D3: Cryptography Flashcards
Cryptography through History
VERY TESTABLE; especially caesar, vernam and engima/purple
Caesar Cipher Scytale Vignere Vernam Enigma Machine and Purple Machine
A secret is shared with a given method, and the secret is shared “out of band”
when the secret is broken, we make it more complex instead of throwing it away
Caesar Cipher
Simple substitution
Shift characters THREE spaces
A=D, B=E, C=F, etc.
Pure substitution ciphers, one letter is always substituted with another, are subject to pattern analysis
- one character appears over and over again - it is probably ‘e’ (most common letter). Then you can fine ‘the’, and so on.
ROT13: shifts the alphabet 13 characters
“out of band” communication is required while using this method or any crypto method. This means they would have to tell you separately, and in advance, the decryption method. It can not be integrated in the process
Scytale Cipher
Spartans used this cipher to communicate messages to generals in the field
Wrapped tape around a rod
Diameter of the rod is the pre-agreed upon secret (key)
Vignere
First polyalphabetic cipher; where letter intersects with the other one
key word is agreed upon ahead of time
first letter of the key is matched up against first letter of the message, and so on
Engima Machine/Purple Machine
Used by Germans/Japanese in WWII
Breaking the cryptography of these devices is credited with reducing the length of war
Rotary based!
Has three 3 rotors, type in the message, and depending on the config of the rotors, it would spit out the cipher text, and then you put in the cipher text, and it would spit out the plain text
It was broken with 3 rotors, so German added another
Vernam Cipher
AKA One time pad
TESTABLE: only mathematically unbreakable if these conditions are in place:
- key must be used only once
- pad must be at least as long as the message
- key pad is statistically unpredictable
- key pad must be delivered and stored securely
Security Services Provided by Cryptography / Why you should use cryptography
How long is a session key valid for? A session
- Privacy/Secrecy/Confidentiality: prevents unauthorized disclosure of information
- Authenticity: verifies the claimed identity
- Integrity: detects modification or corruption
- Non-Repudiation: combines authenticity and integrity. A sender can’t dispute having sent a message, nor its contents
Plain Text to Cipher Text Transformation
Plain Text Message + Initialization Vector (IV) + Algorithm (cipher) + Key
=
Cipher Text!!!!!!
How it works:
If you want confidentiality - start with plain text, use an initialization vector for additional randomness in the beginning, use an algorithm/cipher that gives you the math to perform, and then the key gives instructions on how to use the math = you get the cipher text
Playlist Shuffle Concept / Initialization Vector
Putting a playlist on random, doesn’t always bring you randomness. If you always start at 0 - you don’t have real randomness
Vary the starting point and you will make the process more random!!!!
very similar to “seed” or “salt”
- this same concept with password generation
By using an IV, you’ll get added randomness
IV has to be generated by something not truly random, because a computer cannot randomize - can only pseudo random (PRNG - pseudo random number generator; it’s not really random, it’s based on something else)
Algorithm
A collection of math functions that can be performed, and those functions are called substitution block
A chunk of data goes into a substitution block and math is performed - and then goes to a different sub — they are called function
algorithm will chunk data into a block, goes through math processes
how many functions, in what order, in what pattern will it go through? if this is easy to do, it will be easy to tell. The Key provides the instructions on which functions of the algorithm will use
longer key - more math functions
shorter key - less, but can repeat the same functions and can create patterns
Desirable Qualities of an Algorithm
- confusion: complex substitution = good, strong math
- diffusion: concatenate plain text with cipher text - brings more complexity and harder to reverse
- avalanche: aka chaining; output form one function, provides input into the next. Ex: Daily totals feed into Weekly totals, and Weekly totals feed into Annual totals Ex. Cipher text from the first block is used as the initialization vector for the second block
- permutations: aka rounds; certain algorithms put their blocks into permutations (ex. DES) - take a block of data and encrypt it and then encrypt it 16 rounds of encryption in total. This was broken. Tripe DES, used 3 instances of DES - every single block of data through 48 permutations (not ideal compared to AES)
- open - Kerchoff’s principle: openness is better > I make the math in my algorithm open to the public, and if someone else can make it more complicated, it’s better. Ex. Open SSL didn’t have any peer review, and it was broken - government doesn’t believe it but ISC2 does
Security through Obscurity - if you can’t find it you cannot break it
Desirable qualities of a key
- long
- random
- secret; especially if the algorithm is open
Symmetric Cryptography
A shared secret that both coder and decoder knows - the secret is the KEY
Symmetric algorithm provide good strong privacy and is really fast. We really like this
Two types of symm: Block and Stream
Block Cipher: chunks data into blocks, and every algorithm/cipher specifies how big the block is
- most common
- most common is AES - advanced encryption standard
- which algorithm does XYZ use? if you don’t know otherwise, it should be AES
Stream Cipher
- RC-4
- weaker than block ciphers
- they’re very fast & efficient
- fast to encrypt and decrypt
