Domain 3: Types of Cryptography Flashcards
- Uses a single key to encrypt and decrypt
- Strength of this method is speed and cryptographic strength per bit of key
- Weakness key must be shared before two parties can communicate
- Used often when encrypting large amounts of data i.e. hard drive
Symmetric Encryption
- Means each bit is independently encrypted
- i.e. Caesar cipher and one-time pad
Stream mode
- Encrypts blocks of data each round
- i.e. transposition ciphers
Block mode
- The first encrypted block of data is random
- Ensures that identical plaintexts are encrypted to different ciphertexts.
- Used in symmetric ciphers
Initialization Vector
- Seeds the previous encrypted block into the next block ready for encryption
- This destroyed patterns in the resulting ciphertext
Chaining
- Symmetric Cipher
- Part of the Data Encryption Algorithm (DEA)
- Block size: 64 bit
- Key size: 56 bit
DES
What are the five modes of DES?
- Electronic Code book (ECB)
- Cipher Block Chaining (CBC)
- Cipher Feedback (CFB)
- Output Feedback (OFB)
- Counter (CTR) Mode
- Simplest and weakest form of DES
- Uses no initialization vector or chaining
- Identical plaintext with identical keys to encrypt identical ciphertexts
- Errors will not propagate
Electronic Code Book (ECB)
- Block mode of DES that XORs the precious encrypted block of ciphertext to the next block of plaintext to be encrypted.
- Errors propagate
Cipher Block Chaining (CBC)
- Stream mode of DES uses feedback (aka Chaining name is feedback in stream mode) to destroy patterns
- Uses initialization vector
- Errors propagate
Cipher Feedback (CFB)
- Uses the subkey before it is XORed to the plaintext
- Errors will not propagate
Output Feedback (OFB)
- Patterns are destroyed
- Encryption can be executed in parallel
- Errors will not propagate
Counter (CTR) Mode
- Applies single DES encryption 3 times per block
- Block size: 64 bit
- Key size: 112 or 168
Triple DES
- Symmetric block cipher designed as an international replacement to DES
- 128-bit key and 64-bit block size
International Data Encryption Algorithm (IDEA)
- Symmetric block cipher
- Block size: 128-bit
- Key size: 128-bit, 192-bit, or 256-bit
- Uses Rijndael algorithm and is US gov standard for sensitive but unclassified data
Advanced Encryption Standard (AES)
- Symmetric block cipher
- Block size: Variable
- Key size: 128, 192, or 256-bit keys
Rijndael
- Symmetric block cipher
- Block size: 64 bit
- Key size: 32 - 448-bit
Blowfish
- Symmetric block cipher
- Block size: 128 bit
- Key size: 1 - 256 bit
- Includes techniques pre-whitening and post whitening
Twofish
- Symmetric block cipher
- Block size: 64 bit
- Key size: 80 bit
- NIST and Dept of Treasury escrows a portion of the info required to reconstruct the key
Skipjack
- Symmetric block cipher
- Block size: 64 bit
- Key size: 128 bit
RC2
- Symmetric block cipher
- Block size: 32, 64, 128 bit
- Key size: 0 - 2040 bit
RC5
- Symmetric block cipher
- Block size: 128 bit
- Key size: 128, 192, or 256-bit keys
RC6
- Asymmetric Encryption
- Key freely shared among communicating parties
- Encrypts a message
Public Key
- Asymmetric Encryption
- Kept secret
- To sign a message use your own key
- To validate a signature use sender’s key
- Message can only be decrypted using this key
Private Key
Basis of the RSA algorithm
Factoring
Used to calculate logarithms for groups of numbers complicating the calculation with regard to cryptography and increasing security
Discrete Logarithms
Allows two parties the security with which to agree on a symmetric key via a public channel, such as the internet, with no prior key exchange
Key Agreement
- Part of the 3 major public key cryptosystems
- Asymmetric method based on a algebraic equation that uses discrete logarithms
- Provides more security than other algorithms when both are used with keys of the same length
- Requires less computational resources because it uses shorter keys than other asymmetric methods
- Symmetric encryption is stronger
Elliptic Curve Cryptography (ECC)
What are some strengths and weaknesses of Asymmetric encryption?
Strength: the ability to communicate securely without presharing a key
Weakness: Slower than symmetric, and weaker per bit of key length
Provides encryption using an algorithm and no key
Hash Function
When more than one doc have the same hash
Collisions
- Hash algorithm
- Creates 128-bit hash value
MD5
- Hash algorithm
- Creates 160-bit hash value
Secure Hash Algorithm (SHA-1)
- Hash algorithm
- Creates multiple hash values 224, 256, 384 and 512-bit
Secure Hash Algorithm (SHA-2)
- Hash algorithm
- Guaranteed the integrity of a message during transmission
- Does not provide nonrepudiation
- Hash value length: variable
Hashed Message Authentication Code (HMAC)
Offers the same variants and key lengths as SHA-2 just uses a more secure algorithm
Secure Hash Algorithm (SHA-3)
What are the fundamental requirements of a hash function?
- Allow input of any length
- Provide fixed–length output
- Easy to compute the hash function for any input
- Provide one-way functionality
- Be collision free
- Used in password hashing functions PBKDF2, bcrypt, and scrypt
- Technique that makes it more computationally difficult to perform a single password guess
Key stretching
