6.2 Explain cryptography algorithms and their basic characteristics Flashcards
Symmetric Algorithms
Symmetric encryption is a common encryption method that involves using the same key to encrypt and decrypt the message
Pros:
The advantage of symmetric encryption is that it is much faster than asymmetric encryption. If you are going to encrypt a large amount of information, you get a performance benefit by using symmetric encryption rather than asymmetric encryption.
Cons:
There are two major disadvantages to using symmetric encryption.
First, how do you communicate the key to the party who needs to decrypt the message? You must ensure that whatever way you communicate the key, it is sent in a
secure manner.
The second disadvantage to symmetric encryption is the number of keys required to ensure confidentiality among all persons. This means that in order to have three people encrypt messages for one another, you need to have three different symmetric keys for each person for secure communications. The number of keys dramatically rises as you increase the number of people who need to communicate. The following formula is used to calculate the number of symmetric keys that are required:
Keys = people × (people – 1) / 2
Symmetric Algorithms - AES
Advanced Encryption Standard (AES) has replaced 3DES as the new standard for symmetric encryption algorithms. AES is a block cipher that supports 128-bit, 192-bit, and 256-bit encryption.
Symmetric Algorithms - DES
Data Encryption Standard (DES) is a block cipher that was selected as an American government standard in the 1970s. It is a 56- bit encryption algorithm. It is not considered secure by today’s standards.
Symmetric Algorithms - 3DES
Triple DES (3DES). This is an improvement on DES that runs the information through three mathematical operations using three different 56-bit keys to create 168-bit encryption. Like DES, 3DES is a block cipher.
Symmetric Algorithms - RC4 (Bonus RC5)
Rivest Cipher (RC4/RC5) RC5 is a block cipher that was created by Ronald Rivest. There are different versions of the RC algorithm, such as RC4, which is a stream cipher used in SSL and WEP (for wireless security).
Symmetric Algorithms - Blowfish/Twofish
Blowfish
This is a block cipher algorithm created by Bruce Schneier to replace the DES algorithm. It offers variable rates of encryption, from 1- to 448-bit encryption.
Twofish
Also written by Bruce Schneier, Twofish was created after Blowfish and offers 128-bit encryption.
Cipher Modes
Block ciphers can use a variety of different modes of operation. It’s important to have a basic understanding of these modes when choosing cipher suites.
Cipher Modes - CBC
Cipher Block Chaining (CBC) mode is used by some symmetric block ciphers. It uses an IV for randomization when encrypting the first block. It then combines each subsequent block with the previous block using an XOR operation. Because encryption of each block is dependent on the encryption of all previous blocks, CBC sometimes suffers from pipeline delays, making it less efficient than some other modes.
Cipher Modes - GCM
Galois/Counter Mode (GCM) is a mode of operation used by many block ciphers. It combines the Counter mode of operation with the Galois mode of authentication. Note that it doesn’t authenticate users or systems, but instead provides data authenticity (integrity) and confidentiality.
In addition to encrypting the data for confidentiality, it includes hashing techniques for integrity. It is widely used due to its efficiency and performance, allowing systems to quickly encrypt and decrypt data.
Cipher Modes - ECB
The Electronic Codebook (ECB) mode of operation is the simplest cipher mode mentioned in this section. Algorithms that use ECB divide the plaintext into blocks and then encrypt each block using the same key. This represents a significant weakness. If any of the plaintext blocks are the same, the resulting ciphertext is the same, making it much easier to crack. ECB is not recommended for use in any cryptographic protocols today.
Cipher Modes - CTR (or CTM)
Counter (CTM) mode effectively converts a block cipher into a stream cipher. It combines an IV with a counter and uses the result to encrypt each plaintext block.
Each block uses the same IV, but CTM combines it with the counter value, resulting in a different encryption key for each block. Multiprocessor systems can encrypt or decrypt multiple blocks at the same time, allowing the algorithm to be quicker on multiprocessor or multicore systems. CTM is widely used and respected as a secure mode of operation.
It’s worthwhile noting that the CompTIA objectives list CTM and include CTM in the acronym list as Counter-Mode. However, it’s much more common to see it listed as CTR or CM.
Cipher Modes - Stream vs. Block
Stream cipher algorithms encrypt data one bit at a time. Plain text bits are converted into encrypted ciphertext. This method is usually not as secure as block cipher techniques, discussed next, but it generally executes faster. In addition, the ciphertext is always the same size as the original plain text and is less prone to errors. If an error occurs during the encryption process, usually this affects only a single bit instead of the whole string. In contrast, when block ciphers contain errors, the entire block becomes unintelligible. The plain text bits are typically encrypted with the bits of a key by using an exclusive OR (XOR) function (described shortly).
Instead of encrypting a bit at a time, block cipher algorithms encrypt data in blocks. Block ciphers have more overhead than stream ciphers. This overhead is provided separately, depending on the implementation and the block size that can be modified (the most common size is 64 bits). Because a block cipher handles encryption at a higher level, it is generally more secure. The downside is that the execution takes longer.
Asymmetric Algorithms
Asymmetric encryption involves using two mathematically related keys to perform the encryption and decryption process. There are two main points to remember about asymmetric encryption:
Whatever one key in the pair does, the other key undoes that operation.
The two keys are related, but you cannot derive one key from the other.
Remember that when using asymmetric encryption, the message (or data) is encrypted with the recipient’s public key. And also remember that to ensure nonrepudiation, the message is signed using the sender’s private key.
Pros:
1) The advantage of asymmetric encryption is the fact that you can securely communicate the public keys to other parties, unlike with symmetric encryption. In the asymmetric system, you are free to give out the public key while the private key stays with the user.
2) Key management is also a benefit to using asymmetric encryption. You saw that with symmetric encryption, as the number of users increases, the number of keys rises dramatically. With asymmetric encryption, you need only a key pair per user for each user to be able to encrypt messages for all other users.
Cons:
The disadvantage of asymmetric encryption is that it is slower than symmetric encryption. If performance is a key factor, symmetric encryption may be the better alternative.
Asymmetric Algorithms - RSA
RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used for secure data transmission. In such a cryptosystem, the encryption key is public and it is different from the decryption key which is kept secret (private).
In RSA, this asymmetry is based on the practical difficulty of the factorization of the product of two large prime numbers, the “factoring problem”. The acronym RSA is made of the initial letters of the surnames of Ron Rivest, Adi Shamir, and Leonard Adleman, who first publicly described the algorithm in 1977.
More on this:
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
Asymmetric Algorithms - DSA
The Digital Signature Algorithm (DSA) is a Federal Information Processing Standard for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. DSA is a variant of the Schnorr and ElGamal signature schemes.
The National Institute of Standards and Technology (NIST) proposed DSA for use in their Digital Signature Standard (DSS) in 1991 and adopted it as FIPS 186 in 1994. Four revisions to the initial specification have been released. DSA is patented but NIST has made this patent available worldwide royalty-free.
More on this:
https://en.wikipedia.org/wiki/Digital_Signature_Algorithm
