Understanding Hacker Ethics and Cryptography Techniques
Hacker: Someone who seeks to understand how systems work and finds ways to make them do things they weren’t originally designed to do. Security depends on maintenance and verification, not trust.
Social Engineering: Manipulating people into revealing confidential info (pretexting, phishing, smishing, etc).
Encryption: Converts plaintext to ciphertext.
Decryption: Restores plaintext using a key.
Cipher: Algorithm pair for encryption and decryption.
Key: Secret value that controls the cipher. DES (56 bits, outdated), 3DES (168 bits, slow), AES (128/192/256 bits, modern).
Six Rules of Hacker Ethics:
- Access to computers should be unlimited and hands-on.
- All information should be free.
- Mistrust authority; promote decentralization.
- Judge hackers by skill and not credentials.
- Computers can create art and beauty.
- Computers can change lives for the better.
Cathedral: Centralized, hierarchical, controlled; few developers, infrequent releases (e.g., Mac, Windows).
Bazaar: Open collaboration model. Community-driven, transparent, and decentralized (e.g., Linux, GitHub projects).
AI crawlers demonstrate how automation can threaten the open web through resource exhaustion, ethical violations, and lack of consent.
Lossless: Data can be perfectly restored after compression (e.g., ZIP file, FLAC audio).
Lossy: Removes less-important details to save space; the original cannot be reconstructed exactly (e.g., MP3, JPEG).
Situational Awareness: Understanding your environment and detecting when something “feels off.”
Two Techniques of Cryptography:
- Substitution: Replace one symbol with another.
- Transposition: Rearrange positions of letters/symbols.
Symmetric Encryption: Uses one secret key for both encryption and decryption; both sender and receiver must have the same key before communication begins. (Very fast, bulk encryption, large data; CON: scalability, key distribution problem: how do you securely share the key if it is intercepted).
Asymmetric Encryption: Uses two mathematically related keys (Public that anyone can use to encrypt, Private that only the recipient holds to decrypt).
Man-in-the-Middle: A sends a public key to B, C intercepts it and sends it to B, B encrypts using C’s key, C decrypts, reads, re-encrypts with A’s real key, and forwards it. Prevented by using certificates, digital signatures, HTTPS.
Hash Function: Converts input data of any size into a fixed-size string; one-way process, cannot be reversed, verifies integrity.
Digital Envelope: Combines symmetric and asymmetric encryption for efficiency.
True Random: Generated from unpredictable physical processes.
Pseudorandom: Generated algorithmically from a seed value.
Ethical Hacking: The authorized and legal process of identifying vulnerabilities in systems using the same tools and techniques as malicious hackers.
White Hat: Ethical hacker working legally with permission.
Black Hat: Criminal hacker exploiting systems for personal gain.
Gray Hat: Hacker who may break rules but with non-malicious intent.
PGP: Hybrid encryption system combining asymmetric encryption (for key exchange) and symmetric encryption (for message data).
Two Main Uses of PGP Encryption: PGP (Pretty Good Privacy) is a hybrid cryptographic system used to secure digital communication. Its two main uses are ensuring confidentiality and providing authentication and integrity. PGP encrypts emails and files so only the intended recipient can read them, and it uses digital signatures to verify the sender’s identity and detect any message tampering. It combines symmetric encryption for fast data encryption with asymmetric encryption for secure key exchange. To ensure message integrity and authentication, PGP creates a hash of the message, encrypts it with the sender’s private key, and allows the recipient to verify it using the sender’s public key (confirms the message is genuine).