IT-Security

From wiki.samerhijazi.net
Revision as of 16:38, 6 March 2025 by Samerhijazi (talk | contribs) (hashing)
Jump to navigation Jump to search

Authentication

Ref.

Hashing Algorithms

Cryptographic Hash Functions (for Security & Authentication)

  • MD5 – 128-bit hash (not secure, but still used for checksums)
  • SHA-1 – 160-bit hash (deprecated for security purposes)
  • SHA-2 (includes multiple versions):
    • SHA-224 – 224-bit
    • SHA-256 – 256-bit (widely used, secure)
    • SHA-384 – 384-bit
    • SHA-512 – 512-bit
  • SHA-3 – Modern alternative to SHA-2, available in different sizes
  • BLAKE2 – Faster and more secure than SHA-2 (BLAKE2b, BLAKE2s)
  • BLAKE3 – Even faster and more efficient than BLAKE2

Password Hashing Algorithms (for Secure Password Storage)

  • bcrypt – Adaptive hashing function with salt (widely used for passwords)
  • scrypt – Memory-intensive, better resistance against brute-force attacks
  • Argon2 – Winner of the "Password Hashing Competition," secure and efficient

Non-Cryptographic Hash Functions (for Fast Hashing)

  • CRC32 – 32-bit checksum (used for file integrity checks)
  • MurmurHash – Very fast hash function for hash tables
  • CityHash – Optimized for speed in large datasets
  • xxHash – Extremely fast hash function for streaming data

coding/encoding types related to security, cryptography, and data encoding

Cryptographic Encoding Standards

  • X.509 – Standard for public key certificates (used in SSL/TLS, PKI)
  • PEM (Privacy-Enhanced Mail) – Base64-encoded format for cryptographic keys and certificates
  • DER (Distinguished Encoding Rules) – Binary format for X.509 certificates
  • PKCS#7 – Standard for cryptographic message syntax, used for digital signatures
  • PKCS#12 – Format for storing private keys and certificates (e.g., .pfx, .p12)
  • ASN.1 (Abstract Syntax Notation One) – Used in cryptographic protocols for data serialization
  • S/MIME (Secure/Multipurpose Internet Mail Extensions) – Email encryption standard using X.509

Encoding and Hashing Standards

  • Base64 – Encodes binary data into ASCII (used in PEM files, JWTs)
  • Hexadecimal Encoding – Represents binary data as human-readable hex values
  • URL Encoding (Percent Encoding) – Converts special characters for safe transmission in URLs
  • Hashing Algorithms (SHA-256, SHA-512, MD5, BLAKE2, Argon2) – Used for integrity and security
  • HMAC (Hash-based Message Authentication Code) – Ensures data integrity and authenticity

Digital Signature & Key Exchange Standards

  • RSA (Rivest-Shamir-Adleman) – Widely used asymmetric encryption algorithm
  • ECDSA (Elliptic Curve Digital Signature Algorithm) – More efficient alternative to RSA
  • Diffie-Hellman (DH) – Secure key exchange protocol
  • EdDSA (Edwards-curve Digital Signature Algorithm) – Fast and secure signature algorithm
  • PGP (Pretty Good Privacy) – Used for encrypting emails and files (OpenPGP, GnuPG)

Secure Communication Protocols

  • TLS (Transport Layer Security) – Secures data transmission (successor to SSL)
  • SSL (Secure Sockets Layer) – Deprecated encryption protocol for securing web traffic
  • SSH (Secure Shell) – Secure protocol for remote system access
  • IPsec (Internet Protocol Security) – Encrypts and authenticates IP communications
  • HTTPS (HyperText Transfer Protocol Secure) – Secure version of HTTP using TLS

Data Encoding Formats

  • JSON Web Token (JWT) – Encodes authentication claims in Base64
  • CBOR (Concise Binary Object Representation) – Binary alternative to JSON
  • Protobuf (Protocol Buffers) – Efficient binary serialization format by Google
  • Avro – Data serialization format optimized for big data applications


Cryptographic (Keys & Certificates)

  • SSL & TLS are the same. SSL is the old name. TLS is the updated version of SSL.
  • X.509 Certificates encoding formats and file extensions.
  • (PKCS) Public Key Cryptography Standards >>> are binary files. These are the newer format of .pfx files. #12 is the 12th version of the standard.
  • (PEM) Privacy Enhanced Mail >>> are text file alternative to PKCS format.
  • We can use .pem for all artifacts. It is recommended to use for certificate (.cer, .crt) and for public or private keys (.key).
* Base64-ASCII: PEM >>> *.pem, *.crt, *.cer, *.key
* Base64-ASCII: PKCS#7 >>> *.p7b, *.p7c
* Binary: DER >>> *.der, *.cer
* Binary: PKCS#12 >>> *.pfx, *.p12

KeyStore/TrustStore

  • KeyStore: holds onto certificates that identify us.
  • TrustStore: holds onto certificates that identify others.
  • Until Java 8, the default KeyStore-Format is JKS. Since Java 9, the default KeyStore-Format is PKCS12.
  • Java has bundled a TrustStore called cacerts and it resides in the $JAVA_HOME/jre/lib/security directory
* Certificate: .crt, .pem
* Certificate Chain: .crt, .cer, .pem
* Public Key: .key, .pem
* Private Key: .key, .pem

Converting SSL

Retrieved from "http://wiki.samerhijazi.net/index.php?title=IT-Security&oldid=3156"