From 00d96a8a9e0adaa1ed012617966a9e6c69b4af13 Mon Sep 17 00:00:00 2001
From: Mahrud Sayrafi
Date: Wed, 29 May 2013 22:45:36 0700
Subject: [PATCH] Slight updates to the encryption sections

enUS/Encryption.xml  8 +++
enUS/Encryption_Standards.xml  136 ++++++++++++++++++++
2 files changed, 76 insertions(+), 68 deletions()
diff git a/enUS/Encryption.xml b/enUS/Encryption.xml
index cb8fa28..83ffcc8 100644
 a/enUS/Encryption.xml
+++ b/enUS/Encryption.xml
@@ 7,6 +7,14 @@
There are two main types of data that must be protected: data at rest and data in motion. These different types of data are protected in similar ways using similar technology but the implementations can be completely different. No single protective implementation can prevent all possible methods of compromise as the same information may be at rest and in motion at different points in time.
+
+ Always think very carefully before using cryptography in your applications. There are millions of ways to mess it up and precious few ways of getting it right. Even making trivial assumptions about a widely accepted cryptosystem can lead to a disaster; for instance, assume you have created an email software that lets users sign their messages using a keyedhash function with the following format:
+ content = message
+ signature = SHA512(secret key  message)
+ Although this system seems secure, a hacker with access to a leaked message and its signature can trivially forge the following email even though he doesn't know the secret key:
+ content = message  padding  fake message
+ signature = SHA512(secret key  message  padding  fake message)
+
Data at Rest
diff git a/enUS/Encryption_Standards.xml b/enUS/Encryption_Standards.xml
index 361dfb3..ecceb39 100644
 a/enUS/Encryption_Standards.xml
+++ b/enUS/Encryption_Standards.xml
@@ 4,78 +4,78 @@
Encryption Standards
+
+
+ Synchronous Encryption
 Synchronous Encryption
+ Advanced Encryption Standard  AES
+ In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES128, AES192 and AES256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES)."Advanced Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+
+ AES Uses

 Advanced Encryption Standard  AES
 In cryptography, the Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES128, AES192 and AES256, adopted from a larger collection originally published as Rijndael. Each AES cipher has a 128bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES)."Advanced Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard


 AES History
 AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below)."Advanced Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
 The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rɛindaːl]) is a portmanteau of the names of the two inventors."Advanced Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard



 Data Encryption Standard  DES
 The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetrickey algorithm that uses a 56bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis."Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard


 DES History
 DES is now considered to be insecure for many applications. This is chiefly due to the 56bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES)."Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard
 In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ˌdiːˌiːˈɛs/), or pronounced as a onesyllable acronym (/ˈdɛz/)."Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard


+
+
+ AES History
+ AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable (see Advanced Encryption Standard process for more details). It became effective as a standard May 26, 2002. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information (see Security of AES, below)."Advanced Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+ The Rijndael cipher was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and submitted by them to the AES selection process. Rijndael (pronounced [rɛindaːl]) is a portmanteau of the names of the two inventors."Advanced Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
+
 Publickey Encryption
 Publickey cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public keyprivate key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
 Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
 The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
 In contrast, Symmetrickey algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
 Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a keyexchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography

 DiffieHellman
 Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman

 DiffieHellman History
 The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of publickey cryptography (Hellman, 2002)."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman
 Although Diffie–Hellman key agreement itself is an anonymous (nonauthenticated) keyagreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite)."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman
 U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman



 RSA
 In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it; see below) is an algorithm for publickey cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of uptodate implementations."RSA" Wikipedia 14 April 2010


 DSA
 The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. A minor revision was issued in 1996 as FIPS 1861. The standard was expanded further in 2000 as FIPS 1862 and again in 2009 as FIPS 1863."Digital Signature Algorithm" Wikipedia 14 April 2010


