Encryption 1 Flashcards
Encryption
Encryption is the process of converting data from one form into another, so that only the intended recipient can understand the information.
Encryption is used to protect the confidentiality of data, in other words, so that no one can read it who isn’t supposed to read it.
Authentication
The origin of the message can be verified by the recipient.
Integrity
Proof that the message hasn’t been changed since it was sent.
Non-repudiation
The sender cannot deny sending the message.
Encoding
Encoding is the transformation of data from one form to another.
Symmetric Encryption
Symmetric encryption is the simplest form of encryption there is. With symmetric encryption, the encryption key that is used to encrypt a message is the same encryption key that is needed to decrypt the message.
Downside of Symmetric Encryption
The problem of key exchange.
If you want to exchange an encrypted message with someone, you both need to know the encryption key.
You could send them an unencrypted message, but that wouldn’t be very secure because someone just needs to intercept it to get your encryption key.
You can’t use symmetric encryption to send it to them because you haven’t shared a key yet, so they won’t be able to read your message.
The best way is, of course, in person key exchange, but there have been other creative solutions.
Asymmetric Encryption
Simply put, every party generates two encryption keys: one is private and one is public.
The public encryption key is the one you send to whoever needs to communicate with you securely.
The private encryption key should remain private only to you.
If someone wants to communicate with you, they encrypt their plain text with your public key. When you receive that encrypted message, you decrypt it using your private key.
Downsides of Asymmetric Encryption
First of all, it’s slow compared to symmetric encryption.
The other problem is shared with symmetric encryption; there is the problem of key exchange.
If I have a website, and I put my public key up on that website so that anyone who wants to can send me an encrypted message, how do they know that public key belongs to me? What if the website has my name on it, but doesn’t belong to me? What if that is my site, but someone hacked it and replaced my public key with theirs? Once again, the safest way to swap public keys is in person.
HTTPS
Interestingly enough, we use both forms of encryption when using HTTPS.
It’s important to note that just because encryption is being used to secure the connection it doesn’t necessarily mean that the site is secure. It just means that the connection is encrypted, there could be something else wrong with the site.
We can’t use symmetric encryption because we have no way of exchanging encryption keys securely with the website. At the same time, we don’t want to use asymmetric encryption all the time because it’s slow.
That’s why we use both forms of encryption.
Put simply, we use asymmetric encryption to exchange a symmetric key with the web server. Once the symmetric key is exchanged, we swap to using symmetric encryption. We do that for efficiency since symmetric encryption is faster than asymmetric encryption.
Hashing
Once you encrypt some data, you cannot reverse the process to go from the encrypted data back to the plaintext.
The same plain text put through the same hashing algorithm will always produce the same encrypted data. However, if you change even one bit of the plaintext, the resulting hash will be completely different.
Hashing Uses
Hashing is also commonly used in online login systems. It’s considered bad practice to store people’s passwords in plaintext, so they are usually stored hashed. When you try to log in to a website, whatever you enter in the password field is hashed, and then the hash is compared against the stored password hash for that user account.
Another common usage for hashes is in computer forensics, particularly where evidence has to be produced in court. This is because we often have to prove that evidence hasn’t been tampered with. Remember, if so much as 1 bit has been changed, then the hash will be completely different. In the UK, courts take file hashes as evidence that files have not been tampered with.
Hashing Algorithms
MD5: This is an older hashing algorithm which it still used today, although it should not be used. MD5 is considered broken these days.
SHA1: This was the successor to MD5, but it is also considered broken.
SHA2, SHA3, SHA256, SHA512: These are largely still considered secure hashing algorithms.
