Java Reference
In-Depth Information
Lotus Notes. In fact, Wireless Equivalent Privacy (WEP) also uses RC4 for protection of wireless
networks. RC4 was initially a trade secret, but its source code was posted on a cyber forum by an
anonymous individual. In 2001, the algorithm was attacked and it was broken only to discover that
the RC4 had a nonsecure and nonrandom way of leaking information about the key. his was used
to break the algorithm and further used to break the WEP. Some of the other implementations of
the RC4 are the Remote Desktop Protocol for Windows machines and for PDF passwords.
8.2.2.5 RSA
he RSA algorithm is the most popular asymmetric cryptographic algorithm in the world. he
algorithm is the creation of Ron Rivest, Adi Shamir, and Leonard Adleman at MIT—hence the
acronym RSA, after their last names. he RSA is the irst algorithm in the world that can be used
for digital signatures as well as encryption.
he RSA creates a public key and a private key, called a keypair, using its key generation
method, from a function of large prime numbers. Data encrypted with the public key can only
be decrypted with its corresponding private key and vice versa. We have already highlighted in
Section 8.1.3 how asymmetric cryptography can be used for both authentication and nonrepudia-
tion apart from serving the basic premise of conidentiality. RSA is a very popular algorithm in
software implementations and is used in operating systems. RSA is also used for key exchange,
where symmetric keys are encrypted with the recipient's public key and sent to the recipient, who
can only decrypt the symmetric key with the corresponding private key.
he recommended key length for RSA is 1024 bits and above. Key lengths of 512 bits are not
considered secure for current-day implementations. he Java Cryptographic Extensions provide
the capability to generate an RSA keypair and perform operations with the generated keys.
8.2.2.6 MD5
MD5 is one of the most popular one-way hash functions in the world. he MD5 generates
a 128-bit hash value. he hash function generates a ixed-length hash value after a cleartext
message or ile is passed through an encryption algorithm. he MD5 algorithm has been used
extensively for several implementations involving one-way hash functions including SSL cer-
tiicates and digital signatures and is also used extensively to calculate the checksums for iles
during uploads and downloads. MD5 was created by Ron Rivest in the year 1996. It was meant
as a replacement for the previous hash function in use, MD4. It has been heavily adopted by the
industry. It was used extensively in SSL certiicates, digital signatures, and implementations of
IPSec and even used by the Nevada State Gaming Authority in the United States to ensure that
slot machine ROMS had not been tampered with. However, laws were found in the MD5 algo-
rithm, and they came to light in the year 2004, when it was proved that MD5 hashes were not
free from collisions (i.e., large sets of separate cleartext messages once hashed produce the same
hash). In the year 2007, researchers proved that the MD5 SSL certiicates could be replicated
and used for malicious purposes like redirection to a malicious site, with the use of a replicated
SSL certiicate using MD5 because of the collision vulnerability. he US-CERT (Computer
Emergency Readiness Team) has now declared MD5 as a nonsecure hashing algorithm
*
and has
recommended other algorithms like SHA-1 or better to be used for hashing sensitive data.
*
US CERT Advisory on MD5 Weakness—http://www.kb.cert.org/vuls/id/836068
Search WWH ::
Custom Search