 SSL/TLS
 Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer endtoend. Several versions of the protocols are in widespread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voiceoverIP (VoIP). TLS is an IETF standards track protocol, last updated in RFC 5246, that was based on the earlier SSL specifications developed by Netscape Corporation.
 The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS provides RSA security with 1024 and 2048 bit strengths.
 In typical enduser/browser usage, TLS authentication is unilateral: only the server is authenticated (the client knows the server's identity), but not vice versa (the client remains unauthenticated or anonymous).
 TLS also supports the more secure bilateral connection mode (typically used in enterprise applications), in which both ends of the "conversation" can be assured with whom they are communicating (provided they diligently scrutinize the identity information in the other party's certificate). This is known as mutual authentication, or 2SSL. Mutual authentication requires that the TLS clientside also hold a certificate (which is not usually the case in the enduser/browser scenario). Unless, that is, TLSPSK, the Secure Remote Password (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates.
 Typically, the key information and certificates necessary for TLS are handled in the form of X.509 certificates, which define required fields and data formats.
 SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers."Transport Layer Security" Wikipedia 14 April 2010


 CramerShoup Cryptosystem
 The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure nonmalleability even against a resourceful attacker. This nonmalleability is achieved through the use of a collisionresistant hash function and additional computations, resulting in a ciphertext which is twice as large as in Elgamal."Cramer–Shoup cryptosystem" Wikipedia 14 April 2010


 ElGamal Encryption
 In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for publickey cryptography which is based on the DiffieHellman key agreement. It was described by Taher Elgamal in 1985.[1] ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption."ElGamal encryption" Wikipedia 14 April 2010

