Cryptography Flashcards
Cryptography
Practice if hiding the meaning of information; encryption is used to hide message’s meaning
Encryption
Changing information using an algorithm or cipher into s form that is unreadable by others unless they have the key
Cipher
An algorithm that can perform encryption or decryption
Algorithm
Well defined instructions that describe computations from their initial state to their final state. If-then statements are examples of computer algorithms
Key
Essential piece of info that determines the output of a cipher
You can’t decrypt without a key! Just like you can’t unlock a door without a key
Private key
Only known to a specific user/users who keep it a secret
Be careful with these if the key is lost, data is lost unless there is a recovery agent
Public
Known to all parties involved in encrypted transactions within a given group
Example: encrypted smart card for authentication
Symmetric key algorithm
A class of cipher that uses a single key, identical keys or closely related keys for both encryption and description.
Stream cipher - type of algorithm that encrypts each binary digit one bit at a time
Block cipher - encrypts groups of bits collectively as units aka blocks
Faster than asymmetric so it’s preferred when sending large amounts of data
Examples of symmetric key algorithms: DES, 3DES, RC, AES
Also Kerberos
Asymmetric key algorithm
Uses a pair of different keys to encrypt and decrypt data. The keys are related mathematically
One key used to encrypt one to decrypt
Examples of asymmetric key algorithms: RSA, Diffie-Hellman and elliptic curve cryptography.
SSL and TLS use asymmetric keys but do so in a public key environment
Public key cryptography
Uses asymmetric keys alone or in addition to symmetric keys.
Operates by creating s secret private key and a published public key. The PUBLIC key is well known and ANYONE can use it to encrypt but
ONLY the owner can decrypt (PRIVATE) . If the private key is compromised the system loses its effectiveness
Digital signature
Authenticates a document through math ensuring the file hasn’t been tampered with (integrity) and the it was sent by the actual sender (non repudiation )
Certificate
Electronic document that uses digital signature to bind they key with the identity
CIA triad
Confidentiality
Integrity
Availability
DES
3DES
Symmetric
64 bit block cipher used by the USgvt in the 70s. 64 bit cipher isn’t strong enough and 56bit key can be brute forced.
3DES is similar but uses the cipher algorithm 3 times. Cipher block size is still 64 but the key is 3 times that which is pretty effective against brute force
AES
Advanced Encryption Standard adopted in 2002 by the usgvt.
Symmetric
Composed of 3 different versions of block ciphers AES-128, AES-192 and AES-256
Each has a 128 bit block cipher The different numbers (128,192,256) refer to the different key sizes
Based on substitution-permutation. It takes plain text and applies a specified number of rounds to create the cipher text. Either 10,12 or 14 rounds depending on which version of AES is used (128 is 10 rounds , 192 is 12 rounds, etc)
AES is fast, runs on numerous platforms and uses minimal resources
RC
Rivest cipher aka Ron’s code
Stream cipher
Multiple versions not really related other than name
RC4- speed and simplicity used with SSL, WEP, RDP. If used with wep it can be cracked.
RC5- simplicity, variable sizes (32,64,128) only 64 has been cracked so far
RC6- block cipher alternative to AES
Fishes
Blowfish- 64 bit block and variable key size between 1-448
Twofish- 128 block and key size up to 256 bits
Three fish key sizes up to 2014
RSA
Asymmetric public key cryptography algorithm
Slower than symmetric used for credit card security among other things
Asymmetric keys need to be much larger than symmetric keys to be as secure
RSA algorithm multiplies 2 prime numbers and does advanced calculations to generate a public and private key pair
Private key is used to decrypt data that was encrypted by the public key
Alice sends bob a message encrypts it using bobs public key (public key is available for the public to search), she sends it to bob who decrypts it with his private key
Diffie Hellman key exchange.
1970s
Asymmetric algorithm
Secure keys have to be exchanged before data can be transferred
Both sides agree to a prime and base number . They then select their own secret number and send eachother equations based on that number. This completes the shared secret and then data can be transmitted
Vulnerable to man in the middle attacks
Can be made secure by using password authentication
Perfect forward secrecy (Pfs) ensures the compromise of one message won’t lead to the compromise of another
Ephemeral Mode (DHE) One drawback is it uses more cpu
EEC - elliptic curve cryptography
Public key cryptography bases on the structure of an elliptic curve.
Uses smaller keys
Uses with wireless security, smart cards and IPSEC.
One time pad aka Vernam cipher
Stream cipher
Encrypts plaintext with a secret random key that is the same length as the plain text. It uses a string of bits that is generated at random (key stream)
Encryption is accomplished by combining the key stream with the plaintext message using XOR to produce ciphertext
PGP (pretty good privacy)
An encryption program used for signing encrypting and decrypting emails in an attempt to increase the security of email communications.
Symmetric session key
Hash
Summary of a file or message in numeric format. Hashes are used in digital signatures and in message authentication as a way to protect the integrity of sensitive data
Hashes can’t be reversed it’s a one way function but it can still be cracked by brute force, dictionary attack, rainbow tables etc
Hash function
Mathematical procedure that converts a variable sized amount of data into a smaller block of data
Cryptographic hash functions
Hash functions based on block ciphers
Includes MD5 and SHA
Message- Digest algorithm 5 (MD5)
Designed by Ron Rivest
Uses 128 not key
Used to verify integrity
Example: Compare the hash of a downloaded file against the original hash. If they match then the message hasn’t been changed
Secure Hash Algorithm SHA
Designed by the NSA published by NIST
SHA-1 160 bit hash
SHA-2 256 bit block
SHA -2 is more secure
LANMAN
Old hash to store windows passwords . Can be cracked easily
NTLM
Windows NT LAN MAN
Uses the RC4 cipher which has been cracked so that makes NTLM vulnerable as well
More secure version NTLMv2
Uses MD5 hash 128 bit system
Key stretching
A technique that takes a weak key, and turns it into a more powerful key.
Often this happens by increasing the key size to 128 bits.
Bcrypt and PBKDF2 are examples of key stretching
Salting
Adding random data to a one way cryptographic hash
