Using Encryption and Authentication Correctly (for PHP …

“Encryption is not authentication” is common wisdom among cryptography experts, but it is only rarely whispered among developers whom aren’t also cryptography experts. This is unfortunate; a lot of design mistakes could be avoided if this information were more widely known and deeply understood. (These mistakes are painfully common in home-grown PHP cryptography classes and functions, as many of the posts on Crypto Fails demonstrates.)

The concept itself is not difficult, but there is a rich supply of detail and nuance to be found beneath the surface.

Encryption is the process of rendering a message such that it becomes unreadable without possessing the correct key. In the simple case of symmetric cryptography, the same key is used for encryption as is used for decryption. In asymmetric cryptography, it is possible to encrypt a message with a user’s public key such that only possessing their private key can read it. Our white paper on PHP cryptography covers anonymous public-key encryption.

Authentication is the process of rendering a message tamper-resistant (typically within a certain very low probability, typically less than 1 divided by the number of particles in the known universe) while also proving it originated from the expected sender.

Note: When we say authenticity, we mean specifically message authenticity, not identity authenticity. That is a PKI and key management problem, which we may address in a future blog post.

In respect to the CIA triad: Encryption provides confidentiality. Authentication provides integrity.

Encryption does not provide integrity; a tampered message can (usually) still decrypt, but the result will usually be garbage. Encryption alone also does not inhibit malicious third parties from sending encrypted messages.

Authentication does not provide confidentiality; it is possible to provide tamper-resistance to a plaintext message.

A common mistake among programmers is to confuse the two. It is not uncommon to find a PHP library or framework that encrypts cookie data and then trusts it wholesale after merely decrypting it.

Message encryption without message authentication is a bad idea. Cryptography expert Moxie Marlinspike wrote about why message authentication matters (as well as the correct order of operations) in what he dubbed, The Cryptographic Doom Principle.

We previously defined encryption and specified that it provides confidentiality but not integrity or authenticity. You can tamper with an encrypted message and give the recipient garbage. But what if you could use this garbage-generating mechanism to bypass a security control? Consider the case of encrypted cookies.

The above code provides AES encryption in Cipher-Block-Chaining mode. If you pass a 32-byte string for $key, you can even claim to provide 256-bit AES encryption for your cookies and people might be misled into believing it’s secure.

Let’s say that, after logging into this application, you see that you receive a session cookie that looks like kHv9PAlStPZaZJHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==.

Let’s change a byte in the first block (the initialization vector) and iteratively sending our new cookie until something changes. It should take a total of 4096 HTTP requests to attempt all possible one-byte changes to the IV. In our example above, after 2405 requests, we get a string that looks like this: kHv9PAlStPZaZZHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==

For comparison, only one character differs in the base64-encoded cookie (kHv9PAlStPZaZJ vs kHv9PAlStPZaZZ):

The original data we stored in this cookie was an array that looked like this:

But after merely altering a single byte in the initialization vector, we were able to rewrite our message to read:

Depending on how the underlying app is set up, you might be able to flip one bit and become and administrator. Even though your cookies are encrypted.

If you would like to reproduce our results, our encryption key was 000102030405060708090a0b0c0d0e0f (convert from hexadecimal to raw binary).

As stated above, authentication aims to provide both integrity (by which we mean significant tamper-resistance) to a message, while proving that it came from the expected source (authenticity). The typical way this is done is to calculate a keyed-Hash Message Authentication Code (HMAC for short) for the message and concatenate it with the message.

It is important that an appropriate cryptographic tool such as HMAC is used here and not just a simple hash function.

These two functions are prefixed with unsafe because they are vulnerable to a number of flaws:

To authenticate a message, you always want some sort of keyed Message Authentication Code rather than just a hash with a key.

Using a hash without a key is even worse. While a hash function can provide simple message integrity, any attacker can calculate a simple checksum or non-keyed hash of their forged message. Well-designed MACs require the attacker to know the authentication key to forge a message.

Simple integrity without authenticity (e.g. a checksum or a simple unkeyed hash) is insufficient for providing secure communications.

In cryptography, if a message is not authenticated, it offers no integrity guarantees either. Message Authentication gives you Message Integrity for free.

The only surefire way to prevent bit-rewriting attacks is to make sure that, after encrypting your information, you authenticate the encrypted message. This detail is very important! Encrypt then authenticate. Verify before decryption.

Let’s revisit our encrypted cookie example, but make it a little safer. Let’s also switch to CTR mode, in accordance with industry recommended best practices. Note that the encryption key and authentication key are different.

Now we’re a little closer to our goal of robust symmetric authenticated encryption. There are still a few more questions left to answer, such as:

Fortunately, these questions are already answered in existing cryptography libraries. We highly recommend using an existing library instead of writing your own encryption features. For PHP developers, you should use defuse/php-encryption (or libsodium if it’s available for you). If you still believe you should write your own, consider using openssl, not mcrypt.

Note: There is a narrow band of use-cases where authenticated encryption is either impractical (e.g. software-driven full disk encryption) or unnecessary (i.e. the data is never sent over the network, even by folder synchronization services such as Dropbox). If you suspect your problems or goals permit unauthenticated ciphertext, consult a professional cryptographer, because this is not a typical use-case.

If you wish to implement encrypted cookies in one of your projects, check out Halite. It has a cookie class dedicated to this use case.

If you want to reinvent this wheel yourself, you can always do something like this:

For developers without access to libsodium (i.e. you aren’t allowed to install PHP extensions through PECL in production), one of our blog readers offered an example secure cookie implementation that uses defuse/php-encryption (the PHP library we recommend).

In our previous examples, we focused on building the encryption and authentication as separate components that must be used with care to avoid cryptographic doom. Specifically, we focused on AES in Cipher Block-Chaining mode (and more recently in Counter mode).

However, cryptographers have developed newer, more resilient modes of encryption that encrypt and authenticate a message in the same operation. These modes are called AEAD modes (Authenticated Encryption with Associated Data). Associated Data means whatever your application needs to authenticate, but not to encrypt.

AEAD modes are typically intended for stateful purposes, e.g. network communications where a nonce can be managed easily.

