Data encryption

pumkinhead

Dramacrat
Joined
Aug 22, 2015
Messages
273
Why is data encryption so popular (even when doing legal shit)? Any tips on basic methods and why should one bother to do this?
 

uberfukken

Custom title
Joined
Nov 22, 2011
Messages
23,560
Any tips on basic methods and why should one bother to do this?
Most of it is done automatically in the background. For example, your post was encrypted before it reached EDF. Twice if you posted from wireless.
 

pumkinhead

Dramacrat
Joined
Aug 22, 2015
Messages
273
Most of it is done automatically in the background. For example, your post was encrypted before it reached EDF. Twice if you posted from wireless.
what about stuff like VeraCrypt? Also some other mysql stuff... also what would "They didn’t even secure the APK" mean? In context of the BeCandid code.
 

uberfukken

Custom title
Joined
Nov 22, 2011
Messages
23,560
what about stuff like VeraCrypt? Also some other mysql stuff... also what would "They didn’t even secure the APK" mean? In context of the BeCandid code.
VeraCrypt is like Bitlocker. Lets say you're a hospital and have computers with lots of sensitive data. You'll want to encrypt the disk in the off chance someone physically steals the hard drive. The unlock key is usually stored on a chip in the motherboard.

APK are android apps files. You'd probably encrypt them to make it harder to reverse engineer. I don't know shit about BeCandid but here's an ED article on the subject https://encyclopediadramatica.se/BeCandid
 

pumkinhead

Dramacrat
Joined
Aug 22, 2015
Messages
273
VeraCrypt is like Bitlocker. Lets say you're a hospital and have computers with lots of sensitive data. You'll want to encrypt the disk in the off chance someone physically steals the hard drive. The unlock key is usually stored on a chip in the motherboard.

APK are android apps files. You'd probably encrypt them to make it harder to reverse engineer. I don't know shit about BeCandid but here's an ED article on the subject https://encyclopediadramatica.se/BeCandid
that's where I found my question... thx for the info.
 

gert7

#CabbageCrew
Joined
Jul 20, 2011
Messages
1,372
Location
Kazakhstan
what about stuff like VeraCrypt? Also some other mysql stuff... also what would "They didn’t even secure the APK" mean? In context of the BeCandid code.
Encryption is founded on algorithms that take inputs which work very easily in one direction but are extremely hard or impossible to reverse. Encryption like HTTPS in founded on three types of encryption:

Symmetric cipher

Forward inputs: plaintext and key -> ciphertext, reverse inputs: ciphertext and key -> plaintext

Basically you supply a string and a key and the algorithm gives you encrypted data. Someone else can decrypt this ciphertext back into plaintext if they have the key. Ideally the encrypted data should be impossible to decrypt without the key, because in all other contexts the ciphertext is just gibberish. The most common symmetric cipher used is AES.

Asymmetric cipher

Two sides need the same key, but over the internet there's no way to do this without something like an asymmetric cipher. The only one in use is the RSA algorithm, one of the longest-surviving algorithms in use. RSA involves a bunch of prime numbers, modulo, exponentiation and other complex stuff. It's also too slow to use for encrypting large strings of data. It pretty much goes like this:

You use an algorithm to generate an RSA key pair, composed of a public key and a private key. You can publish the public key but the private key has to stay secret. The public key is used to encrypt data and the private key is used to decrypt data. Both can also be done in inverse to encrypt things using the private key and vice versa, because hey it's just math ;)

Hash algorithms

Hash algorithms and checksums take a string and produce a new string of gibberish. This new string is the same length every time regardless of the content or length of the plaintext inputted. For instance, SHA-256 is a subset of SHA-2, which always produces the same 256-bit string of the same input plaintext:

hey -> fa690b82061edfd2852629aeba8a8977b57e40fcb77d1a7a28b26cba62591204

But changing even one byte in the plaintext returns a different hash:

hey. -> f5e350b88da1532228609610b10e5c354b0bf9a0e2bac6dd3f1a138ddafafee5

Hashes are used when some data needs to be quickly turned into a number securely, meaning the resulting hash can't be reproduced with different data. Like when instead of a working .exe you get a virus instead, but it gets through the antivirus software because the hash of the .exe was identical. A secure hash algorithm will not produce an identical number no matter how much garbage you add to the .exe (but eventually must, because of the nature of hash algorithms, so longer hashes are used so that hash collisions become extremely improbable).

A piece of data such as a document or an HTTPS (SSL/TLS) certificate can be RSA-signed easily by taking the hash and encrypting it with a private key, then adding that ciphertext to some previously agreed upon standard structure, most commonly X.509 which is just a bunch of red tape built on top of these algorithms. For instance OpenSSL can produce a certificate signing request (CSR) file, which is just a bunch of fields and values (domain name, company name, locations, addresses), and a certificate file is just the CSR with that encrypted hash added at the end.

Most encryption on the internet is founded upon these three types of algorithms. And if you don't have encryption, someone could tap your phone line, cable, ethernet, wi-fi and steal all your passwords and credit card numbers without effort, so it's certainly something we can't take for granted.

Anyways here are some fun videos about encryption

 

O.G. Lurkmoar

Dramacrat
Joined
Jan 27, 2017
Messages
124
Location
Lurkin somewhere in the Chans
APKs are tricky because Android (like MOST mobile tech now) was designed with INTENTIONAL security holes,to mine and harvest (mainly) your specific location and consumer data: what pages you browse,what movies/music/products you like on say Facebook for instance,and what you purchase online. This data is sold to the megacorps so they know just what Adbait to send you through the various "apps"...

your best bet if it's more than a passing curiosity is to search around about "rooting your android" for more info,there are others out there who explain it far better than I could,like Gert.
 
Top