
Cryptography
science of encrypting or hiding information

transposition cipher
same letters used but order is changed

shift cipher
 one letter is shifted a set number of places
 e.g. ROT13 shifts everything 13 places

cryptanalysis
the process of analyzing available information in an attempt to return the encrypted message to its original form

differential cryptanalysis
comparing the input plaintext to teh output cipher text to try to determine the key

Linear Cryptanalysis
comparing plaintext to cipher text, but puts the plaintext through a simplified cipher to try and deduce what the key is likely to be in teh full version of the cipher

algorithm
 Step by Step, recursive computational procedure for solving a problem in a finite # of steps
 The best algorithms are public and peer reviewed

key
 special piece of data used in both teh encryption and decryption processes.
 the algorithms stay the same in every implementation, but a different key is used for each.

substitution cipher
 substitute a different random letter for every letter
 due to the ease of breaking shift ciphers

Vigennere cipher or Polyalphabetic substitution cipher
 links the cipher with a password. if the password is not long enough, the password is repeated until one character of the password is matched up with each character of the plaintext. Then apply to a grid where the plaintext is row and the password is column
 e.g. SAMPLEMESSAGE and PASSWORDPASSW, HAEHHSDHHSSYA
 

keyspace
The size of every possible keyvalue. When an algorithm lists a certain number of bits as a key it is defining the keyspace.

DES  Data Encryption Standard
 uses a 56bit key, allowing 72 x 10^15 possible values.
 broken by modern computers

DES
 1976 adopted as federal standard
 uses a 128bit key or 340 x10^36 possible values.
 128 bits is generally accepted as the minimum required to protect sensitive information
 Recertified in 1983 and 1993.
 Block Cipher

Block Cipher
segments the input data into blocks of a specified size, typically padding the last block to make it a multiple of the block size required

key management
 anything having to do with the exchange, storage, safeguarding, and revocation of keys.
 most commonly associated with asymetric encryption or use of public and private keys.

one time pad ciphers
 The keys are equal to the of the messages they protect and completely random must be used for the keys.
 this allows for an unlimited keyspace and therefore brute force attack is practically impossible.

XOR
 A logical function to perform encipherment. Uses binary.
 e.g. 11011100 XOR 11111110(or 254) is 00100010.
 compare the individual digits, if the same then the encrypted data is a 0, if different then 1

Hashing
 a special mathematical functio nthat performs oneway encryption.
 i.e. once the algorithm is processed there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it.
 also ideally there is no way to ggenerate two different plaintexts that compute to the same hash value.

collision attack
wherein an attacker finds two different messages that hash to the same value.

Hash Algorithms
 SHA  Secure Hashing Algorithm
 MD2, 4, or 5: Message Digest 2, 4, or 5

SHA
 Secure Hash Algorithm
 uses a MD @ a particular bit length.
 Included in the Federal Information Processing Standars 1802, or FIPS 1802
 Consists of SHA 1, 256, 384, 512.
 Latter variants are occasionally referred to as SHA2

SHA1
 Developed in 1993
 MD @ 160 bit
 Modeled on the MD4 Algorithm
 Input less than 2^64
 32bit string converted to hex and formed into 16 words
 words make a 512 bit block. padded if not enough to make 512

SHA256
 Similar to SHA1
 2^64 bit input or less
 256 bit hash
 uses 64 32 bit words, 8 working variables
 more secure than SHA1, but the attac basis for SHA1 can produce collisions in SHA256

SHA384
 2128 bits of input
 pads that to 1024 blocks
 64bit words
 6 x64bit words to produce 284bit hash

SHA512
 same as 384
 uses 8 64 bit words for final hash of 512

Message Digest
 generric verrsion of one of several algorithms designed to create a hash or message digest(MD)
 Ronald L Rivest of MIT

MD2
 1989
 takes a data input of any length and produces a hash output of 128 bits.
 optimized for 8 bit machines
 inputs padded to be multiples of 16 bytes, then checksum is appended to the message
 only known successful attack requires the checksum not be appended before the hash is run
 some collision attacks are based on the algorithm's Initialization Vector(IV)