+ Data Encryption Standard  DES
+ The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is based on a symmetrickey algorithm that uses a 56bit key. The algorithm was initially controversial with classified design elements, a relatively short key length, and suspicions about a National Security Agency (NSA) backdoor. DES consequently came under intense academic scrutiny which motivated the modern understanding of block ciphers and their cryptanalysis."Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard
+
+
+ DES History
+ DES is now considered to be insecure for many applications. This is chiefly due to the 56bit key size being too small; in January, 1999, distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes (see chronology). There are also some analytical results which demonstrate theoretical weaknesses in the cipher, although they are unfeasible to mount in practice. The algorithm is believed to be practically secure in the form of Triple DES, although there are theoretical attacks. In recent years, the cipher has been superseded by the Advanced Encryption Standard (AES)."Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard
+ In some documentation, a distinction is made between DES as a standard and DES the algorithm which is referred to as the DEA (the Data Encryption Algorithm). When spoken, "DES" is either spelled out as an abbreviation (/ˌdiːˌiːˈɛs/), or pronounced as a onesyllable acronym (/ˈdɛz/)."Data Encryption Standard." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Data_Encryption_Standard
+
+
+
+
+ Publickey Encryption
+ Publickey cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems, whose distinguishing characteristic is the use of asymmetric key algorithms instead of or in addition to symmetric key algorithms. Using the techniques of public keyprivate key cryptography, many methods of protecting communications or authenticating messages formerly unknown have become practical. They do not require a secure initial exchange of one or more secret keys as is required when using symmetric key algorithms. It can also be used to create digital signatures."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
+ Public key cryptography is a fundamental and widely used technology around the world, and is the approach which underlies such Internet standards as Transport Layer Security (TLS) (successor to SSL), PGP and GPG."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
+ The distinguishing technique used in public key cryptography is the use of asymmetric key algorithms, where the key used to encrypt a message is not the same as the key used to decrypt it. Each user has a pair of cryptographic keys — a public key and a private key. The private key is kept secret, whilst the public key may be widely distributed. Messages are encrypted with the recipient's public key and can only be decrypted with the corresponding private key. The keys are related mathematically, but the private key cannot be feasibly (ie, in actual or projected practice) derived from the public key. It was the discovery of such algorithms which revolutionized the practice of cryptography beginning in the middle 1970s."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
+ In contrast, Symmetrickey algorithms, variations of which have been used for some thousands of years, use a single secret key shared by sender and receiver (which must also be kept private, thus accounting for the ambiguity of the common terminology) for both encryption and decryption. To use a symmetric encryption scheme, the sender and receiver must securely share a key in advance."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
+ Because symmetric key algorithms are nearly always much less computationally intensive, it is common to exchange a key using a keyexchange algorithm and transmit data using that key and a symmetric key algorithm. PGP, and the SSL/TLS family of schemes do this, for instance, and are called hybrid cryptosystems in consequence."Publickey Encryption." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/Publickey_cryptography
+
+ DiffieHellman
+ Diffie–Hellman key exchange (D–H) is a cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman
+
+ DiffieHellman History
+ The scheme was first published by Whitfield Diffie and Martin Hellman in 1976, although it later emerged that it had been separately invented a few years earlier within GCHQ, the British signals intelligence agency, by Malcolm J. Williamson but was kept classified. In 2002, Hellman suggested the algorithm be called Diffie–Hellman–Merkle key exchange in recognition of Ralph Merkle's contribution to the invention of publickey cryptography (Hellman, 2002)."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman
+ Although Diffie–Hellman key agreement itself is an anonymous (nonauthenticated) keyagreement protocol, it provides the basis for a variety of authenticated protocols, and is used to provide perfect forward secrecy in Transport Layer Security's ephemeral modes (referred to as EDH or DHE depending on the cipher suite)."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman
+ U.S. Patent 4,200,770, now expired, describes the algorithm and credits Hellman, Diffie, and Merkle as inventors."DiffieHellman." Wikipedia. 14 November 2009 http://en.wikipedia.org/wiki/DiffieHellman
+
+
+
+ RSA
+ In cryptography, RSA (which stands for Rivest, Shamir and Adleman who first publicly described it; see below) is an algorithm for publickey cryptography. It is the first algorithm known to be suitable for signing as well as encryption, and was one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of uptodate implementations."RSA" Wikipedia 14 April 2010
+
+
+ DSA
+ The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS), specified in FIPS 186, adopted in 1993. A minor revision was issued in 1996 as FIPS 1861. The standard was expanded further in 2000 as FIPS 1862 and again in 2009 as FIPS 1863."Digital Signature Algorithm" Wikipedia 14 April 2010
+
+
+ SSL/TLS
+ Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL), are cryptographic protocols that provide security for communications over networks such as the Internet. TLS and SSL encrypt the segments of network connections at the Transport Layer endtoend. Several versions of the protocols are in widespread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voiceoverIP (VoIP). TLS is an IETF standards track protocol, last updated in RFC 5246, that was based on the earlier SSL specifications developed by Netscape Corporation.
+ The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering. TLS provides endpoint authentication and communications confidentiality over the Internet using cryptography. TLS provides RSA security with 1024 and 2048 bit strengths.
+ In typical enduser/browser usage, TLS authentication is unilateral: only the server is authenticated (the client knows the server's identity), but not vice versa (the client remains unauthenticated or anonymous).
+ TLS also supports the more secure bilateral connection mode (typically used in enterprise applications), in which both ends of the "conversation" can be assured with whom they are communicating (provided they diligently scrutinize the identity information in the other party's certificate). This is known as mutual authentication, or 2SSL. Mutual authentication requires that the TLS clientside also hold a certificate (which is not usually the case in the enduser/browser scenario). Unless, that is, TLSPSK, the Secure Remote Password (SRP) protocol, or some other protocol is used that can provide strong mutual authentication in the absence of certificates.
+ Typically, the key information and certificates necessary for TLS are handled in the form of X.509 certificates, which define required fields and data formats.
+ SSL operates in modular fashion. It is extensible by design, with support for forward and backward compatibility and negotiation between peers."Transport Layer Security" Wikipedia 14 April 2010
+
+
+ CramerShoup Cryptosystem
+ The Cramer–Shoup system is an asymmetric key encryption algorithm, and was the first efficient scheme proven to be secure against adaptive chosen ciphertext attack using standard cryptographic assumptions. Its security is based on the computational intractability (widely assumed, but not proved) of the decisional Diffie–Hellman assumption. Developed by Ronald Cramer and Victor Shoup in 1998, it is an extension of the Elgamal cryptosystem. In contrast to Elgamal, which is extremely malleable, Cramer–Shoup adds additional elements to ensure nonmalleability even against a resourceful attacker. This nonmalleability is achieved through the use of a collisionresistant hash function and additional computations, resulting in a ciphertext which is twice as large as in Elgamal."Cramer–Shoup cryptosystem" Wikipedia 14 April 2010
+
+
+ ElGamal Encryption
+ In cryptography, the ElGamal encryption system is an asymmetric key encryption algorithm for publickey cryptography which is based on the DiffieHellman key agreement. It was described by Taher Elgamal in 1985.[1] ElGamal encryption is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. The Digital Signature Algorithm is a variant of the ElGamal signature scheme, which should not be confused with ElGamal encryption."ElGamal encryption" Wikipedia 14 April 2010
+
+

1.8.1.4