answersLogoWhite

0


Best Answer

678

User Avatar

Wiki User

โˆ™ 2012-04-03 01:11:47
This answer is:
User Avatar
Study guides

What is a programming language

What does DOS stand for

What is a software that is distributed for free

What is application software

โžก๏ธ
See all cards
3.76
โ˜†โ˜…โ˜†โ˜…โ˜†โ˜…โ˜†โ˜…โ˜†โ˜…
21 Reviews

Add your answer:

Earn +20 pts
Q: What is the difference between AES Rijndael symmetric algorithm encryption and a hash algorithm?
Write your answer...
Submit
Still have questions?
magnify glass
imp
Related questions

What is the difference between advanced encryption algorithm and encryption algorithm?

People have developed many encryption algorithms. One particular encryption algorithm is the Rijndael algorithm, usually called the AES or Advanced Encryption Standard.


Which encryption algorithm is better and why?

If you're talking about symmetric key encryption (the kind where you just use one key for encryption and decryption), then arguably, the best encryption algorithm you can use is the Rijndael algorithm, better known now as AES (advanced encryption standard). It is the encryption standard used by the U.S. government for classified information. It is fast, requires little memory, and the only potential attacks against it are highly theoretical. Rijndael beat out Twofish and Serpent in the AES standard contest, but those other two algorithms will provide more than enough security as well. In the end, it doesn't really matter, since most successful attacks are made simply by finding out your key through brute force, espionage or extortion, rather than pure data analysis. Humans are almost always the weakest point when it comes to security, and it doesn't matter what algorithm you use if someone can guess your password.


What is advanced data encryption standard?

AES is an encryption algorithm that is largely used in a lot of places where security is a must. The algorithm is based on Rijndael (named after the creators) which had the winning design when the US government sent out an invite for people to create secure algorithms that would replace DES.


What does aes encryption stand for?

AES is an acronym for Advanced Encryption Standard. AES is a variation of Rijndael. Is it used for encryption of electronic data and was established by NIST in 2001.


What does aes stand for?

AES is an acronym for Advanced Encryption Standard. AES is a variation of Rijndael. Is it used for encryption of electronic data and was established by NIST in 2001.


How many bit keys do need for a strong encryption?

It depends on the cipher you're using. For AES, the minimum is 128-bit (or 16-bytes) where as the maximum is 256 or 512 (depends on the implementation you're using - AES or Rijndael [from which AES was selected to become the AES standard by the US government]). Another thing to consider is the block-chaining mode and the hashing algorithm. It's generally recognized that ECB and SHA-1 are no longer secure (but still okay for using as a RNG), while SHA-256 hashes and debatably CBC and XTS.


Which cryptography should be use to encrypt the data for an online service provider if the liability is the number one consideration?

Probably the best choice would be to use AES (Advanced Encryption Standard) encryption with a 256 bit key size. There are actually at least 3 different key sizes that can be used with AES - 128, 192, and 256 bits. The longer keys require a little more computational overhead but are more secure. The AES ciphers have been analyzed extensively and are now used worldwide. AES was announced by NIST as U.S. Federal Information Protection Standard (FIPS) Publication 197 (FIPS 197) on November 26, 2001 after a 5-year standardization process in which fifteen competing designs were presented and evaluated before one was chosen to become "AES". The actual cipher chosen by NIST to be publicised under the appellation of AES was the Rijndael cipher submitted by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. It became effective as a Federal government standard on May 26, 2002 after approval by the Secretary of Commerce. It is available in many different encryption packages. AES is the first publicly accessible and open cipher approved by the NSA for top secret information. AES can be implemented in software, but it also lends itself to hardware implementations. AES encryption chips allow much faster encryption of data since all the steps of the encryption are hardwired into the chip. The chips are not horribly expensive and the performance improvement versus software implementations of AES can make the price worth it.


Why does PGP compresses messages?

