(Ch20) Cryptography
Diffie-Hellman
A cryptographic protocol that allows two parties to establish a shared key over an insecure channel.
Uuencode
A relatively weak encryption method that was developed to aid in the transport of binary images via email. It is one of the most common binary coding methods used.
Registration Authority (RA)
Acts as the verifier for the certificate authority
Digital Certificates
Establishes credentials of a person when doing online transactions.
Transposition cipher
Here, rearranging letters in the plain text, according to a regular system produces the cipher text. For example, "CRYPTOGRAPHY" when encrypted becomes "AOYCRGPTYRHP."
Snow
Steganographic tool that hides messages in ASCII text by appending whitespace to the end of lines
Stream ciphers
Symmetric key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). Here, the user applies the key to each bit, one at a time.
Integral Cryptanalysis
This attack is useful against block ciphers based on substitution-permutation networks an extension of differential cryptanalysis.
Extensible Authentication Protocol (EAP)
an authentication protocol that was originally designed for Point-to-Point connections. It is used as an alternative to CHAP and PAP authentication protocols as it is more secure and supports different authentication mechanisms.
Collisions
in hashing when two or more files create the same output.
RC6
is a symmetric key block cipher derived from RC5 with two additional features. It uses integer multiplication and uses four 4-bit working registers (RC5 uses two 2-bit registers).
Disk encryption
protects confidentiality of the data stored on disk by converting it into an unreadable code using disk encryption software or hardware.
CryptoTool
provides examples of encryption and decryption activities. It is designed to help those interested in cryptography learn more.
VeraCrypt
software for establishing and maintaining an on-the-fly-encrypted volume (data storage device).
MD5 algorithm
takes a message of arbitrary length as the input and then outputs a 128-bit fingerprint or message digest of the input.
Cryptography
the conversion of data into a scrambled code that is encrypted and sent across a private or public network.
RC4
A variable key size symmetric key stream cipher with byte-oriented operations and is based on the use of a random permutation.
Confidentiality
Assurance that the information is accessible only to those authorized to have access.
Related-key Attack
Attacker can obtain ciphertexts encrypted under two different keys, and this attack is useful if the attacker can obtain the plaintext and matching cipher text.
Dictionary Attack
Attacker constructs a dictionary of plaintext along with its corresponding ciphertext that he/she has learnt for a certain period of time
Chosen-plaintext Attack
Attacker defines his own plaintext, feeds it into the cipher, and analyzes the resulting ciphertext.
Ciphertext-only Attack
Attacker has access to the cipher text; goal of this attack to recover encryption key from the ciphertext.
Known-plaintext Attack
Attacker has knowledge of some part of the plain text; using this information, the key used to generate ciphertext is deduced so as to decipher other messages.
Adaptive Chosen-plaintext Attack
Attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions.
Chosen-ciphertext Attack
Attacker obtains the plaintexts corresponding to an arbitrary set of ciphertexts of his own choosing
Man-in-the-middle Attack
Attacker performs this attack on the public key cryptosystems where key exchange is required before communication takes place
Chosen-key Attack
Attacker usually breaks an n bit key cipher into 2 n/2 number of operations
Signed Certificates
Certification authorities (CAs) sign and issue signed certificates. These certificates contain a public key and the identity of the owner. The corresponding private key is kept secret by the CA.
Brute-Force
Cryptography keys are discovered by trying every possible combination
Block ciphers
Deterministic algorithm operating on block (group of bits) of fixed size with an unvarying transformation specified by a symmetric key. Most modern ciphers are block ciphers. These are widely used to encrypt bulk data.
Rubber Hose Attack
Extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture.
Nonrepudiation
Guarantee that the sender of a message cannot later deny having sent the message, and that the recipient cannot deny having received the message.
Authenticated channel
The server endpoint of the conversation is always encrypted, whereas the client endpoint is optionally authenticated.
Transport Layer Security (TLS)
a protocol to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission. It uses the RSA algorithm with 1024 and 2048 bit strengths.
Pretty Good Privacy (PGP)
a protocol used to encrypt and decrypt data that provides authentication and cryptographic privacy. It is often used for data compression, digital signing, encryption and decryption of messages, emails, files, directories, and to enhance privacy of email communications. It builds a web of trust because the users must determine who they trust.