Two reliable implementations of AEAD are AES-GCM and ChaCha20-Poly1305.

In a few years, we anticipate the CAESAR competition will produce a next-generation authenticated encryption mode that we can recommend over these two.

And most importantly: Use a library with a proven record of resilience under the scrutiny of cryptography experts rather than hacking something together on your own. You’ll be much better off for it.

Read the original here:
Using Encryption and Authentication Correctly (for PHP …

File Upload field – Cognito Forms Support

A File Upload field allows users to upload files (such as PDFs and images) along with their form submission. Once an entry has been submitted, you can select the file in the entry information to view it. You can also click the download icon to download the file directly.

You can enable data encryption on your form to ensure that uploaded files are encrypted at rest.

The label will display as the title of the field or the question that is being asked on the form. You can select the icon on the right to hide the label on the form.

The types of files that can be uploaded can be restricted. For example, if you want to restrict your users to only upload PDFs, simply type in PDF. Multiple file extensions can be added, but must be separated by a comma.

The default restrictions are executable files, including: action, apk, app, bat, bin, cmd, com, command, cpl, csh, dll, exe, gadget, inf1, ins, inx, ipa, isu, job, js, jse, ksh, lnk, msc, msi, msp, mst, osx, out, paf, pif, prg, ps1, reg, rgs, run, sct, shb, shs, u3p, vb, vbe, vbs, vbscript, workflow, ws, and wsf.

100MB is the maximum size allowed for a single uploaded file.

The maximum file size can also be specified. In email notifications and confirmations, the limit for file attachments is a total of 17MB. If a file exceeds this amount, you will need to log in to your Cognito Forms account in order to view or download it.

The maximum number of files can be restricted. You cannot upload more than 20 files in a single upload field, which is the default limit.

Help text can be used to assist the user by providing additional instructions. Help text will display directly under the field.

By default, fields will always display on the form. However, you may want to hide specific fields or sections based on certain conditions such as a selected value of another field on the form.

Never Field will never display.

Requiring a field will make sure the user provides a response. When a field is required, an error message will display, and the form cannot be submitted until a value has been added to the field. Required fields are indicated by a red asterisk next to the label. By default, fields are never required.

Always Field is always required. User must provide a response in order to submit the form.

When Field is required only when specific conditions are met. After selecting this option, the Conditional Logic Builder dialog will display allowing you to select when the field is required.

Never Field is not required. This is the default behavior.

You can set a custom error message that will display under your field when specified conditions become true. The conditional logic builder will allow you to add any number of rules for validating your field. Learn more about the custom error option.

Continued here:
File Upload field – Cognito Forms Support

Data security – Cognito Forms Support

At Cognito Forms, were concerned about your privacy and the security of your form data. Below are the measures we take to ensure that your data is safe:

Cognito Forms uses TLS 1.2/SSL encryption and is always accessed over HTTPS 100% of the time for all users.

Cognito Forms is hosted securely on the Microsoft Azure cloud platform, which is PCI (DSS) Level 1 and HIPAA compliant. We also have a HIPAA BAA with Microsoft.

Cognito Forms is HIPAA compliant, and offers a business associate agreement for organizations seeking to securely communicate with patients via registration forms, appointment scheduling, refill requests, etc.

Access to our production environment is limited to select operations security staff, requiring two-factor authentication to deploy updates or access a secure system for limited troubleshooting.

We do not look at entry data for our customers unless requested to through an official support request. The details of our concern over data privacy are detailed in our Privacy Policy.

Customer data is carefully segregated at the lowest architectural level in Cognito Forms to ensure that data for one organization cannot be accessed by another.

We partner with PayPal, Stripe, and Square for credit card processing so that secure payment information is never transmitted or stored by Cognito Forms. We also take measures to prevent malicious scripts on sites we are embedded in from stealing this information.

The Cognito Forms architecture is unique and highly specialized for massive scale while maintaining data isolation. It does not use transitional databases and is not vulnerable to SQL injection attacks.

Production access credentials for storage and encryption tokens used to encrypt sensitive organization data are stored in an Azure credential store and are not stored within our own development environments.

All text data stored by Cognito Forms is sanitized to prevent JavaScript injection attacks, which someone might attempt to leverage by submitting JavaScript as entry data to maliciously access other entry data by compromising our customers browsers when managing entries.

Sensitive data, such as Social Security numbers and other personally identifiable information, is required to be encrypted at rest using 256-bit AES encryption. It must also be protected so that it is never emailed or otherwise transmitted in an insecure way. Any field type can be encrypted and/or protected, including uploaded files and sections.

We know that there are evolving threats to data security, and we will continue to refine our processes to ensure the safety of our customers data in Cognito Forms.

Go here to read the rest:
Data security – Cognito Forms Support

The Best Encryption Software of 2018 | PCMag.com

Encrypt Everything!

Did you ever pass secret, coded messages as a kid? There’s a certain thrill in knowing that nobody else can read your communication, even if the content is as banal as “Johnny love Jane.” That’s just fun, but when the content is significant, like a contract or a patent application, keeping unauthorized types from seeing it is essential. That’s where encryption comes in. When you keep all your sensitive documents encrypted, they’re inaccessible to hackers and snoops. To share those documents with the right people, you simply supply them the decryption password. Just which encryption product is best for you depends on your needs, so we’ve rounded up a varied collection of encryption products to help you choose.

In this roundup, I’m specifically looking at products that encrypt files, not at whole-disk solutions like Microsoft’s Bitlocker. Whole-disk encryption is an effective line of defense for a single device, but it doesn’t help when you need to share encrypted data.

You can use a Virtual Private Network, or VPN, to encrypt your own internet traffic. From your PC to the VPN company’s server, all your data is encrypted, and that’s a great thing. However, unless you’re connected to a secure HTTPS website, your traffic is not encrypted between the VPN server and the site. And of course the VPN’s encryption doesn’t just magically rub off on files you share. Using a VPN is a great way to protect your internet traffic when you’re traveling, but it’s not a solution for encrypting your local files.

When the FBI needed information from the San Bernardino shooter’s iPhone, they asked Apple for a back door to get past the encryption. But no such back door existed, and Apple refused to create one. The FBI had to hire hackers to get into the phone.

