The absolute minimum that every software developer absolutely, positively must know about network data security.

1. Network Security: Standards and Cryptography Jack Davis

2. The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Network Data Security (No Excuses!)

3. Too Frequent “ Bank of America says at least 1.2 million federal employee credit card accounts may be exposed to theft or hacking.” Time, Feb 25, 2005 “ 40M credit cards hacked Breach at third party payment processor affects 22 million Visa cards and 14 million MasterCards.” CNN Money, July 27, 2005 “ Data Losses Hit Four More Another day, another security breach: In the last 48 hours, Visa, Wachovia, Equifax, and the U.S. Department of Agriculture have joined a growing list ….” June 22, 2006 http://www.privacyrights.org/ar/ChronDataBreaches.htm

13. Common Cryptographic Hash Algorithms MD, Message Digest SHA, Secure Hash Algorithm Hash Algorithm Hash Size bits (bytes) Date Published Collisions (Cracked) MD4 128 (16) 1990 RFC1186  MD5 128 (16) 1992 RFC1321  SHA-0 160 (20) 1993  SHA-1 160 (20) 1995 RFC3174  SHA-256 256 (32) 2002 RFC4634 SHA-512 512 (64) 2002 RFC4634

15. Symmetric-Key Algorithms DES, Data Encryption Standard Triple-DES, DES applied three times (key 168 bits = 3 x 56 bits) FIPS, Federal Information Processing Standard AES, Advanced Encryption Standard (more secure, 6x faster than Triple-DES) NSA rates AES-128 for “SECRET”, AES-192 and AES-256 for “TOP SECRET”. Encryption Algorithm Key Size bits (bytes) Date Published Date Withdrawn DES 56 (7) 1976 FIPS46 1999 Triple-DES 168 (21) 1999 FIPS46-3 2005 AES 128, 192, 256 2001 FIPS197