Why Do We Need Two-Factor Authentication?

1 mainIn the last couple of years, we have encountered quite a few security breaches. A lot of internet companies are being targeted with these kinds of attacks. One of the most common forms of online transactions is that you have an account that’s protected with a password. So whenever you want to access your account, you just enter your username along with the password. But the problem is that this is breakable! As in, people can technically break into these accounts. So people started thinking about different ways in which this could be prevented. Of course, choosing better passwords would help, but we need to way to fundamentally improve the security. How exactly do we do it? Do we just choose bigger and better passwords or is there something new we can do?   Continue reading

Elliptic Curve Cryptography: Part 4/4 – How Do We Use Elliptic Curves?

1 mainIn the previous blog post, we discussed about elliptic curves and saw what they look like. We also looked at some of their special properties that enable it to be a good trapdoor function. But this is still very mathematical, right? The curves are great to look at and we understand general concept of elliptic curves, but how do we use them in real life? The curves denoted by those equations don’t represent the curves that are used in cryptography. In the real world, things are digitized. We need to convert things into bits and move them around quickly. So how do we do it?   Continue reading

Elliptic Curve Cryptography: Part 3/4 – What Is An Elliptic Curve?

1 mainIn the previous blog post, we discussed why RSA will not be sufficient anymore. We looked at how machines are getting stronger, and that we cannot rely on factorization as our primary mathematical foundation. We also talked a bit about what we are looking for in our new system, and then said a quick hello to elliptic curves. In this blog post, we will see what elliptic curves are. As always, we will keep the equations to a minimum, and instead, try to understand the underlying concept. Let’s go ahead, shall we?   Continue reading

Elliptic Curve Cryptography: Part 2/4 – Why Do We Need It?

1 mainIn our previous blog post, we discussed public key cryptography and how it works in general. The RSA is so powerful because it comes with rigorous mathematical proofs of security. The authors basically proved that breaking the system is equivalent to solving a very difficult mathematical problem. When we say “difficult”, what it means is that it would take trillions of years to break it even if all the supercomputers in the world were to work in parallel. By the way, this is just one encoded message! The problem in question here is prime number factorization. It is a very well-known problem and has been studied for a very long time. So if it’s such a difficult problem, why do we need something new? What’s the problem here?   Continue reading

Elliptic Curve Cryptography: Part 1/4 – Why Should We Talk About It?

1 mainElliptic curve cryptography is one of the most powerful techniques used in the field of modern cryptography. Just to be clear, elliptic curves have nothing to do with ellipses. I agree that the name can be slightly misleading, but once we discuss what elliptic curves are, it will become much clearer. So as you may have already guessed, elliptic curve cryptography (ECC) is based on the properties of elliptic curves. ECC is very useful in internet security and it is being deemed as the successor to the almighty RSA crypto system. If that didn’t make sense to you, don’t worry! We are going to discuss everything in detail. A lot of of websites are increasingly using ECC to secure everything like customer data, connections, passing data between data centers, etc. So what makes ECC so special? Is it strong enough to take over the world?   Continue reading

DNS Cache Poisoning

1Internet entities are regularly affected by Distributed Denial of Service (DDoS) of various scales. This is basically a way to hack into an entity and stop it from working. Hackers use it all the time to bring down famous sites. They tend to attack the domain name system (DNS), since it allows to infiltrate heavily. Now what is a domain name system? Well, a domain name system server basically translates a human readable domain name (such as mysite.com) into a numerical IP address. This numerical IP address is is used to route communications between nodes on the network. For people who didn’t already know, this is how the internet works! Coming back to the hacking part, the attackers like to attack their victims by poisoning the DNS. Wait a minute, how do you “poison” a system? How do they actually attack the users?   Continue reading