HcNguyen111/dabblet.css

## dabblet.css
.content
{
    margin: 0;
    font-size: 1em;
    float: right;
    border: Solid 2px black;
    /* padding: 0px; */
    width: 100%;
    background: #ffffff;
    color: black;
}

.leftcolumn
{
    font-size: 1em;
    float: left;
    width: 20%;
    /* border: Solid 2px green; */
    height: 100%;
    text-align: center;
    background: grey;
}

body
{
    text-decoration: none;
    /* border: Solid 2px green; */
    background: #898989;
    font: 1em Georgia;
    color: black;
    margin: 1cm 1.5cm;
}

h1
{
    font: Arial;
    font-size: 1.6em;
    font-weight: normal;
    background: #CCCCCC;
    color: black;
}

h2
{
    font: Arial;
    font-size: 1.3em;
    font-weight: normal;
    background: #CCCCCC;
    color: black;
}

h3
{
    font: Georgia;
    font-size: 1.2em;
    font-weight: bold;
}

h4
{
    font: Georgia;
    font-size: 1.0em;
    font-weight: normal;
    text-transform:uppercase;
}

p
{
    line-height: 1;
    /* text-indent: 2.0em; */
}

.code
{
    text-decoration: none;
    font: "Courier New", Courier, monospace;
    font-weight: normal;
    text-indent: 2.0em;
}

.navlink a
{
    margin: 0px;
    padding: 0px;
    list-style: none;
    color: blue;
    background: yellow;
}

.navlink a:active, .navlink a:hover
{
    background: blue;
    color: white;
}

.centeralign
{
    text-align: center;
}

.rightalign
{
    text-align: right;
}

.nobullet
{
    list-style-type: none;
}

## dabblet.html
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

    <head>
        <title>
            csf_ch8_hash
        </title>

        <link rel="stylesheet" href="Prac1Task1.css" type="text/css" />
        <link rel="icon" href="../images/favicon.ico" type="image/x-icon" />
    </head>

    <body>
        <p id="top"></p>
        <!--
        <div class="leftcolumn">
            <p class="navlink">
                <a href="#bottom">
                    Bottom of Page
                </a>
            </p>

            <p class="navlink">
                <a href="csf_ch4_dos.htm">
                    Chapter 4
                </a>
            </p>

            <p class="navlink">
                <a href="csf_ch4_ill.htm">
                    Chapter 4
                </a>
            </p>

            <p class="navlink">
                <a href="csf_ch6_aa.htm">
                    Chapter 6
                </a>
            </p>

            <p class="navlink">
                <a href="csf_ch6_aa.htm">
                    Link
                </a>
            </p>

            <p class="navlink">
                <a href="csf_ch6_aa.htm">
                    Link
                </a>
            </p>

            <p class="navlink">
                <a href="csf_ch6_aa.htm">
                    Link
                </a>
            </p>

        </div>
        -->

        <div class="content">
            <h1 id="legit">
                Legitimate Versus Fraudulent Encryption Methods
            </h1>

            <p>
                The encryption methods discussed above are just a few of the more widely used modern encryption methods. Dozens of other methods are released to the public for free or are patented and sold for profit every year. However, it is important to realize that this particular area of the computer industry is replete with frauds and charlatans. One need only scan any search engine searching for encryption to find a plethora of advertisements for the latest and greatest &ldquo;unbreakable&rdquo; encryption. If you are not knowledgeable about encryption, how do you separate legitimate encryption methods from frauds?
            </p>

            <p>
                There are many fraudulent cryptographic claims out there. You do not have to be a cryptography expert to be able to avoid many of those fraudulent claims. Here are some warning signs:
            </p>

                <ul style="line-height: 1.8">
                    <li>
                        <b>Unbreakable:</b> Anyone with experience in cryptography knows that there is no such thing as an unbreakable code. There are codes that have not yet been broken. There are codes that are very hard to break. But when someone claims that their method is &ldquo;completely unbreakable,&rdquo; you should be suspicious.
                    </li>

                    <li>
                        <b>Certified:</b> Guess what? There is no recognized certification process for encryption methods. Therefore, any &ldquo;certification&rdquo; the company has is totally worthless.
                    </li>

