HASHING AND ENCRYPTING MANAGER CONTENT

Similar documents
HASHING AND ENCRYPTING MANAGER CONTENT

Bar and QR code use in Manager. 12 th June 2017 Ben Clark

Pretty Good Privacy (PGP

Cryptography: Matrices and Encryption

Math From Scratch Lesson 22: The RSA Encryption Algorithm

WHITE PAPER. Authentication and Encryption Design

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Package PKI. September 16, 2017

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

PyNaCl Release 1.0 Oct 31, 2017

Oracle B2B 11g Technical Note. Technical Note: 11g_006 Security. Table of Contents

Encryption I. An Introduction

Displaying SSL Configuration Information and Statistics

Programming basics Integration Guide. Version 6.2.1

OAuth at Interactive Brokers

Manipulating Web Application Interfaces a New Approach to Input Validation Testing. AppSec DC Nov 13, The OWASP Foundation

Summary of PGP Services

DKIM Implementation. Messaging Anti-Abuse Working Group. Segment 3 of 4 on DomainKeys Identified Mail. MAAWG Training Series

Lesson 13 Securing Web Services (WS-Security, SAML)

URL Signing and Validation

PASSWORDS & ENCRYPTION

Password Based Cryptography

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

1.264 Lecture 28. Cryptography: Asymmetric keys

Security. Communication security. System Security

Activity Guide - Public Key Cryptography

Security: Cryptography

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

Hostopia WebMail Help

HTTP Protocol and Server-Side Basics

Table of contents 2 / 12

Security context. Technology. Solution highlights

Business Chat Sending Authenticate Messages. June

CS 161 Computer Security

Service Managed Gateway TM. Configuring IPSec VPN

Confirmed VPN Privacy Audit and Open Watch Analysis Summary Report and Documentation

Wales Council for Voluntary Action Supporting charities, volunteers and communities

PyNaCl Documentation. Release Donald Stufft

PyNaCl. Release 0.2.1

Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Chapter 8 Web Security

The Linux Kernel Cryptographic API

Workshop Challenges Startup code in PyCharm Projects

Securely backing up GPG private keys

Computers and Security

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

INSE 6110 Midterm LAST NAME FIRST NAME. Fall 2016 Duration: 80 minutes ID NUMBER. QUESTION Total GRADE. Notes:

CS 161 Computer Security

sending s using Vuture

The GCHQ recruitment puzzle begins on the page that announces the competition: The first step is to understand what it is

Version 3 X.509 Certificates

Copyright 2017 Softerra, Ltd. All rights reserved

DKIM Implementation How

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Passwords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014

ARM Security Solutions and Numonyx Authenticated Flash

THE TRUTH ABOUT CLOUD SECURITY. It s More Secure Than You Think

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Send documentation comments to

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Viability of Cryptography FINAL PROJECT

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis

To: Proofpoint Protection Server administrators From: Proofpoint Re: Informing your user community about encrypting and decrypting secure

Enhancing Salted Password Hashing Technique Using Swapping Elements in an Array Algorithm

TRACKING & MARKETING CLOUD REPORTS

Outline. V Computer Systems Organization II (Honors) (Introductory Operating Systems) Language-based Protection: Solution

Proving who you are. Passwords and TLS

Digital it Signatures. Message Authentication Codes. Message Hash. Security. COMP755 Advanced OS 1

Cryptographic Hash Functions. Secure Software Systems

StorageGRID Webscale 10.2

Data-at-Rest Encryption

Password Cracking via Dictionary Attack. By Gaurav Joshi Mansi Nahar (Team: RubberDuckDebuggers)

TLSnotary - a mechanism for independently audited https sessions

RSA. Public Key CryptoSystem

Core Security Services and Bootstrapping in the Cherubim Security System

URL Signing and Validation

What is Secure. Authenticated I know who I am talking to. Our communication is Encrypted

BCS THE CHARTERED INSTITUTE FOR IT. BCS HIGHER EDUCATION QUALIFICATIONS BCS Level 6 Professional Graduate Diploma in IT WEB ENGINEERING

Authenticating on a Ham Internet

Securely backing up GPG private keys... to the cloud. Joey Hess LibrePlanet 2017

The LinkedIn Hack: Understanding Why It Was So Easy to Crack the Passwords

API DOCUMENTATION. IMPROVE DIGITAL API DOCUMENTATION Version 1.2 January BIDDING OVERVIEW

CYBER SECURITY MADE SIMPLE

: Practical Cryptographic Systems March 25, Midterm

Category: Informational January 2010 ISSN:

How to Implement Cryptography for the OWASP Top 10 (Reloaded)

Security in the CernVM File System and the Frontier Distributed Database Caching System

