Internet communication protocols are almost all defined in the RFC. That way, software designers can make programs compatible for communication. Most people don't realize how vulnerable their data is on the Internet. I'm not talking about viruses but of communication interception. In fact, on a local network, programs such as packet sniffers allow sysadmins (system administrators) to check whether their network is working properly and no unknown "visitor" is wondering around. A wonderer may very well install a sniffer on a network once an access has been granted. Since most communication protocols defined in the RFC are not encrypted, most data collected by a sniffer is extremely easy to analyze (as long as one knows some basics of the TCP/IP protocol). This means that when you sign onto a website, or on a forum or even sometimes onto your email account, the data is sent in clear text: an attacker who owns your network can see your password (or passwords if you use more than one (which is sadly not the case of most people)) . This actually made headlines a couple days ago, here is a link: Swedish police arrest security expert who cracked embassy e-mail passwords.
Don't become paranoid: if you have a good email provider, the connexion to your email account is established in HTTPS, which stands for secure HTTP and was designed by Netscape Communications Corporation to provide encrypted communication. If you use a good web browser like Mozilla Firefox, Opera or Safari (and not like Internet Explorer), you should notice a different color in the address bar when navigating through an encrypted connexion (usually green is good, and red is bad i.e. incorrect certificate).
The best way to use normal communication protocols while making sure an email, for example, has not been modified or stays confidential is either to sign the email, with a digital signature, or encrypt your email with a private/public key pair (we will explain the mechanism and why it is the best confidentiality method in a future article about RSA). Both techniques are widely used over the internet.
"Since RSA is the best why should I use another system to encrypt data?"
I was hoping you were going to ask this question! If you want to share data with just a couple people but without implementing or using a complicated public/private key pair, you'll opt for an easily decipherable algorithm. As you will see later on in the RSA article, key pairs a good for one to one communications exclusively.
Because there are none or very few graphical programs which enable a user to cypher and decipher data, we wish to create one. Hopefully, by following our progress on the program you'll understand how it works and will be the firsts to use the program!
See you around!
Subscribe to:
Post Comments (Atom)
2 comments:
I don't understand why you wrote "If you use a good web browser [...] (and not like Internet Explorer)"
Is Internet Explorer a bad web browser?
Yup, exactly! IE cannot be considered as a good and secure web browser. Even though the latest version, IE7, is must more secure than any of the previous versions, one update every four years or so cannot make it a reliable browser. Remember that IT security evolves every day, new vulnerabilities are discovered and disclosed about as fast.
Post a Comment