Cryptography Flashcards
DES
Data Encryption Standard - symmetric cryptosystem, older and obsolete.
-Uses an algorithm called Lucifer, which in the DES implementation, has a 64-bit key size.
-8 bits are for computational overhead, so true key size is 56 bits.
-Any blocks less than 64 bits in size are padded
- 5 different block cipher modes of operation
-16 rounds of encryption
DES ECB
Electronic Code Book - a given piece of plaintext will always produce the same piece of ciphertext. Very predictable, easily broken
DES CBC
Cipher block chaining - much stronger encryption by XORing the previous block to the block being encrypted, the first block acts as an initialization vector (IV). Every block of plaintext will have a different ciphertext
DES CFB
Cipher feedback mode - plaintext is XORed into the IV after each round, similar to CBC mode.
DES OFB
Output feedback - similar to CFB mode, takes the result of the previous encryption of the IV and key before the plaintext is XORed
DES CTR
Counter mode - uses a random 64-bit block as the first IV, then increments a specified number or counter for every subsequent block of plaintext. Best performance.
3DES or TDES
Triple DES (Data Encryption standard) - symmetric, better, later iteration of DES. Uses three distinct iterations of encryptions on plaintext. DES uses single 56-bit keys, 3DES uses three 56-bit keys.
-Thus, 3DES has a 168-bit key
-Same modes as DES, repeats them 3 times with 3 different keys
-Suffers from some of the same weaknesses as DES
AES
Advanced Encryption Standard - symmetric block cipher
-block sizes of 128 bits
-key sizes of 128, 192, and 256 bits
-10 rounds for 128-bit keys, 12 rounds for 192-bit keys, 14 rounds for 256-bit keys
-Has different modes, similar to DES.
Attacks on AES are usually side-channel attacks, which target a faulty implementation rather than the cryptosystem itself
- tends to use the lower-latency Galois/Counter Mode
-Sometimes called Rijndael
AES GCM
AES Galois/Counter Mode - starts with CTR mode, adds a special data type known as a Galois field to add integrity. Authenticated encryption mode. Low latency, good performance
Blowfish
Symmetric Block Cipher - accepts 64-bit blocks, wide range of variable key links, from 32-bits to 448 bits.
-16 rounds of encryption, just like DES.
-widely implemented, considered a good choice and strong
-public domain, free to use
Twofish
Symmetric block algorithm, uses 128-block size
-128-bit, 192-bit, or 256-bit keys
-Like DES, uses 16 rounds of encryption
-Successor to Blowfish
-Public domain, freely available to use
RC4
Rivest Cipher 4 - symmetric streaming algorithm, not block.
-One round of encryption
-Can use key sizes from 40 to 2048 bits in length
-Very fast protocol, as all streaming ciphers are
-Key stream (stream of pseudorandom bits injected into encryption) which is combined with plaintext using XOR to encrypt it into ciphertext
-Most popularly used in wireless encryption with WEP, which is obsolete and cryptographically broken protocol
Can be found in versions of SSL/TLS
-some documented weaknesses
RSA
Asymmetric algorithm, enables creation of a public-private key pair
Generates keys based on the mathematical problem of the difficulty of factoring two very large prime numbers (each up to several hundred digits in length)
-One round of encryption
-Key sizes from 1024 to 4096 bits
-very secure, but keys of smaller sizes have been broken, based on faulty implementations of RSA though.
-de facto asymmetric algorithm used in PK cryptography implementations
Diffie-Hellman (DH)
Asymmetric cryptosystem, DH protocols enable asymmetric key exchange to give both sides of a conversation a single symmetric key. a non-secure channel can establish secure comms
-Faster connection compared to RSA. RSA has great security, requires a lot of computation. DH = speed!
-uses discrete logarithms, modulo arithmetic, and prime numbers to generate key pairs
-part of key exchange process requires each side to generate a temporary, ephemeral key (Diffie-Hellman Ephemeral) (DHE)
-relies on pseudorandom number generation to create ephemeral keys, which in most cases relies on aspects of the underlying system like dates, MAC address of the NIC, other seemingly random information, but these aren’t random. However, alternatives exist.
-Can use a larger modulus. DH Groups have preset moduluses. Group 1, 2, 5, 14, 768, 1024, 1546, and 2048 bits
Elliptic-Curve Diffie-Hellman Ephemeral
- skips pseudorandom number generation and instead uses ephemeral keys calculated using elliptic-curve cryptography. Has groups. Group 19, 20, 21, 25-bits, 384-bits, and 521-bit elliptic curves