Using Crypto to Mitigate Threats
There is a small set of cryptographic design concepts you can use to mitigate threats identified in your system design phase. Table 8-3 is not meant to be exhaustive, but it will give you an idea of the technologies at your disposal.
Threat | Mitigation Technique | Example Algorithms |
Information disclosure | Data encryption using a symmetric cipher. | RC2, RC4, DES, 3DES, AES (was Rijndael) |
Tampering | Data and message integrity using hash functions, message authentication codes, or digital signatures. | SHA-1, SHA-256, SHA-384, SHA-512, MD4, MD5, HMAC, RSA digital signatures, DSS digital signatures, XML DSig |
Spoofing | Authenticate data is from the sender. | Public key certificates and digitial signatures |