Why wouldn’t Apple help? Because the moment a back door or similar hack exists, it becomes a target, a prize for the bad guys. It will leak sooner or later. In a talk at Black Hat this past summer, Apple’s Ivan Krstic revealed that the company has done something similar in their cryptographic servers. Once the fleet of servers is up and running, they physically destroy the keys that would permit modification. Apple can’t update them, but the bad guys can’t get in either.

All of the products in this roundup explicitly state that they have no back door, and that’s as it should be. It does mean that if you encrypt an essential document and then forget the encryption password, you’ve lost it for good.

Back in the day, if you wanted to keep a document secret you could use a cipher to encrypt it and then burn the original. Or you could lock it up in a safe. The two main approaches in encryption utilities parallel these options.

One type of product simply processes files and folders, turning them into impenetrable encrypted versions of themselves. The other creates a virtual disk drive that, when open, acts like any other drive on your system. When you lock the virtual drive, all of the files you put into it are completely inaccessible.

Similar to the virtual drive solution, some products store your encrypted data in the cloud. This approach requires extreme care, obviously. Encrypted data in the cloud has a much bigger attack surface than encrypted data on your own PC.

Which is better? It really depends on how you plan to use encryption. If you’re not sure, take advantage of the 30-day free trial offered by each of these products to get a feel for the different options.

After you copy a file into secure storage, or create an encrypted version of it, you absolutely need to wipe the unencrypted original. Just deleting it isn’t sufficient, even if you bypass the Recycle Bin, because the data still exists on disk, and data recovery utilities can often get it back.

Some encryption products avoid this problem by encrypting the file in place, literally overwriting it on disk with an encrypted version. It’s more common, though, to offer secure deletion as an option. If you choose a product that lacks this feature, you should find a free secure deletion tool to use along with it.

Overwriting data before deletion is sufficient to balk software-based recovery tools. Hardware-based forensic recovery works because the magnetic recording of data on a hard drive isn’t actually digital. It’s more of a waveform. In simple terms, the process involves nulling out the known data and reading around the edges of what’s left. If you really think someone (the feds?) might use this technique to recover your incriminating files, you can set your secure deletion tool to make more passes, overwriting the data beyond what even these techniques can recover.

An encryption algorithm is like a black box. Dump a document, image, or other file into it, and you get back what seems like gibberish. Run that gibberish back through the box, with the same password, and you get back the original.

The U.S. government has settled on Advanced Encryption Standard (AES) as a standard, and all of the products gathered here support AES. Even those that support other algorithms tend to recommend using AES.

If you’re an encryption expert, you may prefer another algorithm, Blowfish, perhaps, or the Soviet government’s GOST. For the average user, however, AES is just fine.

Passwords are important, and you have to keep them secret, right? Well, not when you use Public Key Infrastructure (PKI) cryptography.

With PKI, you get two keys. One is public; you can share it with anyone, register it in a key exchange, tattoo it on your foreheadwhatever you like. The other is private, and should be closely guarded. If I want to send you a secret document, I simply encrypt it with your public key. When you receive it, your private key decrypts it. Simple!

Using this system in reverse, you can create a digital signature that proves your document came from you and hasn’t been modified. How? Just encrypt it with your private key. The fact that your public key decrypts it is all the proof you need. PKI support is less common than support for traditional symmetric algorithms.

If you want to share a file with someone and your encryption tool doesn’t support PKI, there are other options for sharing. Many products allow creation of a self-decrypting executable file. You may also find that the recipient can use a free, decryption-only tool.

Right now there are three Editors’ Choice products in the consumer-accessible encryption field. The first is the easiest to use of the bunch, the next is the most secure, and the third is the most comprehensive.

AxCrypt Premium has a sleek, modern look, and when it’s active you’ll hardly notice it. Files in its Secured Folders get encrypted automatically when you sign out, and it’s one of the few that support public key cryptography.

CertainSafe Digital Safety Deposit Box goes through a multistage security handshake that authenticates you to the site and authenticates the site to you. Your files are encrypted, split into chunks, and tokenized. Then each chunk gets stored on a different server. A hacker who breached one server would get nothing useful.

Folder Lock can either encrypt files or simply lock them so nobody can access them. It also offers encrypted lockers for secure storage. Among its many other features are file shredding, free space shredding, secure online backup, and self-decrypting files.

The other products here also have their merits, too, of course. Read the capsules below and then click through to the full reviews to decide which one you’ll use to protect your files. Have an opinion on one of the apps reviewed here, or a favorite tool we didn’t mention? Let us know in the comments.

Pros: MicroEncryption renders bulk data breach of cloud-stored files impossible. Logon handshake authenticates both user and server. Can share files with guests or other users. Retains previous versions of modified files. Secure chat.

Cons: If you forget password or security answers, you lose all access. Can only share entire folders, not files.

Bottom Line: When backing up your sensitive files to the cloud, CertainSafe Digital Safety Deposit Box emphasizes security over all else, but it doesn’t sacrifice ease of use.

Pros: Encrypted lockers protect files and folders. Secure online backup. Can lock files and folders, making them invisible. File shredding. Free space shredding. Self-decrypting files. Many useful bonus features.

Cons: Product serial number stands in for master password by default. Locked files are not encrypted. Secure backup requires separate subscription.

Bottom Line: Folder Lock can lock access to files for quick, easy protection, and also keep them in encrypted lockers for serious protection. It combines a wide range of features with a bright, easy-to-use interface.

Pros: Very easy to use. Handles editing encrypted files. Secure sharing using public key cryptography. Secure file deletion. Generates memorable passwords. Secure online password storage.

Cons: Can be risky if you don’t ensure local security of your PC.

Bottom Line: AxCrypt Premium makes encryption simple enough for any user, and even offers public key cryptography for secure sharing of encrypted files.

Pros: Offers 17 encryption algorithms. Supports PKI. Secure deletion. Password generator. Encrypts text to/from the clipboard. Command-line operation.

Cons: Awkward, dated user interface. Password generator doesn’t work well. Some features described in Help system are absent.

