Symmetric and Asymmetric Cryptography Flashcards
A single, shared key
– Encrypt with the key
– Decrypt with the same key
– If it gets out, you’ll need another key
* Secret key algorithm
– A shared secret
* Doesn’t scale very well
– Can be challenging to distribute
* Very fast to use
– Less overhead than asymmetric encryption
– Often combined with asymmetric encryption
Symmetric Encryption
- Public key cryptography
– Two (or more) mathematically related keys - Private key - Keep this private
- Public key - Anyone can see this key - Give it away
- The private key is the only key that can decrypt data
encrypted with the public key
– You can’t derive the private key from the public key
Key generation
– Build both the public and private key at the same
time
– Lots of randomization
– Large prime numbers
– Lots and lots of math - Everyone can have the public key
– Only Alice has the private key
Asymmetric Encryption
- Asymmetric encryption
– Need large integers composed of two or more large
prime factors - Instead of numbers, use curves!
– Uses smaller keys than non-ECC asymmetric
encryption
– Smaller storage and transmission requirements
– Perfect for mobile devices
Elliptic Curve Cryptography
- Represent data as a short string of text - A message digest
- One-way trip
– Impossible to recover the original message from the digest
– Used to store passwords / confidentiality - Verify a downloaded document is the same as the original
– Integrity - Can be a digital signature
– Authentication, non-repudiation, and integrity - Will not have a collision (hopefully)
– Different messages will not have the same hash
Hashes
Hash functions
– Take an input of any size - Create a fixed size string
– Message digest, checksum
The hash should be unique
– Different inputs should never create the same hash
– If they do, it’s a collision
* MD5 has a this problem
– Found in 1996 - Don’t use MD5
Collision
Verify a downloaded file
– Hashes may be provided on the download site
– Compare the downloaded file hash with the
posted hash value
* Password storage
– Instead of storing the password, store a salted hash
– Compare hashes during the authentication process
– Nobody ever knows your actual password
Practical Hashing
Random data added to a password when hashing
* Every user gets their own random this
– This is commonly stored with the password
Salt
A file containing precomputed hashes for character combinations. These are used to discover passwords. PBKDF2 and bcrypt thwart attacks associated with these
Rainbow Table
Prove the message was not changed
– Integrity
* Prove the source of the message
– Authentication
* Make sure the signature isn’t fake
– Non-repudiation
* Sign with the private key
– The message doesn’t need to be encrypted
– Nobody else can sign this (obviously)
* Verify with the public key
– Any change in the message will invalidate the signature
Digital Signatures
Cryptographic keys that change often
Ephemeral Keys
This type of encryption uses the same key to encrypt and decrypt data. Most algorithms with this type of encryption use stream ciphers or block ciphers.
Symmetric Encryption
This is a small piece of data, sometimes only 1 or 2 bits, and is used to quickly verify the integrity of the data.
Checksum
These two hashing algorithms are the most popular to verify integrity
MD5 and SHA-256
This verifies both integrity and authenticity with the use of a shared secret
Hashed-Based Message Authentication Code (HMAC)
Protocols like IPSEC and TLS use blank and blank
HMAC-MD5 and HMAC SHA-256
