Encryption Flashcards
Substitution
like shifting and rotating alphabets, can be broken by statistical looking at repeating characters or repeats
Vernam
cipher (one time pad): - key of a random set of non-
repeating characters
Transposition
Permutation is used, meaning that letters are scrambled. The key determines positions that the characters are moved to, for example vertical instead of horizontal
Null Cipher
e.g. steganography
Key clustering
when different encryption keys generate the same ciphertext from the same plaintext message
Hash Function
one-way mathematical operation that reduces a message or data file into a smaller fixed length output
Registration Authority
performs certificate registration services on behalf of a CA. RA verifies user credentials
Certificate Authority
PKI, entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Confusion
mixing the key values during repeated rounds of encryption, make the relationship between ciphertext and key as complex as possible
Diffusion
mix location of plaintext throughout ciphertext, change of a single bit should drastically change hash, dissipate pattern
Block cipher
segregating plaintext into blocks and applying identical encryption algorithm and key
Assymetric
Public-private
does not need pre-shared
Nx2 keys.
weaker per bit than symmetric
Symmetric
Shared key
faster, stronger per bit
DES
Symmetric Data Encryption Standard (could be called DEA) 64 bit block Cipher 56 bit key 16 rounds of encryption No longer secure
3DES
Symmetric 64 bit block Cipher 56 bit key 16 rounds of encryption 3 rounds of DES
IDEA
International Data Encryption Standard Symmetric 128 bit key 64 bit block size not frequently used as it is patented until 2012 Used by PGP considered secure
AES
Advanced Encryption Standard
Rijndael algorithm is used, chosen to replace DES
Symmetric
Open Source and widely used
Secure
128 bit block size (Rijndael is variable)
128 bit key, 192, or 256
Blowfish
Symmetric
No longer secure
64bit blocks, 32 to 448 bit keys
Twofish
Symmetric
Secure
128bit blocks, 128, 192, 256 bit keys
RC4
Symmetric
no longer secure
Stream Cipher
40 - 2048 bit key length
RC5
Symmetric Secure Block cipher 32, 64, 128 bit blocks 0 to 2040 bits key length
RC6
Symmetric
Secure
Block cipher
RSA
Asymmetric Secure uses factorisation of very large prime numbers 1094 - 4096 bit keys Used to exchange symmetric keys
DH
Diffie Hellman
Asymmetric
First Public-private key used
Can be used even when there is no PKI or secure means to exchange keys
ECC
Elliptic Curve Cryptology Asymmetric Uses discrete logarithm Stronger per bit - 256 ECC = 3072 RSA patented
ElGamal
Asymmetric
Uses DH
One issue is that it doubles length of message
Used in PGP
DSA
Digital Signature Algorithm
Asymmetric
variant of Elgamal
Knapsack
Asymmetric
- one way encryption
public key used only for encryption and private only for decryption. not suitable for authentication
no longer secure
MD5
Hash function
128 bit hash
widely used
SHA
Hash Function
Promoted by NIST
160bit hash value
SHA 1, 2 and 3 versions
HAVAL
Hash of variable length
Uses MD principle - has variable length
not widely used
RipeMD
Hash - 128, 256, 320 bit hashes
no longer secure
RipeMD160
Hash
redesigned RipeMD
Hash of 160bit
Secure
PKI
public key infrastructure
uses asymmetric and symmetric encryption and hashing to provide and manage certificates
must keep private key secret
Digital Signature
Provides Integrity and Non repudiation
Email is hashed - hash is encrypted with my private key.
receiver receives and decrypts hash with my public key
Digital Certificates
Public keys signed with Digital Signature
HMAC
Hashed Message Authentication Code
it guarantees the integrity of a message during transmission, but it does not provide for nonrepudiation
HMAC can be combined with any standard message digest generation algorithm, such as SHA-3, by using a shared secret key. Therefore, only communicating parties who know the key can generate or verify
the digital signature.
DSS
Digital Signature Standard by NIST - all federally approved digital signature algorithms must use the SHA-3 specifies encryption methods: - Digital Signature Algo (DSA) - RSA - Elliptic Curve DSA
DSA
Public key encryption proposed by NIST
1024 bit key
uses discrete log
ECDSA
Elliptic Curve DSA
PKI
Public Key Infra
Trust relationship that provides combining asymmetric with symmetric key encryption
Digital Certificate
Digital certificates provide communicating parties with the assurance that the people they are communicating with truly are who they claim to be. Digital certificates are essentially endorsed copies of an individual’s public key.
CA
Certificate authorities (CAs) are the glue that binds the public key infrastructure together. These neutral organizations offer notarization services for digital certificates
PGP
Pretty Good Privacy
Used for email encryption
Uses web of trust
S/MIME
Secure/Multipurpose Internet Mail Extensions
de facto standard for encrypted email
uses the RSA encryption algorithm
Used by outlook
