Cryptography Fundamentals & Symmetric Cryptography Flashcards
What is Cryptography?
Cryptography is the practice and study of techniques for securing communication and information by transforming data into a format that is unreadable to unauthorised users. It involves using mathematical algorithms to encrypt (encode) data, ensuring that only those with the correct decryption key can access the original information. Cryptography is essential for protecting the confidentiality, integrity, and authenticity of data in digital communication and storage.
What is asymmetric cryptography?
Asymmetric cryptography, also known as public-key cryptography, is a type of encryption that uses two distinct but mathematically related keys: a public key and a private key. The public key is used to encrypt data, and can be shared openly, while the private key is used to decrypt the data and is kept secret by the owner. This method allows secure communication between parties without needing to share a common secret key in advance, as only the intended recipient with the private key can decrypt the message encrypted with the corresponding public key.
Common algorithms include RSA (Rivest-Shamir-Adleman) and ECC (Elliptic Curve Cryptography).
What is a digital certificate?
A digital certificate is an electronic document used to prove the ownership of a public key. It is issued by a trusted third party known as a Certificate Authority (CA) and binds the public key to the identity of the certificate holder, such as an individual, organisation, or website. The digital certificate typically includes information such as the holder’s name, the public key, the CA’s digital signature, and the certificate’s expiration date. Digital certificates are essential for establishing secure communication over networks, as they enable users to verify the identity of the parties they are communicating with and ensure the integrity and confidentiality of the data exchanged.
What are the two main methods of establishing trust in encryption key distribution?
The two main methods of establishing trust in key distribution are:
- Public Key Infrastructure (PKI): This method relies on a hierarchical framework of trust, where Certificate Authorities (CAs) issue digital certificates that verify the identity of entities and bind them to their public keys. The trust is established through the CA, which is a trusted third party that both the sender and recipient trust. PKI is widely used for securing communications over the internet, such as in SSL/TLS.
- Web of Trust: This decentralised model is based on peer-to-peer trust relationships. Instead of relying on a central authority, individuals authenticate and sign each other’s public keys, forming a network or “web” of trust. Trust is established based on the reputation and the number of endorsements a key has received from other trusted parties. This method is commonly associated with PGP (Pretty Good Privacy) encryption.
What is plaintext?
Plaintext is the original, unencrypted form of data or text that is readable and understandable without any cryptographic processing. It is the information in its raw state, before being encrypted into ciphertext for security purposes. In a cryptographic process, plaintext is transformed into ciphertext through encryption, making it unreadable to unauthorised users until it is decrypted back into plaintext.
What is ciphertext?
Ciphertext is the encrypted form of data that is produced by applying a cryptographic algorithm to plaintext. Unlike plaintext, ciphertext is not readable or understandable without the proper decryption key, which is used to reverse the encryption process and convert the ciphertext back into its original, readable form. Ciphertext is used to protect the confidentiality of data, ensuring that only authorised parties with the correct key can access the original information.
What is a cipher/cryptographic algorithm?
A cipher, or cryptographic algorithm, is a set of mathematical rules or procedures used to encrypt and decrypt data. It transforms plaintext (readable data) into ciphertext (encrypted data) to protect it from unauthorised access. The same or a different algorithm, along with a key, is then used to decrypt the ciphertext back into plaintext. Ciphers are fundamental to cryptography and are designed to ensure the confidentiality, integrity, and, in some cases, authenticity of the data. Examples of cryptographic algorithms include AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman), and DES (Data Encryption Standard).
What is encryption and decryption?
Encryption is the process of converting plaintext (readable data) into ciphertext (an unreadable, encrypted format) using a cryptographic algorithm and a key. The purpose of encryption is to protect the confidentiality of the data, ensuring that only authorised parties with the correct key can access the original information.
Decryption is the reverse process, where ciphertext is converted back into plaintext using the appropriate key and cryptographic algorithm. Decryption allows authorised users to read and understand the original data that was secured through encryption.
What is symmetric cryptography?
