Scribd Logo
Upload

Welcome to Scribd!

  • 24 views

    IT Security Assignment

    Uploaded by

    simon sylvester
    The document discusses encryption and its characteristics. It notes that using one-time pads that change daily would be most secure but impractical for daily use. Longer, more complex encryption keys like 128-bit or 256-bit are more secure than shorter 5-bit keys. Using multiple encryption ciphers together makes the encryption harder to break. Encryption is also stronger when the ratio of 0s and 1s is close to 50:50 and random. The risks of a government selecting a cryptosystem include key lifetimes expiring, non-random key generation, weaker public key cryptography, and security protocol strength. These risks can be overcome through automated key storage, simplifying compliance, isolating keys from data, reducing administration

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd

    IT Security Assignment

    Uploaded by

    simon sylvester
    24 views2 pages
    The document discusses encryption and its characteristics. It notes that using one-time pads that change daily would be most secure but impractical for daily use. Longer, more complex encryption keys like 128-bit or 256-bit are more secure than shorter 5-bit keys. Using multiple encryption ciphers together makes the encryption harder to break. Encryption is also stronger when the ratio of 0s and 1s is close to 50:50 and random. The risks of a government selecting a cryptosystem include key lifetimes expiring, non-random key generation, weaker public key cryptography, and security protocol strength. These risks can be overcome through automated key storage, simplifying compliance, isolating keys from data, reducing administration

    Original Title

    IT_security_assignment.doc

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    The document discusses encryption and its characteristics. It notes that using one-time pads that change daily would be most secure but impractical for daily use. Longer, more complex encryption keys like 128-bit or 256-bit are more secure than shorter 5-bit keys. Using multiple encryption ciphers together makes the encryption harder to break. Encryption is also stronger when the ratio of 0s and 1s is close to 50:50 and random. The risks of a government selecting a cryptosystem include key lifetimes expiring, non-random key generation, weaker public key cryptography, and security protocol strength. These risks can be overcome through automated key storage, simplifying compliance, isolating keys from data, reducing administration

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    24 views2 pages

    IT Security Assignment

    Uploaded by

    simon sylvester
    The document discusses encryption and its characteristics. It notes that using one-time pads that change daily would be most secure but impractical for daily use. Longer, more complex encryption keys like 128-bit or 256-bit are more secure than shorter 5-bit keys. Using multiple encryption ciphers together makes the encryption harder to break. Encryption is also stronger when the ratio of 0s and 1s is close to 50:50 and random. The risks of a government selecting a cryptosystem include key lifetimes expiring, non-random key generation, weaker public key cryptography, and security protocol strength. These risks can be overcome through automated key storage, simplifying compliance, isolating keys from data, reducing administration

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Download as doc, pdf, or txt
    of 2

    NICKSON KOECH

    INTE/NE /0816/05/16
    IT SECURITY
    Assignment 2

     What characteristics would make an encryption absolutely unbreakable? What


    characteristics would make an encryption impractical to break
    I. Change the code daily and use of onetime code pads are most secure but not
    very practical for daily use.
    II. For normal cyphers, long repetitive mixing code rate like n R128 are more
    secure compared to R5 while R256 prove to be more secure.
    An R5 code can be easily be decoded using a simple graph paper while
    anR256 requires a very powerful computer.
    III. Use of multiple cyphers makes the entire process even more complicated
    hence hard to break.
    IV. Using the ratio of 1:1 and space of 0’s and 1’s and random closer 50:50 ratio
    makes it harder and impractical to break.

     What are the risks in the Kenyan government's selecting a cryptosystem for
    widespread commercial use (both inside and outside Kenya)? How could users from
    outside Kenya overcome some or all of these risks?
    1. Key lifetime- key lifetime may be risky in that the key shared to decript the
    information ma expire before being used
    2. Randomness of Generated Keys- To prevent key generation from being
    predictable, keys must be generated randomly. However, keys that are
    generated by computer software are never generated in a truly random
    manner
    3. Public Key Length- Given a key of the same length, public key cryptography
    generally is more susceptible to attack than symmetric key cryptography,
    particularly to factoring attacks
    4. Strength of the Security Protocols- Cryptography-based security technologies
    are implemented by using security protocols. For example, secure mail
    systems can be implemented by using the S/MIME protocol, and secure
    network communications can be implemented by using the IPSec suite of
    protocols. Likewise, secure Web communications can be implemented by
    using the TLS protocol.
    Benefit /ways of overcoming the stated risk associated with the cryptosystem is:
    1. Ensure guaranteed access to encrypted data by authorized users by
    automating storage and back-up for mission critical master encryption keys.
    2. Simplify data privacy compliance obligations and reporting activities through
    the use of a security-certified encryption and key management to enforce
    critical best practices and other standards of due care.
    3. Enforce separation of duties by isolating master encryption keys from
    encrypted data-reducing the threat of insider attacks.
    4. Maximize efficiency by reducing administration costs associated with
    managing keys in large-scale database environments with Thales’ industry-
    leading Security World key management architecture.
    5. Deploy with confidence and accelerate implementation projects; Thales
    HSMs integrate easily with leading database management systems, featuring
    out-of-the-box integration with Transparent Data Encryption from Microsoft,
    and integration with other leading DBMS solutions via technology partners
    including Voltage and Prime Factors.

     Discuss when it is appropriate and necessary to use encryption. When is it not?


    Protecting Sensitive Data If Your computer is stolen:
    If your laptop is stolen, encryption will prevent a thief from booting it up and looking
    through your sensitive data for financial information and other sensitive things.
    Realistically, your average laptop thief probably just wants the hardware and will
    probably wipe the drive quickly. But, if you have sensitive documents on your
    computer, encryption does make sense. The thief probably doesn’t care about most
    of your data, though — photos of your dog, your MP3 collection, and any sort of
    videos you might have downloaded won’t be important to them.
    Storing or Sending Sensitive Data Online:
    When storing something particularly sensitive — perhaps archives of tax documents
    that contain personal details like your social-security number — in online storage or
    emailing it to someone, you may want to use encryption. Almost all of your personal
    files likely don’t require this sort of encryption, though.
    The Business Case: For businesses, there may be various commercial guidelines or
    rules requiring the use of encryption. These are intended to prevent the terrible
    incidence about business laptops being stolen out of cars, and those laptops having
    massive databases containing millions of customer credit card numbers on them. Of
    course this sort of data should be encrypted, but we’re focusing more on average
    users here. (And actually, a laptop sitting in a car shouldn’t have this sort of database
    on it in the first place!)

    You might also like