Cryptography Flashcards
AES
Most popular block symmetric cipher for data
Low memory, so fast enough to be used for data streaming
Key lengths: 128, 192, 256
Block size: 128
From Rijndael cipher
Uses both confusion (substitution) and diffusion (transposition)
Used in WPA2, Kerberos, IPSEC
WPA2
Wi-Fi Protected Access II
AES 128 with CCMP
(CTR Mode with Cipher Block Chaining Message Authentication Code Protocol, AKA Counter Mode CBC-MAC)
Also allows AES with TKIP for legacy support
Supports enterprise mode (RADIUS)
WEP
Wired Equivalent Protection Weak, obsolete Single static key Limited # of short IVs, sent in plain text Poor implementation of RC4
WPA
Wi-Fi Protected Access Weak TKIP (Temporal Key Integrity Protocol) Stronger IV than WEP Poor implementation of RC4 Supports enterprise mode (RADIUS)
RC4
ONLY STREAM cipher
Symmetric
Insecure
Used in WEP and WPA.
MD5
Block asymmetric integrity cipher (makes digests) Insecure but good for integrity 512 block size. 128 bit digest. Used for password in RADIUS
SHA-3
Hash for integrity
New NIST standard
Secure
Digest size options: 224, 256, 384, 512.
Block sizes slightly more than twice digest: 576-1152.
Strength half digest: 128
Used in IPSEC
SHA-2
Hash for integrity Old NIST standard Secure Makes the hash in PKI that RSA encrypts Digest size options: 224, 256, 384, 512. Block sizes twice digest: 512-1024 . Strength half digest: 128 Block sizes Used in IPSEC
3DES
Block symmetric cipher (for data)
Less secure
3 X 56-bit key with 64-bit block
Can use one, two or three keys
RSA
Most popular Block asymmetric authenticity cipher (for signatures)
Used in PKI: encrypts the hash using the sender’s private key, and then unencrypts it using the sender’s public key
Based on factorization: factoring two large prime numbers
Based on Diffie-Helman
Needs at least 2048-bit key for security.
Block size is 1/8 of key size
Symmetric encryption
Used to exchanges data
Encryption and decryption keys are same
A.k.a. session key, private key, shared key, secret key.
Pro: fast.
Cons: less secure, key exchange not secure, not practical for large groups due to need for many bilateral shared keys, no integrity or authentication
IDEA
Block symmetric cipher for data
PGP uses this symmetric block cipher.
Proprietary.
Asymmetric encryption
Used to exchange keys.
Keys are different, like public and private keys;
Con: slow.
Pros: secure key exchange, scalable through PKI, provides integrity and authentication.
El Gamal
Block asymmetric authenticity cipher (for signatures)
Ciphertext is always twice the size of plain text.
Blake2
Hash for integrity
DSA
Block asymmetric authenticity cipher (for signatures).
NIST recommends 2048 keys.
EC-DSA
Block asymmetric authenticity cipher (for signatures)
Elliptic curve DSA, for cell phones
Blowfish, Twofish
Block symmetric ciphers for data
uses prewhitening and postwhitening.
Twofish was an AES finalist.
Streaming symmetric ciphers (for data)
RC4
Block symmetric ciphers (for data)
AES 3DES Blowfish Twofish Skipjack IDEA
Block asymmetric hash algorithms
Output: MAC, HMAC. CIA: Integrity. List: - SHA-1 - SHA-2 - SHA-3 - MD5 - Blake2
Block asymmetric ciphers
Describe output, CIA purpose and list names
Output: public and private keys CIS: Authenticity List: - RSA - DSA - Elliptic Curve DSA - El Gamal - Diffie-Hellman - Knapsack
Two algorithm methods used in asymmetric ciphers
- discrete logarithm (Diffie-Hellman, El Gamal)
- factorization algorithm
Skipjack
Block symmetric
Former classified cipher often used by hardware.
DES
Block symmetric
Key size 156, block size 64
SHA-1
Hash for integrity
Insecure
Block size 512
Digest size 160.
Diffie-Hellman
Secure key exchange
HAVAL, RIPEMD-160, Tiger, Whirlpool
Hashes
MAC vs. HMAC vs. Digital Signature
- MAC: hashed message
- HMAC: hashed, then encrypted with session key
- Digital Signature: hashed, then encrypted with private key
