Chapter 10 - Cryptography 101 Flashcards
Confidentiality
encryption helps provide confidentiality because only those with the key can view it
Integrity
Hashes ensure that message hasn’t been altered
Nonrepudiation
way for recipient to ensure the identity of the sender and neither party can deny having sent or received the message
substitution
transposition
substitution replaces bits with other bits
transposition doesn’t replace anything, it changes their order
Stream Ciphers
data is encrypted as a continuous stream
readable bits in their regular pattern are fed into the cipher and encrypted one at a time, usually by an Exclusive Or (XOR).
Very fast
Block Ciphers
data bits are split into blocks and fed into the cipher
each block (usually 64 bits) is encrypted with the key and algorithm, using methods like substitution and transposition.
Considered simpler and slower than stream ciphers
Exclusive Or (XOR)
at the core of a lot of computing
requires 2 inputs. For encryption algorithms they are the data bits and key bits.
each bit is fed into the operation, one from data, one from key and then XOR makes determination:
if bits match the output is 0
if bits don’t match output is 1
see table pg 342
0 0 0
0 1 1
1 0 1
1 1 1
how important is key length to pure XOR ciphers?
very.
if key is smaller than the data, the cipher will be vulnerable to frequency attacks.
Since key is used repeatedly, its frequency makes guessing it easier
Symmetric Encryption Benefits
aka
Single Key / Shared Key
one key is used to encrypt and decrypt
Simplicity is its greatest asset
Great for for bulk encryption
Formula for calculating how many key pairs needed for symmetric key encryption
N(N - 1) / 2
N=number of nodes in network
if you have 2 people to communicate with, there are 3 lines of communication.
Add a person and now there are 6 lines
Symmetric Algorithms
DES 3DES AES IDEA Twofish Blowfish RC (Rivest Cipher)
DES 3DES AES IDEA Twofish Blowfish RC (Rivest Cipher)
DES
block cipher. uses 56 bit key with 8 reserved for parity
outdated
3DES
block cipher. uses 168 bit key. Can use 3 keys in multiple encryption method.
AES (Advanced Encryption Standard)
block cipher. uses 128, 192 or 256 bit key. Much faster than DES or 3DES
IDEA (International Data Encryption Algorithm)
block cipher. uses 128 bit key. designed to replace DES. Originally used in PGP. Was patented and used mainly in Europe
Twofish
block cipher. uses up to 256 bits
Blowfish
fast block cipher, largely replaced by AES.
uses 64 bit block size and a key from 32 to 448 bits.
Public domain
RC (Rivest Cipher)
several versions from RC2 to RC6
block cipher that uses variable key length up to 2040 bits.
RC6 uses 128 bit blocks and 4 bit registers
RC5 uses variable block sizes (32, 64 or 128) and 2 bit registers
Symmetric Key Cons
doesn’t help with nonrepudiation
Key distribution and management is difficult.
Scaling out number of users means number of keys needed presents a problem
Asymmetric Encryption
Built to make sharing keys efficient
Encryption Key is the Public Key. Can be sent anywhere
Decryption Key is the Private Key. Kept secure
Fixes key distribution, management, scalability and nonrepudiation problems from symmetric encryption
Asymmetric Algorithms
Diffie-Helman
Elliptic Curve Cryptosystem (ECC)
El Gamal
RSA
Diffie-Helman
developed as a key exchange protocol. Used in SSL and IPSEC. Can be vulnerable to MITM if not using digital signatures.
Elliptic Curve Cryptosystem (ECC)
Uses less processing power than other methods, so good for mobile devices.
El Gamal
Doesn’t use prime number factoring, instead solves logarithm problems.
RSA
strong encryption through using 2 large prime numbers. Factoring them creates keys up to 4096 bits. Modern de factor standard
What’s the downside to asymmetric encryption?
performance is slower than symmetric
processing power is higher, more suitable for smaller amounts of data
Hash algorithms
one-way function that takes input and produces a fixed-length string (hash)
Purpose is to verify the integrity of a piece of data
4 Hash algorithms
MD5 (Message Digest)
SHA-1
SHA-2
SHA-3
MD5 - produces 128bit hash value as a 32 bit hex number
flaws made it obsolete in 2010, but still in some use
SHA1 - produces 160 bit output. Flaws made it obsolete in 2005. US Govt recommends replacing with SHA2.
SHA2 - produces 224, 256, 384, 512 bit outputs. Still not as popular as SHA1
SHA3 - uses “sponge construction” where data is absorbed into sponge by XOR and squeezed out