Bottom Line: InterCrypto’s Advanced Encryption Package is by far the most feature-rich encryption tool we’ve tested. But its awkward and dated interface make it one that should be reserved for experts.

Pros: Easy to encrypt file just by moving them into a secure volume. Password quality meter. Can share volumes. Mobile edition. Can encrypt files and folders for email.

Cons: Secure deletion doesn’t handle unencrypted originals. Complicated creation of secure volumes, especially after the first. Expensive for what it does.

Bottom Line: Cypherix Cryptainer PE creates encrypted volumes for storing your sensitive files. Lock the volume and nobody can access the files. It does the job, but it’s relatively expensive.

Pros: Encrypts files and folders with optional compression. Includes secure deletion. Straightforward user interface. Self-decrypting EXE option.

Cons: No filename encryption. Lacks advanced features.

Bottom Line: Cypherix SecureIT handles the basic task of encrypting and decrypting files and folders in a workmanlike fashion, but it lacks advanced features offered by the competition.

Pros: Can use one to four encryption algorithms. Simple, context-menu-based operation. Can keep passphrase in memory. Secure deletion. Text encryption. Filename encryption.

Cons: Passphrase memory can be a security risk for the careless. Fewer features than some competitors.

Bottom Line: CryptoForge offers a simple, context-menu-based approach to encryption and secure deletion, and it also handles text-only encryption. It’s a fine choice for keeping your files safe.

Pros: Creates secure storage for sensitive files. Easy to use. Two-factor authentication.

Cons: Lacks secure deletion. Displayed some odd error messages in testing.

Bottom Line: Any file you drop into InterCrypto CryptoExpert 8’s secure storage vaults gets encrypted when you lock the vault. It’s easy to use, but it lacks some features and we found some confusing errors in our testing.

Pros: Many options for hiding encrypted files. Easy to use. Two-factor authentication. Can hide existence of containers. Comprehensive secure-deletion file shredder. Trace remover. Price includes five licenses.

Cons: Combination of hidden container and two-factor authentication can destroy data. Portable encrypted containers only portable on systems with Steganos installed.

Bottom Line: Steganos Safe creates secure encrypted storage for your sensitive files. It’s very easy to use, and it offers some unique options for maintaining privacy and secrecy.

More here:
The Best Encryption Software of 2018 | PCMag.com

New EBS Encryption for Additional Data Protection | AWS …

We take data protection very seriously! Over the years we have added a number of security and encryption features to various parts of AWS. We protect data at rest with Server Side Encryption for Amazon S3 and Amazon Glacier, multiple tiers of encryption for Amazon Redshift, and Transparent Data Encryption for Oracle and SQL Server databases via Amazon RDS. We protect data in motion with extensive support for SSL/TLS in CloudFront, Amazon RDS, and Elastic Load Balancing.

Today we are giving you yet another option, with support for encryption of EBS data volumes and the associated snapshots. You can now encrypt data stored on an EBS volume at rest and in motion by setting a single option. When you create an encrypted EBS volume and attach it to a supported instance type, data on the volume, disk I/O, and snapshots created from the volume are all encrypted. The encryption occurs on the servers that host the EC2 instances, providing encryption of data as it moves between EC2 instances and EBS storage.

Enabling EncryptionYou can enable EBS encryption when you create a new volume:

You can see the encryption state of each of your volumes from the console:

Important DetailsAdding encryption to a provisioned IOPS (PIOPS) volume will not affect the provisioned performance. Encryption has a minimal effect on I/O latency.

The snapshots that you take of an encrypted EBS volume are also encrypted and can be moved between AWS Regions as needed. You cannot share encrypted snapshots with other AWS accounts and you cannot make them public.

As I mentioned earlier, your data is encrypted before it leaves the EC2 instance. In order to be able to do this efficiently and with low latency, the EBS encryption feature is only available on EC2s M3, C3, R3, CR1, G2, and I2 instances. You cannot attach an encrypted EBS volume to other instance types.

Also, you cannot enable encryption for an existing EBS volume. Instead, you must create a new, encrypted volume and copy the data from the old one to the new one using the file manipulation tool of your choice. Rsync (Linux) and Robocopy (Windows) are two good options, but there are many others.

Each newly created volume gets a unique 256-bit AES key; volumes created from encrypted snapshots share the key. You do not need to manage the encryption keys because they are protected by our own key management infrastructure, which implements strong logical and physical security controls to prevent unauthorized access. Your data and associated keys are encrypted using the industry-standard AES-256 algorithm.

Encrypt NowEBS encryption is available now in all eight of the commercial AWS Regions and you can start using it today! There is no charge for encryption and it does not affect the published EBS Service Level Agreement (SLA) for availability.

Jeff;

See original here:
New EBS Encryption for Additional Data Protection | AWS …

Best Encryption Software 2018 – Encrypt Files on Windows PCs

How much does encryption software cost?

Most encryption software costs about $40 and can be used on multiple devices. If it only comes with one user license, look to see if it includes self-extracting files. This allows you to send encrypted files to another user or to yourself through email and open it on another device that doesnt have the same program installed on it. Usually this is done by providing the receiver with a password that unlocks and decrypts the file.

Key Features of Encryption Software

Version CompatibilityIf your computer runs an older version of Windows, such as Vista or XP, make sure the encryption program supports your operating system. On the flip side, you need to make sure you choose software that has changed with the times and supports the latest versions of Windows, including 8 and 10.

While all the programs we tested are compatible with every version of Windows, we feel thatSensiGuardis a good choice for older computers because it only has the most essential tools and wont bog down your old PC. Plus, it is easy to move to a new computer if you choose to upgrade. However, it takes a while to encrypt and decrypt files.

If you have a Mac computer, you need a program that is designed specifically for that operating system none of the programs we tested are compatible with both Windows and Mac machines. We believe Concealer is the best option for Macs, but Espionage 3 is also a good choice.

Mac encryption software doesnt have as many extra security features as Windows programs. They typically lack virtual keyboards, self-extracting file creators and password recovery tools. Mac programs also take a lot more time to secure files compared to Windows software.

