Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SCEA 5/ 1 - Security question.

 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
scenario :
The requirements for this new website states that a new system must use encryption to prevent data theft. Passwords must be stored using a one-way encryption algorithm so that they can never be accidentally displayed.

- What is the meaning of "Passwords must be stored using a one-way encryption algorithm" here? - Would it be symmetric algorithm like RC1, RC2, DES, Blowfish?

- if not why on the response it declares for options A, C : wrong because there are symmetric algorithms and option D : wrong because it's asymmetric algorithm ?

- What is the correlation here and what is the meaning of SHA?

A Passwords can be stored using 3DES.
B Passwords can be stored using SHA.
C Passwords can be stored using Blowfish.
D RSA


Tkkks in advance! ;-)
 
Ulf Dittmer
Rancher
Posts: 42969
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The phrase "one-way encryption" is very unusual; in fact, I would call it downright incorrect. Encryption implies the possibility of decryption, which would make it a two-way process.

What is being talked about here is a hash or digest. That's a one-way process (no chance of getting back the original cleartext), and SHA is one of the most prominent algorithms.

The other 3 are ciphers, for which decryption is possible given they key.
 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hum..right..understand...I wouldn't "decrypt" this statement then !!

could you please provide me some material about that ?

Tks in advance!
 
Cameron Wallace McKenzie
author and cow tipper
Saloon Keeper
Posts: 4968
1
Hibernate Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Now you're in my territory.

One way encryption is very popular. I specialize in anti-fraud and anti-terrorism applications, and much of the data we obtain, quite often data certain 'agencies' aren't supposed to have, gets scrambled using a one-way hash. The data is completely, totally, and forever unencrpytable. If you broke into our building and stole our hard drives, the data would be totally useless to you. Nothing, EVER, even with the keys that were used to encrypt the data could ever unencrypt it.

As UD said, "one-way encryption" of data is more accurately referred to as a 'hash.'

How is that useful? We can compare hashes - two values hashed with the same key will produce the same undecipherable hash. The hash means nothing, but the match has spoiled countless terrorism plots in the US.

So, two terrorists living at the same location? The hash of their location would match. So, we'd know we'd have two bad people living at the same location. We keep track of WHERE we get the info from, so we then go back to the original source with search warrants and get the original, unencrpyted data. Then bad people get killed.

But we couldn't do this and sleep at night without the one way hash.

Personally, I have found one-way hashes to be indispensible when it comes to violating people's human and privacy rights. Without it, violating people's rights would be much more difficult.

-Cameron McKenzie
[ May 07, 2008: Message edited by: Cameron Wallace McKenzie ]
 
Steven Colley
Ranch Hand
Posts: 290
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
right..tks for this clarification Cameron!!
 
Michael Ernest
High Plains Drifter
Sheriff
Posts: 7292
Netbeans IDE VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Cameron Wallace McKenzie:

Personally, I have found one-way hashes to be indispensible when it comes to violating people's human and privacy rights. Without it, violating people's rights would be much more difficult.

Seems overdone to me. You can do more and faster with a firehose.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic