security - modrpc/info GitHub Wiki

overview
info 6.858
authentication
authentication
  • authentication: confirming the truth of an attribute of a single piece of data claimed true by an entity
    • identification: act of stating or indicating a claim purportedly attesting to a person or thing's identity
    • authentication: the process of actually confirming that identity
cryptographic-protocols
tls/ssl
  • generate private key (.key) in golang
$ openssl genrsa -out server.key 2048
cryptography
public-key-crypto wiki
  • any cryptographic system that uses pair of keys:
    • public keys: disseminated widely
    • private keys: known only to the user
  • Two functions
    • authentication: public key verifies that a holder of the paired parivate key sent the message; the sender is 'real'
    • encryption: only the paired private key holder can decrupt the message encrypted with the public key
crypto-hash-funcs
  • wiki
  • special class of hash functions that has certain properties which make it suitable for use in cryptography
  • mathematical algorithm (function) that maps data of arbitrary size into a bit string of fized size (a hash)
  • is designed to be a one-way function, that is a function which is infeasible to invert
    • i.e. it's practical infeasible to infer the INPUT just by seeing the OUTPUT of hash functions (other than trying exhaustive search)
 message ==> (hash function) ==> message digest
  • 5 required properties
    • deterministic
    • quick to compute hash value
    • infieasible to find the original INPUT message (other than exhaustive search)
    • a small change in INPUT message causes large change in OUTPUT digest
    • infeasible to find two different INPUT messages with the same OUTPUT digest
applications
apps
  • verifying the integrity of files/messages
  • password verification
  • proof-of-work
  • file or data identifier
  • secure-hash-algorithms

Ⓜ️ mv

⚠️ **GitHub.com Fallback** ⚠️