Symmetric cryptography, also known as symmetric-key cryptography, is a type of encryption where the same key is used for both encrypting and decrypting the data. This means that both the sender and the recipient must have access to the same secret key to securely communicate. Symmetric cryptography is known for being efficient and fast, making it suitable for encrypting large amounts of data. However, the main challenge is securely sharing and managing the secret key, as it must be kept confidential to maintain the security of the communication.
Common symmetric algorithms include AES (Advanced Encryption Standard) and DES (Data Encryption Standard).
What is base64 and what is it used for?
Base64 is an encoding scheme that converts binary data into a text format using 64 ASCII characters. It’s used to safely transmit binary data over text-based systems like email or HTTP, embed media in web pages, and store binary data in text formats like JSON or XML. Base64 ensures data remains intact during transmission, though it offers no security and is easily reversible.
What is Hashing?
Hashing is the process of converting data into a fixed-size string of characters, referred to typically as a hash value or digest, using a mathematical algorithm. The output is unique to the original data, meaning even a small change in the input will produce a significantly different hash. Hashing is commonly used for data integrity verification, password storage, and digital signatures, as it allows quick comparison of large data sets without needing to store the original data. Importantly, hashing is a one-way process and cannot be reversed to retrieve the original data.
What is Kerckhoffs’ Principle?
Kerckhoffs’ Principle is a foundational concept in cryptography stating that a cryptosystem should be secure even if everything about the system, except the secret key, is known to the public. In other words, the security of the system should not depend on keeping the encryption algorithm itself secret but solely on the secrecy of the key. This principle emphasizes the importance of robust key management and is a key reason why most modern cryptographic systems use well-known and extensively tested algorithms rather than relying on obscurity for security.
What are the two categories of ciphers?
Ciphers are classified into two types: block ciphers and stream ciphers.
- Block ciphers encrypt data by dividing the plaintext into fixed-length blocks of bits, typically 64 or 128 bits. Each block is encrypted individually using the same key, producing a corresponding block of ciphertext. This ciphertext is then combined with the next piece of plaintext (in modes like CBC) to create the next block of ciphertext, ensuring that even identical plaintext blocks result in different ciphertexts. Examples include 3DES and AES.
- Stream ciphers encrypt data one bit or one byte at a time. They are generally faster and more efficient for tasks like streaming video or audio. Examples include Rivest Cipher 4 (RC4) and Software-Optimised Encryption Algorithm (SEAL).
What are the current symmetric encryption standards and what are the other symmetric encryption is available?
Current Symmetric Encryption Standards:
- AES (Advanced Encryption Standard): The most widely used symmetric encryption standard today, adopted by many governments and organisations for securing sensitive data. AES supports key sizes of 128, 192, and 256 bits.
- 3DES (Triple Data Encryption Standard): An enhancement of the original DES (Data Encryption Standard), which applies the DES algorithm three times to each data block. Although more secure than DES, 3DES is slower and less commonly used due to the adoption of AES.
Well-Known Symmetric Algorithms:
- AES (Advanced Encryption Standard)
- 3DES (Triple Data Encryption Standard)
- Blowfish: Known for its speed and effectiveness, used in various encryption tools.
- Twofish: A successor to Blowfish, designed to be highly secure and flexible.
- RC4 (Rivest Cipher 4): A widely used stream cipher, though now considered less secure for many applications.
- DES (Data Encryption Standard): An older standard that has been largely replaced by AES and 3DES due to its shorter key length and vulnerability to attacks.
- Salsa20: A stream cipher known for its speed and security, commonly used in lightweight cryptography.
- ChaCha20: An improvement on Salsa20, offering better performance and security, and widely used in modern applications, such as VPNs and encrypted messaging.
What is an Initialisation Vector?
An initialization vector (IV) is a random or pseudorandom value used in combination with the encryption key to ensure that identical plaintext blocks produce different ciphertext blocks, even when encrypted with the same key. The IV is typically the same size as the block size of the cipher and is used to introduce randomness into the encryption process. In modes like CBC, the IV is XORed with the first block of plaintext before encryption, which helps prevent patterns from emerging in the ciphertext.
The IV itself does not need to be secret, but it must be unique and unpredictable for each encryption session to maintain security.
