Chapter 12 - Cryptography Flashcards
Cryptography
Science or study of protecting information whether in transit or at rest.
Cryptanalysis
Study and methods used to crack cipher text
Linear Cryptanalysis
Works best on block ciphers
Differential Cryptanalysis
Applies to symmetric key algorithms. Compares differences in the inputs to how each one affects the outcome.
Integral Cryptanalysis
Input vs Output comparison same as differential; however, runs multiple computations of the same block size input.
Nonrepudiation
Means by which a recipient can ensure the identity of the sender and neither party can deny sending
What are the 2 general forms of cryptography?
Substitution - bits are replaced by other bits. Transposition - Doesn’t
Stream Cipher
Readable bits are encrypted one at a time in a continuous sream. Usually done by an XOR operation.
Block Cipher
Data bits are split up into blocks and fed into the cipher
XOR
Exclusive OR; If inputs are the same (0,0 or 1,1), function returns 0; if inputs are not the same (0,1 or 1,0), function returns 1 . Key chosen for cipher must have a length larger than the data; if not, it is vulnerable to frequency attacks.
Symmetric Encryption
Known as a single key or shared key. One key is used to encrypt and decrypt the data. Suitable for LARGE amounts of data. Problems are key distribution and management
Algorithm - DES
Symmetric Encryption - Block cipher; 56 bit key; quickly outdated and now considered not very secure.
Algorithm - 3DES
Symmetric Encryption - Block cipher; 168 bit key; more effective than DES but much slower.
Algorithm - AES
Symmetric Encryption - Advanced Encryption Standard - Block cipher; 128, 192, or 256 bit key; repalces DES; much faster than DES and 3DES
Algorithm - IDEA
Symmetric Encryption - International Data Encryption Algorithm - block cipher; 128 bit key; originally used in PGP 2.0
Algorithm - Twofish
Symmetric Encryption - Block cipher; up to 256 bit key.
Algorithm - Blowfish
Symetric Encryption - Fast block cipher; replaced by AES; 64 bit block size; 32 to 448 bit key: considered public domain.
Algorithm - RC (Rivest Cipher)
Symmetric Encryption - RC2 to RC6; block cipher; comparable key length up to 2040 bits; RC6 (latest) uses 128 bit blocks and 4 bit working registers; RC5 uses varaible block sizes and 2 bit working registers. RC4 is stream cipher.
Asymmetric Encryption
Uses two types of keys for encryption and decryption ( public and private key)
Public vs Private key
Public key generally used for encryption; can be sent to anyone. Private keys are kept secret; used for decryption
Algorithm - Diffie-Hellman
Asymmetric - Developed as a key exchange protocol; used in SSL and IPSec; if digital signatures are waived, vulnerabl to MITM attacks.
Algorithm - Elliptic Curve Cryptosystem (ECC)
Asymmetric - Uses points on elliptical curve along with logarithmic problems; uses less processing power; good for mobile devices.
Algorithm - El Gamal
Asymmetric - Not based on prime number factoring; uses solving of discrete logarithm problems.
Algorithm - RSA
Asymmetric - Achieves strong encryption through the use of two large prime numbers; factoring these create key sizes up to 4096 bits; moder de facto standard.
Hash
One-way mathematical function that produces a fix-length string (hash) based on the arrangements of data bits in the input.
MD5
Hash - Message digest algorithm) - Produces 128 bit hash expressed as 32 digit hexadecimal number; has flaws ; still used
SHA-1
Hash - Developed by NSA; 160 bit value output
SHA-2
Hash - Four separate hash functions; produce outputs of 224, 256, 384 and 512 bits; not widely used.
SHA-3
Hash - Uses sponge construction (random permutations)
RIPEMD-#
Hash - Works through 80 stages; executing 5 blocks 16 times each; uses modulo 32 addition . The # indicates bit length.
Collision
Occurs when two or more files create the same output
DUHK Attack
Don’t use hard coded Keys - Allows attackers to access keys in certain VPN implementation; affects devices using ANSI X.931 with a hard-coded seed key.
Rainbow Tables
Contain precomputed hashes to try and find out passwords
Salt
adds random characters bits to increase hash complexity
HashCalc
Hash tool
MD5 Calculator
Hash Tool
HashMyFiles
Hash Tool
Steganography
Practice of concealing a messag inside another medium so that only the sender and recipient know of its existence.
Ways to Identify Steganography
Text, images, audio and video
Steganography Methods
Least significant bit insertion - changes least meaningful bit. Masking and Filtering (grayscale images) - like watermarking . Algorithmic Transformation - hides in mathematical functions used in image compression.
QuickStego
Steganography tool
gifshuffle
Steganography tool
SNOW
Steganography tool
Steganography Studio
Steganography tool
OpenStego
Steganography tool
Public Key Infrastructure (PKI)
Structure desinged to verify and authenticate the identity of individuals.
Registration Authority
Verifies user identity
Certificate Authority
Third party to the organization; creates and issues digital certificates
Certificate Revocation List (CRL)
Used to track which certificates have problems and which have been revoked.
Validation Authority
Used to validate certificates via Online Certificate Status Protocol (OCSP)
Trust Model
How entities within an enterprise deal with keys, signatures and certificates
Cross-Certification
Allows a CA to trust another CS in a completely different PKI; allows both Cas to validate certificates from either side.
