Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Survey Data Mining: Home | FAQ | Archive | Glossary |
Apache | Apache is the most popular web server on
the internet today. Its origins stem back to early 1995 when a group
of developers pooled their patches to the NCSA/1.3 server, and
created "a patchy" server.
| ||||||||||||||||||||||||||||||
Asymmetric Cryptography |
A synonym for public key cryptography | ||||||||||||||||||||||||||||||
Ben Laurie | One of the Apache developers and the person
responsible for the extensions to provide https
capability for Apache. These extensions use
OpenSSL (then known as SSLeay) and are distributed
independently of the Apache server from sites outside
of North America and so fall outside of the US Government's
ITAR regulations, and the US RSA patent.
| ||||||||||||||||||||||||||||||
Block Cipher | An encryption algorithm in which the data is processed in fixed size blocks, usually 64 bits or 128 bits at a time.
| ||||||||||||||||||||||||||||||
Certificate | A certificate (also known as a Digital ID), is equivalent to an ID
card, but making use of the public key cryptographic system. Digital
certificates are issued by trusted third parties known as
certificate authorities such as Verisign (www.verisign.com)
or Thawte (www.thawte.com). The certification process used varies from
one CA to the other and the level of certification required. Corporate
registration papers, signatures by signing officers, and proof of
domain registration are examples of documents used to generate a
certificate for a company owned web site.
Two parts of the electronic certification process allow certificates
to be used in a practical fashion: 1) the certificate is signed by the
CA's private key. 2) The CA's public key is usually widely known (e.g.
often located in the browser when it is shipped). The CA's public key
allows the browser to verify that the CA actually signed this
certificate, and that the information contained in the certificate is
genuine.
| ||||||||||||||||||||||||||||||
Server Side Certificate |
Server side certificates are most commonly employed on secure
web sites. They are required here to allow the browser to
know, without doubt, that the web site responding to the request
is the desired web site, and not an impostor. This is done by
hecking that the host component of the URL requested by the
user matches the host name located within the certificate.
SSLv2, SSLv3, and TLSv1 all support server side certificates.
| ||||||||||||||||||||||||||||||
Client Side Certificate |
Client side certificates are no different than server side
certificates, other than in how they are used. For example,
on the web, a server side certificate allows the browser to
verify the web server's identity. A client side certificate,
on the other hand, would allow the web server to verify the
identify of the user of the browser. The terminology
is usually applied in circumstances where a server side
certificate is already being used.
Client side certificates are as yet not as popular, primarily due to the heavy cost of administering these certificates. For example, a bank wishing to use this technology would need to issue and maintain certificates for ALL of its clients. SSLv3 and TLSv1 support client side certificates
(i.e. certificates on both sides of a connection at the same time).
| ||||||||||||||||||||||||||||||
Certificate Authority |
An organization that issues certificates. The trustworthiness
of the certificate authority is the foundation of secure
electronic commerce on the web. The most popular certificate
authorities today are Verisign (www.verisign.com) and Thawte
(www.thawte.com). (Thawte still operates their own site, but
was acquired by Verisign.)
| ||||||||||||||||||||||||||||||
Cipher | Any encryption algorithm. Ciphers can be classified
according to whether they are symmetric or
public key algorithms, and by whether they
are stream ciphers or block ciphers.
SecuritySpace's survey reports on the different ciphers used
by web servers it polls. The following terms are used
when describing ciphers found:
| ||||||||||||||||||||||||||||||
DES (Data Encryption Standard) |
A symmetric key block cipher algorithm developed
by IBM and adopted as a standard in the US in 1975. | ||||||||||||||||||||||||||||||
Digital Signature | A use of public key cryptography to authenticate
a message. The private key is used, showing that
the signature must have been made by the owner
of that key. A secure hash of the entire document
is signed, so that any change to the document
will invalidate the signature. | ||||||||||||||||||||||||||||||
Eric Young | Developer of SSLeay (now known as OpenSSL). Eric is
Australian and his work is not encumbered by ITAR. | ||||||||||||||||||||||||||||||
http | The Hyper Text Transfer Protocol is the protocol
used between a Web browser and a server to
request a document and transfer its contents.
The specification is maintained and developed by the
World Wide Web Consortium. | ||||||||||||||||||||||||||||||
https | https is ordinary http exchanged over an SSL encrypted session. | ||||||||||||||||||||||||||||||
IDEA | A symmetric key block cipher algorithm developed by Xuejia Lai and James Massey in 1991.
| ||||||||||||||||||||||||||||||
ITAR | The International Traffic in Arms Regulations under US export legislation,
which amongst other things restrict the export of cryptographic systems. | ||||||||||||||||||||||||||||||
MD2 | A secure hash, or message digest, algorithm developed by Ron Rivest. | ||||||||||||||||||||||||||||||
MD5 | A secure hash, or message digest, algorithm developed by Ron Rivest.
| ||||||||||||||||||||||||||||||
OpenSSL | Formerly known as SSLeay, and open source implementation
of SSL, supporting the SSLv2, SSLv3 and TLSv1 protocols. | ||||||||||||||||||||||||||||||
Private Key | The part of the key in a public key system
which is kept secret and is used only by its owner. This is
the key used for decrypting messages, and for making digital signatures. | ||||||||||||||||||||||||||||||
Protocol | A protocol is an algorithm, or step by
step procedure, carried out by more than one party.