Public Key Infrastructure (PKI)
a set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates.
Data Encryption Standard (DES)
a standard for data encryption that uses a secret key for both encryption and decryption (symmetric cryptosystem). DES uses a 64-bit secret key of which 56 bits are generated randomly and other 8 bits help in error detection.
Advanced Encryption Standard (AES)
a symmetric-key algorithm that secures sensitive but unclassified material by the US government agencies. It is an iterated block cipher, which works by repeating the same operation multiple times. It has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively, for AES-128, AES-192, and AES-256.
Ciphers
algorithms used to encrypt or decrypt the data
Output Feedback mode (OFB)
also emulates a stream cipher. Unlike CFB, transmission errors do not propagate throughout the encryption process because it takes the plain text to feed back into a stream of cipher text.
Rivest Shamir Adleman (RSA)
an Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman. It is widely used and is one of the de-facto encryption standard. It uses modular arithmetic and elementary number theories to perform computations using two large prime numbers.
Challenge-Handshake Authentication Protocol (CHAP)
an authentication mechanism used by Point to Point protocol (PPP) servers in order to authenticate or validate the identity of remote clients or network hosts.
Reliable channel
message transfer has an integrity check.
Symantec Drive Encryption
provides full disk encryption for all data (user files, swap files, system files, etc.) on desktops, laptops, and removable media.
Digital signature
uses asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form.
Brutus
A Windows logon password cracker that supports a wide range of authentication schemes, such as Telnet, FTP, SMB, RSH, SNMP, LDAP, and Cisco.
THC-Hydra
A fast network logon password cracker that supports many authentication schemes, such as Telnet, FTP, SMB, RSH, SNMP, LDAP, and Cisco.
Algorithm
A set of rules or a mathematical formula used to encrypt and decrypt data.
Certificate Management System
Generates, distributes, stores, and verifies certificates
Certificate Authority (CA)
Issues and verifies digital certificates
SHA2
It is a family of two similar hash functions with different block sizes, namely, SHA-256 that uses 32-bit words and SHA-512 that uses 64-bit words.
Authentication
Refers to the characteristic of a communication, document, or any data that ensures the quality of being genuine.
Validation Authority (VA)
Stores certificates (with their public keys)
Integrity
The trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
Base64
This method of encoding is usually used to encode email attachments. Because email systems cannot directly handle binary attachments, email clients must convert binary attachments to their text equivalent.
Birthday Attack
a name used to refer to a class of brute-force attacks against cryptographic hashes that makes the brute forcing easier.
Side Channel Attack
a physical attack performed on a cryptographic device/cryptosystem to gain sensitive information. An attacker monitors channels (environmental factors) and tries to acquire the information useful for cryptanalysis.
Rainbow Table Attack
a type of cryptography attack where an attacker uses a rainbow table for reversing cryptographic hash functions. It uses the cryptanalytic time-memory trade-off technique to crack the cryptography, which requires less time than some other techniques
HMAC
a type of message authentication code (MAC) that makes use of cryptographic key with a combination of a cryptographic hash function.
Blowfish
a type of symmetric block cipher algorithm, designed to replace DES or IDEA algorithms. It uses a same secret key to encrypt and decrypt data. This algorithm splits the data into a block length of 64-bit size and produces a key ranging from length 32 bits to 448 bits.
Secure/Multipurpose Internet Mail Extensions (S/MIME)
adds two valuable components to standard email: digital signatures and public key encryption. It supports X.509 digital certificates and RSA encryption.
Self-Signed Certificates
an identity certificate signed by the same entity whose identity it certifies. Self-signed certificates are widely used for testing purposes. These certificates are useful only in a self-controlled testing environment.
Classical Ciphers
are the most basic type of ciphers, which operate on alphabets (A-Z). Implementation of these ciphers is generally either by hand or with simple mechanical devices.
Cipher Feedback mode (CFB)
emulates a stream cipher. It can be used to encrypt individual characters. Like CBC, errors and corruption can propagate through the encryption process.
Cipher Block Chaining mode (CBC)
is widely used and is similar to ECB. It takes data from one block to be used in the next; therefore, it chains the blocks together. However, it's more secure than ECB and harder to crack.
