-
Cryptography
science of encrypting or hiding information
-
transposition cipher
same letters used but order is changed
-
shift cipher
- one letter is shifted a set number of places
- -e.g. ROT13 shifts everything 13 places
-
cryptanalysis
the process of analyzing available information in an attempt to return the encrypted message to its original form
-
differential cryptanalysis
comparing the input plaintext to teh output cipher text to try to determine the key
-
Linear Cryptanalysis
comparing plaintext to cipher text, but puts the plaintext through a simplified cipher to try and deduce what the key is likely to be in teh full version of the cipher
-
algorithm
- Step by Step, recursive computational procedure for solving a problem in a finite # of steps
- The best algorithms are public and peer reviewed
-
key
- special piece of data used in both teh encryption and decryption processes.
- the algorithms stay the same in every implementation, but a different key is used for each.
-
substitution cipher
- substitute a different random letter for every letter
- -due to the ease of breaking shift ciphers
-
Vigennere cipher or Polyalphabetic substitution cipher
- links the cipher with a password. if the password is not long enough, the password is repeated until one character of the password is matched up with each character of the plaintext. Then apply to a grid where the plaintext is row and the password is column
- e.g. SAMPLEMESSAGE and PASSWORDPASSW, HAEHHSDHHSSYA
- -
-
keyspace
The size of every possible key-value. When an algorithm lists a certain number of bits as a key it is defining the keyspace.
-
DES - Data Encryption Standard
- uses a 56-bit key, allowing 72 x 10^15 possible values.
- -broken by modern computers
-
DES
- 1976 adopted as federal standard
- uses a 128bit key or 340 x10^36 possible values.
- 128 bits is generally accepted as the minimum required to protect sensitive information
- Recertified in 1983 and 1993.
- Block Cipher-
-
Block Cipher
segments the input data into blocks of a specified size, typically padding the last block to make it a multiple of the block size required
-
key management
- anything having to do with the exchange, storage, safeguarding, and revocation of keys.
- most commonly associated with asymetric encryption or use of public and private keys.
-
one time pad ciphers
- The keys are equal to the of the messages they protect and completely random must be used for the keys.
- this allows for an unlimited keyspace and therefore brute force attack is practically impossible.
-
XOR
- A logical function to perform encipherment. Uses binary.
- e.g. 11011100 XOR 11111110(or 254) is 00100010.
- compare the individual digits, if the same then the encrypted data is a 0, if different then 1
-
Hashing
- a special mathematical functio nthat performs one-way encryption.
- i.e. once the algorithm is processed there is no feasible way to use the ciphertext to retrieve the plaintext that was used to generate it.
- also ideally there is no way to ggenerate two different plaintexts that compute to the same hash value.
-
collision attack
wherein an attacker finds two different messages that hash to the same value.
-
Hash Algorithms
- SHA - Secure Hashing Algorithm
- MD2, 4, or 5: Message Digest 2, 4, or 5
-
SHA
- Secure Hash Algorithm
- uses a MD @ a particular bit length.
- Included in the Federal Information Processing Standars 180-2, or FIPS 180-2
- Consists of SHA -1, 256, 384, 512.
- Latter variants are occasionally referred to as SHA-2
-
SHA-1
- Developed in 1993
- MD @ 160 bit
- Modeled on the MD4 Algorithm
- Input less than 2^64
- 32bit string converted to hex and formed into 16 words
- -words make a 512 bit block. padded if not enough to make 512
-
SHA-256
- Similar to SHA-1
- 2^64 bit input or less
- 256 bit hash
- uses 64 32 bit words, 8 working variables
- more secure than SHA-1, but the attac basis for SHA-1 can produce collisions in SHA-256
-
SHA-384
- 2128 bits of input
- pads that to 1024 blocks
- 64-bit words
- 6 x64bit words to produce 284bit hash
-
SHA-512
- same as 384
- uses 8 64 bit words for final hash of 512
-
Message Digest
- generric verrsion of one of several algorithms designed to create a hash or message digest(MD)
- Ronald L Rivest of MIT
-
MD-2
- 1989
- takes a data input of any length and produces a hash output of 128 bits.
