2.8 Encryption Flashcards
Cryptography concepts: what is cryptography for ?
To provide :
- confidentiality,
- integrity (with tamper-proof),
- non-repudiation
- authentication and access control (we know it’s really you)
Cryptography concepts: what is plaintext?
An unencrypted message (in clear)
Cryptography concepts: what is ciphertext?
An encrypted message
Cryptography concepts: what is cipher?
The algorithm used to encrypt and/or decrypt
Cryptography concepts: what is cryptanalysis?
The art of cracking encryption. Researchers are constantly trying to find weaknesses in ciphers
Cryptography concepts: what is keys?
Cryptographic key is informations that is added to the cypher to encrypt the plaintext. Larger keys are generally more secure.
Some encryption methods use one key and some use multiple key to add another layer of security
Cryptography concepts: how to strenghten a key?
- Use encryption methods that use the larger possible keys
- If you cannot use the 1st option, make a weak encryption key stronger by performing multiple processes: hash a password, hash the hash of the password etc
Cryptography concepts: what are the consequences of strenghten a key?
Brute force attacks would requiring reversing each of the hashes so the attacker has to spend much more time (even though the key is small)
Cryptography concepts: what is key stretching libraries?
Key stretching libraries are libraries that already exist for streching keys.
For ex bcrypt
Cryptography concepts: what is bcrypt and how it works ?
It is a key streching library.
Bcrypt generates hashes from passwords, and is an extension to the UNIX crypt library. Bcrypt uses blowfish cypher to perform multiple rounds of hashing
Cryptography concepts: what is PBKDF2 and how it works ?
Password-Based Key Derivation Function 2 (PBKDF2) is a key stretching library and can be use to make application much secure. It is part of RSA public key cryptography
Cryptography concepts: what is lightweight cryptography?
An encryption method that features a small footprint and/or low computational complexity (use less CPU).
Usually used for IoT devices and was created by NIST
Cryptography concepts: what is homomorphic encryption (HE)?
It is the conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.
Cryptography concepts: what are the advantage of homomorphic encryption (HE)?
- Secyrely store data in the cloud
- Perform research on data without viewing the data
Symmetric & Asymetric cryptography: what is symmetric encryption?
Encryption where you use a single key to encrypt and decrypt the data.
Symmetric & Asymetric cryptography: what is the security issue w/ symmetric encryption?
If the key does become available for others to see, you will have to redo all of the encryption because everyone has copy of the key that can be used to decrypt this data
Symmetric & Asymetric cryptography: what is one of the challenge w/ symmetric encryption?
It doesn’t scale very well: It can be difficult to distribute the key across the network without first encrypting it.
And since the key hasn’t been sent across the network, there is no way to have a known key on both sides that you can use for the encryption process.
Symmetric & Asymetric cryptography: what is asymetric encryption?
The key use to encrypt and decrypt the message are different
Symmetric & Asymetric cryptography: what is public key cryptography?
It is just another name for asymetric encryption because there are multiple keys (2 or more): a public key and a private key.
Symmetric & Asymetric cryptography: what is private key ?
It’s a key that only the user have access. It’s private key because nobody else know what that key is.
Symmetric & Asymetric cryptography: what is public key ?
Public key is mathematically related to the private key and this is the key that you give to everybody. If someone wants to send an encrypted message to you, he needs to have the public key
Symmetric & Asymetric cryptography: how public & private keys are related ?
The 2 keys are mathematically related:
- Once somebody encrypts data with a public key, the only way to decrypt that information is by using the corresponding private key (the key that only the user have access).
- You can also encrypt info with your private key and the only people able to decrypt it would be those w/ the public key. It is used in digital signature
Symmetric & Asymetric cryptography: how key pair (public & private) are generated?
Key generation are:
- Build both the public & private key at the same time using a key generation program
- The generation program use a large range of number and randomization
Symmetric & Asymetric cryptography: what is the process for encrypting and decrypting information in asymetric cryptography?
Bob want to send an encrypted message to Alice. To encrypt the message he needs Alice’s public key to created the ciphertext. Once Alice the ciphertext message, she decrypt it using her private key and can see the message send by Bob.
Symmetric & Asymetric cryptography: how to fix the scale problem of symmetric key ?
By using asymmetric encryption to create a symmetric key on both sides without having to send that symmetric key across the network.
Identical symmetric keys are generated on both Bob and Alice side using:
- For Bob: Bob private key + Alice public key = symmetric key
- For Alice: Alice private key + Bob public key = symmetric key
So those 2 symmetrics key are the same but have never been send across the network. This process is used for Diffie-Hellman key exchange
Symmetric & Asymetric cryptography: how asymmetric encryption work from a system pov ?
Asymmetric encryption need large integers of very large prime factors nb and that calculation requires CPU overhead and resources on the machine to be able to encrypt and decrypt the information.
Symmetric & Asymetric cryptography: what Elliptic Curve Cryptography (ECC) ?
ECC uses curves (des courbes) instead of very large number (consumming CPU etc) to be able to create the asymetric keys that is use for public & private key encryption & decryption.
ECC can use smaller key to maintain the same security as non-ECC algorithms and require smaller amount of storage & data that would need to be transmitted across the network.
This allow to have access to the powerful features available with asymmetric encryption, while using mobile devices and IoT devices.