Java Reference
In-Depth Information
either due to data corruption during the download or because of an attacker intercepting network
traic and appended data to the ile downloaded. For instance, the hash value of the string “his
topic is Secure Java for Web Application Development” is converted to a ixed-length bit string
“73bf3fbf1ad01976b3bd5775c253fca” using the MD5 Algorithm. * he hash value of a string is
afected even if the string is changed in the most negligible way. For instance, if the previous mes-
sage were changed to “this topic is Secure Java for Web Application Development” and the only
change here is that the T in the word this is in small case, as compared to the previous string, then
the hash value would undergo a sea change to this value “fc2b7828b89a5a8488b26949eb8cfe85.”
Hash functions are used for verifying the integrity of data stored or data in transit.
8.1.2.7 MAC/HMAC
he one-way hash function is a practice of ensuring data integrity without the presence of the
key, which is the case with encryption. But if an individual intercepts a message with a hash
value, alters the message, generates a totally new hash value, and forwards it to the recipi-
ent, there is no way for the recipient to ensure that the message has been sent by the sender
and no one else. his is the issue the Message Authentication Code aims to solve. he Message
Authentication Code is an implementation that utilizes a symmetric key in its operations. he
Message Authentication Code works in the following way. he sender concatenates the sym-
metric key to the message and passes it through a hash algorithm, which generates the MAC.
he sender sends the message appended with the MAC value to the receiver. he receiver just
takes the message and uses the symmetric key for concatenation. his is then passed through a
hash algorithm that generates another MAC value. If the MAC value generated by the receiver
is the same as the MAC value sent by the sender, the receiver can be sure that the message is
authentic.
8.1.3 Symmetric and Asymmetric Cryptography
Symmetric cryptography is one of the methods of cryptography. Symmetric cryptography is a
method where plaintext is passed through an encryption algorithm with a key to generate the
ciphertext and the same key is used with the encryption algorithm to decrypt the data as well.
For instance, Bob wants to send a message, “Hi, I will be coming to your oice on Friday,” and
he wants to encrypt it with a symmetric encryption algorithm using a particular key. He encrypts
it and sends it to Scott. Scott has the same key that Bob has used to encrypt the message and
decrypts it using the key to read the message and brace himself for Bob's visit to his oice on
Friday. he illustration in Figure 8.3 depicts a process of symmetric encryption.
he key is the most important aspect of a symmetric key encryption method. he key used to
encrypt the data and the key used to decrypt it are one and the same. herefore, it is important
that the secrecy of the key be maintained to the fullest possible extent. It is imperative that the
recipient have the same key that has been used to encrypt the data, which requires the key to be
delivered to the recipient in a way that is secure.
Asymmetric cryptography is also known as public key cryptography . Public key cryptography
consists of two keys, namely, a public and a private key, which is known as a keypair. he public
key may be given to anyone under the sun—it may even be written on a park bench—but it is
imperative that the private key only be retained by the individual or organization to which the
* he MD5 algorithm has been explained in detail in Section 8.2.2.5 of this chapter.
Search WWH ::




Custom Search