Basic Security
Monday, March 25, 2024 1:19 PM
I. Encryption
a. Encryption - transforms a message or data file that its contents are hidden
from unauthorized readers
b. Plaintext - original message no yet been encrypted
c. Ciphertext - an encypted message or file
d. Decryption - the reverse process of encryption. Ciphertext to plaintext
e. Cryptographic algorithms - a procedure for encryption or decryption
f. Cryptographic key - a word or number or phrase that must be known to
encrypt or decry[t data
g. AES = standard encryption used worldwide
II. Authentication
a. User authentication - any technique used to verify or confirm a person's
identity
i. Requires techniques like passwords, PINs, fingerprints, etc to
prevent unauthorized access to the data
b. Two factor authentication - increases security by verifying identity based
on two components, like password and verification code
c. Iphones and ipads, locked to require a login password each time the
device is used
d. Authentication options for ios devices include short passcodes, facial
recognition, fingerprint scans
e. Androids have an overwhelming # of security settings
i. Do not automatically encrypt data stored on the device when user
activates the login
1) Configuring a password and activating encryption are two
separate steps
f. Windows - offers several sign -in options that can be configured using the
Accounts option on the settings screen
g. Macs offer several password settings
h. macOS - Filevault automatically encrypts data stored locally
III. Passwords
a. Strong password is hard to hack
b. Conventional wisdom tells that strong passwords are at least 8 characters
in length and include 1 or more uppercase letters, numbers, and symbols.
i. They create passwords that' difficult to crack but impossible to
remember
c. Brute force attack - password cracking software to generate every
possible combination of letters, numerals, and symbols
i. Exhausts all possible combination to discover password, can run for
days
d. Dictionary attack - helps hackers guess password by stepping through a
dictionary containing word lists in common lang like engl, span, Fren,
Germ
i. Effective b/c many users choose easy passwords to remember
e. Schemes users devise to create passwords are obvi to hackers and
programmers who create password cracking tools
f. Weak passwords include:
i. Words from dicti, words in other languages
ii. Doubled words like passpass
iii. Default passwords like admin, system, guest
iv. Sequences of numbers like dates or # nums
v. Any sequence that includes a username like dfoiheio12345
1) Or conventional capitalization
g. Password entropy - a measure in bits of a password's unpredictability
i. Entropy - theoretical concept
ii. Security measures may be in place to prevent hacking tools from
trying continously
h. Long, random passwords are more secure, but diff to remember
IV. Password manager
a. Password manager (keychain) - keep track of passwords so users don't
Digital Security Page 1
, a. Password manager (keychain) - keep track of passwords so users don't
need to memorize
b. Strength meter- indicates password security
i. Pswrd stored locally are tied to device they're created
ii. Password managers store encrypted paswrd in cloud
Digital Security Page 2
Monday, March 25, 2024 1:19 PM
I. Encryption
a. Encryption - transforms a message or data file that its contents are hidden
from unauthorized readers
b. Plaintext - original message no yet been encrypted
c. Ciphertext - an encypted message or file
d. Decryption - the reverse process of encryption. Ciphertext to plaintext
e. Cryptographic algorithms - a procedure for encryption or decryption
f. Cryptographic key - a word or number or phrase that must be known to
encrypt or decry[t data
g. AES = standard encryption used worldwide
II. Authentication
a. User authentication - any technique used to verify or confirm a person's
identity
i. Requires techniques like passwords, PINs, fingerprints, etc to
prevent unauthorized access to the data
b. Two factor authentication - increases security by verifying identity based
on two components, like password and verification code
c. Iphones and ipads, locked to require a login password each time the
device is used
d. Authentication options for ios devices include short passcodes, facial
recognition, fingerprint scans
e. Androids have an overwhelming # of security settings
i. Do not automatically encrypt data stored on the device when user
activates the login
1) Configuring a password and activating encryption are two
separate steps
f. Windows - offers several sign -in options that can be configured using the
Accounts option on the settings screen
g. Macs offer several password settings
h. macOS - Filevault automatically encrypts data stored locally
III. Passwords
a. Strong password is hard to hack
b. Conventional wisdom tells that strong passwords are at least 8 characters
in length and include 1 or more uppercase letters, numbers, and symbols.
i. They create passwords that' difficult to crack but impossible to
remember
c. Brute force attack - password cracking software to generate every
possible combination of letters, numerals, and symbols
i. Exhausts all possible combination to discover password, can run for
days
d. Dictionary attack - helps hackers guess password by stepping through a
dictionary containing word lists in common lang like engl, span, Fren,
Germ
i. Effective b/c many users choose easy passwords to remember
e. Schemes users devise to create passwords are obvi to hackers and
programmers who create password cracking tools
f. Weak passwords include:
i. Words from dicti, words in other languages
ii. Doubled words like passpass
iii. Default passwords like admin, system, guest
iv. Sequences of numbers like dates or # nums
v. Any sequence that includes a username like dfoiheio12345
1) Or conventional capitalization
g. Password entropy - a measure in bits of a password's unpredictability
i. Entropy - theoretical concept
ii. Security measures may be in place to prevent hacking tools from
trying continously
h. Long, random passwords are more secure, but diff to remember
IV. Password manager
a. Password manager (keychain) - keep track of passwords so users don't
Digital Security Page 1
, a. Password manager (keychain) - keep track of passwords so users don't
need to memorize
b. Strength meter- indicates password security
i. Pswrd stored locally are tied to device they're created
ii. Password managers store encrypted paswrd in cloud
Digital Security Page 2