SecurityEncryption software uses different types of ciphers to scramble your data, and each has its own benefits. Advanced Encryption Standard, or 256-bit key AES, is used by the U.S. government, including the National Security Agency (NSA), and is one of the strongest ciphers available. It scrambles each bit of information. Blowfish and its newer version, Twofish, are encryption algorithms that use block ciphers they scramble blocks of text or several bits of information at once rather than one bit at a time.

The main differences between these algorithms are performance and speed, and the average user wont notice the difference. Blowfish and Twofish cant encrypt large files, so if you need to secure gigabytes of data, use AES encryption. Blowfish and Twofish algorithms are considered practically unbreakable, though given enough time and computing power, both could theoretically be broken.

AES has long been recognized as the superior algorithm and is required for financial institutions, schools, government agencies and healthcare facilities that deal with sensitive personal information. Because of this we preferred programs that use it and ensured these were included in our final choice of the best encryption software.

Read the original:
Best Encryption Software 2018 – Encrypt Files on Windows PCs

What Is Encryption, and How Does It Work?

Encryption has a long history dating back to when the ancient Greeks and Romans sent secret messages by substituting letters only decipherable with a secret key. Join us for a quick history lesson and learn more about how encryption works.

In todays edition of HTG Explains, well give you a brief history of encryption, how it works, and some examples of different types of encryptionmake sure you also check out the previous edition, where we explained why so many geeks hate Internet Explorer.

Image by xkcd, obviously.

The ancient Greeks used a tool called a Scytale to help encrypt their messages more quickly using a transposition cipherthey would simply wrap the strip of parchment around the cylinder, write out the message, and then when unwound wouldnt make sense.

This encryption method could be fairly easily broken, of course, but its one of the first examples of encryption actually being used in the real world.

Julius Caesar used a somewhat similar method during his time by shifting each letter of the alphabet to the right or left by a number of positionsan encryption technique known as Caesars cipher. For instance, using the example cipher below youd write GEEK as JHHN.

Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZCipher: DEFGHIJKLMNOPQRSTUVWXYZABC

Since only the intended recipient of the message knew the cipher, it would be difficult for the next person to decode the message, which would appear as gibberish, but the person that had the cipher could easily decode and read it.

Other simple encryption ciphers like the Polybius square used a polyalphabetic cipher that listed each letter with the corresponding numeric positions across the top and side to tell where the position of the letter was.

Using a table like the one above you would write the letter G as 23, or GEEK as 23 31 31 43.

Enigma Machine

During World War II, the Germans used the Enigma machine to pass encrypted transmissions back and forth, which took years before the Polish were able to crack the messages, and give the solution to the Allied forces, which was instrumental to their victory.

Lets face it: modern encryption techniques can be an extremely boring subject, so instead of just explaining them with words, weve put together a comic strip that talks about the history of encryption, inspired by Jeff Mosers stick figure guide to AES. Note: clearly we cannot convey everything about encryptions history in a comic strip.

Back in those days, people do not have a good encryption method to secure their electronic communication.

Lucifer was the name given to several of the earliest civilian block ciphers, developed by Horst Feistel and his colleagues at IBM.

The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally.

Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s: examples include RC5, Blowfish, IDEA, NewDES, SAFER, CAST5 and FEAL

The Rijndael encryption algorithm was adopted by the US Government as standard symmetric-key encryption, or Advanced Encryption Standard (AES). AES was announced by National Institute of Standards and Technology (NIST) as U.S. FIPS PUB 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before Rijndael was selected as the most suitable encryption algorithm.

Many encryption algorithms exist, and they are all suited to different purposesthe two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.

As a good example of the speed difference between different types of encryption, you can use the benchmarking utility built into TrueCrypts volume creation wizardas you can see, AES is by far the fastest type of strong encryption.

There are both slower and faster encryption methods, and they are all suited for different purposes. If youre simply trying to decrypt a tiny piece of data every so often, you can afford to use the strongest possible encryption, or even encrypt it twice with different types of encryption. If you require speed, youd probably want to go with AES.

For more on benchmarking different types of encryption, check out a report from Washington University of St. Louis, where they did a ton of testing on different routines, and explained it all in a very geeky write-up.

All the fancy encryption algorithm that we have talked about earlier are mostly used for two different types of encryption:

To explain this concept, well use the postal service metaphor described in Wikipedia to understand how symmetric key algorithms works.

Alice puts her secret message in a box, and locks the box using a padlock to which she has a key. She then sends the box to Bob through regular mail. When Bob receives the box, he uses an identical copy of Alices key (which he has somehow obtained previously, maybe by a face-to-face meeting) to open the box, and read the message. Bob can then use the same padlock to send his secret reply.

Symmetric-key algorithms can be divided into stream ciphers and block ciphersstream ciphers encrypt the bits of the message one at a time, and block ciphers take a number of bits, often in blocks of 64 bits at a time, and encrypt them as a single unit. Theres a lot of different algorithms you can choose fromthe more popular and well-respected symmetric algorithms include Twofish, Serpent, AES (Rijndael), Blowfish, CAST5, RC4, TDES, and IDEA.

In an asymmetric key system, Bob and Alice have separate padlocks, instead of the single padlock with multiple keys from the symmetric example. Note: this is, of course, a greatly oversimplified example of how it really works, which is much more complicated, but youll get the general idea.

First, Alice asks Bob to send his open padlock to her through regular mail, keeping his key to himself. When Alice receives it she uses it to lock a box containing her message, and sends the locked box to Bob. Bob can then unlock the box with his key and read the message from Alice. To reply, Bob must similarly get Alices open padlock to lock the box before sending it back to her.

The critical advantage in an asymmetric key system is that Bob and Alice never need to send a copy of their keys to each other. This prevents a third party (perhaps, in the example, a corrupt postal worker) from copying a key while it is in transit, allowing said third party to spy on all future messages sent between Alice and Bob. In addition, if Bob were careless and allowed someone else to copy his key, Alices messages to Bob would be compromised, but Alices messages to other people would remain secret, since the other people would be providing different padlocks for Alice to use.

Asymmetric encryption uses different keys for encryption and decryption. The message recipient creates a private key and a public key. The public key is distributed among the message senders and they use the public key to encrypt the message. The recipient uses their private key any encrypted messages that have been encrypted using the recipients public key.

