Encryption

5 Quick And Easy Ways To Encrypt Your Life Safely In Less Than An Hour.

The use of mobile and computers’ become so common that we probably don’t even know our personal information secretly leaks to others.

Just try to recall how many public figures’ personal information or photos leaked to the public over the last 10 years. And look at what’s just recently happened to Emma Watson and Amanda Seyfriend with their private photos on the phone got hacked.

In fact, the leakage of personal information has become so easily that even the FBI director covered his personal laptop’s webcam with a piece of tape. He suggested us to cover our in-computer webcam with a tape because this is an essential security step that everyone should take.

Director James Comey said during a conference at the Center for Strategic and International Studies,[1]

“There’s some sensible things you should be doing, and that’s one of them. You go into any government office and we all have the little camera things that sit on top of the screen. You do that so that people who don’t have authority don’t look at you. I think that’s a good thing.”

So, how what do we do to protect our privacy and encrypt our life?

Doubling up the safeness – Use two-factor authentication for your email account.

Lots of our social media or online tools accounts are connected with our email account. If your email account gets hacked, besides having your email information and contact list leaked, all the other connected accounts will…

What Is SHAttered? SHA-1 Collision Attacks, Explained

On the first day of 2016, Mozilla terminated support for a weakening security technology called SHA-1 in the Firefox web browser. Almost immediately, they reversed their decision, as it would cut access to some older websites. But in February 2017, their fears finally came true: researchers broke SHA-1 by creating the first real-world collision attack. Here’s what all that means.

What Is SHA-1?

hashes

The SHA in SHA-1 stands for Secure Hash Algorithm, and, simply put, you can think of it as a kind of math problem or method that scrambles the data that is put into it. Developed by the United States NSA, it’s a core component of many technologies used to encrypt important transmissions on the internet. Common encryption methods SSL and TLS, which you might have heard of, can use a hash function like SHA-1 to create the signed certificates you see in your browser toolbar.

sha-1 math graphic

We won’t go deep into the math and computer science of any of the SHA functions, but here’s the basic idea. A “hash” is a unique code based on the input of any data. Even small, random string of letters input into a hash function like SHA-1 will return a long, set number of characters, making it (potentially) impossible to revert the string of characters back to the original data. This is how password storage usually works. When you create a password, your password input is hashed and stored by the server. Upon your return, when you type in your password, it is hashed again. If it matches the original hash, the input can be assumed to be the same, and you’ll be granted access to your data.

sha fingerprint

Hash functions are useful primarily because they make it easy to tell if the input, for instance, a file or a password, has changed. When the input data is secret, like a password, the hash is nearly impossible to reverse and recover the original data (also known as the “key”). This is a bit different from “encryption”, whose purpose is scrambling data for the purpose of descrambling it later, using ciphers and secret keys. Hashes are simply meant to ensure data integrity–to make sure that everything is the same. Git, the version control and distribution software for open source code, uses SHA-1 hashes for this very reason.

That’s a lot of technical information, but to put it simply: a hash is not the same thing as encryption, since it is used to identify if a file has changed.

How Does This Technology Affect Me?

openssl

Let’s say you need to visit a website privately. Your bank, your email, even your Facebook account–all use encryption to keep the data you send them private. A professional website will provide encryption by obtaining a certificate from a trusted authority–a third party, trusted to ensure that the encryption is on the level, private between the website and user, and not being spied on by any other party. This relationship with the third party, called Certificate Authorities, or CA, is crucial, since any user can create a “self-signed” certificate–you can even do it yourself on a machine running Linux with Open SSL. Symantec and Digicert are two widely-known CA companies, for example.

documeng signing

Let’s run through a theoretical scenario: How-To Geek wants to keep logged…