Chapter 6 - Crypto Flashcards
Confusion
Occurs when relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key.
Diffusion
Occurs when a change in the plaintext results in multiple changes spread throughout the ciphertext.
Crypto Math AND
uses ^. Only true (1) when both X and Y are true (1).
Crypto Math OR
uses down carrot. Only false when both are false.
Crypto Math NOT
uses -. Only used on one variable at a time. X=0, -X=1
Crypto Math Exclusive OR (XOR)
Only returns true value when only one of the input values is true. Uses plus in a circle.
One way function
math function that easily produces output values for each possible combination of inputs but makes it impossible to retrieve input values.
Transposition Ciphers
Use encryption algorithm to rearrange letters of a plaintext message. Ex: apple=elppa.
Substitution Ciphers
- Use the encryption algorithm to replace each character or bit of the plaintext message with a different character. (Caesar cipher).
- More sophisticated versions use multiple alphabets. (Vigenere cipher) looks like a crossword puzzle
One Time Pads
• Use a different substitution alphabet for each letter of the plaintext message. Usually written as a very long series of numbers to be plugged into the function.
• Known as Vernam ciphers
• Must meet these requirements:
○ Pad must be randomly generated.
○ Must be physically protected against disclosure
○ Must be used once.
○ Key must be at least as long as the message to be encrypted.
○ VENONA = soviets used a pattern in key generation.
○ Hard to distribute keys, messages should be short due to key length.
Running Key Ciphers
AKA book cipher. Agree to use the same book
Block Ciphers
- Operate on chunks of a message and apply the encryption algorithm to an entire message block at the same time.
- Transposition is block cipher
- Most modern encryption algorithms implement block cipher
Stream Ciphers
Operate on one character or bit of a message at a time.
Ceasar cipher, one time pad
AES Block & Key Size
128
128,192,256
Rijndael Block & Key Size
Variable
128,192, 256
Blowfish (often used in SSH) Block & Key Size
64
32-448
DES Block & Key Size
64
56
IDEA (used in PGP) Block & Key Size
64
128
RC2 Block & Key Size
64
128
RC4 Block & Key Size
Streaming
128
RC5 Block & Key Size
32,64,128
0-2040
Skipjack Block & Key Size
64
80
3DES Block & Key Size
64
112 or 168
Twofish
128
1-256
DES Electronic Codebook Mode
Least secure, encrypts each 64 bit bock with same key.
Cryptanalysis could break blocks
Impractical for anything but very small amounts of data (keys and parameters to initiate)
DES Cipher Block Chaining Mode
Each block of ciphertext XORed with the block of ciphertext immediately preceding it before encrypting with DES.
Implements an IV (initialization vector) and XORs it with the first block of the message.
Corruption will flow if one block is corrupted.
DES Cipher Feedback Mode
Streaming cipher version of CBC.
Operates against data produced in real time.
Instead of breaking message into blocks, it uses memory buffers of the same block size. When buffer fills, it’s encrypted and sent.
Uses IV and chaining.
DES Output Feedback Mode
Same as CBC, but instead of XORing encrypted version of previous block of ciphertext, it XORs the plain text with a seed value.
IV used to create seed value.
Future seeds values derived by running DES algorithm on previous seed value.
Advantage: no chaining, errors do not propagate
DES Counter Mode
Uses stream cipher, but instead of creating seed value from each previous encrypted seed values, it uses a simple counter that increments each operation.
Errors do not propagate.
Triple DES
Four versions:
- Encrypts plaintext 3 times using 3 different keys: k1, k2, k3. Known as DES-EEE3 mode.
a. E(K1,(k2,E(k3,P)))
b. Effective key length of 168 bits. - Uses 3 keys, but replaces second encryption with decryption. DES-EDE3
a. E(k1, D(k2, E(k3,P))) - Uses 2 keys (DES-EEE2)
a. E(K1,E(K2,E(K1,P)))
b. 112 bits - Uses 2 keys with decryption (DES-EDE2)
a. E(K1,D(K2,E(K1,P)))
b. 112 bits
IDEA
- Developed because DES too short key length.
- Operates on 64-bit blocks of plaintext.
- Begins operation with 128 bit key.
- Broken up into series of 52 16-bit subkeys.
Blowfish
Operates on 64-bit block of text.
Uses variable-length keys from 32 to 448 bits.
Much faster than IDEA and DES.
Skipjack
- Approved for use by gov in FIPS 185, the Escrowed Encryption Standard (EES).
- 64 bit block of text.
- 80 bit key.
- Provides cryptographic routines supporting the Clipper and Capstone encryption chips.
- NIST and Dept of Treasury each hold part of the key.
- Not used at large because of mistrust of government key escrow.
AES
• Only allows processing of 128-bit blocks, Rjindael allows use of block size equal to key length.
○ 128-bit keys require 10 rounds of encryption
○ 192-bit keys require 12 rounds of encryption
256-bit keys require 14 rounds of encryption
Twofish
• AES finalist
• Block sipher
• Operates on 128-bit blocks
• Keys up to 256 bits in length
• Uses:
○ Prewhitening - XORing plaintext with a separate subkey before first round of encryption
○ Postwhitening - uses similar operation after 16th round of encryption
