From Paul's Security Weekly
Secure Digital Life #40
Recorded on November 7, 2017 at G-Unit Studios in Rhode Island!
What makes you, you, in terms of a virtual world? Crypto Identity
- The three parts of strong identifiers:
- Something you know.
- Something you have.
- Something you are.
- Digital Fingerprints
- Talking about hashing?
- Explain Chksums
- One way algorithms
- SHA - 1 and MD5 hashes
- Hashes are digital DNA (something you have)
- Hash collisions are the possibility that two things have the exact same hash.
- MD5 takes a file and generates a 128 bit output that is reported in hex. This is done using a hashing algorithm.
- MD5 has been broken! but so has most everything.
- Talk about launch codes.
- Many different strengths and types of hashes.
- Token identifiers like key fobs etc. use hashes to create numbers based on time offsets etc.
- Keys may be generated using all sorts of data and then used to exchange data
- Other Forms of Digital DNA
- Biometrics (something you are)
- Retinal Scans
- Voice prints
- Iris scans
- Palm scans
- DNA -- a la Gattaca
- Weird patterns
- Passwords (something you know)
- What is a strong password? (a password combined with two other things)
- 8 characters mixed with symbols, case, and numbers.
- Passphrases and one time pads.
- No dictionary words or leet words.
- The longer and weirder the better.
- So what is a block chain then?
- A block chain is a list of records which are linked by a pointer (that is hashed) to the proceeding record (this is called a linked list in programming).
- The block chain can contain pretty much anything but often contains dates and transactions or owners of a thing (manifest) but unlike a paper manifest, the crypto pointers prevent back tracing the information but also validates it.
- Let's use money as a means of understanding a block chain.
- So you have a 100 dollar bill with serial number 1.
- The block chain notes in serial number 1 that Glen is the owner.
- So, Glen has 100 dollars.
- Now, in the virtual block chain the entire network tracks the owner and serial number.
- Glen can then transfer the block to another owner and that creates a new block in the chain and the entire network is updated.
- This makes it really hard to cheat because the time between the update and a false update is really small.
- When Glen transfers, all the old blocks become invalidated and the chain is updated across the network.
This is the basis for cryptocurrency (next show!).