Chapter 3 - Cryptography Only Flashcards
Cryptology
Science of secure communications. Encompasses both cryptography and cryptoanalysis
Cryptoanalysis
Science of breaking encrypted messages
Cryptography
Creates messages whose meaning is hidden
Permutation
Another word for Transposition. Provides diffusion by rearranging the characters of the plaintext, anagram-style.
Work Factor
Describes how much effort it takes to break encryption
Good Encryption
Not based on secret formulas but on good math.
Monoalphabetic cipher
uses one alphabet: a specific letter is substituted for another. Susceptible to frequency analysis.
Polyalphabetic cipher
uses multiple alphabets, a specific letter maybe used in one round and another the next round – addresses frequency analysis
Modular Math
Modular math lies behind much of cryptography: simply put, modular math shows you what remains (the remainder) after division. It is sometimes called clock math because we use it to tell time: assuming 12 hour clock, 6 hours past 9:00pm is 3:00am. In other words, 9:6 is 15, divided 12 leaves remainder 3.
XOr
Combining a key with plaintext via XOR creates a ciphertext. XOR-ing the same key to the ciphertext restores the original plaintext.
Rules: If two bits are different the answer is “1.” If two bits are the same the answer is “0.”
Data at rest and Data in motion
Cryptography is able to protect data at rest and data in motion. Full disk encryption can protect data at rest and SSL or IPSEC VPN can protect data in motion.
Protocol Governance
Describes the process of selecting the right method (cipher) and implementation for the right job, typically at an organization-wide scale.
Egyptian Hieroglyphics
Hieroglyphics are stylized pictorial writing used in ancient Egypt.
Spartan Scytale
The Scytale was used in ancient Sparta around 400BC. A strip of parchment was wrapped around a rod. The plaintext was encrypted by writing lengthwise down the rod. The message was then unwound and sent. When unwound the words appeared as a meaningless jumble. The receiver possessing a rod of the same diameter, wrapped the parchment across the rod, reassembling the message.
Caeser Cipher and other rotational ciphers
The Ceasar cipher is am monoalphabetic rotation Cipher. Caeser rotated each letter of the plaintext forward three times to encrypt. Another common rotation cipher is rot-13, move the letter forward 13 times to encrypt.
Vigenere Cipher
The Vignere Cipher is a polyalphabetic Cipher. A matrix is formed with the alphabet and lookups are done with the key (repeated up to the length of the plaintext) to form the cipher text.
Cipher Disk
Cipher disks have two concentric disks, each with a alphabet around the periphery. They allow both monoalphabetic and polyalphabetic encryption. For monoalphabetic encryption two parties agree on a fixed starting offset and then turn the wheel once every X characters. For polyalphabetic encryption, do the same as before but turn where once every X characters and then turn the inner disk 1 character to the right after every 10 characters
Jefferson Disks
Invention of Thomas Jefferson. It is also known has “Wheel Cipher”. The device contains 36 wooden disks in which each disk has random characters of the 26 characters of the alphabet printed along each disk in random order. The other party must posses the identical set of disks.
Order the disks into saying something, then pass the jumbled line to the other person. To decrypt they make the same jumble and then look for lines that make sense.
Book Cipher
A book cipher uses whole words from a well-known text such as a dictionary. To encode, agree on a text source and note the page number, line and word offset of each word you would like to encode.
Looks something like . . . . As 12.4.5 I am 12.8.17, which translates to “As vengeance I am god!” 12 is the page, 4 is the row, 5 is 5 words from the left, etc.
Running-key cipher
Running-key ciphers also use well-known texts as the basis for their keys: instead of using whole words, they use modulus math to “add” letters to each other.
Find a picture of this, pretty cool.
