6.0 - Cryptography and PKI Flashcards
What are Symmetric algoriithms?
Symmetric algorithms have shared secret key. Early cyphers were symmetric, as is the unbreakable one time pad method.
Common Symmetric Algorithms:
- 3DES
- AES
- Blowfish
- Twofish
- RC4
What are modes of operation?
In symmetric or block algorithms, mulltiple blocks of identical data can give away the cipher. Modes of Operation are techniques that resolve this issue.
The NIST lists these Modes of Operation:
- Electronic Code Book
- Cipher Block Chaining
- Cipher Feedback Mode
- Output Feedback Mode
- Conter Mode
How do Asymmetric Algorithms work?
Asymmetric Algorithms use large numer factoring with a public and a private key (a key pair). This enabled digital signatures and allows secure sending without pre-shared keys.
Symmetric vs. Asymmetric encryption?
Symmetric encryption: Faster, requires a means to pre-share the key
Asymmetric encryption: public key can be sent in the clear, more CPU intensive.
What purpose do Hashing functions serve?
Hashing functions performa a one-way encryption and can be used for data verification or message authentication.
Common Hash algorithms are:
- MD2, MD4, MD5
- SHA-1, SHA-256, SHA-384, SHA-512
This method adds a high-entropy data piece to a low-entropy user data, which makes the hash harder to break.
Salting. The Salt is the extra high-entropy data. This breaks the use of rainbow tables to break password hashes.
These are three similar methods that introduce an extra random string into a cypher.
Salting
Initialization Vector
Nonce
Describe Elliptic Curve cryptography.
Elliptic Curve cryptography (ECC) uses calculations involved with eliptical curves to encrypt data. This is less processor intensive, so it is popular with low-power devices. Many secure text, email and voice apps on mobile devices use ECC and AES algorithms.
What algorithms are weak or deprecated?
Weak or deprecated algorithms include:
- MD5 - manufactured collisions have been achieved.
- SHA-1, soon SAH-256
- DES and 3DES
What problem did the Diffie-Hellman key exchange solve?
Diffie-Hellman key exchange allows a key to be passed in the clear, even with all packets intercepted. This is important for the sharing keys in symmetrical encryption.
What are the steps in using a digital signature?
Digital signature process:
- Signature is hashed and the sender keeps a private key
- Hashed signature is appended to the message and sent
- Recipient decrypts hash with sender’s public key.
Does a digital signature protect the message from interception?
No. Signature only verifies the sender. Other means must be added to assure confidentiality.
What is Diffusion in cryptography?
Diffusion states that a single change in the plaintext should result in multiple changes in the ciphertext. This way changes in ciphertext do not reveal the plaintext.
What is Confusion in cryptography?
Confusion means that each character of plaintext depends on multiple characters of the ciphertext.
What is a Collision?
A Collision is when two different inputs have the same output on the cryptographic function.
This is possible with hashes, which creates the need for salting.
What are some examples of Steganography?
Steganography examples:
- Invisible ink
- Hidden tattoos
- Extra data encoded in digital images or video.
- LSB - Least Signficant Bit - the last bit of each color pixel is changed in an image file.
What is Obfuscation?
Obfucation is the act of making something unreadable but still useable:
- Mangling code with extra, recursive functions
- Salted Hashes
What are the differences betweek Block and Stream Ciphers?
Block vs. Stream Ciphers:
- Speed - stream is faster
- Strength - block is more secure
- Diffusion - block has more diffusion
- Resistance to insertions/modifications - block is better
- Error propagation - block has higher chance of error propagation
- Common Block Algorthims: 3DES, AES
- Common Stream Algorithms: A5, RC4
Key strength and key length.
Larger keys make for stronger encryption, but comparisons across encryption methods are not valid. Some methods, such as 3DES, have only one key length.
What is a Session Key?
A Session Key is a symmetric key created for a given communication session. It can be initially transmitted via a key exchange for greater security. This method offers good strength, speed and simplicity.
What is an Ephemeral Key?
An Ephemeral Key is generated and used only once. Diffie-Hellman uses an ephemeral key to create perfect forward secrecy.
What is a Secret Algorithm?
A Secret Algorithm is when the cryptographic method is kept a secret. For instance, using multiple hash functions. The drawback is limited testing.
