Cryptography is the science of secret writing with the goal of hiding the meaning of a message. Cryptanalysis is the science and sometimes art of breaking cryptosystems. You might think that code breaking is for the intelligence community or perhaps organized crime, and should not be included in a serious classification of a scientific discipline. However, most cryptanalysis is Full Article…
Search the Wiki
Viewing 101 to 120 of 151 items
Integer rings
After studying the properties of modulo reduction we are now ready to define in more general terms a structure that is based on modulo arithmetic. Let’s look at the mathematical construction that we obtain if we consider the set of integers from zero to m−1 together with the operations addition and multiplication: Let’s first look at an Full Article…
Komentáře nejsou povolené u textu s názvem Integer rings
Cryptoanalysis and Kerckhoffs’ Principle
If we ask someone with some technical background what breaking ciphers is about, he/she will most likely say that code breaking has to do with heavy mathematics, smart people and large computers. We have images in mind of the British code breakers during World War II, attacking the German Enigma cipher with extremely smart mathematicians (the famous computer scientist Full Article…
Komentáře nejsou povolené u textu s názvem Cryptoanalysis and Kerckhoffs’ Principle
Modular arithmetic part 1 (basics)
Modular arithmetic is extremely important in modern cryptography, especially for asymmetric algorithms. Almost all crypto algorithms, both symmetric ciphers and asymmetric ciphers, are based on arithmetic within a finite number of elements. Most number sets we are used to, such as the set of natural numbers or the set of real numbers, are infinite. In the following we introduce modular arithmetic, Full Article…
Komentáře nejsou povolené u textu s názvem Modular arithmetic part 1 (basics)
Modular arithmetic part 2 (equivalence class)
The Remainder Is Not Unique It is somewhat surprising that for every given modulus m and number a, there are (infinitely) many valid remainders. Let’s look at another example: We want to reduce 12 modulo 5. Here are several results which are correct according to the definition: 12 ≡2 mod 5, 2 is a valid remainder since Full Article…
Komentáře nejsou povolené u textu s názvem Modular arithmetic part 2 (equivalence class)
How many key bits are enough?
During the 1990s there was much public discussion about the key length of ciphers. Before we provide some guidelines, there are two crucial aspects to remember: 1. The discussion of key lengths for symmetric crypto algorithms is only relevant if a brute-force attack is the best known attack. If there is an analytical attack that works, a large Full Article…
Komentáře nejsou povolené u textu s názvem How many key bits are enough?
HMAC
Hash-based message authentication code, or HMAC, is an important building block for proving that data transmitted between the components of a system has not been tampered with. HMAC is a widely used cryptographic technology. I recently came across its use in an RFID system. Perhaps the most common use of HMAC is in TLS—Transport Layer Full Article…
Komentáře nejsou povolené u textu s názvem HMAC
Propagating default route and route summarization in OSPF
Default route To redistribute default route int ospf you have two choices: Use command default-information originate Use command default-information originate always Difference between them is that in case you put „alway“ after the command you will advertise default route also in case you dont have any configured. The metric for default network is 1 and Full Article…
Basic ELAM guide
ELAM (Embedded Logic Analyzer Module) is an engineering tool that gives us the ability to look inside Cisco ASICs and understand how a packet is being forwarded. ELAM is “embedded” within the forwarding pipeline and can capture a packet in real time without affecting performance or control plane resources. It can help answer questions like: Full Article…
Komentáře nejsou povolené u textu s názvem Basic ELAM guide
BGP peer groups and router reflectors
Peer groups simplifies the configuration by allowing to apply same policy rules to more neighbors. Updates are generated once per peer group. You configure new peer group by following commands: #neighbor {name of peer group} peer-group – you create peer group with its name #neighbor {name of peer group} remote-as {number} – you set the Full Article…
Komentáře nejsou povolené u textu s názvem BGP peer groups and router reflectors
F1 vs F2 vs F2e vs F3
There are four types of F line cards available. Below is the difference between F1, F2, F2e and F3. F1 Card:- Only perform Layer-2 task. No interface can be converted to Layer3. M and F1 card can coexist in a chassis F2 line card:- Interface can be used as L2 or L3 M and F2 Full Article…
Komentáře nejsou povolené u textu s názvem F1 vs F2 vs F2e vs F3
Introduction to QoS
What is QoS? The best definition I heard is that QoS is „managed unfairness“ Different type of traffic is managed differently – make sense 😉 There are lots of QoS mechanism out there but all of them can be grouped to 3 gategories: Best effort – this is not strict DiffServ – less strict IntServ Full Article…
Komentáře nejsou povolené u textu s názvem Introduction to QoS
Random Early Detection (RED)
RED belongs to congestion avoidance concepts as we spoke already. RED is an industry standard. Check the picture below. We got there output queue with minimum, maximum threshold and its whole capacity. If your queue is full you start dropping packets. We dont want that. Thats why we got minimum threshold. From that point we Full Article…
Komentáře nejsou povolené u textu s názvem Random Early Detection (RED)
Netflow version 9
Netflow version 9 is an export protocol. It doesnt change the metering process. It is supported on many cisco devices nowadays and its some kind of common netflow standard shiped with cisco devices. Biggest change comparing to other netflow version is that it brings the template behaviour. You can now create many templates. Every template Full Article…
Komentáře nejsou povolené u textu s názvem Netflow version 9
QoS Marking
We have different options for marking the traffic. Class of Service (CoS) – this is L2 marking. It uses the priority bits in the vlan tag 802.1Q. 3 bits make for us 8 classes available valued from 0 to 7. However cisco says 6 and 7 is reserved so 6 values left for us. When Full Article…
Komentáře nejsou povolené u textu s názvem QoS Marking
Netflow performance
Netflow improves much regarding performance when comparing to past implementation. Lets compare some: CPU consumption you dont have to examine now each packet, you can use packet sampling. Packet sampling allows you to examine random or deterministic packets but not all packets. metering process is now in hardware and not in software Collisions in the Full Article…
Komentáře nejsou povolené u textu s názvem Netflow performance
Netflow for AVC
We have 4 use cases for netflow in Application Visibility and Control. In the picture below you can see the use cases: In Traffic statistics we can see how much BW every application is consuming what are top clients. With application response time we can now identify whether it is slow by network Full Article…
Komentáře nejsou povolené u textu s názvem Netflow for AVC
Flexible Netflow
Flexible netflow is used for metering process. With flexible netflow you can now define something called flow monitor. Flow monitor is simply the netflow cache. So you can define many different netflow caches for different purposes for the same traffic! Maybe you want to monitor SYN Flag for security like its in the picture. Full Article…
Komentáře nejsou povolené u textu s názvem Flexible Netflow
Netflow metric mediation agent infrastructure
In netflow we are somehow victim of our own success – we use netflow for many features. For example cisco router uses netflow in: NBAR2 performance monitoring performance agent QoS PfR (performance routing) security WAAS So we got multiple metering processes inside our routers. We are doing the same thing multiple times because we dont Full Article…
Komentáře nejsou povolené u textu s názvem Netflow metric mediation agent infrastructure