Lesson 6 | Fending off an attack |

Objective | Define encryption types that are used to fend off attacks. |

You have implemented a cryptosystem to protect your e-commerce site, but you may want to ensure that the site remains secure from even the most sophisticated hackers. Though many vendors offer techniques that can dissuade even though most
sinister hacker, you should have a basic understanding of what those techniques are; this lesson provides you with that overview.

How do you fend off these various forms of attack?
Different "strengths" of encryption provide the means to foil attempted security breaches.

A commonly discussed but frequently misunderstood aspect of*cryptography* is the strength of encryption.

What constitutes "strong encryption," which is protected by U.S. export laws? What level of encryption is required for various security needs? How do you determine the effective strength of different types of encryption?

These questions are addressed below.

A commonly discussed but frequently misunderstood aspect of

What constitutes "strong encryption," which is protected by U.S. export laws? What level of encryption is required for various security needs? How do you determine the effective strength of different types of encryption?

These questions are addressed below.

Finally, there are three basic encryption types, which typically vary based on how they use keys.
The three encryption types include private or symmetric encryption, public or asymmetric encryption, and one-way encryption. They are described in the FlipBook below.

A private key might be compared to your house key, and a public key likened to your house number. You give access to the first only to those you know and trust. The second is publicly available information.

A private key might be compared to your house key, and a public key likened to your house number. You give access to the first only to those you know and trust. The second is publicly available information.

- In symmetric or private-key encryption, both parties to the communication most passes a single secret or private key
- Private-key encryption is a paradox: 1) to use this encryption, a secure channel has to exist between the two parties to transfer the shared key
- Asymmetric, or public-key encryption as it is more commonly called, allows parties previously unknown to each other to conduct a transaction
- The public key is published and widely disseminated, while the private key is kept secret.
- Because communication decryption requires only public keys, which are widely available anyway, secret keys need no longer be exchanged RSA
- One-way encryption, as its name implies, is encryption that prevents the resulting cipher from being decrypted.
- Historically these functions have been used for storing items such as passwords on Windows and Unix systems.

**Strength of the algorithm**(or encryption procedure) Algorithm strength determines how difficult it is to mathematically reverse the encrypted information. The strongest algorithms make it nearly impossible to reverse the information with anything short of a brute force attack.**Secrecy of the key:**The second factor, the secrecy of the key, is a logical but sometimes overlooked factor in encryption strength. No algorithm, however strong, can protect you from compromised keys. Thus, the safety of your encrypted data is directly tied to how secret the key remains.**Length of key**In terms of encryption and decryption formula application, the**key length is determined**in bits. Adding a*bit*to the length of the key does not increase its possibilities by two but, rather, doubles them.

In the next lesson, you will learn about authentication.