Chapter 6 - Cryptography And SYmmetric Key Algorithms Flashcards
Modulo function
The module function is just as important to cryptography as the logical operations are. For example, 8 mod 6 = 2
Codes vs Ciphers
Codes work on words and phases whereas ciphers work on individual characters and bits.
Differences between Caesar cipher, Vigenere cipher, and one-time pad.
The only differences are key length.
The Caesar shift cipher uses a key length one, the Vigenere cipher uses a longer value (usually a word or sentence), and the one-time pad uses a key that is as long as the message itself.
DES
DES uses a 54-bit key to drive the encryption and decryption process.
However, the DES specification calls for a 64-bit key. The remaining 8 bits are supposed to contain parity information to ensure that the other 56 bits are accurate.
Counter mode (CTR) of DES
CTR mode allows you to break an encryption or decryption operation into multiple independent steps. This makes CTR mode well suited for use in parallel computing.
RC5
Rivest Cipher 5, or RC5, is a symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security. RC5 is a block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 length and 2,040 bits.
S-RPC
Secure RPC (S-RPC) employs Diffie-Hellman for key exchange.
Which type of crypto system can provide nonrepudiation?
Nonrepudiation provides the assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender.
Secret key, or symmetric key, cryptosystems do not provide this guarantee. If Jim and Bob participate in a secret system communication system, they can both produce the same encrypted message using their shared secret key.
Definition of M of N Control
If only a single key escrow recovery agent exists, there is opportunity for fraud and abuse of this privilege.
M of N Control requires that a minimum number of agents (m) out of the total number of agents (n) work together to perform high-security tasks.
Major advantage of OFB (Output Feedback Mode)
In OFB mode, DES XORs the plain text with a seed value. For the first encrypted block, an initialization vector is used to create the seed value. The major advantage of OFB mode are there is no chaining function and transmission error do not propagate to affect the decryption of future blocks.
One-Way Functions
A one-way function is a mathematical operation that easily produces output values for each possible combinations of input but makes it impossible to retrieve the input values. It rely on the difficulty of factoring the product of large prime numbers.
Advanced Encryption Standard block sizes and key strength sizes
AES only allows the processing of 128-bit blocks.
But AES cipher allows the use of three strengths: 128 bits, 192 bits, and 246 bits.
Running Key Ciphers
Running key cipher, the encryption key is as long as the message itself and is often chosen from a common book.
Twofish Algorithm
The Twofish algorithm developed by Bruce Schneier was another one of the AES finalists.
Twofish uses two techniques not found in other algorithms:
- Prewhiting involves XORing the pain text with a separate subkey before the first round of encryption.
- Postwhitening uses a similar operation after the 16th round of encryption.
The Data Encryption Standard (DES) encryption algorithm characteristics?
DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective key length is 56 bits).
Some people are getting the Key Size and the Block Size mixed up.
The block size is usually a specific length. For example DES uses block size of 64 bits which results in 64 bits of encrypted data for each block. AES uses a block size of 128 bits, the block size on AES can only be 128 as per the published standard FIPS-197.
PGP uses which of the following to encrypt data?
Notice that the question specifically asks what PGP uses to encrypt. For this, PGP uses a symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key and then sends it securely to the receiver. It is a hybrid system where both types of ciphers are being used for different purposes.
Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are 100 to 1000 times slower than Symmetric Ciphers.
Which public key algorithm does both encryption and digital signature?
RSA can be used for encryption, key exchange, and digital signatures.
What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?
Key clustering happens when a plaintext message generates identical ciphertext messages using the same transformation algorithm, but with different keys.
Also means one key is used to encrypt two different messages and they both end up with the same cipher text.
Rijandel block length and key length
Rijndael and AES differ only in the range of supported values for the block length and cipher key length.
For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits.
AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.
Cryptography does NOT help in which area?
Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion, deletion or modification.
It also is a preventive control is the fact that it prevents disclosure, but it usually does NOT offers any means of detecting disclosure.
Confusion
In the Block Cipher method called Confusion, the relationship between the plaintext and key are so complicated that the attacker can’t alter the plaintext in an attempt to determine the key used to encrypt the plaintext.
Differences between confusion and diffusion.
A strong cipher contains the right level of two main attributes: confusion and diffusion. Confusion is commonly carried out through substitution, while diffusion is carried out by using transposition. For a cipher to be considered strong, it must contain both of these attributes to ensure that reverse-engineering is basically impossible. The randomness of the key values and the complexity of the mathematical functions dictate the level of confusion and diffusion involved.
What is FIPS-140 standard used for?
Hardware and software cryptographic modules
The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.
As of December 2006, the current version of the standard is FIPS 140-2, issued on 25 May 2001.
Block ciphers
Block ciphers do not use public cryptography (private and public keys).
Block ciphers is a type of symmetric-key encryption algorithm that transforms a fixed-size block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length. They are appropriate for software implementations and can operate internally as a stream. See more info below about DES in Output Feedback Mode (OFB), which makes use internally of a stream cipher.