- optimized for 8 bit machines
- inputs padded to be multiples of 16 bytes, then checksum is appended to the message
- only known successful attack requires the checksum not be appended before the hash is run
- some collision attacks are based on the algorithm's Initialization Vector(IV)
-
MD4
- 1990
- optimized for 32 bit computers
- fast algorithm but subject to more attacks than MD5
- padded to 512 bits, which is then concatenated with representation of message's orginal length
- Then divided into 16 words of 32 bits.
- Hans Dobbertin has shown how collisions can be found in under a minute using only a PC
- most people are moving away from this to MD5 or SHA
-
MD5
- 1991
- creates a 128bit hash of a message of any length
- original message is padded to be 64 bits short of a multiple off 512 bits, then a 64 bit representation
-
Symetric Encryption
- both sender and receiver have previously obtained a copy of the same key
- Common symmetric algorithms: DES, 3DES, AES, IDEA, Blowfish, CAST, RC2, RC4, RC5, RC6
-
3DES or Triple DES
- DES : Data Encryption Standard
- runs through the DES algorithm 3 times
-
AES
- Advanced Encryption Standard
- block cipher using symmetric key encryption
- key sizes: 128, 192, 256
- Core is Rijndael, chosen for good performance and good overall security
-
CAST
- Designed by Carlisle Adams and Stafford Tavares
- uses 64 bit block size for 64 and 128 bit key, 128 bit block version for 256 bit key
- Operated on for 8 rounds
-
RC
- General term for several ciphers created by Ron Rivest
- Rivest Cipher
- RC1, 2, 3, 4, 5, 6. But RC3 never made a release
-
RC2
- variable key size: 8 - 1024 bit with fixed block size of 64 bits
- up to 3 times faster than DES
- Any key length below 64 bits can be easily retrieved with modern computing power
-
RC5
- 1994
- multiple variable elements, numbers of rounds, key sizes and block sizes.
- for security recommend at least 12 rounds.
- differential analysis fails for 15 or more rounds
-
RC6
- based on RC5
- 20 rounds
- 3 possible key-sizes: 128, 192, 256
- with sufficient rounds the algorithm makes both linear and differential crypanalysis infeasible
-
RC4
- Stream Cipher: works by enciphering the plaintext in a stream
- Fast: sometimes 10 times faster than DES
- 1 key in 256 can generate bytes closely correlated with key bytes
-
Blowfish
- 1994 Bruce Schneider
- block-mode
- 16 rounds-no weakness in the full 16 - round version
-
IDEA
- Inernational Data Encryption ALgorithm
- Started as PES 1990, modified to improve differential cryptanalysis
- 1992 became IDEA
- 8 rounds with 4 additional steps
-
Asymmetric Encryption
- uses two keys instead of one
- invented by Diffie and Hellman in 1975
- aka Public Key Cryptography
- Uses a private key-kept secret and a public key- that can be sent to anyone
- Diffie/Helman, RSA, ECC(Eliptic Curve Cryptography), and ElGamal
-
RSA
- one of the first public key cryptosystems 1977 by Ron Rivest, Adi Shamir and Leonard Adleman
- Uses the product of two very large prime numbers, P & Q of 100 to 200 digits
- Choose a random encryption key E which is less than P*Q, must be odd and relatively prime
- Security has withstood 20 years of testing
-
electronic key exchange
exchanging the symmetric or shared secret using the slower protocol of public key
-
Diffie/Hellman
- Most common protocols in use today
- Plays a role in the Electronic Key Exchange of SSL protocol
-
ElGamal
- used as the US Govt standard for digital signatures
- uses logarithms
-
ECC
- Elliptic Curve Cryptography
- uses two numbers to plot a point on the curve
-
Steganography
- comes from Greek Steganos or covered.
- Involves hiding numbers in pictures using the RGB color one could put a 128kb message in a MegaPixel pic
- used by porn and terrorists(maybe)
-
Cryptography Algorithm Use in Relation to CIA-AN
- Confidentiality
- Integrity
- Nonrepudiation
- Authentication
-
Key Escrow
- a system by which your private key is kept both by you and by the government
- requires a court order to access it
-
Cryptographic Apps
- PGP:
- True Crypt:
- FreeOTFE
- GnuPG
|
|