MD4
 1990
 optimized for 32 bit computers
 fast algorithm but subject to more attacks than MD5
 padded to 512 bits, which is then concatenated with representation of message's orginal length
 Then divided into 16 words of 32 bits.
 Hans Dobbertin has shown how collisions can be found in under a minute using only a PC
 most people are moving away from this to MD5 or SHA

MD5
 1991
 creates a 128bit hash of a message of any length
 original message is padded to be 64 bits short of a multiple off 512 bits, then a 64 bit representation

Symetric Encryption
 both sender and receiver have previously obtained a copy of the same key
 Common symmetric algorithms: DES, 3DES, AES, IDEA, Blowfish, CAST, RC2, RC4, RC5, RC6

3DES or Triple DES
 DES : Data Encryption Standard
 runs through the DES algorithm 3 times

AES
 Advanced Encryption Standard
 block cipher using symmetric key encryption
 key sizes: 128, 192, 256
 Core is Rijndael, chosen for good performance and good overall security

CAST
 Designed by Carlisle Adams and Stafford Tavares
 uses 64 bit block size for 64 and 128 bit key, 128 bit block version for 256 bit key
 Operated on for 8 rounds

RC
 General term for several ciphers created by Ron Rivest
 Rivest Cipher
 RC1, 2, 3, 4, 5, 6. But RC3 never made a release

RC2
 variable key size: 8  1024 bit with fixed block size of 64 bits
 up to 3 times faster than DES
 Any key length below 64 bits can be easily retrieved with modern computing power

RC5
 1994
 multiple variable elements, numbers of rounds, key sizes and block sizes.
 for security recommend at least 12 rounds.
 differential analysis fails for 15 or more rounds

RC6
 based on RC5
 20 rounds
 3 possible keysizes: 128, 192, 256
 with sufficient rounds the algorithm makes both linear and differential crypanalysis infeasible

RC4
 Stream Cipher: works by enciphering the plaintext in a stream
 Fast: sometimes 10 times faster than DES
 1 key in 256 can generate bytes closely correlated with key bytes

Blowfish
 1994 Bruce Schneider
 blockmode
 16 roundsno weakness in the full 16  round version

IDEA
 Inernational Data Encryption ALgorithm
 Started as PES 1990, modified to improve differential cryptanalysis
 1992 became IDEA
 8 rounds with 4 additional steps

Asymmetric Encryption
 uses two keys instead of one
 invented by Diffie and Hellman in 1975
 aka Public Key Cryptography
 Uses a private keykept secret and a public key that can be sent to anyone
 Diffie/Helman, RSA, ECC(Eliptic Curve Cryptography), and ElGamal

RSA
 one of the first public key cryptosystems 1977 by Ron Rivest, Adi Shamir and Leonard Adleman
 Uses the product of two very large prime numbers, P & Q of 100 to 200 digits
 Choose a random encryption key E which is less than P*Q, must be odd and relatively prime
 Security has withstood 20 years of testing

electronic key exchange
exchanging the symmetric or shared secret using the slower protocol of public key

Diffie/Hellman
 Most common protocols in use today
 Plays a role in the Electronic Key Exchange of SSL protocol

ElGamal
 used as the US Govt standard for digital signatures
 uses logarithms

ECC
 Elliptic Curve Cryptography
 uses two numbers to plot a point on the curve

Steganography
 comes from Greek Steganos or covered.
 Involves hiding numbers in pictures using the RGB color one could put a 128kb message in a MegaPixel pic
 used by porn and terrorists(maybe)

Cryptography Algorithm Use in Relation to CIAAN
 Confidentiality
 Integrity
 Nonrepudiation
 Authentication

Key Escrow
 a system by which your private key is kept both by you and by the government
 requires a court order to access it

Cryptographic Apps
 PGP:
 True Crypt:
 FreeOTFE
 GnuPG