Running Cipher
In classical cryptography, the running key cipher is a type of polyalphabetic substitution cipher in which a text, typically from a book, is used to provide a very long keystream. Usually, the book to be used would be agreed ahead of time, while the passage to be used would be chosen randomly for each message and secretly indicated somewhere in the message.
Diffie-Hellman
The Diffie-Hellman key agreement protocol (also called exponential key agreement) was developed by Diffie and Hellman [DH76] in 1976 and published in the ground-breaking paper “New Directions in Cryptography.” The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.
Stream Cipher
stream cipher generates what is called a keystream
A stream cipher is a type of symmetric encryption algorithm that operates on continuous streams of plain text and is appropriate for hardware-based encryption.
Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher. A stream cipher generates what is called a keystream (a sequence of bits used as a key).
Stream ciphers can be viewed as approximating the action of a proven unbreakable cipher, the one-time pad (OTP), sometimes known as the Vernam cipher. A one-time pad uses a keystream of completely random digits. The keystream is combined with the plaintext digits one at a time to form the ciphertext. This system was proved to be secure by Claude Shannon in 1949. However, the keystream must be (at least) the same length as the plaintext, and generated completely at random. This makes the system very cumbersome to implement in practice, and as a result the one-time pad has not been widely used, except for the most critical applications.
A stream cipher makes use of a much smaller and more convenient key — 128 bits, for example. Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad. However, this comes at a cost: because the keystream is now pseudorandom, and not truly random, the proof of security associated with the one-time pad no longer holds: it is quite possible for a stream cipher to be completely insecure if it is not implemented properly as we have seen with the Wired Equivalent Privacy (WEP) protocol.
Encryption is accomplished by combining the keystream with the plaintext, usually with the bitwise XOR operation.
Modes of DES Summary
Pg 144 Eric book
Zero Knowledge Proof
Someone tells you something without telling you more information than you need to know. In cryptography it means that you have a specific key without sharing the key or showing it to anyone.
What kind of Encryption technology does SSL utilize?
Hybrid
SSL use public-key cryptography to secure session key, while the session key (secret key) is used to secure the whole session taking place between both parties communicating with each other.
Electronic Code Book mode of DES encryption
Electronic Code Book (ECB) is the simplest and weakest form of DES. It uses no initialization vector or chaining. Identical plaintexts with identical keys encrypt to identical ciphertexts. Two plaintexts with partial identical portions (such as the header of a letter) encrypted with the same key will have partial identical ciphertext portions.
Entropy
Entropy is a measure of the randomness of data collected by an application or an operating system and used to create a cryptography key. While having a random key is a good start, the key must also remain.
Block ciphers perform substitution by using which of the following?
Substitution boxes, or S-boxes, are used within block ciphers. They use lookup table to determine how a block of data is encrypted or decrypted. The key is used to decide which S-box to utilize with each block.
A key stream generator is used in what type of cipher?
Stream cipher. Keystream generators are used in stream ciphers to produce a random stream of bits. These bits are XORed to the message, which results in an encrypted message (cipher text). The keystream generator is similar to the one-time pad concept.
IDEA
IDEA is a block cipher that uses a 128-bit key. It uses a 64-bit block that is broken down into 16 sunblocks and then sent through eight rounds of permutations.
IDEA was actually thought to be the next DES algorithm but because it was patented and required licensing fees, it was not adopted.
Knapsack
Knapsack is an asymmetric algorithm.
Least Significant bit (LSB)
LSB is the bit position in a binary integer. The LSB is sometimes referred to as the rightmost bit, due to the convention in positional notation of writing less significant digits further to the right. In the following bits 11111110, the LSB is 0.
CBC
Cipher Block Chaining (CBC), chains blocks of messages together so that the encryption process will look different each time. Without CBC, if a message were encrypted and decrypted over and over, patterns will begin to surface. However,CBC attaches previous blocks onto the next current block, which means that the result will always be different.
This is way of adding more randomness to the process of encryption.
MD2
128 bit hash value
ECB
ELectronic Code Block does not using any chaining. This means that the same plaintext will create the same cipher text every time it is encrypted with the same key. Which means DES is typically used when small amounts of data are encrypted, such as tam and PIN numbers.
Concealment Cipher
Concealment ciphers, also called null cipher, disguise messages within the text or body of a message, such as using every other word in a sentence to form a different message.
Message authentication code
MAC is the use of a symmetric key and a hashing algorithm. The only party that could properly check the integrity of the message is the one that has the other copy of the symmetric key.
Steganography components
The carrier file is a file that has information hidden inside of it.
The stego-medium is the medium in which the information is hidden.
The payload is the information that is to be concealed.
Cryptography vs Cryptanalysis vs Cryptology
Cryptography – Study of encrypting messages
Cryptanalysis – Study of decrypting messages
Cryptology – Study of the mathematics behind encryption/decryption
Cryptovariable is another name for a key.
N/A
Caesar algorithm
In the Caesar algorithm the alphabet serves as the algorithm and the key is the number of locations that are shifted during the encryption and decryption process.
Concealment cipher vs steganography
Concealment ciphers disguise messages within the text or body of a message, such as using every other word in a sentence to form a different message.
Steganography hides messages within the slack bits of pictures, music files, etc.