                    <li>
                        <b>Inexperienced people:</b> A company is marketing a new encryption method. What is the experience of the people working with it? Does the cryptographer have a background in math, encryption, or algorithms? If not, has he submitted their method to experts in peer-reviewed journals? Or, is he at least willing to disclose how their method works so that it can be fairly judged? Recall that PGP's inventor had decades of software engineering and encryption experience.
                    </li>
                </ul>

            <p>
                Some experts claim that you should only use widely known methods, such as Blowfish and PGP, although it is certainly possible to use less well-known, or even new, encryption methods and have a very secure system. Consider the fact that today's widely used methods were once new and untested. However, if you are using a less well-known method, you need to take extra precautions to ensure that you are not being misled.
            </p>

            <h2 id="digsig">
                Digital Signatures
            </h2>

            <p>
                A digital signature is not used to ensure the confidentiality of a message, but rather to guarantee who sent the message. This is referred to as nonrepudiation. Essentially, it proves who the sender is. Digital signatures are actually rather simple, but clever. They simply reverse the asymmetric encryption process. Recall that in asymmetric encryption, the public key (which anyone can have access to) is used to encrypt a message to the recipient, and the private key (which is kept secure, and private) can decrypt it. With a digital signature, the sender encrypts something with his or her private key. If the recipient is able to decrypt that with the sender's public key, then it must have been sent by the person purported to have sent the message.
            </p>

            <h2 id="hashing">
                Hashing
            </h2>

            <p>
                A hashing is a type of cryptographic algorithm that has some specific characteristics. First and foremost it is one-way. That means you cannot "unhash" something. The second characteristic is that you get a fixed-length output no matter what input is given. This is exactly how Windows stores passwords. For example, if your password is password, then Windows will first hash it producing something like this:
            </p>

            <p>
                0BD181063899C9239016320B50D3E896693A96DF
            </p>

            <p>
                Windows will then store that in the SAM (Security Accounts Manager) file in the Windows System directory. When you log on, Windows cannot unhash your password (remember it is one-way). So, what Windows does is take whatever password you type in, hash it, and then compare the result with what is in the SAM file. If they match (exactly), then you can log in.
            </p>

            <p>
                Storing Windows passwords is just one application of hashing. There are others. For example, in computer forensics it is common to hash a drive before you begin forensic examination. Then later you can always hash it again to see if anything was changed (accidently or intentionally). If the second hash matches the first, then nothing has been changed.
            </p>

            <p>
                There are various hashing algorithms. The two most common are MD5 and SHA (it was SHA-1 but since then later versions like SHA-256 are becoming more common).
            <p>

            <h2 id="auth">
                Authentication
            </h2>

            <p>
                When one logs on to a system, the system needs to authenticate the user (and sometimes the user needs to authenticate the system!). There are many authentication protocols. A few of the more common are briefly described here:
            </p>

                <ul>
                        <li>
                            <b>PAP:</b> Password Authentication Protocol is the simplest form of authentication and the least secure. Usernames and passwords are sent unencrypted, in plain text.
                        </li>

                        <li>
                            <b>SPAP:</b> Shiva Password Authentication Protocol is an extension to PAP that does encrypt the username and password that is sent over the Internet.
                        </li>

                        <li>
                            <b>CHAP:</b> Challenge Handshake Authentication Protocol calculates a hash after the user has logged in. Then it shares that hash with the client system. Periodically the server will ask the client to provide that hash (this is the challenge part). If the client cannot, then it is clear that the communications have been compromised. MS-CHAP is a Microsoft-specific extension to CHAP.
                        </li>

                        <li>
                            <b>Kerberos:</b> Kerberos is used widely, particularly with Microsoft operating systems. It was invented at MIT and derives its name from the mythical three-headed dog that was reputed to guard the gates of Hades. The system is a bit complex but the basic process is as follows:
                        </li>
                </ul>

            <p>
                When a user logs in, the authentication server verifies the user's identity and then contacts the ticket granting server (these are often on the same machine). The ticket granting server sends an encrypted &ldquo;ticket&rdquo; to the user's machine. That ticket identifies the user as being logged in. Later when the user needs to access some resource on the network, the user's machine uses that ticket granting ticket to get access to the target machine. There is a great deal of verification for the tickets, and these tickets expire in a relatively short time.
            </p>
        </div>

        <p class="rightalign">
            <a href="#top">
                Top of Page
            </a>
        </p>

