• 软件测试技术
  • 软件测试博客
  • 软件测试视频
  • 开源软件测试技术
  • 软件测试论坛
  • 软件测试沙龙
  • 软件测试资料下载
  • 软件测试杂志
  • 软件测试人才招聘
    暂时没有公告

字号: | 推荐给好友 上一篇 | 下一篇

security+ 4

发布: 2007-5-25 12:09 | 作者: 未知 | 来源: Blog.ChinaUnix.net | 查看: 29次 | 进入软件测试论坛讨论

领测软件测试网 still figuring.... lr%3D%26sa%3DN">

research on SPAM,

what is a spam? all i can say is that it's junk mail which you don't want to see hanging around in your mail box.

where did these people get my address? there's tones of chances where you could of left you're emaill on the web, like websites, chat rooms... spammers have special programs to detect email addresses like searching for the @ sign. these programs are called spambots. one of their common target would be the email servers of large hosting companies, where they can do a dictionary search from msn ,aol, or hotmail.

four major email encryption protocols : MOSS, PGP, PGP/MIME, and S/MIME.

3850 总结

1 smine which refers to 发送和接收安全的mime. 使用公匙前必须用x.509 public key infrastructure (PKIX) certificates 来确认它的真伪,smine agents 同时必须按照PKIX 和 KEYN 所描述的process 过程来完成certificate 的process.这种特性是与 cryptographic message syntax CMS 兼容的,并遗传了其中所有基於key管理的支持。

AC介绍,在一个 x.509公匙证书中可以含有两个509AC(even with same subject name and public key, 但要调整好之间overlap的合理性),每个 509AC 还可以邦定多个attributes。

definition of a certificate: binding an entity name with public key using a digital signature.

2 接受方验证签名时应display certificate information such as subject name and details. 并拒绝所有没有有digital signature or nonrepudiation bit set.

7 验证失败的几种可能:

no Internet mail addresses in a certificate matches the sender of
a message, if the certificate contains at least one mail address
no certificate chain leads to a trusted CA
no ability to check the CRL for a certificate
an invalid CRL was received
the CRL being checked is expired
the certificate is expired
the certificate has been revoked

Hash:

instead of decrypting the text, comparison for identification is used. 例如

MD message digest algoithm:3个版本,2,4,5。

md2, plaintext with a hashing of 128bits long. when messages are less then 128 bits, to still exceed the 128 bit length padding must be added to it. ***128bits long means 2的128次,3,402,823,669,209,384,634,633,746,074,300,000,000,000,000,000,000,000,000,000,000,000,000个可能性。***

md4, plaintext with a hasing of 128 bits, adding a padding to 512 bits length.

md5,same as md4 padding up to 512, also hash algorithm use a 4 variables of 32 bits each in a round robin fashion to create a value that is compressed to generate the hash. sth to notice here, the compressed which would cause a weakness.*snmp v2 uses md5*

SHA, secure hash algorithm: lies somewhere between md4 and 5. has a hash of 160 bits, padding less then 512 bits with 0s and an interger that describes the original length message, padding message then runs through the sha algorithm to produce the hash.

digital signatures: a public key that has been digitally signed by a recognized authority CA, for testing the the owner of the key is whom he say he is. it's like when i send a message to you, my certificate verifies that i actually am the person using my public keys. encrypting: hash value is encrypted by the senders private key, to encrypt the entire message you would have to use the receiver's public key. then combining the message and the digital signature for transmit.*note, sometimes not to encrypt the whole message for necessary prove of whome it came from*

example in details: a wants to send a message to b, a generates a hash value, encrypt it with a's private key and also the entire message with b's public key-----b then receives the message, decrypt the message with his public key, decrypt the digital signature with a's public key, then b runs the value with the decrypted digital signature, value match sender defined.

PGP for windows and GPG for win, unix, linux: statement, encrypt using PGP can be decrpyted using GPG, vice versa.

how it works: PGP and GPG use both asymmetric and symmetric cryptography. generat a randon symmetric key to encrypt the message, then the symmetric key is encrypted by the receiver's public key. receiver decrypt symmetric key using his private key then using the decrypt symmetric key to decrypt the rest of the message.

RSA algorithm:

a public key cryptosystem, provides both encryption and digital signatures. 假设 x and y, n=xy, n叫做modulus. kkkkk, 受不了了 i'm not a coder here.....

chain letters:chain letters contains a message consisting and inducing the 接受方复制很多份这封信并继续遗传给新的接受者。

email hoax: deliberate email messages warning about fauls viruses. a suggestion to remove an important file or send the false warning to everyone in your emaili address book.

twofishkey两条鱼: 128 bit block cipher.offical algorithm uses 16 rounds, but it can be used with less rounds. best way to do is key of 256 bit and full 16 rounds.

advanced encryption standard AES= block cipher, block cipher is a typr of symmetric key. plaintext--- using key and block cipher encryption--- gives us ciphertext. AES taking over the DES data encryption standard.128 bits fixed block size, key size 128 ,192,256 bits.

a number 239, hash it and give it to a user, when verfying that user, the user presents the number 239 and the unique hash given to her, the system then takes the 239 and hash again, comparing the hash results with the hash she provided. (provides integrity)

3 双方都不应用PKCS #6 extended certificates. 发送方不应该用version 1 attribute certificates.

4 通常incoming cert and crls 会被cached 为了以后的重申请认证,但为临时的cache.

5 对於associated certificates, 可能会含有别的形式,这些形式不应被标识为critical.

6 如果key usage没有细节,接受方必须假定digital signature and nonrepudiation bits are set.

延伸阅读

文章来源于领测软件测试网 https://www.ltesting.net/


关于领测软件测试网 | 领测软件测试网合作伙伴 | 广告服务 | 投稿指南 | 联系我们 | 网站地图 | 友情链接
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备10010545号-5
技术支持和业务联系:info@testage.com.cn 电话:010-51297073

软件测试 | 领测国际ISTQBISTQB官网TMMiTMMi认证国际软件测试工程师认证领测软件测试网