TECHNICAL BRIEF. Data Integrity During a File Copy TECHNICAL BRIEF

UNIVERSITY OF CYPRUS. Authentication. CS682 Advanced Security Topics

CPSC 467b: Cryptography and Computer Security

Encrypt Data (QC3ENCDT, Qc3EncryptData) API

External Alerting for Intrusion Events

Cyber Security Applied Cryptography. Dr Chris Willcocks

PASSWORD RBL API GUIDE API VERSION 2.10 REVISION B

Some Stuff About Crypto

USE CASE FINANCIAL SERVICES

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Oracle Database Security and Audit. Authentication and authorization

Attacking CAPTCHAs for Fun and Profit

Transcription:

HASHING AND ENCRYPTING EMAIL MANAGER CONTENT Hashing and Encrypting in Email Manager Copyright Alterian 2017 1

VERSION MANAGEMENT This document can be retrieved from the author. VERSION HISTORY Version Date Author Reason for issue 1.0 02/08/2017 B Clark First Version 2.0 15/08/2017 B Clark Final Version 3.0 08/11/2017 B Clark Added MD5 Hash Functionality Hashing and Encrypting in Email Manager Copyright Alterian 2017 2

TABLE OF CONTENTS 1 Summary... 4 2 Simple MD5 Hashing... 4 3 more secure Salted Hashing... 4 4 How to hash to a variable... 5 4.1.1 {variable}... 5 4.1.2 [algorithm]... 5 4.1.3 [Encoding]... 5 4.1.4 [SALT]... 5 4.1.5 URL encoding the result... 6 5 Encryption... 6 6 How to Encrypt a Variable... 6 6.1.1 {variable}... 6 6.1.2 [publickey]... 7 7 Validation and Feedback... 7 8 Performance... 8 Hashing and Encrypting in Email Manager Copyright Alterian 2017 3

1 SUMMARY As we move more deeply into adaptive emails and one to one bespoke content for our customers our clients have a requirement to allow external functions to understand securely who they need to customise the content for. This requirement simply put is to be able to pass data securely from within Email Manager through a link to another source. This data may be required for tracking activity or passing through an identifier that can allow bespoke content to be displayed once a user clicks through. 2 SIMPLE MD5 HASHING At times it is useful to simply MD5 hash a variable in email manager. The MD5 hashing modifier can be applied to any variable used within an Email Manager link or as part of a creative. The example below shows it being used to encode an Email Manager variable. You simply add the below to encode a string {variable}.base64encode() This will decode a string {variable}.base64decode() 3 MORE SECURE SALTED HASHING We do not recommend that hashing is used alone for security purposes as many of the hash algorithms can relatively easily be guessed with modern processing speeds. It does however provide a data verification method that can add value to automations or as part of a broader security process so has been included. The SHA-2 algorithms are still considered safe from a security point of view particularly if a SALT is used, but if security is the main focus the encryption method mentioned later in the document should be the preferred method. 3.1 SUPPORTED HASHING ALGORITHMS AND ENCODINGS Hashing Algorithm MD5 SHA-1 SHA-256 SHA-384 SHA-512 Required Format MD5 SHA1 SHA256 SHA384 SHA512 Hashing encoding HEX BASE64 Required Format HEX BASE64 Note: The Hashing encoding determines the encoding for both the output and the salt value if supplied. The output will be an encoded string of the hash bytes created by the chosen algorithm. No URL or Hashing and Encrypting in Email Manager Copyright Alterian 2017 4

HTML encoding is automatically applied to this encoding on output. The existing modifiers can be used if needed. These are: URLENCODE - {var}.urlencode URLDECODE - {var}.urldecode HTMLENCODE - {var}.htmlencode HTMLDECODE - {var}.htmldecode 4 HOW TO HASH TO A VARIABLE The hashing modifier can be applied to any variable used within an Email Manager link or as part of a creative. The example below shows it being used to encode an Email Manager variable. You simply add the.hash and the chosen algorithm and encoding type and salt after. If the Salt is not required it can be left out but the empty brackets are still required. {variable}.hash([algorithm][encoding][salt]) 4.1.1 {VARIABLE} This is the actual content to be hashed, it has to be driven by a variable. In the example below the variable recipientid will be used and hashed for each recipient. {recipientid}.hash([algorithm][encoding][salt]) 4.1.2 [ALGORITHM] This is your selected algorithm; the table in 2.1 shows you the options available. The higher values provide higher levels of encryption but will require more performance to create the hashes and the hash values are longer. If added to a URL you should be certain that it does not go beyond the required standards for a URL. {recipientid}.hash([sha512][encoding][salt]) 4.1.3 [ENCODING] This provides the encoding type for the salt value being passed. Two are supported HEX and Base64 {recipientid}.hash([sha512][hex][salt]) 4.1.4 [SALT] We can further complicate the hashes by appending a string, called a salt, to the value before hashing. This could make the same hash into a completely different string every time. The Salt can be a variable different for each recipient or a single salt added in send a message which would be less secure. It Hashing and Encrypting in Email Manager Copyright Alterian 2017 5