Codebooks
Codebooks assign a code for important people, locations, and terms. Each word in the code-book has two codenames, Ex. the President was “Adam” or “Asia”, the secretary of state was “Abel” or “Austria”
One-time Pad
A one-time pad uses identical paired pads of random characters, with a set amount of characters per page. Assume a pair of identical 100 page one time pads with 1000 random characters per page. Once created and securely distributed, to communicate use modular addition to encrypt and modular subtraction to decrypt. Discard page of pad once used. This is mathematically proven to be secure as long as pads are kept secure, and pages are never reused.
Vernam Cipher
Named after Gilbert Vernam, created a teletypewriter capable of encypting and decrypting using paper rolls containing the encryption key (One time pad). The Vernam Cipher used bits, the one time pad bits were XORed to the plaintext bits.
Hebern Machines and Purple
Hebern machines are a class of cryptograhic devices known as rotor machines named after Edward Hebern. They look like manual typewriters with electrified rotors.
Enigma
Used by the Axis German powers during WWII. There were 3 finger wheels which could be set to any number from 1-26 which is to be used as key.
Sigaba
The sigaba was a rotor machine used by the US in WWII. Due to it’s large size it had limited field use.
Purple
Purple was the allied name for the encryption device used by the Japanese Axis powers in WWII. It is described as a rotor machine but actually a stepping-switch which encrypted plaintext by adding code words.
Cryptography Laws
Intelligence derived from cryptoanalysis was arguably as powerful as any bomb. This leads to attempts to control cryptography through the same laws used to control bombs: munition laws.
COCOM
Coordinating Committee for Multilateral Export Controls designed to control export of critical technologies (including cryptography) to “Iron Curtain” countries during the code war. US, Japan, EU, Australia, Turkey and rest of non-soviet countries were members during 1947-1994
Wassenaar Arrangement
Created in 1996 after COCOM ended. Includes former soviet union countries and laxed many of the restrictions on exporting cryptography.
Symmetric Encryption
Aka Secret key encryption uses one key to encrypt and decrypt. The key must be kept secret and often shared using out of band method.
Strengths: Speed and Cryptographic strength per bit of key.
Weakness: Key must be kept secure and shared before two parties can communicate.
Stream Cipher
Each bit is independently encrypted in a “stream”
Block mode
encrypt blocks of data each round: 64bits for DES, 128bits for AES. To emulate stream block size can be set to 1 bit.
Initialization Vector
Ensure first encrypted block of data is random so identical plaintexts ecnrypt to different cipher texts
Chaining
Uses feedback from previous cipher block to seed next block to be encrypted. This destroys patterns in resulting ciphertext
DES
DES is the data encryption standard, which describes the Data Encryption Algorithm (DEA). Designed in the US to in 1976 to address standardization. Its a symmetric cipher that uses a 64bit block size (encrypts 64 bit each round) and a 56 bit key.
*Susceptible to brute force key attack due to advent of faster CPUs.
Modes of DES
Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter Mode (CTR)
Electronic Code Book (ECB)
Earliest mode (hence – code book WWII), simplest and weakest, no vector, no chaining
- Should not be used anymore
Cipher Block Chaining (CBC)
XORs previous encrypted block of cipher text to next block and users initialization vector, encryption errors can propagate destroying integrity
Cipher Feedback (CFB)
Same as CBC but stream mode
Output Feedback (OFB)
uses previous cipher text as feedback uses subkey before it is XORed to plaintext, not affected by encryption errors and will not propagate
Counter Mode (CTR)
Latest, similar to OFB but uses a counter, can be parallelized
3DES
Applies single DES three times per block. Formally called Triple Data Encryption Algorithm. Slow and complex compared to newer algorithms like AES and Twofish.
Triple DES Encryption Order and Keying Options
1TDES EDE – Encrypt, Decrypt, Encrypt with 1 key – results in same cipher text as DES for backwards compatibility
2TDES EDE – Encrypt with key 1, Decrypt with key 2 (same as encrypt), and Encrypt with key 1 – results in 112bit key strength – used with legacy hardware with limited memory
3TDES EDE – Encrypt with key 1, Decrypte with key 2, Encrypt with key 3, results with 168bit key strength, effective strength is 112bit due to MiTM attack
International Data Encryption Algorithm (IDEA)
International replacement to DES using 128bit key and 64bit block size. Drawbacks are patent encumbrance and slow speed compared to AES.
