Welcome back. We're
in the homestretch. A hospital sold
many computers that it had stopped using
because they were too old. Unfortunately, they
forgot to wipe the disks. A journalist bought some of
them from a thrift store and recovered personally
identifiable information, such as medical
records identifying patients and what they
were being treated for. In another case,
disks discarded by a law firm contained attorney-client
privileged information. Cases like these abound, and are examples of
serious security problems. In this module, we'll
discuss this in more detail as well as how to prevent
this from happening, and many other things. This module explores the programming concept
of randomness. We will differentiate between pseudo-randomness and
actual randomness. We will demonstrate
how to generate random numbers and sowing seeds for random
number generation. Finally, we'll discuss
cryptography basics and how to utilize
cryptography for both secrecy and integrity and end by viewing
some cryptographic examples. Randomness is a much
misunderstood topic. When security depends
on randomness, programs must be careful to ensure that the numbers
generated are truly random. This is especially true when generating
cryptographic keys. Once no longer needed, sensitive data such
as these keys or passwords must be erased so attackers cannot recover them. Techniques for doing this and
for securely deleting files containing sensitive data
help protect security. Errors indicate that
something has gone wrong and so if
handled carelessly, may create or exacerbates
security problems. This module covers
these problems and more. At the end of this module, you will be able to
distinguish between pseudo-randomness and
actual randomness, apply randomness in
the coding environment, and understand how and
why cryptography is used, as well as why you should use trusted cryptographic
code libraries instead of crafting your own. You'll be exposed to and consider best practices
for handling sensitive information such as passwords and cryptographic keys, and how to handle errors in
security sensitive programs, as well as how to defend against string
formatting attacks.