Skip to main content

Cryptography

Crypto - Secret
Graphy - To Write

CryptoLogy - The science of secrets

Symmetric Cryptography: Both the parties have the same keys.
Asymmetric Cryptography: Both the parties do not have the same keys. They work on the concept of Public and Private Keys. Its also called as Public Key Cryptography.

Its very expensive to encrypt and decrypt using Asymmetric Cryptography. Hence there are systems which use both Symmetric and Asymmetric Cryptography together like ECC.

Don't implement your own Crypto. Its very easy to do it incorrectly.

Side Channel: When you can observer properties of a function other than their functional behaviour it is called as Side Channel. E.g. Knowing how long it takes to encrypt a text, knowing the length of a particular encrypted text.

In cryptography, Kerckhoffs's principle (also called Kerckhoffs's desideratum, assumption, axiom, doctrine or law) was stated by Netherlands born cryptographer Auguste Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.


Comments

Popular posts from this blog

@MappedSuperclass vs. @Inheritance

MappedSuperClass must be used to inherit properties, associations, and methods. Entity inheritance must be used when you have an entity, and several sub-entities. You can tell if you need one or the other by answering this questions: is there some other entity in the model which could have an association with the base class? If yes, then the base class is in fact an entity, and you should use entity inheritance. If no, then the base class is in fact a class that contains attributes and methods that are common to several unrelated entities, and you should use a mapped superclass. For example: You can have several kinds of messages: SMS messages, email messages, or phone messages. And a person has a list of messages. You can also have a reminder linked to a message, regardless of the kind of message. In this case, Message is clearly an entity, and entity inheritance must be used. All your domain objects could have a creation date, modification date and ID, and you could thus ...

Some good links

https://www.html5rocks.com/en/tutorials/internals/howbrowserswork/ http://taligarsiel.com/ClientSidePerformance.html -- Client side performance tips https://ariya.io/ https://vertx.io/docs/ -- New exciting Framework, Must read. https://javaee.github.io/ -- Very good resource to see various javaee projects and explore enterprise architecture and design concepts. https://projects.eclipse.org/projects/ee4j -- Lots of interesting open source projects by eclipse http://openjdk.java.net/projects/mlvm/ -- the main project for supporting more dynamic languages to jvm. http://esprima.org/ -- EcmaScript parser http://c2.com/ppr/ and http://hillside.net/ -- Good place to learn patterns http://cr.openjdk.java.net/~briangoetz/lambda/Defender%20Methods%20v4.pdf https://validator.w3.org/nu/ -- This will validate your website css and js https://www.cellstream.com/intranet/reference-reading/faq/216-what-is-2-128.html http://shattered.io/ -- An example of SHA1 collision attack.

String.format or String concat?

I'd suggest that it is better practice to use `String.format()` . The main reason is that `String.format()` can be more easily localised with text loaded from resource files whereas concatenation can't be localised without producing a new executable with different code for each language If you plan on your app being localisable you should also get into the habit of specifying argument positions for your format tokens as well: "Hello %1$s the time is %2$t" This can then be localised and have the name and time tokens swapped without requiring a recompile of the executable to account for the different ordering. With argument positions you can also re-use the same argument without passing it into the function twice: String.format("Hello %1$s, your name is %1$s and the time is %2$t", name, time) Because printf-style format strings are interpreted at runtime, rather than validated by the compiler, they can contain errors that result in the wrong str...