Chapter 05
cryptographic protocol
A detailed description that incorporates standardized requirements and guidelines for key generation and managements, authentication, encryption, hashing functions, nonrepudiation methods, and other aspects of message security.
Secure Hash Algorithm (SHA)
A hashing algorithm that the NSA designed as a replacement for MD5. SHA-1 produces a 160-bit message digest.
digital signature
A method of verifying nonrepudiation and integrity in messages.
Internet Protocol Security (IPsec)
A set of standard procedures that the Internet Engineering Task Force (IETF) developed for enabling secure communication on the Internet.
public key cryptography standards (PKCSs)
A set of standards that RSA developed to provide standardization guidelines for cryptography. Many of these 15 standards have moved into the IETF standards track.
plaintext
Readable text, programs that execute, graphics you can view.
Advanced Encryption Standard (AES)
The current U.S. government standard for cryptographic protocols. AES uses the Rijndael algorithm with key sizes of 128, 192, or 256 bits and a fixed block size of 128 bits.
Rijndael
The encryption algorithm used in AES; a symmetric block cipher composed of 10 to 14 rounds of S-box and XOR functions. It supports 128-bit, 192-bit, or 256-bit keys and block sizes. Rijndael applies 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys.
pseudorandom number generators (PRNGs)
Cryptographic primitives used to generate sequences of numbers that approximate random values.
exclusive Or (XOR) function
A cryptographic primitive based on binary bit logic and used as a linear mixing function, combining values for use in additional operations.
Feistel network
A cryptographic primitive that forms the basis of many symmetric algorithms. Feistel networks combine multiple rounds of repeated operations, such as processing cleartext input with XOR functions. A key schedule is used to produce different keys for each round.
substitution box (S-box) function
A cryptographic primitive that transforms a number of input bits into a number of output bits and produces a fixes or dynamic lookup table.
Message Authentication Code (MAC)
A hashing algorithm that produces a 128-bit hash value displayed as a 43-character hexadecimal number.
encryption algorithm
A percise set of instructions that provides an encoding function for a cryptographic system or generates output for use in additional operations.
Transport Layer Security (TLS)
A protocol designed to provide additional security for Internet communication. TLS uses a hashed message authentication code (HMAC) to combine the hashing algorithm with a shared key. TLS splits input data in half, processes each half with a different hashing algorithm, and recombines them with an XOR function.
block cipher
A type of encryption algorithm that encrypts groups of cleartext characters.
stream cipher
A type of encryption algorithm that encrypts one bit at a time.
symmetric algorithm
A type of mathematical formula in which the key for encrypting cleartext is the same key for decrypting ciphertext.
asymmetric algorithm
A type of mathematical formula that generates a key pair; ciphertext generated by one key can only be decrypted by the other key.
key management
A way to prevent keys from being discovered and used to decipher encrypted messages. One form of key management is to change keys frequently.
Message Digest 5 (MD5)
A widely used hashing algorithm that uses a shared secret key to generate a MAC tag for a message.
X.509
An International Telecommunication Union standard for PKI that specifies standard formats for public key certificates, a strict hierarchical system for CAs issuing certificates, and standards for certificate revocation list. X.509 certificates use RSA for key generation and encryption, and MD5 hashes to verify the certificate's integrity.
Triple DES (3DES)
An enhanced variation of DES that uses three 64-bit keys to process data.
Data Encryption Standard (DES)
An older protocol composed of a 16-round Feistal network with XOR functions, permutation functions, 6x4 S-box functions, and fixed key schedules. DES generates 64 bits of ciphertext from 64 bits of plaintext by using a 56-bit key.
permutation functions
Bit-shuffling cryptographic primitives that reorder sets of objects randomly.
public key exchange
In asymmetric cryptography, two keys are required: the public key and the private key. The public key used to encrypt the message is shared freely. The private key used to decrypt the message is kept secret.
private key exchange
In symmetric cryptography, the same key is used to encrypt and decrypt a message. Public-key Infrastructure is often used for private key exchange.
cryptographic primitives
Modular mathematical functions that perform one task reliably. They form the basic building blocks of modern cryptography.
hashing algorithms
Sets of instructions applied to variable-length input (the message) that generate a fixed-length message digest representing the input. Hashing algorithms do not provide confidentiality because they do not encrypt the message contents, but they do provide verification that a message has not been altered.
cryptography
The process of converting plaintext into ciphertext by using an encoding function.
cryptanalysis
The study of breaking encryption methods. Some common attack methods against cryptographic systems include differential and integral cryptanlysis, random number generator attacks, side channel attacks, and XSL attacks.