Theres one major benefit to doing encryption this way compare to symmetric encryption. We never need to send anything secret (like our encryption key or password) over an insecure channel. Your public key goes out to the worldits not secret and it doesnt need to be. Your private key can stay snug and cozy on your personal computer, where you generated itit never has to be e-mailed anywhere, or read by attackers.

For many years, the SSL (Secure Sockets Layer) protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.

SSL itself is conceptually quite simple. It begins when the browser requests a secure page (usually https://)

The web server sends its public key with its certificate.The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid and that the certificate is related to the site contacted.The browser then uses the public key, to encrypt a random symmetric encryption key and sends it to the server with the encrypted URL required as well as other encrypted http data.The web server decrypts the symmetric encryption key using its private key and uses the browsers symmetric key to decrypt its URL and http data.The web server sends back the requested html document and http data encrypted with the browsers symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.

And now you can securely buy that eBay item you really didnt need.

If you made it this far, were at the end of our long journey to understanding encryption and a little bit of how it worksstarting from the early days of encryption with the Greeks and Romans, the rise of Lucifer, and finally how SSL uses asymmetric and symmetric encryption to help you buy that fluffy pink bunny on eBay.

Were big fans of encryption here at How-To Geek, and weve covered a lot of different ways to do things like:

Of course encryption is far too complicated a topic to really explain everything. Did we miss something important? Feel free to lay some knowledge on your fellow readers in the comments.

View original post here:
What Is Encryption, and How Does It Work?

End-to-end encryption – Wikipedia

End-to-end encryption (E2EE) is a system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers including telecom providers, Internet providers, and even the provider of the communication service from being able to access the cryptographic keys needed to decrypt the conversation.[1] The systems are designed to defeat any attempts at surveillance or tampering because no third parties can decipher the data being communicated or stored. For example, companies that use end-to-end encryption are unable to hand over texts of their customers’ messages to the authorities.[2]

In an E2EE system, encryption keys must only be known to the communicating parties. To achieve this goal, E2EE systems can encrypt data using a pre-arranged string of symbols, called a pre-shared secret (PGP), or a one-time secret derived from such a pre-shared secret (DUKPT). They can also negotiate a secret key on the spot using Diffie-Hellman key exchange (OTR).[3]

As of 2016, typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee the protection of communications between clients and servers, meaning that users have to trust the third parties who are running the servers with the original texts. End-to-end encryption is regarded as safer because it reduces the number of parties who might be able to interfere or break the encryption.[4] In the case of instant messaging, users may use a third-party client to implement an end-to-end encryption scheme over an otherwise non-E2EE protocol.[5]

Some non-E2EE systems, such as Lavabit and Hushmail, have described themselves as offering “end-to-end” encryption when they did not.[6] Other systems, such as Telegram and Google Allo, have been criticized for not having end-to-end encryption, which they offer, enabled by default.[7][8]

Some encrypted backup and file sharing services provide client-side encryption. The encryption they offer is here not referred to as end-to-end encryption, because the services are not meant for sharing messages between users. However, the term “end-to-end encryption” is often used as a synonym for client-side encryption.[citation needed]

End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting his public key for the recipient’s), so that messages are encrypted with a key known to the attacker. After decrypting the message, the snoop can then encrypt it with a key that they share with the actual recipient, or their public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack.[1][9]

Most end-to-end encryption protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or a web of trust.[10] An alternative technique is to generate cryptographic hashes (fingerprints) based on the communicating users public keys or shared secret keys. The parties compare their fingerprints using an outside (out-of-band) communication channel that guarantees integrity and authenticity of communication (but not necessarily secrecy), before starting their conversation. If the fingerprints match, there is in theory, no man in the middle.[1]

When displayed for human inspection, fingerprints are usually encoded into hexadecimal strings. These strings are then formatted into groups of characters for readability. For example, a 128-bit MD5 fingerprint would be displayed as follows:

Some protocols display natural language representations of the hexadecimal blocks.[11] As the approach consists of a one-to-one mapping between fingerprint blocks and words, there is no loss in entropy. The protocol may choose to display words in the user’s native (system) language.[11] This can, however, make cross-language comparisons prone to errors.[12] In order to improve localization, some protocols have chosen to display fingerprints as base 10 strings instead of hexadecimal or natural language strings.[13][12] Modern messaging applications can also display fingerprints as QR codes that users can scan off each other’s devices.[13]

The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves. Each user’s computer can still be hacked to steal his or her cryptographic key (to create a MITM attack) or simply read the recipients decrypted messages both in real time and from log files. Even the most perfectly encrypted communication pipe is only as secure as the mailbox on the other end.[1] Major attempts to increase endpoint security have been to isolate key generation, storage and cryptographic operations to a smart card such as Google’s Project Vault.[14] However, since plaintext input and output are still visible to the host system, malware can monitor conversations in real time. A more robust approach is to isolate all sensitive data to a fully air gapped computer.[15] PGP has been recommended by experts for this purpose:

If I really had to trust my life to a piece of software, I would probably use something much less flashy GnuPG, maybe, running on an isolated computer locked in a basement.

However, as Bruce Schneier points out, Stuxnet developed by US and Israel successfully jumped air gap and reached Natanz nuclear plant’s network in Iran.[16] To deal with key exfiltration with malware, one approach is to split the Trusted Computing Base behind two unidirectionally connected computers that prevent either insertion of malware, or exfiltration of sensitive data with inserted malware.[17]

A backdoor is usually a secret method of bypassing normal authentication or encryption in a computer system, a product, or an embedded device, etc[18]. Companies may also willingly or unwillingly introduce backdoors to their software that help subvert key negotiation or bypass encryption altogether. In 2013, information leaked by Edward Snowden showed that Skype had a backdoor which allowed Microsoft to hand over their users’ messages to the NSA despite the fact that those messages were officially end-to-end encrypted.[19][20]

See more here:
End-to-end encryption – Wikipedia

AES encryption

AES encryption

Encrypt and decrypt text with AES algorithm

As you see this implementation is using openssl instead of mcrypt and the result of the encryption/decryption is not compatible with each other.The mcrypt function will be deprecated feature in PHP 7.1.x

It is a webtool to encrypt and decrypt text using AES encryption algorithm. You can chose 128, 192 or 256-bit long key size for encryption and decryption. The result of the process is downloadable in a text file.

