science of encrypting or hiding information
same letters used but order is changed
- one letter is shifted a set number of places
- -e.g. ROT13 shifts everything 13 places
the process of analyzing available information in an attempt to return the encrypted message to its original form
comparing the input plaintext to teh output cipher text to try to determine the key
comparing plaintext to cipher text, but puts the plaintext through a simplified cipher to try and deduce what the key is likely to be in teh full version of the cipher
- Step by Step, recursive computational procedure for solving a problem in a finite # of steps
- The best algorithms are public and peer reviewed
- special piece of data used in both teh encryption and decryption processes.
- the algorithms stay the same in every implementation, but a different key is used for each.
- substitute a different random letter for every letter
- -due to the ease of breaking shift ciphers
Vigennere cipher or Polyalphabetic substitution cipher
- links the cipher with a password. if the password is not long enough, the password is repeated until one character of the password is matched up with each character of the plaintext. Then apply to a grid where the plaintext is row and the password is column
- e.g. SAMPLEMESSAGE and PASSWORDPASSW, HAEHHSDHHSSYA
The size of every possible key-value. When an algorithm lists a certain number of bits as a key it is defining the keyspace.
DES - Data Encryption Standard
- uses a 56-bit key, allowing 72 x 10^15 possible values.
- -broken by modern computers
- 1976 adopted as federal standard
- uses a 128bit key or 340 x10^36 possible values.
- 128 bits is generally accepted as the minimum required to protect sensitive information
- Recertified in 1983 and 1993.
- Block Cipher-
segments the input data into blocks of a specified size, typically padding the last block to make it a multiple of the block size required
- anything having to do with the exchange, storage, safeguarding, and revocation of keys.
- most commonly associated with asymetric encryption or use of public and private keys.
one time pad ciphers
- The keys are equal to the of the messages they protect and completely random must be used for the keys.
- this allows for an unlimited keyspace and therefore brute force attack is practically impossible.
- A logical function to perform encipherment. Uses binary.
- e.g. 11011100 XOR 11111110(or 254) is 00100010.
- compare the individual digits, if the same then the encrypted data is a 0, if different then 1
- a special mathematical functio nthat performs one-way encryption.
- i.e. once the algorithm is processed there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it.
- also ideally there is no way to ggenerate two different plaintexts that compute to the same hash value.
wherein an attacker finds two different messages that hash to the same value.
- SHA - Secure Hashing Algorithm
- MD2, 4, or 5: Message Digest 2, 4, or 5
- Secure Hash Algorithm
- uses a MD @ a particular bit length.
- Included in the Federal Information Processing Standars 180-2, or FIPS 180-2
- Consists of SHA -1, 256, 384, 512.
- Latter variants are occasionally referred to as SHA-2
- Developed in 1993
- MD @ 160 bit
- Modeled on the MD4 Algorithm
- Input less than 2^64
- 32bit string converted to hex and formed into 16 words
- -words make a 512 bit block. padded if not enough to make 512
- Similar to SHA-1
- 2^64 bit input or less
- 256 bit hash
- uses 64 32 bit words, 8 working variables
- more secure than SHA-1, but the attac basis for SHA-1 can produce collisions in SHA-256
- 2128 bits of input
- pads that to 1024 blocks
- 64-bit words
- 6 x64bit words to produce 284bit hash
- same as 384
- uses 8 64 bit words for final hash of 512
- generric verrsion of one of several algorithms designed to create a hash or message digest(MD)
- Ronald L Rivest of MIT
- takes a data input of any length and produces a hash output of 128 bits.
- optimized for 8 bit machines
- inputs padded to be multiples of 16 bytes, then checksum is appended to the message
- only known successful attack requires the checksum not be appended before the hash is run
- some collision attacks are based on the algorithm's Initialization Vector(IV)
- optimized for 32 bit computers
- fast algorithm but subject to more attacks than MD5
- padded to 512 bits, which is then concatenated with representation of message's orginal length
- Then divided into 16 words of 32 bits.
- Hans Dobbertin has shown how collisions can be found in under a minute using only a PC
- most people are moving away from this to MD5 or SHA
- creates a 128bit hash of a message of any length
- original message is padded to be 64 bits short of a multiple off 512 bits, then a 64 bit representation
- both sender and receiver have previously obtained a copy of the same key
- Common symmetric algorithms: DES, 3DES, AES, IDEA, Blowfish, CAST, RC2, RC4, RC5, RC6
3DES or Triple DES
- DES : Data Encryption Standard
- runs through the DES algorithm 3 times
- Advanced Encryption Standard
- block cipher using symmetric key encryption
- key sizes: 128, 192, 256
- Core is Rijndael, chosen for good performance and good overall security
- Designed by Carlisle Adams and Stafford Tavares
- uses 64 bit block size for 64 and 128 bit key, 128 bit block version for 256 bit key
- Operated on for 8 rounds
- General term for several ciphers created by Ron Rivest
- Rivest Cipher
- RC1, 2, 3, 4, 5, 6. But RC3 never made a release
- variable key size: 8 - 1024 bit with fixed block size of 64 bits
- up to 3 times faster than DES
- Any key length below 64 bits can be easily retrieved with modern computing power
- multiple variable elements, numbers of rounds, key sizes and block sizes.
- for security recommend at least 12 rounds.
- differential analysis fails for 15 or more rounds
- based on RC5
- 20 rounds
- 3 possible key-sizes: 128, 192, 256
- with sufficient rounds the algorithm makes both linear and differential crypanalysis infeasible
- Stream Cipher: works by enciphering the plaintext in a stream
- Fast: sometimes 10 times faster than DES
- 1 key in 256 can generate bytes closely correlated with key bytes
- 1994 Bruce Schneider
- 16 rounds-no weakness in the full 16 - round version
- Inernational Data Encryption ALgorithm
- Started as PES 1990, modified to improve differential cryptanalysis
- 1992 became IDEA
- 8 rounds with 4 additional steps
- uses two keys instead of one
- invented by Diffie and Hellman in 1975
- aka Public Key Cryptography
- Uses a private key-kept secret and a public key- that can be sent to anyone
- Diffie/Helman, RSA, ECC(Eliptic Curve Cryptography), and ElGamal
- one of the first public key cryptosystems 1977 by Ron Rivest, Adi Shamir and Leonard Adleman
- Uses the product of two very large prime numbers, P & Q of 100 to 200 digits
- Choose a random encryption key E which is less than P*Q, must be odd and relatively prime
- Security has withstood 20 years of testing
electronic key exchange
exchanging the symmetric or shared secret using the slower protocol of public key
- Most common protocols in use today
- Plays a role in the Electronic Key Exchange of SSL protocol
- used as the US Govt standard for digital signatures
- uses logarithms
- Elliptic Curve Cryptography
- uses two numbers to plot a point on the curve
- comes from Greek Steganos or covered.
- Involves hiding numbers in pictures using the RGB color one could put a 128kb message in a MegaPixel pic
- used by porn and terrorists(maybe)
Cryptography Algorithm Use in Relation to CIA-AN
- a system by which your private key is kept both by you and by the government
- requires a court order to access it
- True Crypt: