Survey Data Mining:   Home | FAQ | Archive | Glossary
Free Reports
ssl srvrs by domain

  


You are viewing an outdated report. The latest version of this report was published on December 1st, 2024


    
Glossary of Terms


Apache Apache is the most popular web server on the internet today. Its origins stem back to early 1995 when a group of developers pooled their patches to the NCSA/1.3 server, and created "a patchy" server.

Asymmetric
Cryptography
A synonym for public key cryptography

Ben Laurie One of the Apache developers and the person responsible for the extensions to provide https capability for Apache. These extensions use OpenSSL (then known as SSLeay) and are distributed independently of the Apache server from sites outside of North America and so fall outside of the US Government's ITAR regulations, and the US RSA patent.

Block Cipher An encryption algorithm in which the data is processed in fixed size blocks, usually 64 bits or 128 bits at a time.

Certificate A certificate (also known as a Digital ID), is equivalent to an ID card, but making use of the public key cryptographic system. Digital certificates are issued by trusted third parties known as certificate authorities such as Verisign (www.verisign.com) or Thawte (www.thawte.com). The certification process used varies from one CA to the other and the level of certification required. Corporate registration papers, signatures by signing officers, and proof of domain registration are examples of documents used to generate a certificate for a company owned web site.

Two parts of the electronic certification process allow certificates to be used in a practical fashion: 1) the certificate is signed by the CA's private key. 2) The CA's public key is usually widely known (e.g. often located in the browser when it is shipped). The CA's public key allows the browser to verify that the CA actually signed this certificate, and that the information contained in the certificate is genuine.

Server
Side
Certificate
Server side certificates are most commonly employed on secure web sites. They are required here to allow the browser to know, without doubt, that the web site responding to the request is the desired web site, and not an impostor. This is done by hecking that the host component of the URL requested by the user matches the host name located within the certificate.

SSLv2, SSLv3, and TLSv1 all support server side certificates.

Client
Side
Certificate
Client side certificates are no different than server side certificates, other than in how they are used. For example, on the web, a server side certificate allows the browser to verify the web server's identity. A client side certificate, on the other hand, would allow the web server to verify the identify of the user of the browser.  The terminology is usually applied in circumstances where a server side certificate is already being used.

Client side certificates are as yet not as popular, primarily due to the heavy cost of administering these certificates. For example, a bank wishing to use this technology would need to issue and maintain certificates for ALL of its clients.

SSLv3 and TLSv1 support client side certificates (i.e. certificates on both sides of a connection at the same time).

Certificate
Authority
An organization that issues certificates. The trustworthiness of the certificate authority is the foundation of secure electronic commerce on the web. The most popular certificate authorities today are Verisign (www.verisign.com) and Thawte (www.thawte.com). (Thawte still operates their own site, but was acquired by Verisign.)

Cipher Any encryption algorithm. Ciphers can be classified according to whether they are symmetric or public key algorithms, and by whether they are stream ciphers or block ciphers.

SecuritySpace's survey reports on the different ciphers used by web servers it polls. The following terms are used when describing ciphers found:

EXP The cipher is suitable for export from the U.S. under ITAR regulations.
RC4 A symmetric key key stream cipher, developed by RSA Data Security Inc. and now widely available.
RC2 A symmetric key block cipher, developed by RSA Data Security Inc. and now widely available.
DES A symmetric key block cipher algorithm developed by IBM and adopted as a standard in the US in 1975.
IDEA A symmetric key block cipher algorithm developed by Xuejia Lai and James Massey in 1991.
CBC Cipher block chaining. Block ciphers operate on blocks of data rather than a data stream. Cipher block chaining is a feedback mode in which the results from encrypting/decrypting one block will affect the way the next block of data is encrypted/decrypted.
MD5 An alogrithm created in 1991 by Ronald Rivest that is used to create digital signatures. It is safer than the MD4 algorithm, which has been broken. MD5 is a one-way hash function, which can be used to compare a calculated message digest against the message digest that is decrypted with a public key, providing a means to ensure that messages aren't tampered with.
EXP-RC4-MD5 Export grade 40 bit RC4 encryption using an MD5 Mac and and an RSA key exchange algorithm.
EXP-RC2-CBC-MD5 =Export grade 40 bit RC2 encryption using an MD5 Mac and and an RSA key exchange algorithm.
RC4-MD5 128 bit RC4 encryption using an MD5 Mac and an RSA key exchange algorithm.
DES-CBC-MD5 56 bit DES encryption using an MD5 Mac and an RSA key exchange algorithm.
DES-CBC3-MD5 168 bit DES (Triple DES) encryption using an MD5 Mac and an RSA key exchange algorithm.
RC2-CBC-MD5 128 bit RC2 encryption using an MD5 Mac and an RSA key exchange algorithm.
RC4-64-MD5 64 bit RC4 encryption using an MD5 Mac and an RSA key exchange algorithm.
IDEA-CBC-MD5 128 bit IDEA encryption using an MD5 Mac and an RSA key exchange algorithm.

DES (Data
Encryption
Standard)
A symmetric key block cipher algorithm developed by IBM and adopted as a standard in the US in 1975.

Digital Signature A use of public key cryptography to authenticate a message. The private key is used, showing that the signature must have been made by the owner of that key. A secure hash of the entire document is signed, so that any change to the document will invalidate the signature.

Eric Young Developer of SSLeay (now known as OpenSSL). Eric is Australian and his work is not encumbered by ITAR.

http The Hyper Text Transfer Protocol is the protocol used between a Web browser and a server to request a document and transfer its contents. The specification is maintained and developed by the World Wide Web Consortium.

https https is ordinary http exchanged over an SSL encrypted session.

IDEA A symmetric key block cipher algorithm developed by Xuejia Lai and James Massey in 1991.

ITAR The International Traffic in Arms Regulations under US export legislation, which amongst other things restrict the export of cryptographic systems.

MD2 A secure hash, or message digest, algorithm developed by Ron Rivest.

MD5 A secure hash, or message digest, algorithm developed by Ron Rivest.

OpenSSL Formerly known as SSLeay, and open source implementation of SSL, supporting the SSLv2, SSLv3 and TLSv1 protocols.

Private Key The part of the key in a public key system which is kept secret and is used only by its owner. This is the key used for decrypting messages, and for making digital signatures.

Protocol A protocol is an algorithm, or step by step procedure, carried out by more than one party. Examples are network protocols, in which the steps are intended to ensure reliable transmission of information, or cryptographic protocols, in which the aim is to maintain some form of security relationship between the parties. In terms of secure web transactions, SET, SSLv2, SSLv3, and TLSv1 are examples of protocols.

Public Key The part of the key in a public key system =which is distributed widely, and is not kept secure. This is =the key used for encryption (as opposed to decryption) or for verifying signatures. Compare private key.

Public
Key
Cryptography
An algorithm for securing information that involves two keys, a private key and a public key. Information encrypted with one key can usually only be decrypted with the other key. Typically, a sender of information encrypts the data with the recipient's public key. The recipient is then the only one who can decrypt the information using their private key.

RC2 A symmetric key block cipher, developed by RSA Data Security Inc, and now widely available.

RC4 A symmetric key stream cipher, developed by RSA Data Security Inc, and now widely available.

RSA RSA is a public key cipher which can be used both for encrypting messages and making digital signatures The letters stand for the names of the inventors: Rivest, Shamir and Adleman. The company RSA Data Security Inc. takes its name from this algorithm, and has acquired the rights to the patents which cover it.

Safe Passage A solution to the problem that "export" versions of the Microsoft & Netscape browsers are only capable of using 40-bit keys, and so cannot negotiate full strength sessions when connecting to servers capable of strong encryption. UK Web have made this functionality available as an http proxy.

Self-signed
Certificate
It is possible for the owner of a certificate to sign it themselves instead of having a recognized certificate authority do so. This is unlikely to be trusted by anyone wishing to use the certificate as proof of ownership of the corresponding public key. This is often useful in a development environment where there is no benefit to paying a certificate authority to issue a certificate that the public will never see.

Secret Key Confusingly sometimes used to mean the private key of a public key system, and also sometimes used (in contrast to "public key") to refer to a symmetric key system.

Server Signature The string usually returned as part of servicing each http request that gives the name and version of the web server software being used.

SET SET is a secure protocol designed by MasterCard and Visa to facilitate financial transactions over the Internet. Compared with SSL, it places more emphasis on validating both parties to the transaction. SET is still in development, and is not yet widely available.

SHA (Secure
Hash Algorithm)
A secure hash, or message digest algorithm adopted as a Federal Information Processing Standard.

SSL (Secure
Socket Layer)
A protocol developed by Netscape for encrypted transmission over TCP/IP networks. It sets up a secure end-to-end link over which http or any other application protocol can operate. The most common application of SSL is https for ssl-encrypted http.

SSLeay A freely available implementation of the SSL protocol and the cryptographic algorithms used by SSL, developed by Eric Young in Australia. SSLeay is now known as OpenSSL.

Stream Cipher A stream cipher encrypts in small units, often a bit or a byte at a time, but unlike a basic block cipher the output corresponding to a given input will depend on where in the message it occurs. The simplest type of stream cipher uses a complicated function, which retains state, to generate a psuedo-random sequence which is then combined with the input using a simple operation such as bytewise addition.

Symmetric
Cryptography
A symmetric cipher is one in which the same key is used for encryption and decryption. Therefore a secure method has to be found by which the sender and recipient can agree on the key. DES, IDEA, RC2 and RC4 are symmetric ciphers.

Thawte The second most popular Certificate Authority on the internet, until it was bought by Verisign. Certificates are still issued by Thawte separately from those issued by Verisign.

TLS (Transport
Layer Security)
An open standards based protocol, based on (but not compatible with) SSLv3, used to support encrypted communications over TCP/IP networks.

Triple DES Each block is encrypted three times using DES, using at least two different keys. There are variants which differ in whether two or three keys are used, and whether some of the steps are in decryption mode. In SSL, three separate keys are used, and the middle step is a decryption.

Verisign The most popular Certificate Authority on the internet. Their lead is due primarily to the fact that early versions of Microsoft and Netscape browsers would only recognize certificates as valid if they were issued by Verisign (signed as RSA Data Security). Verisign's biggest competitor was Thawte, until Verisign bought Thawte.

X.509 An International Telecommunication Union recommendation for the format of certificates.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.