MOD 20 - Cryptography Flashcards
Types of ciphers:
Symmetric, Asymmetric, Substitution, Transposition, Stream, Block. Be familiar with each of these.
Be familiar with encryption processes, PKI, digital signatures, non-repudiation, public & private keys, certificates, CA’s, RA’s, CRL’s, etc.
Certificate Validation
Process of checking a certificate to ensure it’s valid and has not been revoked
Symmetric ciphers:
Only one key: the same key encrypts and decrypts. MUCH faster than Asymmetric, so used for any bulk-encryption needs
The main drawback to symmetric is there is no built-in way to exchange the key with the recipient.
RC4 (Ron’s Code 4) SYM
Symmetric STREAM cipher used in WEP and WPA/TKIP
DES - Data Encryption Standard SYM
Uses 56-bit keys and 64-bit blocks
2DES SYM
does DES twice, with 2 different keys. Susceptible to a “Meet-in-the-Middle” attack, allowing the attacker to figure out 1 of the keys.
3DES SYM
does DES three times, with 3 different keys (oversimplified, but that’s the idea)
Twofish SYM
Uses 128 bit blocks, and up to 256 bit key size.
Threefish SYM
Blocks and keys can be 256, 512, and 1024 bits
AES - Advanced Encryption Standard SYM
Currently our best symmetric encryption option. Like Twofish, it uses 128 bit blocks and 128, 192, or 256 bit keys. Faster than Twofish!
AES is a block cipher and when used with WPA2 we call it CCMP (AES in CTR mode)
- CAST-128 SYM
Symmetric block cipher that uses 64-bit blocks and does 12 or 16 rounds of encryption
- Serpent SYM
Symmetric block cipher that uses four 32-bit blocks, does 32 rounds of encryption, and uses key sizes of 128, 192, or 256 bits
IDEA (used with PGP) SYM
Symmetric encryption that was supposed to replace DES. Optionally used with PGP for bulk encryption once RSA handles the key-exchange. 64 bit blocks, 128 bit key.
Asymmetric ciphers:
Creates a Public-Private key pair. Encrypt with either one, then only the OTHER one can decrypt.
RSA (Rivest, Shamir, Adleman) ASYM
First creates a private key, then mathematically deduces a public key from the private key, which is a one-way math function (can’t be reversed)
ECC (Elliptic Curve Cryptography) ASYM
Can use small keys, but then get’s large-strength encryption from them. Very useful for portable devices with weaker processors.
Hashing algorithms:
Can be used to see if files (any data really) have changed. Used as an INTEGRITY checking mechanism.
MD5 (Message Digest 5) HASH ALG
32 (hex) character output, which is 128 bits. Prone to collisions
SHA-1 (Secure Hashing Algorithm 1) HASH ALG
40 (hex) char output, 160 bits. Very similar to MD5, but more bits means less collisions.
Collisions
Problem with hashing where two (or more) different source messages produce the same message digest.
Collision resistance is the ability for a hashing algorithm to produce less collisions. This typically involves a very long digest (more bits means more unique digests)
A collision attack is an attempt to find two messages that produce the same hash. While not all that practical, it does demonstrate that a particular hashing algorithm is flawed. SHA-1 and MD5 are prone to these attacks.
Key Escrow
In general, NEVER give your private key to anyone! The only exception is if you want your administrator to back up your private key for safekeeping. The admin’s role is then called the Recovery Agent (or Data Recovery Agent), and she keeps your private key in a safe location we call Key Escrow.
PGP (Pretty Good Privacy)
Program that can encrypt data such as e-mails. Uses RSA for symmetric-key-exchange, then IDEA for the bulk data encryption. Free for 30 days, but you have to pay after that.
For data confidentiality, encrypt with recipients Public Key
Only the recipients private can decrypt
*GPG
GNU Privacy Guard. Free alternative/competitor to PGP