PGP does not compress messages. It encrypts them. PGP is used to ensure that confidential emails to do fall into the wrong hands, and that a message is in fact from the person you think it is.• Developed by Phil Zimmerman in 1995.• Documentation and source code is freely available.• The package is independent of operating system and processor.• PGP does not rely on the "establishment" and it's popularity and use have grown extensively since 1995.• PGP combines the best available cryptographic algorithms to achieve secure e-mail communication. • It is assumed that all users are using public key cryptography and have generated a private/public key pair.• Either RSA (with RSA digital signatures) or El Gamel (with DSA) can be used.• All users also use a symmetric key system such as triple DES or Rijndael.


Aes is considered more secure than des and triple des because?

Well because it's the newest. DES has been around since 1973 but wasn't formally a federal standard until 1976. It had to recertify every 5 years, the probem with this was....No company's came forth to go against the standard. So 30 years go by and tons of people have found ways to decipher DES. Weak keys are a major problem, and there are only a certain amount of keys allowed due to it's bit size. 2^56 keys available. It's susceptable to brute force attacks. 3DES goes through 3 rounds of DES, but it still has the same weaknesses. After 30 years of the standard, NIST called for a new standard the AES, it went with a contest design. There were 5 finalist. MARS by IBM, RC6 by RSA, Rijndael by John Daemen and Vincent Rigmen, Serpent by Ross Anderson, Eli Biham, and Lars Knudsen, and Twofish by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Fergson. The winner was Rigndael which was chosen in 2000. The competition called for a block cipher using symmetric Key cryptography. It also had to support key sizes of 128, 192 and 256 bits. For big and small devices. It standardizes at 128 bits blocks. the size of the key depends on the number of rounds of encrpytion. Wikipedia it to find out more about how the new standard works. Since it has 3 different sizes, brute force attack with current systems would take a really long time. But as technology grows so will the need for an even stronger crypto system. 3AES may be the next standard :)


Is it possible to find out who is doing the hacking?