Advanced Encryption Standard (AES)
Current US standard symmetric block cipher using 128bit (10 rounds), 192bit (12 rounds), 256bit (14 rounds) keys and 128bit blocks of data. It is open and free to use
Choosing AES
NIST sought input from the public for DES replacement in 1997 that would be faster and more secure. The five finalists were; MARS, RC6, Rijndael, Serpent and two fish. Rijndeal was chosen and became the AES standard due to best combination of security, performance, efficiency, and flexibility.
AES Functions
ShiftRows – Provides diffusion by shifting rows of the state. It treats each row like a row of blocks, sifhting each a different amount
MixColumns – Provides diffusion by mixing the columns of the state via finite field mathematics
SubBytes – Provides confusion by subsituting the bytes of a state
AddRoundkey – is the final function applied in each round. It XORs the state with the subkey. The subkey is derived from the key and is different for each round of AES
Blowfish and Twofish
Blowfish – Uses 32 through 448bit (default 128bit) keys and 64bit blocks
Twofish – Uses 128 through 256 bit keys and 128bit blocks
Both are free and unpatented and AES finalists
RC5 and RC6
RC5 – Key size range from 0 – 2040bit and 32,64, or 128 bit blocks
RC6 – Key size 128,192 or 256 bit key, and encrypte 128 bit blocks – based on RC5 and AES finalist
Asymmetric Algorithm
Solves the challenge of pre-shared keys, the asymmetric encryption (aka public key encryption) uses two keys; you encrypt with one and decrypt with other. One key is made public. Whoever that wants to communicate with you will download and use the public key to encrypt
Asymmetric Methods
Factoring Prime Numbers – Basis of the RSA algorithm , An example of one-way function (easy to computer one way but not the other). Factoring large composite number is so difficult that the composite number can be safely publicly posted (public key). The primes that are multiplied (which is easy) to create the public key must be kept private (private key)
Discrete Logarithm
Discrete logarithm – Computing logorithms to groups is hard to solve, thus forms the basis to Diffie-Helman and ElGamal asymmetric algorithms
Diffie-Hellman Key Agreement Protocol
Allows two parties to securely agree on a symmetric key via public channel such as internet with no prior key exchange.
Elliptic Curve Cryptography
ECC uses one way function that uses discrete logarithms applied to elliptic curves. This is harder than discrete logorithms and are much more secure and stronger per bit. ECC requires less computational resources due to shorter keys and are used in low power devices due to this reason.
Asymmetric and Symmetric Tradeoffs
Asymmetric algorithms are slower, and weaker per bit length compared to symmetric. Both encryption algorithms are used together, ie Asymmetric such as RSA is used to exchange secret keys and the symmetric key (session key) is used to create a session used to encrypt the subsequent data, leveraging the best of both worlds.
Hash Functions
Hash functions provides encryption using an algorithm with no key (aka one-way hash). There is no way to reverse the encryption. The primary use case is for integrity checks. MD5(128bit) and SHA1(160bit) are older and have weaknesses. Recommendation is use SHA-2
Collisions
Hashes are not unique and different plaintext can result in the same hash.
MD5
Created by Ronald Rivest. MD5 creates a 128bit hash however, has been discovered where collisions can be found in a practical amount of time.
Secure Hash Algorithm
SHA1 was announced in 1993 as FIPS 180 standards, however it is now considered weak due to poor collission avoidance. SHA2 was announced in 2001. It includes SHA-224, SHA256, SHA-384 and SHA-512 with the differing hash values. In 2015 SHA-3 has been finalized
