Sei sulla pagina 1di 8

Difference Between Secure Socket Layer (SSL) and Secure Electronic Transaction(SET):

Issue

Secure Socket Layer (SSL)

Secure Electronic Transaction(SET)

Main Aim

Exchange of Data in an Encrypted form.

Ecommerce Related payment mechanism. All parties so involved must be certified by third trusted party. Strong mechanism in SET for all parties involved. Unlikely as Financial details are given to PAYMENT Gateway. Customer has to digitally sign payment instructions.

Certification

Two parties exchange certification.

Authentication

Mechanisms in place but not very strong. Possible since customer gives Financial details to merchant. Possible as no mechanism exist if a customer refuses to pay later.

Risk of Merchant Fraud Risk of Customer fraud. Action in case of customer fraud. Practical Usage

Merchant is Liable. High

Payment Gateway is Liable. Not much.

What are the difference between DES and RSA algorithm?


DES algorithm
1. DES is a symmetric cryptographic algorithm.

RSA algorithm
1. RSA is an asymmetric (or public key) cryptographic Algorithm.

2. Encryption and decryption is done with a single


key in DES.

2. Use separate keys (public and private keys) in RSA.


3. RSA uses 2600-bits of KEY

3. DES uses 56-bit keys for encryption

Difference between stream cipher and block cipher ?


stream cipher
1. Stream ciphers combine plain-text bits with a pseudo random cipher bits stream using XOR operation. 2. Stream ciphers usually execute faster 3. In terms of hardware complexity, stream ciphers are relatively less complex. 4. Stream ciphers cannot be used to act as a block cipher.

block cipher
1. Block ciphers encrypt fixed length blocks of bits

2. Block ciphers usually execute slow. 3. In terms of hardware complexity, block ciphers are relatively more complex. 4. When using certain modes of operation, a block cipher can be used to act as a stream cipher.

Difference between Active and Passive Attack.?

Active attack
1. Active attack, the attacker needs to first gain the physical control of the media. 2. Active attacks can be easily detected. 3. Proper cure should be taken in case of active attack. 4. In active attack the attacker uses this information to launch a successful attack on target. 5. Active attacks involve some modification of the data stream or the creation of a false stream.

Passive Attack
1. Passive attack the attacker merely needs to observe the Conversation. 2. Passive cannot easily detect. 3. Prevention is better for passive attacks. 4. Attacker needs more time to get information about the target in passive attack. 5. Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions.

Difference between symmetric and asymmetric key cryptography?


Symmetric key
1. Symmetric cryptography uses the same secret (private) key to encrypt and decrypt its data. 2. Symmetric requires that the secret key be known by the party encrypting the data and the party decrypting the data.

Asymmetric key
1. Asymmetric uses both a public and private key.

2.Asymmetric allows for distribution of your public key to anyone with which they can encrypt the data they want to send securely and then it can only be Decoded by the person having the private key. This eliminates the need of having to give someone the secret key (as with symmetric encryption) and risk Having it compromised.

3. Fast process

3. Slow process

The issue with asymmetric is that it is about 1000 times slower than symmetric encryption which makes it impractical when trying to encrypt large amounts of data. Also to get the same security strength as symmetric, asymmetric must use strong a stronger key than symmetric.

Difference between K v4 and K v5 ?

Environmental shortcomings
Encryption system dependence

Any encryption algorithms can be used in v5 but only DES is possible in v4.

Internet protocol dependence


to use any internet protocol.

Only IP is possible

Ticket Lifetime

1280 minutes (maximum time) any length of time.

Authentication Forwarding
V4 does not allow credentials issued to one client to be forwarded to some other Host and used by some other client. V5 provides this capability.

Technical deficiencies

Double encryption in V4. PCBC encryption (a new mode of operation)


In v5, Standard CBC is used