If you want to encrypt a text put it in the white textarea above, set the key of the encryption then push the Encrypt button.The result of the encryption will appear in base64 encoded to prevent character encoding problems.If you want to decrypt a text be sure it is in base64 encoded and is encrypted with AES algorithm!Put the encrypted text in the white textarea, set the key and push the Decrypt button.

When you want to encrypt a confidential text into a decryptable format, for example when you need to send sensitive data in e-mail.The decryption of the encrypted text it is possible only if you know the right password.

AES (acronym of Advanced Encryption Standard) is a symmetric encryption algorithm.The algorithm was developed by two Belgian cryptographer Joan Daemen and Vincent Rijmen.AES was designed to be efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128, 192, and 256 bits.

AES encryption is used by U.S. for securing sensitive but unclassified material, so we can say it is enough secure.

Please fill out our survey to help us improving aesencryption.net.

We appreciate your feedback!

View post:
AES encryption

HTTPS – Wikipedia

HTTP Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network, and is widely used on the Internet.[1][2] In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS), or formerly, its predecessor, Secure Sockets Layer (SSL). The protocol is therefore also often referred to as HTTP over TLS,[3] or HTTP over SSL.

The principal motivation for HTTPS is authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication.[4] In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems.[citation needed] Since 2018[update][citation needed], HTTPS is used more often by webusers than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and keep user communications, identity, and web browsing private.

The Uniform Resource Identifier (URI) scheme HTTPS has identical usage syntax to the HTTP scheme. However, HTTPS signals the browser to use an added encryption layer of SSL/TLS to protect the traffic. SSL/TLS is especially suited for HTTP, since it can provide some protection even if only one side of the communication is authenticated. This is the case with HTTP transactions over the Internet, where typically only the server is authenticated (by the client examining the server’s certificate).

HTTPS creates a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety of the underlying HTTP protocol can be encrypted. This includes the request URL (which particular web page was requested), query parameters, headers, and cookies (which often contain identity information about the user). However, because host (website) addresses and port numbers are necessarily part of the underlying TCP/IP protocols, HTTPS cannot protect their disclosure. In practice this means that even on a correctly configured web server, eavesdroppers can infer the IP address and port number of the web server (sometimes even the domain name e.g. http://www.example.org, but not the rest of the URL) that one is communicating with, as well as the amount (data transferred) and duration (length of session) of the communication, though not the content of the communication.[4]

Web browsers know how to trust HTTPS websites based on certificate authorities that come pre-installed in their software. Certificate authorities (such as Let’s Encrypt, Digicert, Comodo, GoDaddy and GlobalSign) are in this way being trusted by web browser creators to provide valid certificates. Therefore, a user should trust an HTTPS connection to a website if and only if all of the following are true:

HTTPS is especially important over insecure networks (such as public Wi-Fi access points), as anyone on the same local network can packet-sniff and discover sensitive information not protected by HTTPS. Additionally, many free to use and paid WLAN networks engage in packet injection in order to serve their own ads on webpages. However, this can be exploited maliciously in many ways, such as injecting malware onto webpages and stealing users’ private information.[5]

HTTPS is also very important for connections over the Tor anonymity network, as malicious Tor nodes can damage or alter the contents passing through them in an insecure fashion and inject malware into the connection. This is one reason why the Electronic Frontier Foundation and the Tor project started the development of HTTPS Everywhere,[4] which is included in the Tor Browser Bundle.[6]

As more information is revealed about global mass surveillance and criminals stealing personal information, the use of HTTPS security on all websites is becoming increasingly important regardless of the type of Internet connection being used.[7][8] While metadata about individual pages that a user visits is not sensitive, when combined, they can reveal a lot about the user and compromise the user’s privacy.[9][10][11]

Deploying HTTPS also allows the use of HTTP/2 (or its predecessor, the now-deprecated protocol SPDY), that are new generations of HTTP, designed to reduce page load times, size and latency.

It is recommended to use HTTP Strict Transport Security (HSTS) with HTTPS to protect users from man-in-the-middle attacks, especially SSL stripping.[11][12]

HTTPS should not be confused with the little-used Secure HTTP (S-HTTP) specified in RFC 2660.

As of April2018[update], 33.2% of Alexa top 1,000,000 websites use HTTPS as default,[13] 57.1% of the Internet’s 137,971 most popular websites have a secure implementation of HTTPS,[14] and 70% of page loads (measured by Firefox Telemetry) use HTTPS.[15]

Most browsers display a warning if they receive an invalid certificate. Older browsers, when connecting to a site with an invalid certificate, would present the user with a dialog box asking whether they wanted to continue. Newer browsers display a warning across the entire window. Newer browsers also prominently display the site’s security information in the address bar. Extended validation certificates turn the address bar green in newer browsers. Most browsers also display a warning to the user when visiting a site that contains a mixture of encrypted and unencrypted content.

Most web browsers alert the user when visiting sites that have invalid security certificates.

The Electronic Frontier Foundation, opining that “In an ideal world, every web request could be defaulted to HTTPS”, has provided an add-on called HTTPS Everywhere for Mozilla Firefox that enables HTTPS by default for hundreds of frequently used websites. A beta version of this plugin is also available for Google Chrome and Chromium.[16][17]

The security of HTTPS is that of the underlying TLS, which typically uses long-term public and private keys to generate a short-term session key, which is then used to encrypt the data flow between client and server. X.509 certificates are used to authenticate the server (and sometimes the client as well). As a consequence, certificate authorities and public key certificates are necessary to verify the relation between the certificate and its owner, as well as to generate, sign, and administer the validity of certificates. While this can be more beneficial than verifying the identities via a web of trust, the 2013 mass surveillance disclosures drew attention to certificate authorities as a potential weak point allowing man-in-the-middle attacks.[18][19] An important property in this context is forward secrecy, which ensures that encrypted communications recorded in the past cannot be retrieved and decrypted should long-term secret keys or passwords be compromised in the future. Not all web servers provide forward secrecy.[20][needs update]

A site must be completely hosted over HTTPS, without having part of its contents loaded over HTTPfor example, having scripts loaded insecurelyor the user will be vulnerable to some attacks and surveillance. Also having only a certain page that contains sensitive information (such as a log-in page) of a website loaded over HTTPS, while having the rest of the website loaded over plain HTTP, will expose the user to attacks. On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS, the user and the session will get exposed. Similarly, cookies on a site served through HTTPS have to have the secure attribute enabled.[11]

HTTPS URLs begin with “https://” and use port 443 by default, whereas HTTP URLs begin with “http://” and use port 80 by default.