Symmetric encryption
uses the same key for encryption as it does for decryption
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
160-bit hash algorithm. It was developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. There exist 128, 256 and 320-bit versions of this algorithm,
Rijndael
A block cipher adopted as the Advanced Encryption Standard (AES) by the U.S. government to replace DES.
Heartbleed
A major bug in OpenSSL that allowed attackers to send malformed heartbeat requests to a server, which could respond by disclosing sensitive information like plaintext user names, passwords, and cryptographic keys.
Hashcat
Advertised as the world's fastest CPU-based password-recovery tool, Hashcat can be installed on both Linux and Windows computers.
Private channel
All the messages are encrypted after a simple handshake is used to define a secret key.
RC5
It is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. The key size is 128-bits
Timing Attack
It is based on repeatedly measuring the exact execution times of modular exponentiation operations.
Linear Cryptanalysis
It is commonly used on block ciphers. It is a known plaintext attack and uses a linear approximation to describe the behavior of the block cipher. Given enough pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained.
Frequency Analysis
It is the study of the frequency of letters or groups of letters in a ciphertext. It works on the fact that, in any given stretch of written language, certain letters and combinations of letters occur with varying frequencies.
SHA1
It produces a 160-bit digest from a message with a maximum length of (264 − 1) bits, and it resembles the MD5 algorithm.
John the Ripper
One of the more popular Linux password-cracking programs. Linux/UNIX passwords are usually kept in etc/passwd or etc/shadow.
Substitution cipher
The user replaces units of plaintext with ciphertext, according to a regular system. Units may be single letters, pairs of letters, or combinations of them, and so forth. The recipient performs inverse substitution to decipher the text.
Twofish
This algorithm was one of the five finalists to replace DES for the US Government, but it was not chosen. It uses a block size of 128 bits and key sizes up to 256 bits. It is a Feistel cipher.
DUHK (Don't Use Hard-Coded Keys)
a cryptographic vulnerability that allows an attacker to obtain encryption keys used to secure VPNs and web sessions. This attack mainly affects any hardware/software using ANSI X9.31 Random Number Generator (RNG)
BitLocker Drive Encryption
a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Differential cryptanalysis
a form of cryptanalysis applicable to symmetric key algorithms. It is the examination of differences in an input and how that affects the resultant difference in the output.
CrypTool
a free e-learning program in the area of cryptography and cryptanalysis.
Key escrow
a key exchange arrangement in which essential cryptographic keys are stored with a third party in escrow. The third party can use or allow others to use the encryption keys under certain predefined circumstances.
Keyczar
an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys.
OpenSSL
an open source cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them
Hash functions
calculate a unique fixed-size bit string representation called a message digest of any arbitrary block of information. If any given bit of the function's input is changed, then every output bit has a 50 percent chance of changing. It is computationally infeasible to have two files with the same message digest value
Digital Signature
computed using a set of rules (i.e., the DSA) and a set of parameters such that the identity of the signatory and integrity of the data can be verified.
One-Time Pad
contains many non-repeating groups of letters or number keys, which are chosen randomly.
Secure Sockets Layer (SSL)
is an application layer protocol developed by Netscape for managing the security of a message transmission on the Internet. It uses RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections
Electronic Code Book mode (ECB)
is the native encryption mode of DES. It produces the highest throughput, although it is the easiest form of DES to break. The same plain text encrypted with the same key always produces the same cipher text.
Government Access to Keys (GAK)
means that software companies will give copies of all keys (or at least enough of the key that the remainder could be cracked) to the government. The government promises that they will hold on to the keys in a secure manner and will only use them when a court issues a warrant to do so.
meet-in-the-middle attack
the best attack method for cryptographic algorithms using multiple keys for encryption. This attack reduces the number of brute force permutations needed to decode text encrypted by more than one key and conducted mainly for forging signatures on mixed type digital signatures.
Cryptanalysis
the study of ciphers, cipher text, or cryptosystems with the ability to identify vulnerabilities in them that allows to extract plaintext from the ciphertext even if the cryptographic key or algorithm used to encrypt the plaintext is unknown.
Asymmetric encryption
uses different encryption keys for encryption and decryption. These keys are known as public and private keys.
SHA3
uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly permuted.