Examples are network protocols, in which the
steps are intended to ensure reliable transmission of
information, or cryptographic protocols, in
which the aim is to maintain some form of security
relationship between the parties. In terms of
secure web transactions, SET, SSLv2, SSLv3, and
TLSv1 are examples of protocols. | ||||||||||||||||||||||||||||||
Public Key | The part of the key in a public key system
=which is distributed widely, and is not kept secure. This is
=the key used for encryption (as opposed to
decryption) or for verifying signatures. Compare private key. | ||||||||||||||||||||||||||||||
Public Key Cryptography |
An algorithm for securing information that involves
two keys, a private key and a public key. Information
encrypted with one key can usually only be decrypted with
the other key. Typically, a sender of information
encrypts the data with the recipient's public key. The
recipient is then the only one who can decrypt the
information using their private key. | ||||||||||||||||||||||||||||||
RC2 | A symmetric key block cipher, developed by
RSA Data Security Inc, and now widely available. | ||||||||||||||||||||||||||||||
RC4 | A symmetric key stream cipher, developed by
RSA Data Security Inc, and now widely available. | ||||||||||||||||||||||||||||||
RSA | RSA is a public key cipher which can be used
both for encrypting messages and making digital
signatures The letters stand for the names
of the inventors: Rivest, Shamir and Adleman. The
company RSA Data Security Inc. takes its name
from this algorithm, and has acquired the rights to
the patents which cover it. | ||||||||||||||||||||||||||||||
Safe Passage | A solution to the problem
that "export" versions of the Microsoft & Netscape
browsers are only capable of using 40-bit
keys, and so cannot negotiate full strength sessions when
connecting to servers capable of strong encryption.
UK Web have made this functionality available
as an http proxy. | ||||||||||||||||||||||||||||||
Self-signed Certificate |
It is possible for the owner of a certificate
to sign it themselves instead of having a recognized
certificate authority do so. This is unlikely
to be trusted by anyone wishing to use the certificate as
proof of ownership of the corresponding public
key. This is often useful in a development environment
where there is no benefit to paying a certificate
authority to issue a certificate that the public will never see. | ||||||||||||||||||||||||||||||
Secret Key | Confusingly sometimes used to mean the private
key of a public key system, and also sometimes
used (in contrast to "public key") to refer
to a symmetric key system. | ||||||||||||||||||||||||||||||
Server Signature | The string usually returned as part of servicing
each http request that gives the name and version of
the web server software being used. | ||||||||||||||||||||||||||||||
SET | SET is a secure protocol designed by MasterCard
and Visa to facilitate financial transactions over
the Internet. Compared with SSL, it places
more emphasis on validating both parties to the
transaction. SET is still in development,
and is not yet widely available. | ||||||||||||||||||||||||||||||
SHA (Secure Hash Algorithm) |
A secure hash, or message digest algorithm
adopted as a Federal Information Processing Standard. | ||||||||||||||||||||||||||||||
SSL (Secure Socket Layer) |
A protocol developed by Netscape for encrypted
transmission over TCP/IP networks. It sets up a
secure end-to-end link over which http or
any other application protocol can operate. The most
common application of SSL is https for ssl-encrypted http.
| ||||||||||||||||||||||||||||||
SSLeay | A freely available implementation of the SSL
protocol and the cryptographic algorithms used by
SSL, developed by Eric Young in Australia.
SSLeay is now known as OpenSSL. | ||||||||||||||||||||||||||||||
Stream Cipher | A stream cipher encrypts in small units, often
a bit or a byte at a time, but unlike a basic block
cipher the output corresponding to a given
input will depend on where in the message it occurs. The
simplest type of stream cipher uses a complicated
function, which retains state, to generate a
psuedo-random sequence which is then combined
with the input using a simple operation such as
bytewise addition. | ||||||||||||||||||||||||||||||
Symmetric Cryptography |
A symmetric cipher is one in which the same
key is used for encryption and decryption. Therefore a
secure method has to be found by which the
sender and recipient can agree on the key. DES,
IDEA, RC2 and RC4 are symmetric ciphers. | ||||||||||||||||||||||||||||||
Thawte | The second most popular Certificate Authority
on the internet, until it was bought by Verisign. Certificates are
still issued by Thawte separately from those issued by Verisign.
| ||||||||||||||||||||||||||||||
TLS (Transport Layer Security) |
An open standards based protocol, based on (but not compatible
with) SSLv3, used to support encrypted communications
over TCP/IP networks. | ||||||||||||||||||||||||||||||
Triple DES | Each block is encrypted three times using
DES, using at least two different keys. There are variants
which differ in whether two or three keys
are used, and whether some of the steps are in decryption
mode. In SSL, three separate keys are used,
and the middle step is a decryption. | ||||||||||||||||||||||||||||||
Verisign | The most popular Certificate Authority
on the internet. Their lead is due primarily
to the fact that early versions of Microsoft
and Netscape browsers would only recognize
certificates as valid if they were issued
by Verisign (signed as RSA Data Security).
Verisign's biggest competitor was Thawte, until
Verisign bought Thawte. | ||||||||||||||||||||||||||||||
X.509 | An International Telecommunication Union recommendation
for the format of certificates. |