        <p id="bottom"></p>
    </body>

</html>

## dabblet.js
// alert('Hello world!');

## settings.json
{"view":"separate","fontsize":"90","seethrough":"","prefixfree":"1","page":"all"}
	.content
	{
	margin: 0;
	font-size: 1em;
	float: right;
	border: Solid 2px black;
	/* padding: 0px; */
	width: 100%;
	background: #ffffff;
	color: black;
	}

	.leftcolumn
	{
	font-size: 1em;
	float: left;
	width: 20%;
	/* border: Solid 2px green; */
	height: 100%;
	text-align: center;
	background: grey;
	}

	body
	{
	text-decoration: none;
	/* border: Solid 2px green; */
	background: #898989;
	font: 1em Georgia;
	color: black;
	margin: 1cm 1.5cm;
	}

	h1
	{
	font: Arial;
	font-size: 1.6em;
	font-weight: normal;
	background: #CCCCCC;
	color: black;
	}

	h2
	{
	font: Arial;
	font-size: 1.3em;
	font-weight: normal;
	background: #CCCCCC;
	color: black;
	}

	h3
	{
	font: Georgia;
	font-size: 1.2em;
	font-weight: bold;
	}

	h4
	{
	font: Georgia;
	font-size: 1.0em;
	font-weight: normal;
	text-transform:uppercase;
	}

	p
	{
	line-height: 1;
	/* text-indent: 2.0em; */
	}

	.code
	{
	text-decoration: none;
	font: "Courier New", Courier, monospace;
	font-weight: normal;
	text-indent: 2.0em;
	}

	.navlink a
	{
	margin: 0px;
	padding: 0px;
	list-style: none;
	color: blue;
	background: yellow;
	}

	.navlink a:active, .navlink a:hover
	{
	background: blue;
	color: white;
	}

	.centeralign
	{
	text-align: center;
	}

	.rightalign
	{
	text-align: right;
	}

	.nobullet
	{
	list-style-type: none;
	}
	<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

	<head>
	<title>
	csf_ch8_hash
	</title>

	<link rel="stylesheet" href="Prac1Task1.css" type="text/css" />
	<link rel="icon" href="../images/favicon.ico" type="image/x-icon" />
	</head>

	<body>
	<p id="top"></p>
	<!--
	<div class="leftcolumn">
	<p class="navlink">
	<a href="#bottom">
	Bottom of Page
	</a>
	</p>

	<p class="navlink">
	<a href="csf_ch4_dos.htm">
	Chapter 4
	</a>
	</p>

	<p class="navlink">
	<a href="csf_ch4_ill.htm">
	Chapter 4
	</a>
	</p>

	<p class="navlink">
	<a href="csf_ch6_aa.htm">
	Chapter 6
	</a>
	</p>

	<p class="navlink">
	<a href="csf_ch6_aa.htm">
	Link
	</a>
	</p>

	<p class="navlink">
	<a href="csf_ch6_aa.htm">
	Link
	</a>
	</p>

	<p class="navlink">
	<a href="csf_ch6_aa.htm">
	Link
	</a>
	</p>

	</div>
	-->

	<div class="content">
	<h1 id="legit">
	Legitimate Versus Fraudulent Encryption Methods
	</h1>

	<p>
	The encryption methods discussed above are just a few of the more widely used modern encryption methods. Dozens of other methods are released to the public for free or are patented and sold for profit every year. However, it is important to realize that this particular area of the computer industry is replete with frauds and charlatans. One need only scan any search engine searching for encryption to find a plethora of advertisements for the latest and greatest “unbreakable” encryption. If you are not knowledgeable about encryption, how do you separate legitimate encryption methods from frauds?
	</p>

	<p>
	There are many fraudulent cryptographic claims out there. You do not have to be a cryptography expert to be able to avoid many of those fraudulent claims. Here are some warning signs:
	</p>

	<ul style="line-height: 1.8">
	<li>
	<b>Unbreakable:</b> Anyone with experience in cryptography knows that there is no such thing as an unbreakable code. There are codes that have not yet been broken. There are codes that are very hard to break. But when someone claims that their method is “completely unbreakable,” you should be suspicious.
	</li>

	<li>
	<b>Certified:</b> Guess what? There is no recognized certification process for encryption methods. Therefore, any “certification” the company has is totally worthless.
	</li>

