Cryptography Flashcards
Plaintext
An unencrypted message
Ciphertexxt
An encrypted message
Symmetric Encryption
Uses one key to encrypt and decrypt
Asymmetric Encryption
Uses separate keys to encrypt/decrypt
Hash Function
One-way encryption using an algorithm and has no key
Permutation
Also called transposition, provides diffusion by rearranging the characters of the plaintext anagram-style.
Substitution
Replacing one character for another - provides “confusion”
Work Factor
How long it will take to break a cryptosystem.
Monoalphabetic and Polyalphabetic Ciphers
Monoalphabetic ciphers use one alphabet. The same substitution is used for each replacement. Polyalphabetic uses multiple alphabets so the same replacement is not repeated each time. Monoalphabetic ciphers are susceptible to frequency analysis.
Vigenere Square Encryption
A polyalphabetic technique
One-time Pad
Substitution cipher uses identical paired pads of random characters - user modular adidition
Stream and Block Ciphers
Used for symmetric encryption. Stream mode encrypts bit by bit. Block mode ciphers encrypt blocks of data each round. e.g. DES uses 56 bits at a time.
Initialization Vectors
Used in soe symmetric ciphers to ensure the first encrypted block of data is random. Ensures that identical plaintexts encrypt to different ciphertexts.
Chaining
Also called, “feedback”. Seeds the previous encrypted block into the next block to be encrypted. Used to avoid patterns in results ciphertexts.
DES
Data Encryption Standard, describes the “Data Encryption Algorithm (DEA)”. U.S Federal standard for symmetric cipher in 1976.
DES Modes (5)
- Electronic Code Book (ECB)
- Cipher Block Chaining (CBC)
- Output Feedback (CFB)
- Output Feedback (OFB)
- Counter Mode (CTR)
ECB
DES Electronic Codebook - weakest mode. Does not use initialization vector or chaining. May leave patterned ciphertext.
CBC
Cipher Block Chaining (DES). Uses block mode that XORs the previous ciphertext block to the next block of plaintext to be encrypted. Uses initialization vector. Weakness is possible block error propagation.
CFB
Cipher Feedback (CFB). Similar to CBC but uses stream mode and chaining to destroy patterns. Uses initialization vector.
OFB
Output Feedback (OFB). Variation of CFB.
Trible DES
Became recommended standard in 1999. Applies DES encryption three times per block. “Encrypt Decrypt Encrypt”
IDEA
International Data Encryption Algorithm. symmetric block cipher designed to replace DES. User 128-bit key and 64-bit block size.
AES
Advanced Encryption Standard. Current U.S. standard for symmetric block cipher. Uses 128, 192 or 256 keys.
Diffie-Hellman
Asymmetric Encryption. Developed RSA (Rivest, Shamir and Adleman) algorithm in 1977.
ECC
Elliptic Curve Cryptography. Asymmetric uses one-way function using elliptic curves.
Hash Functions
Provides encryption using an algorithm with no key. One-way hash functions because there is no way to reverse the encryption. A variable length plaintext is hashed into a fixed length ciphertext. referred to as a Message Digest or simply a “hash”.
MD5
Hashing algorithm (Rivest). Creates a 128-bit hash (16 bytes).
Collisions
Hashes are NOT unique. The number of possible plaintexts significantly outnumber the possible 128-bit ciphertexts. So, mathematically, collisions are possible.
SHA
Secure Hash Algorithm.
- SHA-1 (1993): uses 160-bit hash value
- SHA-2: uses 335, 256, 384 and 512 bit digests.
Brute Force
Tries every possible variation of plaintext. Given enough time, will always be successful.
Meet in the Middle Attack
2DES uses Encrypt-Encrypt order. Attacker has both plaintext and ciphertext. Uses to recover the encryption key.
Differential Cryptanalysis
Known Plaintext attack. Uses statistical analysis to search for signs of non-randomness in the ciphertexts.
Linear Cryptanalysis
Known Plaintext attack. Analyst finds large amounts of plaintext/ciphertext pairs created with the same key.
Side Channel Attacks
Uses physical data to break a cryptosystem. For example, by monitoring CPU cycles or power consumption used while encrypting or decrypting.
Implementation Attacks
Exploiting a mistake made while implementing an application, service or system. For example, not destroyed plaintext temp files.
Birthday Attack
Uses the “birthday problem” in probability theory
PKI
Public Key Infrastructure. Uses all three forms of encryption to provide and namange digital certificates. A digital certificate is a public key signed with a digital signature.
X.509
Standard digital certificate format.
- Certificate Authorities (CA) issue and revoke certificates
- Organizational Registration Authorities (ORA( vouch for the binding between public keys and certificate holder identities and other attributes
- Certificate holders that are issues certificates and can sign digital documents
- Clients that validate digital signatures and their certification paths from a know public key of a trusted CA
- Repositories that store and make available certificates and certificate revocation lists (CRLs)
SSL
Secure Sockets Layer - authenticates and provides confidentiality to web traffic.
GLS
Transport Layer Security. Successor to SSL.
IPSec
Internet Protocol Security - a suite of protocols used with IPv4 and IPv6. Used from VPNs.
Uses two primary protocols:
- Authentications Header (AH)
- Encapsulating Security Payload (ESP)
S/MIME
Used to encrypt and authenticate email messages.
