INVITATION TO CYBERSECURITY 170 then the public key in the certificate can be trusted as genuine. The man-in-the-middle attack outlined above worked because Alice did not demand a public key certificate from Bob. If she had, Mallory would not have been able to impersonate Bob because she would not have been able to obtain a valid certificate binding her public key (Mallory’s) to Bob’s identity. Mallory could get a certificate binding her public key to her own identity, but if she sent that certificate to Alice, then Alice could easily verify that it was not Bob’s public key. On the other hand, if Mallory sent Bob’s actual public key certificate to Alice, then Alice would accept it as valid, and use the public key on the certificate to encrypt her message. But this would foil Mallory’s attack because she would not be able to decrypt the return message since she does not have access to Bob’s private key. 7.2.2.4 RSA and Quantum Computing As alluded to in Chapter 2, quantum computing algorithms have been devised that on paper will break RSA. In other words, a person in possession of a quantum computer would be able to read any text encrypted with RSA and would be able to fraudulently sign messages. This poses a serious risk to the Internet as we know it. Because no quantum computers yet exist, it is not certain that these algorithms will work. It is also not certain that a quantum computer big enough to perform these calculations will ever be built, but because the potential exists, at the time of this writing research is ongoing into quantum-resistant cryptography. The hope is that new algorithms will be implemented that have the same security properties as RSA, but that will not be vulnerable to the threat of quantum computers. 7.2.3 Cryptographic Hashing Symmetric and public key cryptography are concerned with preserving confidentiality in cyberspace—keeping secret information secret. Data integrity—preventing, or at least detecting, the unauthorized writing of data—is achieved through a closely related technique called cryptographic hashing. Cryptographic hashing is a form of cryptography that creates digital fingerprints for data objects. The data object could be anything including a simple text string, a document, an executable, a hard drive—any digital information whatsoever. Hash functions take data as input and output a hash of the data. A hash is a short, fixed-length binary string that uniquely represents a data object. Hash functions are deterministic: they always produce the same hash given the same input data. Table 7.9 shows multiple different hash function outputs for the data input string attack at dawn. Since the early 2000s, SHA-256 (Secure Hashing Algorithm 2 - 256 bit output) has been the standard recommended hash function in the United States.
RkJQdWJsaXNoZXIy MTM4ODY=