<HTML><HEAD><TITLE>Black Sun Research Facility Tutorials - Encryption and Authentication</TITLE>

<META http-equiv=Content-Type content="text/html; charset=windows-1252">

<STYLE type=text/css>A:active {

	TEXT-DECORATION: none

}

A:hover {

	COLOR: #ffffff; TEXT-DECORATION: none

}

A:link {

	TEXT-DECORATION: none

}

A:visited {

	TEXT-DECORATION: none

}

.small {

	FONT-WEIGHT: bold; FONT-SIZE: 9pt; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif

}

.small_uppercase {

	FONT-SIZE: 9pt; COLOR: #999999; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif

}

TD {

	FONT-SIZE: 9pt; COLOR: #aeaeae; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif

}

.7_ver_b_white {

	FONT-WEIGHT: bold; FONT-SIZE: 8pt; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif

}



.white {

	FONT-WEIGHT: bold; FONT-SIZE: 8pt; COLOR: #ffffff; FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif

}

</STYLE>



<META content="MSHTML 6.00.2600.0" name=GENERATOR></HEAD>

<BODY text=#a7a7a7 vLink=#ff9900 aLink=#ffcc00 link=#ff9900 bgColor=#000000 

leftMargin=0 topMargin=0 marginheight="0" marginwidth="0">

<BR><BR><PRE><FONT color=red>

              _________________

             /_               /\  

              \/  _______    /  \

              /  /      /   /   /

             /  /______/   /   /

            /           __/   /

           /  _______   \  __/

          /  /      /   /  \

         /  /______/   /   / 

       _/             /   /      

      /______________/   /       BLACK SUN RESEARCH FACILITY

      \              \  /      	   <A href="http://blacksun.box.sk/">http://blacksun.box.sk/</A>

       \______________\/





</FONT>





ENCRYPTION AND AUTHENTICATION

=================================================







   WRITTEN BY                 [ <A href="mailto:cos125@hotmail.com">cos125@hotmail.com</A>                :E-MAIL    ]      

           <A href="mailto:cos125@hotmail.com">BINARY RAPE</A>        [ 114603188                         :ICQ#      ]      

                              [ <A href="http://blacksun.box.sk/">http://blacksun.box.sk/</A>           :TURORIALS ]      











CONTENTS

=======================================



1.  Introduction.

2.  Key Systems.



    2.1 Symmetric Key

    2.2 Public Key



3.  Digital Certificates.

4.  Hash Algorithms.

5.  Authentication.

   

    5.1 Usernames and Passwords

    5.2 Passcards

    5.3 Digital Signatures

    5.4 Checksum



6.  Biometrics.

7.  Steganography.

8.  Last Words.









____________________________________________________________________________________________







1.0 INTRODUCTION

=======================================



In recent times privacy and security has become increasingly important

especially with newer technologies like wireless networking and the

potential problems they represent. Encryption has always been an

effective way to conceal information and before the digital era it was

mostly used my governments such as the germans and americans during the

second world war and has been seen as far back as the times of the great

Roman Empire. There is alot of information that we would like to keep

private like credit card and financial information and personal letters

and conversations, encryption and the science of cryptography allows us

to do this.





2.0 KEY SYSTEMS

=======================================



There are two different kinds of systems used to handle encryption and

convert data these are called Symmetric and Public key encryption.





2.1 SYMMETRIC KEY

=======================================



Symmetric key encryption involves 2 computers on a network each with a

"key" installed on it. This key allows each of the computers to decode

the encrypted data that was sent to it. For example computer A is sending

an encrypted packet to computer B for this example we will use a very

simple kind of encryption, for every letter in the data we move down

the alphabet 2 places A becomes C and B becomes D, using this information

we can both encrypt and decrypt the information.



Computer	 	Symmetric Key	    Computer

========	 	============= 	    ========

   A    --->----- Shift 2 places --->----    B



Using the shift 2 places key A can send the message 'Hello' to B, Hello

will be shifted by the key and B will recieve "Jgnnq" this just looks like

gibberish until B looks at its key and it knows to shift the letters 2

places, doing this B can see that it says Hello, of course this is a bit

simplified but you can see how this method can be built upon to form

greater, more sophisticated levels of encryption.





2.2 PUBLIC KEY

=======================================



Public Key encryption relies upon 2 keys, the public key and the private key.

The private key is held by your computer, when you want to send secure

data between a computer and your own you give your public key to that person

then every computer that wants to communicate with you has a copy of your

public key. To decode any messages you send to those computers they must use

a combination of both your public key and their own private key, this method

of encryption is most popularly used with the encryption program pgp, you

can get this software from www.pgp.com.



Most computers use a mixture of symmetric and public key encryption because

of the amount of processing that is required. When starting a secure connection

the first computer uses a symmetric key and sends this to the second computer

using public key encryption. The two computers then use symmetric encryption

for the rest of the transaction. Once the session is completed the key is

discarded and a new key must be created for all following sessions, this means

that even if somehow a person gets your key, once the session has ended it wont

matter and the key will be useless.





3.0 DIGITAL CERTIFICATES

=======================================



Public Key encryption wouldn't be practical to use for applications such as

web servers for online transactions, for this purpose Digital Certificates

were developed. The digital certificate is a small file provided to each

computer by an independent system called a certification body, this tells

each computer that the other one is who it says it is and that it can be

trusted, the certification body then sends the public keys of each computer

to the other and they are free to communicate.



The digital cert method is mostly used in SSL (Secure Sockets Layer). SSL

was developed by netscape and quickly adopted for browser to web server

communication, especially by sites dealing in e-commerce and financial trans-

actions such as amazon.com or dabs.com.



SSL is a part of larger security protocol called TLS (Transport Layer Security)

which has a large backing from microsoft. In your web browser there is 2 tell

tale signs that such precautions are in place, the first is the small pad-lock

that appears in your status bar if it appears to be locked the site is secure,

otherwise there is no security between your connection, another sign is the