Category: PCI DSS Requirement 4 – Transmission Security


DH – Deffie Hellman Key Exchange explained

Filed Under: PCI DSS Requirement 3 - Card Data storage and Cryptography, PCI DSS Requirement 4 - Transmission Security by pciguru — 57 Comments
October 16, 2011
YouTube Preview Image

Symmetric Encryption work with common keys. However common keys themselves cannot be transported as they are very sensitive. Common keys have to be generated independently by sender and receiver. This is accomplished through key exchange. There are 2 methods to do a Key Exchange. DH(Deffie Hellman), and RSA. As per PCI DSS 1024 bits or more key lengths for DH or RSA is needed. Internet Encryption SSL uses both DH and/or RSA for Key Exchange, to agree on 128 or 256 bit common key (SSL 128 or SSL 256). DH is explained in this presentation. Also explained is AES again.

Tags: , ,
Permalink

Cracking the WEP

Filed Under: PCI DSS Requirement 11 Security Testing, PCI DSS Requirement 4 - Transmission Security by pciguru — 45 Comments
October 9, 2011
YouTube Preview Image

Wireless Encryption Protocol WEP is not permitted under PCI DSS as a mode for transmission of card data. See a demonstration of WEP being cracked. Usage of WEP has been identified as one of the biggest threats to card data security.

Tags: , ,
Permalink

Introduction to SSL

Filed Under: PCI DSS Requirement 4 - Transmission Security by pciguru — Comments Off
October 9, 2011
YouTube Preview Image

Under PCI DSS requirement 4, card data must travel in public network encrypted. SSL is an approved method. This video gives an introduction to SSL.

Tags: , ,
Permalink
Onwed by Intricap | Theme: Motion by 85ideas.