2.8 Summarize the basics of cryptographic concepts. Flashcards
Non-repudiation
Verify who sent the information
Authentication
Verify a user
integrity
verify the files was not edited or tampered with
Plaintext
An unencrypted message
Ciphertext
An encrypted message
Cipher
The algorithm used to encrypt or decrypt the message
Cryptanalysis
art of cracking encryption.
Cryptographic keys
Add the key to the cypher to encrypt
larger keys are more secure
some encryption methods use one key
what is the process of making a weak jey stronger by performing multiple processes on it. Like hashing a password and then hashing the hash,
Key stretching or key strengthening.
bcrypt
generates hashes from passwords
An extension to Unix crypt library
Uses blowfish cipher to perform multiple rounds of hashing
PBKDF2
Password-based key derivation function 2
- part of RSA public key cryptography standards (PKCS #5, RFC 2898
Lightweight Cryptography
Usually used by IoT devices, since traditional cryptography requires a powerful CPU and lots of time, an IoT device does not have either.
NIST is leading an effort to create new standards on this and keep costs low for IoT devices.
HE
Homomorphic Encryption -
- You can perform calculations of data while it is encrypted.
- You can perform the work directly on the encrypted data
- The encrypted data can only be viewed with the private key
Symmetric encryption
It uses a single shared key to encrypt and decrypt. If the key is exposed, you will need a new key.
Very Fast to use.
Does not scale well. It can be challenging to distribute.
128-bit or larger are common
These keys get larger a time goes on
Asymmetric encryption
Often referred to as public key cryptography.
Uses two or more mathematically related keys.
Private key - Kept private. No one else can see it.
Public key - Anyone can see this key. You should share it.
Once the public key has encrypted the data, it can only be decrypted using the private key pair.
Larger keys than symmetric keys.
Complex calculations of prime numbers
Common to see key lengths of 3072 or larger
How does the Key pair get generated?
- Builds both public and private key at the same time
Lots of randomization
Large prime numbers and lots of math
How can you create a symmetric key without sending the symmetric key over the network?
You use the asymmetric keys that you created to create a symmetric key. You would exchange public keys with the person you want to talk to and then use the other person’s public key and combine it with your private key to create a symmetric key.
Bobs private key + Sues public key
Sues private key + Bobs public key
Both of these create the same symmetric key, which can then be used to communicate.
ECC
Elliptic Curve cryptography
Instead of numbers, use curves.
- uses smaller keys than non-ECC asymmetric encryption
- Smaller storage and transmission requirements
- Perfect for mobile devices and IoT devices
Hash
Represents data as a short string of text, sometimes referred to as a message digest, a fingerprint.
This is a one-way trip; you cannot recover the original message from the digest
Perfect for strong passwords
Perfect for verifying downloads and verifying file integrity.
Can be a digital signature - authentication, non-repudiation, and integrity
Will not have a collision
Sha256
Hashing algorithm
256 bits/ 64 hex
When a hash of two different inputs creates the same outputs
A collision.
MD5 has a collision found in 1996
Don’t use MD5 to hash.
Digital signatures
Prove the message was not changed (Integrity)
Prove the source of the message (Authentication)
Make sure the signature is not fake. (non-repudiation)
Signed with the private key.
Verified by using the public key.
Out-of-band key exchange
Sends it out side of the internet.
Telephone, courier, person, etc.
In-band key exchange
it’s on the network
protect key with additional encryption
Use asymmetric encryption to deliver a symmetric key.
PFS
Perfect forward secrecy
Used in SSL/TLS when communicating to a web server.
Does not use the servers private RSA key
Uses Elliptic curve or Diffie hellman ephemeral (ECDHE)- used to transfer data in 1 session.
The session keys aren’t kept around.
Requires more computing power
not all servers choose to use PFS
Browser must support PFS
Steganography
Hiding information in an image
Storing information in audio files
Can do the same thing in a video file.
Security through obscurity
Obfuscation
Process of making something unclear
Commonly used in source code.
stream ciphers
encryption is done one byte or bit at a time
high speed, low hardware complexity
Used with symmetric encryption typically
Not commonly used with asymmetric encryption
The starting state should never be the same
- key is often combined with an initialization vector (IV)
Block Ciphers
Encrypts fixed length groups at one time often in 64bit or 128 bit block
Pads added to short blocks
Each block is encrypted or decrypted independently
Symmetric encryption
- similar to stream ciphers
block cipher modes of operations:
- Avoids patterns in the encryption
- Many different modes to choose from
ECB
Electronic codebook
A block cipher mode of operation
The simplest encryption mode
too simple for most use cases
Each block is encrypted with the same key
- identical plaintext blocks create identical ciphertext blocks
CDC
cipher block chaining, cipher block mode
Adds randomizations which gets around problem with ECB.
Easy to implement
Each plaintext block is XORED with previous ciphertext block
uses IV for the first block
CTR
Counter
Block cipher mode uses an incremental counter to add randomization.
blockchain
a distributed ledger
keeps tracks of transactions
Everyone on the block chain network maintain the ledger
3DES
3DES uses 64-bit blocks and a 56-bit key, but the plaintext is encrypted three times using different subkeys. 3DES is also a block cipher. Symmetric keys.
RC4
Stream cipher.