How does the data state affect encryption?
Data States:
- Data-in-Transit - needs end to end encryption such as TLS or SSL
- Data-at-Rest - can use whole disc encyption or other forms of data encryption. Applies to cloud data as well.
- Data-in-Use - data in the CPU and memory. Suscepible to data-scraping malware.
What to look for in a random number generator?
Truely random number generators rarely exist.
Look for a cryptographicaly secure RNG to seed encryption systems.
What is Key Stretching?
Key Stretching is adding iterative rounds of computation to a hash function, making it more difficult to brute force.
What is a Crypto Service Provider (CSP)?
A Crypto Service Provider (CSP) is a software library of various encoding and decoding functions. Microsoft CryptoAPI (CAPI) is a CSP for windows development.
What is a Crypto Module?
A Crypto Module is a hardware or software device that peforms the encryption operations securely within a physical or logical boundary.
What is Perfect Foward Secrecy?
Perfect Foward Secrecy is when a public key system can derive new secure keys even when the original key is known. This is imporant to session key generation.
How important is Obscurity?
Obscurity - using obtuse names for servers, etc. - is not a fool-proof solution, but it does make the attacker’s job harder.
List some common use cases for cryptographic services.
Cryptographic use cases:
- Low power devices - eliptical curve crypto is good
- Low latency systems - stream ciphers are an example
- High resiliency - crypto can help restore system quickly after a disruption
- Supporting Confidentiality - crypt keeps data in the right hands
- Supporting Integrity - crypto keep data from being destroyed during transit
- Supporting Obfuscation - encrypted data is opaque
- Supporting Authentication - session keys, digital signatures
- Supporting Non-repudiation - private key holders need to revoke the key if it is stolen
DES
DES (Data Encryption Standard):
- Symmetric Encryption
- Decertified, recertified, then decertified again by the NSA
- Replaced by AES
3DES
3DES (Triple DES):
- Symmetric Encryption
- More CPU intensive then DES
- Uses two or three keys - encrypt, decrypt, encrypt again
- Still popular but being eplaced by AES
AES
AES (Advanced Encryption Standard):
- Symmetric Encryption
- 128, 192 and 256 bit key sizes
- NIST RFP Finalists: MARS, RC6, Rijndael, Serpent, Twofish (Rigndael was chosen)
- Current gold standard, considered secure and computationally efficient
RC4
RC4 (Rivest Cipher):
- Generic term for RC1 - RC6
- Symmetric Encryption
- Stream Cipher
- 8 - 2048 key length, 128 is most common
- Ten times faster then DES
- Need to include weak key detection when implementing
Blowfish/Twofish
Bluefish/Twofish:
- Symmetric Encryption
- Finalist for AES
- Available for public use
- Full 16-round version has not been broken
- Twofish is an improvement over Blowfish
What is a Cipher Mode?
A Cipher Mode, or mode of operation, deals with identical blocks of ciphertext, which would give away identical blocks of input data.
CBC
CBC (Cipher Block Chaining):
- Cipher Mode of Operation
- Each block is XORed with the previous block
- Cannot be parallelized
- Plaintext can be recovered from two adjacent ciphertext blocks - POODLE attack
GCM
GCM (Galios Counter Mode):
- Cipher Mode of Operation
- Adds an authetication function to the ciphertext
- Can be parallelized
- Recoginized by NIST - AES-GCM, GCM, and GMAC
ECB
ECB (Electronic Code Block):
- Cipher Mode of Operation
- Simplest mode
- Each block is encrypted separately
- Identical blocks yield identical encrypted blocks
- Not recomended in cryptographic protocols
CTR / CTM
CTR (Counter Mode):
- Cipher Mode of Operation
- Uses counter function to generate a nonce this is used for each block encryption
- Can be multithreaded
- Sometimes called CTM
- Considered secure
What are the most widely used Cipher Modes?
CBC and CTM/CTR are the most widely used cipher modes.
Describe the differences between Symmetric and Asymmetric encryption.
Differences between Symmetric and Asymmetric encryption:
- Asymmetric is based on hard to reverse math problems.
- In Asymmetric, the public key is known
- Asymmetric is slower, and not good for bulk encryption