2.8 Summarize the basics of cryptographic concepts. Flashcards
Non-repudiation
Verify who sent the information
Authentication
Verify a user
integrity
verify the files was not edited or tampered with
Plaintext
An unencrypted message
Ciphertext
An encrypted message
Cipher
The algorithm used to encrypt or decrypt the message
Cryptanalysis
art of cracking encryption.
Cryptographic keys
Add the key to the cypher to encrypt
larger keys are more secure
some encryption methods use one key
what is the process of making a weak jey stronger by performing multiple processes on it. Like hashing a password and then hashing the hash,
Key stretching or key strengthening.
bcrypt
generates hashes from passwords
An extension to Unix crypt library
Uses blowfish cipher to perform multiple rounds of hashing
PBKDF2
Password-based key derivation function 2
- part of RSA public key cryptography standards (PKCS #5, RFC 2898
Lightweight Cryptography
Usually used by IoT devices, since traditional cryptography requires a powerful CPU and lots of time, an IoT device does not have either.
NIST is leading an effort to create new standards on this and keep costs low for IoT devices.
HE
Homomorphic Encryption -
- You can perform calculations of data while it is encrypted.
- You can perform the work directly on the encrypted data
- The encrypted data can only be viewed with the private key
Symmetric encryption
It uses a single shared key to encrypt and decrypt. If the key is exposed, you will need a new key.
Very Fast to use.
Does not scale well. It can be challenging to distribute.
128-bit or larger are common
These keys get larger a time goes on
Asymmetric encryption
Often referred to as public key cryptography.
Uses two or more mathematically related keys.
Private key - Kept private. No one else can see it.
Public key - Anyone can see this key. You should share it.
Once the public key has encrypted the data, it can only be decrypted using the private key pair.
Larger keys than symmetric keys.
Complex calculations of prime numbers
Common to see key lengths of 3072 or larger
How does the Key pair get generated?
- Builds both public and private key at the same time
Lots of randomization
Large prime numbers and lots of math
How can you create a symmetric key without sending the symmetric key over the network?
You use the asymmetric keys that you created to create a symmetric key. You would exchange public keys with the person you want to talk to and then use the other person’s public key and combine it with your private key to create a symmetric key.
Bobs private key + Sues public key
Sues private key + Bobs public key
Both of these create the same symmetric key, which can then be used to communicate.
ECC
Elliptic Curve cryptography
Instead of numbers, use curves.
- uses smaller keys than non-ECC asymmetric encryption
- Smaller storage and transmission requirements
- Perfect for mobile devices and IoT devices
Hash
Represents data as a short string of text, sometimes referred to as a message digest, a fingerprint.
This is a one-way trip; you cannot recover the original message from the digest
Perfect for strong passwords
Perfect for verifying downloads and verifying file integrity.
Can be a digital signature - authentication, non-repudiation, and integrity
Will not have a collision
Sha256
Hashing algorithm
256 bits/ 64 hex
When a hash of two different inputs creates the same outputs
A collision.
MD5 has a collision found in 1996
Don’t use MD5 to hash.
Digital signatures
Prove the message was not changed (Integrity)
Prove the source of the message (Authentication)
Make sure the signature is not fake. (non-repudiation)
Signed with the private key.
Verified by using the public key.
Out-of-band key exchange
Sends it out side of the internet.
Telephone, courier, person, etc.
In-band key exchange
it’s on the network
protect key with additional encryption
Use asymmetric encryption to deliver a symmetric key.
