Cryptography Flashcards
Cryptography
The science of protecting the confidentiality and integrity of data
Encryption
The process of transforming readable data (plaintext or cleartext) into an unreadable form (ciphertext)
Decryption
The process of recovering the plaintext message from the ciphertext
Cryptographic algorithm
Uses keys or multiple keys to encrypt or decrypt the message
Caesar Cipher
Substitution cipher
Shifts letter a certain number of spaces in the alphabet
Modern ex: ROT13 – shifts letters 13 spaces so you can just run it again to decrypt
Other sub ciphers: Jefferson disk, Enigma machine
What are some characteristics of modern cryptographic tools?
Open – you can understand the encryption process and still not be able to break the cipher
Algorithms depend on difficult mathematical problems called one-way problems
Some characteristics of keyword ciphers?
Substitution cipher
Uses a key to determine what to sub for each letter
Vulnerable to frequency analysis
Frequency analysis
Code-breaking method that uses information about frequently used letters in a language
One-time pad
Unbreakable, when used properly
Uses random number grid common to both parties: called “shifts”
Symmetric cryptography
AKA private key cryptography
Uses single key to encrypt and decrypt message
Keys must be shared between sender and receiver (key exchange)
Uses two types of cipher: block cipher and stream cipher
Block cipher
Takes a predetermined number of bits (block) and encrypts that block
What are some characteristics of block ciphers?
Most algorithms use them
They are slower, but more versatile
More susceptible to errors
Work better with messages whose sizes are fixed or known in advance
Stream cipher
Encrypts each bit in the plaintext message one bit at a time
Better for encrypting data of unknown size or data in a continuous stream (like data over a network)
Symmetric key algorithm examples
DES
3DES
AES
Talk about DES algorithm
Uses block cipher with a 56-bit key
keyspace of 2 to the power of 56
Broken in 1999 by testing every possible key in 22 hours
keyspace
number of possible keys
3DES algorithm
DES used to encrypt each block three times with three different keys
AES algorithm
Uses three different ciphers: 128 bit, 192 bit, and 256 bit
What are three differences between 3DES and AES algorithms?
AES uses newer and completely different algorithm
AES uses longer and stronger keys and block length
AES is faster than 3DES
Asymmetric cryptography
Uses 2 keys: one public and one private
Anyone can access public key
Private key is carefully guarded
Advantage: no need for key exchange
Asymmetric key algorithm examples
RSA – widely used, including in Secure Sockets Layer (SSL) protocol
Elliptic curve cryptography – can use short keys while maintaining higher cryptographic strength
ECC is fast an efficient; can be used on lower grade systems
Hash functions
3rd type of modern cryptography
Converts plaintext into unique and fixed-length value (hash)
Can’t use to discover contents of original message
Used to make sure message has not changed
Hash collision
When two messages produce the same hash
When occurs, stop using algorithm–it is faulty
What does a digital signature allow you to do? (3)
Sign a message so that others can detect any changes to the message after you’ve sent it
Ensure the message was legit sent by the expected party
Prevent the sender from denying that he sent the message (nonrepudiation)
How is a digital signature utilized?
Sender generates a hash of the message and then uses his private key to encrypt the hash. Receiver uses public key to decrypt the hash and then hashes the message to see if they match
What is the process for creating a digital certificate?
Created by taking the public key and identifying information (name, address, etc) and having them signed by a trusted entity that issues certificates: the certificate authority
Certificate authority
Entity that issues certificates
Ex: VeriSign
What does a digital certificate allow you to do?
Verify that a public key is truly associated with an individual
What is the infrastructure that handles certificates on a large scale called?
Public key infrastructure (PKI)
What are the two main components of public key infrastructure?
Certificate authorities that issue and verify certificates
Registration authorities that verify the identity of the individual associated with the certificate
What is data at rest?
Data on a storage device of some kind that isn’t moving over a network, through a protocol, or across some other communication platform
What is the primary method of protecting data at rest?
Encryption
What protocols are used to protect data in motion?
Secure Sockets Layer (SSL)
Transport Layer Security (TLS)
What is the relationship between SSL and TLS?
SSL is TLS’s predecessor. They are very similarly and often used interchangeably.
What are some other protocols that SSL and TLS work in conjunction with?
Internet Message Access Protocol (IMAP)
Post Office Protocol (POP) for email
Hypertext Transfer Protocol (HTTP) for web traffic
VoIP for voice conversation and instant messaging
What do VPNs do?
They encrypt all network traffic.
What are the most common protocols used to secure VPNs?
Internet Protocol Security (IPsec)
SSL
What is a main difference between SSL and IPsec?
IPsec requires a more complex hardware setup than SSL
Why is it difficult to protect data in use?
Because it is hard to control what authorized users do with the data.