Okay. Yes. First you would need to be a total genius to find out. Second it could just be one of your friends trying to trick you. So be ready to start pulling out some que cards and start asking questions! If someone is hacking and THIS advice doesn't work try this advice:Try to change your password to something challenging like "ilovetodrinkcokesotasty!"but don't use that because it an example. But in reality Fb doesn't limit the password so it can be really long. If THIS doesn't work heres some more:Try to change your password every week.If that didn't work suck on this for a while: when you get go to privacy settings this will appear:* Pokes* Messages* Whose profile you view* Whose photos you view* Whose notes you read* Groups and Events you decline to join* People you reject as friends* People you remove from your friends* Notes and photos you deleteBut if you have the timeline its totally different.Hope this helped!And a technical answer...The short answer is YES.Undoubtedly this answer will be all the better for some explanation -- so here it comes. First, the thesis: Communications travelling between any two points can be traced to each point. All it takes really is effort, ability and time. Hollywood expresses this with a wonderful equation: "When Making a film, it's money, time, quality -- pick any two." This applies to information science as well.At a more specific level, the questions become:Who is hacking you (Not the identity; the role. What sort of a person would be hacking you? Who's interested?)?Why are they hacking you?What forensic countermeasures have they employed?How much effort, money, time do you care to expend in order to find out exactly who they are?Let's start with someone hacking someone your Facebook account. Let's also assume you're not an international celebrity, not a bank, not the military or an intelligence agency, and not the hacker's ex-wife. This given, we can guess a few things about the hacker that are likely to be true:You weren't selected specifically to be hacked -- you were just available for this -- hence an opportunistic attack.Hacking you doesn't offer huge rewards (so we'll guess the hacker didn't spend a huge amount of time and money on this).You aren't known for your forensic ability or your ability to counter-strike (so they likely aren't afraid enough to employ expensive countermeasures).With these factors as givens in this example, we can safely assume that the hack isn't something sophisticated, so it's either taking advantage of a known technical vulnerability or it's Social Engineering. So we use a "strong" password, we make sure our operating system has the most recent patches, we employ up to date antivirus measures (AV -- really, this is anti-malware but let's call it AV), and it's also a good idea to use some kind of firewall -- even the one Windows has built in. While these safety measures will not stop the CIA from attacking your system (and why would they bother?), it'll stop over 99% of modern opportunistic attacks.Social Engineering is a non-technical means of getting people to tell them information that will allow access to your system. This is the most common attack modality in civilian circles and I strongly suspect, in covert circles as well. Sam Mitnick, famous imprisoned hacker in the 1980s was brilliant at this, as was John Draper. a.k.a. "Captain Crunch", who operated from the late 1960's on into at least the 1980's. There are famous and well known examples of these gentlemen -- at least once on television -- speaking over a landline phone to the phone company -- a very security-conscious group -- and getting access information that allow the penetration of major tandem PSTN switches. Just by asking questions over the phone.Social Engineering would include asking your friends for your password, checking your garbage (so-called "garbology"), reading over your shoulder when you type in your password ("shoulder surfing"), etc. While the number of SE approaches is endless, some simple precautions are very effective. Try these on for size:Don't ever say your password out loud. Not to anyone including people who say they're techs. Not to yourself.If you're typing in a password, guard your shoulder -- note that good surfers don't need to see the screen -- they can read the keys your typing on your keyboard or phone.Don't write your password down. If you must, treat that paper like money. How much money? Well, what's your system security worth?If you think you've been compromised, don't just shrug your shoulders -- increase security until you're sure you're safe.Once hacked, you'll have to determine if the hack was a one-time event or not. If it was, you're home free except for finding the hacker. In order to find the culprit, start with knowing that, at some time your two systems were linked over the Internet (I'm assuming this isn't a local proximity hack where the hacker is a family member or employee or otherwise onsite with you, that you're not air-gapped and you're not a classified military operation running on milnet). So all you need to do is find a record of the IP address you're sending to and you're off to a great start. This can be done a variety of ways:Currently connected IP addresses can be obtained from Windows.If not currently connected, Windows Pathing may show paths to this hacker.If you identify the malware allowing the hack, you can often easily examine it in order to find the receiving IP address.You can possibly convince your Internet Service Provider (ISP) to check logs and/or current connections for this information. Be prepared for them not to always want to cooperate with this.Don't open anything that happens to be executable, i.e. a program of some kind, in a mode that lets it run. So don't open attachments with endings like .exe or .com or -- there are thousands of these and you should learn a few. However, to avoid a lookup just now, know that filenames that end in .txt are safe -- they won't execute.Usually, opportunistic hackers don't use proxies, repeaters, cut-outs or other fancy (and expensive) means of obscuring their end destination. When they do, you might take a page from the Church of Scientology who employed law, money and tons of effort to overturn the security of several anonymous remailers in Scandinavia (circa 1980 or so) in order to find the source.Most opportunistic low-security hacks can be stopped and even identified just by playing with the rules I listed above.But what if you're a financial institution? Well, the list of interested hackers is now much larger, and the level of sophistication they'll have and the money they can spend has increased significantly. Countering and identifying these hackers is harder, but almost never impossible. The first thing you'd do is get law enforcement involved. This isn't because they'll solve this -- they might, but more likely their desk is already full. This is so you can contact your ISP, show them the police report, and get their security team on alert. In typical situations, the more the ISP has to deal with law enforcement, the more receptive they'll be to your requests for identification. There's a lot more on this level of electronic security, that exceeds the scope of this response.Note that in none of these cases are we discussing people who actually break encryption. In America and Europe (and most of the world really), the standard for encryption is called AES, for Advanced Encryption Standard, a cipher algorithm formerlt named "Rijndael", and winner of the AES competition. At this time, no known breaks of AES have been published (and yes, they would have been), and only a few so-far impractical theoretical breaks have been postulated. This isn't to say the NSA, Russian State Security or their (very limited) ilk can't break AES -- we civilians honestly don't know their capabilities -- but they aren't likely to try and hack your system and, if they did, a crypto break would be a very unlikely method.


People also asked