	<li>
	<b>Inexperienced people:</b> A company is marketing a new encryption method. What is the experience of the people working with it? Does the cryptographer have a background in math, encryption, or algorithms? If not, has he submitted their method to experts in peer-reviewed journals? Or, is he at least willing to disclose how their method works so that it can be fairly judged? Recall that PGP's inventor had decades of software engineering and encryption experience.
	</li>
	</ul>

	<p>
	Some experts claim that you should only use widely known methods, such as Blowfish and PGP, although it is certainly possible to use less well-known, or even new, encryption methods and have a very secure system. Consider the fact that today's widely used methods were once new and untested. However, if you are using a less well-known method, you need to take extra precautions to ensure that you are not being misled.
	</p>

	<h2 id="digsig">
	Digital Signatures
	</h2>

	<p>
	A digital signature is not used to ensure the confidentiality of a message, but rather to guarantee who sent the message. This is referred to as nonrepudiation. Essentially, it proves who the sender is. Digital signatures are actually rather simple, but clever. They simply reverse the asymmetric encryption process. Recall that in asymmetric encryption, the public key (which anyone can have access to) is used to encrypt a message to the recipient, and the private key (which is kept secure, and private) can decrypt it. With a digital signature, the sender encrypts something with his or her private key. If the recipient is able to decrypt that with the sender's public key, then it must have been sent by the person purported to have sent the message.
	</p>

	<h2 id="hashing">
	Hashing
	</h2>

	<p>
	A hashing is a type of cryptographic algorithm that has some specific characteristics. First and foremost it is one-way. That means you cannot "unhash" something. The second characteristic is that you get a fixed-length output no matter what input is given. This is exactly how Windows stores passwords. For example, if your password is password, then Windows will first hash it producing something like this:
	</p>

	<p>
	0BD181063899C9239016320B50D3E896693A96DF
	</p>

	<p>
	Windows will then store that in the SAM (Security Accounts Manager) file in the Windows System directory. When you log on, Windows cannot unhash your password (remember it is one-way). So, what Windows does is take whatever password you type in, hash it, and then compare the result with what is in the SAM file. If they match (exactly), then you can log in.
	</p>

	<p>
	Storing Windows passwords is just one application of hashing. There are others. For example, in computer forensics it is common to hash a drive before you begin forensic examination. Then later you can always hash it again to see if anything was changed (accidently or intentionally). If the second hash matches the first, then nothing has been changed.
	</p>

	<p>
	There are various hashing algorithms. The two most common are MD5 and SHA (it was SHA-1 but since then later versions like SHA-256 are becoming more common).
	<p>

	<h2 id="auth">
	Authentication
	</h2>

	<p>
	When one logs on to a system, the system needs to authenticate the user (and sometimes the user needs to authenticate the system!). There are many authentication protocols. A few of the more common are briefly described here:
	</p>

	<ul>
	<li>
	<b>PAP:</b> Password Authentication Protocol is the simplest form of authentication and the least secure. Usernames and passwords are sent unencrypted, in plain text.
	</li>

	<li>
	<b>SPAP:</b> Shiva Password Authentication Protocol is an extension to PAP that does encrypt the username and password that is sent over the Internet.
	</li>

	<li>
	<b>CHAP:</b> Challenge Handshake Authentication Protocol calculates a hash after the user has logged in. Then it shares that hash with the client system. Periodically the server will ask the client to provide that hash (this is the challenge part). If the client cannot, then it is clear that the communications have been compromised. MS-CHAP is a Microsoft-specific extension to CHAP.
	</li>

	<li>
	<b>Kerberos:</b> Kerberos is used widely, particularly with Microsoft operating systems. It was invented at MIT and derives its name from the mythical three-headed dog that was reputed to guard the gates of Hades. The system is a bit complex but the basic process is as follows:
	</li>
	</ul>

	<p>
	When a user logs in, the authentication server verifies the user's identity and then contacts the ticket granting server (these are often on the same machine). The ticket granting server sends an encrypted “ticket” to the user's machine. That ticket identifies the user as being logged in. Later when the user needs to access some resource on the network, the user's machine uses that ticket granting ticket to get access to the target machine. There is a great deal of verification for the tickets, and these tickets expire in a relatively short time.
	</p>
	</div>

	<p class="rightalign">
	<a href="#top">
	Top of Page
	</a>
	</p>

	<p id="bottom"></p>
	</body>

	</html>