Jan 20

A basic guide to encryption -2

If you didn’t read the first part of this article you can read it by clicking here.

Ok, let’s continue our discussion on encryption. From this article onwards, I’m going to elaborate on types of encryption. Each of these types has something in common. That is the sender encrypts the set of data ( particularly a file) using a password or a key. When the receiver receives this encrypted file, he is able to use the file using a password/key that he posses. Encryption can be mainly divided in to three categories.

  1. Symmetric-key encryption
  2. Asymmetric-key encryption
  3. Hash functions

Symmetric-key encryption:

The sender and the receiver must have the same key/password. Or if the keys are not identical, they must be related to each other in a predefined specific manner.

Ex:- Sending a password protected zip file to a friend ( you protect the file with a password and tell the password to your friend).

This method is also called as a private-key method and it can be further devided in to two sub-categories.

  1. Stream cypher
  2. Block cypher

Stream cypher:

In a stream cypher, the file is converted bit by bit. For added security the actual message is combined with a keystream. The plaintext gets encrypted adding different cyphertext ( as discussed in the cypher section in the previous article).

Block cypher:

Block ciphers works on a set of bits. A set of bits gets transformed at a time.

Asymmetric-key encryption:

Also called a public key method. This method requires two types of keys,one is called the public-key and the other is called the private-key. The public-keys are distributed publicly. The private-keys only reside with the recipient. The sender who does the encryption should have the public-key which matches the receivers private-key. So when the sender encrypts the file using a public-key, only the receiver with the matching private-key can decrypt it.

Hash functions:

Hash encryption is an one way process and it cannot be reversed. So whats the use of it? Lets take an example from the real world to understand this.

The password for users in a linux operating system was used to be stored in the /etc/passwd file. But the password that was stored in this file was not the real password, but it’s hash value( generated using some unique algorithm-a hash function).When a user needs to login to the system, he enters his user name and password. The password that the user entered is fed to the hash function and the output from the hash function is compared with the hash value in the /etc/passwd file. If the two hash values match, the user was allowed to login to the system . The advantage of this method is the real password is never stored in the computer. So a hacker has no use of the file that contains the password( except if he is using a brute force method).

The aim of these two articles was to give you a basic understanding about cryptography and encryption. I hope you all got something out of it. All your comments are welcome…! .

Share Button
Jan 19

A basic guide to encryption -1

Encryption ? What is it? What’s its relevance to you? Do you think you have never used any kind of an encryption method? If your answer is “no”, definitely you are mistaken!. We use encryption in many events of our day-to-day life. Specially as Internet users encryption helps us a great deal. We are just ignorant about its services. As an example, when you login to your mail account/facebook account you are receiving the protection of encryption methods. We benefit from encryption even in our day-to-day activities like using the ATM. Without the use of encryption technologies, use of ATM machines would have been far more riskier. Through this series of articles, I’m going to give you an introduction to encryption and a basic introduction to some encryption categorizations.

First of all, let’s get familiarized with the terminology.

Cryptography:

This is the study of creating messages in a form of secret code that masks the actual message and displays something completely different. Usually complex mathematical algorithms and computers are used to do this. This encrypted message will mean nothing to a casual observer, but the intended receiver can reconstruct the original message using a certain predefined methodology.

Plaintext:

A data set prior to the encrypting it is called “plaintext”.

Encryption:

Encryption is the implementation of cryptography. Data is converted to an encrypted format using encryption. This encrypted data could be password protected. To decrypt( that means to retrieve the original data) the receiver should have the proper key and/or password.

Ciphertext:

Plaintext data is called “ciphertext” once it is encrypted.

Algorithm:

An algorithm is a precise set of instructions that can be followed to get a reasonable output to a problem. As an example, when sound doesn’t come from your computer speakers, you first check the volume controller of the computer, then you check whether the speaker system has got the power correctly, then you check the volume controller of the speaker system, then you check the connection between the computer and the speaker system. This is more like an “if-then” procedure.

Cipher:

It’s an algorithm that contains precise instructions on how to encrypt and decrypt data. There are two main types of cyphers. The first one rearranges the characters in a file. As an example, the word “ishan” could be rearranged as “snahi”. The second method completely changes the content and replaces it with predeifned characters. As an example, the word “ishan” can be encrypted as “abcde” where i=a, s=b, h=c, a=d, n=e .

Pseudorandomness:

If a process seems to be random, but if it is not random, then thats called pseudorandomness. If a series of things( lets say numbers) seems to be random, but if they are not random, the it’s called a pseudo random series.

Keystream:

It’s a collection of random or pseudorandom characters that is combined with a plaintext message to produce an encrypted message (the ciphertext).

Key:

This is a parameter which determines the functional output of a cryptographic algorithm or cipher. A key is essential to get a result that is useful.

Brute force attack:

When a person tries to crack the encryption algorithm by using an intensive trial-and-error key/password reproduction procedure, it is called a brute force attack.

I think this is enough for a single post. Hope to you see you soon with the next part of this article…!

Share Button
Jan 18

Create custom error pages in cPanel

As we know, when we connect to a web server, if some error occurs, the server will show us some error message. As an example if the web page we are requesting is not available in the server it will generate a 404-page not found error. But as you have noticed, in most cases this error page is just a simple page which most probably has a white background with some simple text formatting. But do you know that you can customize those error pages as you like? Give it a theme( as an example, the theme of the webs site it self)? In this article I’m going to show you how to customize these error pages in a web server where you have access to cPanel. There are two methods to do this.

1st method:

Log in to cPanel. Then go to Advanced → Error pages . There you will find a list of various error pages that cPanel currently has. Click on any one of them and you will be directed to a page where you can customize the page using usual html syntaxes .

2nd method:

If you want to replace the error page with a page that you have already designed, the easiest way to do so is to upload it to the server and replace the relevant file. The relevant files for the error pages can be found in the public_html folder. These files have the .shtml extension. So make sure that you rename the .html file that you are uploading to the .shtml extension. Here are some names of the error pages.

  • 400.shtml : Bad request
  • 401.shtml : Authentication required
  • 403.shtml : Forbidden
  • 404.shtml : Page not found
  • 500.shtml : Internal server error

You will be able to find an example customized 404 page in http://ishans.info/wrongURL

Share Button