should be noted that the salt value passed in must be pre-encoded into the appropriate format. In this case Hex was used. {recipientid}.hash([sha512][hex][{salt}]) 4.1.5 URL ENCODING THE RESULT {recipientid}.hash([sha512][hex][{salt}]).urlencode Note: Using a SALT, increasing the length of the SALT and using a unique SALT for each recipient makes the chances of a Hashed value being discovered much less likely. It also significantly increases the effort required to crack the other hashes and therefore would put off further cracking attempts. We would suggest a SALT as many characters long as the output is used where possible. 5 ENCRYPTION As mentioned under the hashing section the security of a hashed value is not always considered acceptable for sensitive data. We have includes an encryption funtion that works with RSA private and public keys that will meet this requirement. The private key is only known to the customer. They add the public key to the function. This means that only the customer can decrypt the data. As with the hashing this is a function that can be used for Variables. 6 HOW TO ENCRYPT A VARIABLE The encryption modifier can be applied to any variable used within an Email Manager link or as part of a creative. The example below shows it being used to encode an Email Manager variable. You simply add the.encrypt and the chosen Public Key. {variable}.encrypt([publickey]) 6.1.1 {VARIABLE} This is the actual content to be encrypted, it should be driven by a variable. In the example below the variable recipientid will be used and encrypted for each recipient. {recipientid}.encrypt([publickey]) Hashing and Encrypting in Email Manager Copyright Alterian 2017 6

6.1.2 [PUBLICKEY] This is where you add the PEM encoded public key to be used to encrypt the data. The public key can be added directly into the code in creative builder source view. Design view may automatically add characters that cause the encoding to fail so should not be used. As it is a public key it does not matter if it is freely available. You can add the full key including the Begin and End as this is stripped out automatically and including it reduces the chances of cut and paste errors. {recipientid}.encrypt([-----begin PUBLIC KEY----- MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGQ5N6VY7/NauDp5Ro5R8VbU/ele QJA7SsWeg7iBYft/NHEilmo5fkXF7HbgI/XYzHaa82+CbjnCKiHvJBuecFFq7Un+ JRTMNhVTSF4cxg/QcnX1s0mIkV4RGyCPIlIBeAplKAMy7aI0KVTC5ktMkkOCUyIU 4GZVWzwEyUhN8WcJAgMBAAE= -----END PUBLIC KEY-----]) As you can see adding the Public key directly into the code increases the length of the modifier significantly and if this is used in multiple locations may make it difficult to maintain the code. It may be more convenient to create a shared variable with the public key. This can be shared across creatives, made default and hidden from users to reduce the risk of a typo changing the key. {recipientid}.encrypt([{publickey}]) Please note that the length of the 4096 bit key can cause issues when pasted into source view. We would recommend checking the first header line following first save to ensure the line has not broken at within the header line. This may cause the encoding to fail. Creating a new key and using this may resolve the issue. Example below. Note: It may be that customers would like to use more than one public key for different campaigns. You could create more than one shared variable and simply map the required one each time. {publickey1}, {publickey2} etc Alterian will not have the private key so anything encrypted by our customers cannot be decrypted by Alterian. 7 VALIDATION AND FEEDBACK Please note that the initial release of the hashing and encryption functionality does not include validation on the setup of the modifier or the values used to drive it. Please follow the syntax as accurately as possible and test thoroughly before going live to be sure your setup is valid. If the syntax is not added correctly or you attempt to add values in the incorrect format the deployment will still be attempted. In most cases the deployment will fail with mailer errors for all emails visible in Deployment manager or quick totals. Hashing and Encrypting in Email Manager Copyright Alterian 2017 7

8 PERFORMANCE Each time email manager hashes or encrypts a variable it requires greater effort from our servers. This is particularly true of the higher bit rate hashes and encryption. When our servers are to do more, they will work through your emails more slowly. This may mean a decrease in overall email output from Email Manager. We would suggest that you put hashing or encryption in place only where it is required from a security perspective. We would also suggest significant testing before going live with any project including this functionality to ensure performance still meets your business requirements. Testing is also vital to ensure the changing nature of your links due to hashing or encryption does not cause issues. Hashing and Encrypting in Email Manager Copyright Alterian 2017 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback