pass along, etc. This is a problem because this index can be searched by users as well as Internet Service Providers. I’m not going to list all of the reasons why this is a bad idea but let’s put it this way: why give the webmail providers this kind of power, often without any accountability to its users, when you can secure your email easily and for free?

MailCloak is a great solution for people who use laptops to check their Gmail or Yahoo! mail on the go. It gets even better if you use Firefox. With Firefox you can install the GWEBS MailCloak plugin in about 5 seconds and set up your keypair in another 5 seconds. Before you try this, make sure your webmail provider is supported first by checking out the list of supported mail systems.

Continue reading..

Secure your email using PGP

Posted June 12, 2009 at 2:43 pm in Encryption | 1 Comment

Odds are you check your email at least once every day. But who else might be checking your email as well? If your email isn’t secured then the answer is, anyone and everyone. Email allows us to communicate personal, corporate, and possibly sensitive classified messages. You can bet that classified messages undergo quite a bit of protection. Why shouldn’t you be able to secure your messages, too?

With PGP securing your email is easy and transparent. PGP, created by Philip Zimmermann in 1991, stands Pretty Good Privacy. PGP is used for signing, encrypting and decrypting emails to increase the security of email communications. That seems straightforward enough but how does PGP work?

PGP Proxy

PGP acts as a messaging proxy that resides between your email client and your email server.

Continue reading..

Page 1 of 212