HTTP is not encrypted and is vulnerable to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information, and modify webpages to inject malware or advertisements. HTTPS is designed to withstand such attacks and is considered secure against them (with the exception of older, deprecated versions of SSL).

HTTP operates at the highest layer of the TCP/IP model, the Application layer; as does the TLS security protocol (operating as a lower sublayer of the same layer), which encrypts an HTTP message prior to transmission and decrypts a message upon arrival. Strictly speaking, HTTPS is not a separate protocol, but refers to use of ordinary HTTP over an encrypted SSL/TLS connection.

Everything in the HTTPS message is encrypted, including the headers, and the request/response load. With the exception of the possible CCA cryptographic attack described in the limitations section below, the attacker can only know that a connection is taking place between the two parties and their domain names and IP addresses.

To prepare a web server to accept HTTPS connections, the administrator must create a public key certificate for the web server. This certificate must be signed by a trusted certificate authority for the web browser to accept it without warning. The authority certifies that the certificate holder is the operator of the web server that presents it. Web browsers are generally distributed with a list of signing certificates of major certificate authorities so that they can verify certificates signed by them.

Let’s Encrypt, launched in April 2016,[21] provides free and automated SSL/TLS certificates to websites.[22] According to the Electronic Frontier Foundation, “Let’s Encrypt” will make switching from HTTP to HTTPS “as easy as issuing one command, or clicking one button.”[23]. The majority of web hosts and cloud providers already leverage Let’s Encrypt, providing free certificates to their customers.

The system can also be used for client authentication in order to limit access to a web server to authorized users. To do this, the site administrator typically creates a certificate for each user, a certificate that is loaded into their browser. Normally, that contains the name and e-mail address of the authorized user and is automatically checked by the server on each reconnect to verify the user’s identity, potentially without even entering a password.

An important property in this context is perfect forward secrecy (PFS). Possessing one of the long-term asymmetric secret keys used to establish an HTTPS session should not make it easier to derive the short-term session key to then decrypt the conversation, even at a later time. DiffieHellman key exchange (DHE) and Elliptic curve DiffieHellman key exchange (ECDHE) are in 2013 the only ones known to have that property. Only 30% of Firefox, Opera, and Chromium Browser sessions use it, and nearly 0% of Apple’s Safari and Microsoft Internet Explorer sessions.[20] Among the larger internet providers, only Google supports PFS since 2011[update] (State of September 2013).[citation needed]

A certificate may be revoked before it expires, for example because the secrecy of the private key has been compromised. Newer versions of popular browsers such as Firefox,[24] Opera,[25] and Internet Explorer on Windows Vista[26] implement the Online Certificate Status Protocol (OCSP) to verify that this is not the case. The browser sends the certificate’s serial number to the certificate authority or its delegate via OCSP and the authority responds, telling the browser whether the certificate is still valid.[27]

SSL and TLS encryption can be configured in two modes: simple and mutual. In simple mode, authentication is only performed by the server. The mutual version requires the user to install a personal client certificate in the web browser for user authentication.[28] In either case, the level of protection depends on the correctness of the implementation of software and the cryptographic algorithms in use.

SSL/TLS does not prevent the indexing of the site by a web crawler, and in some cases the URI of the encrypted resource can be inferred by knowing only the intercepted request/response size.[29] This allows an attacker to have access to the plaintext (the publicly available static content), and the encrypted text (the encrypted version of the static content), permitting a cryptographic attack.

Because TLS operates at a protocol level below that of HTTP, and has no knowledge of the higher-level protocols, TLS servers can only strictly present one certificate for a particular address and port combination.[30] In the past, this meant that it was not feasible to use name-based virtual hosting with HTTPS. A solution called Server Name Indication (SNI) exists, which sends the hostname to the server before encrypting the connection, although many old browsers do not support this extension. Support for SNI is available since Firefox 2, Opera 8, Safari 2.1, Google Chrome 6, and Internet Explorer 7 on Windows Vista.[31][32][33]

From an architectural point of view:

A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link, taking advantage of the fact that few Internet users actually type “https” into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client.[34] This prompted the development of a countermeasure in HTTP called HTTP Strict Transport Security.

HTTPS has been shown vulnerable to a range of traffic analysis attacks. Traffic analysis attacks are a type of side-channel attack that relies on variations in the timing and size of traffic in order to infer properties about the encrypted traffic itself. Traffic analysis is possible because SSL/TLS encryption changes the contents of traffic, but has minimal impact on the size and timing of traffic. In May 2010, a research paper by researchers from Microsoft Research and Indiana University discovered that detailed sensitive user data can be inferred from side channels such as packet sizes. More specifically, the researchers found that an eavesdropper can infer the illnesses/medications/surgeries of the user, his/her family income and investment secrets, despite HTTPS protection in several high-profile, top-of-the-line web applications in healthcare, taxation, investment and web search.[35] Although this work demonstrated vulnerability of HTTPS to traffic analysis, the approach presented by the authors required manual analysis and focused specifically on web applications protected by HTTPS.

The fact that most modern websites, including Google, Yahoo!, and Amazon, use HTTPS causes problems for many users trying to access public Wi-Fi hot spots, because a Wi-Fi hot spot login page fails to load if the user tries to open an HTTPS resource.[36][37] Several websites, such as neverssl.com or nonhttps.com, guarantee that they will always remain accessible by HTTP.

Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.[38] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), HTTPS was formally specified by RFC 2818 in May 2000.

See the original post:
HTTPS – Wikipedia