CHapter 8: Cryptography
IDEA
International Data Encryption Algorithm (IDEA) Developed by a Swiss consortium. It's an algorithm that uses a 128-bit key. This product is similar in speed and capability to DES, but it's more secure. IDEA is used in Pretty Good Privacy (PGP), a public domain encryption system used by many for email. Currently, Ascom AG holds the right to market IDEA.
Electronic Watermarking
Is a form of steganography where the image contains a watermark placed there by the original artist, proving that copyright infringement has occurred in a copy is relatively easy.
What is key bit the DES is based on ?
It is a 64 bit encryption, 8 of these key are for error connection
Common method of verifying integrity
Adding a MAC to a message
What key bit is used by CAST?
CAST uses a 40-bit to 128-bit key, and it's very fast and efficient. Two additional versions, CAST-128 and CAST-256, also exist.
OTPs
One-Time Pads (OTP) Key that is used only once at the length as a plain text message
Cryptographic hash
A function that is one-way (nonreversible), has a fixed length output, and is collision resistant.
Forward secrecy
A property of any key exchange system that ensures that if one key is compromised, subsequent keys will not also be compromised
Salt
Bits added to a hash to make it resistant to rainbow table attacks.
Main purpose of LANMAN and NTLM
Although LANMAN and NTLM both employ hashing, they are used primarily for the purpose of authentication.
Block or Stream Cipher
An algorithm that takes one character and replaces it with one character.
What is the difference between Towfish encryption and Blowfish encryption?
Blowfish is a 64 bit block cipher, Towfish works on 128 bit blocks. This makes blowfish faster and less reliable, unlike Towfish.
Kerckhoff's Principle
The security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself
CBC
Cipher Block Chaining Divide the plain text into blocks (often 64-bit or 128-bit) and encrypt each block, one at a time. What CBC does is that when one block is finished encrypting, before the second block is started, the output of the first block is XOR'd with the plain text of the next block.
CBC
Cipher Block Changing when one block is finished encrypting, before the second block is started, the output of the first block is XOR'd with the plain text of the next block.
CIA
Confidentiality, Integrity, Availability
Asymmetric Cipher
Cryptographic algorithms that use two different keys— one key to encrypt and another to decrypt. Also called public key cryptography.
DES
Data Encryption Standard (DES) Its been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES
DHKE
Diffie-Hellman key exchange They are considered the founders of the public/private key concept. This algorithm is used primarily to generate a shared secret key across public networks. The process isn't used to encrypt or decrypt messages; it's used merely for the creation of a symmetric key between two parties.
List of ways the symmetric cipher can be executed?
ECB CBC CTM or CTR GCM
ECB
Electronic Cipher Book (ECB) Mode of operation for a block cipher , with the characteristic that each possible block of plaintext has a defined corresponding ciphertext value and vice versa. In other words, the same plaintext value will always result in the same ciphertext value.
Enterprise Mode
In the context of wireless networking, this refers to using a centralized authentication server such as RADIUS for authentication, instead of a pre-shared key (PSK).
Feistel Cipher
Feistel ciphers, also called Feistel networks, and Feistel functions are specific algorithm types developed originally by Horst Feistel and first used in DES. The process is to split the block of plain text into two halves. One half is put through a round function (repeated each round) and the other is not. Next the half that was not put through the round function is XOR'd with the output of the half that was put through the round function and the two are swapped. This process is repeated each round of the algorithm. DES, for example, goes for 16 rounds.
Hashing Algorithm
Function that takes a variable length string; and compresses and transforms it into a fixed length- output called a hash or message digest
What is key bit the 3DES is based on ?
It is a 168 bit encryption key
code barker attack used to identify Hitler messages
Known Plain Text attack
LSB
Least Significant Bit
LANMAN
Local Area Network Manager Prior to the release of Windows NT, Microsoft's operating systems used the LANMAN protocol for authentication. While functioning only as an authentication protocol, LANMAN used LM Hash and two DES keys. It was replaced by the NT LAN Manager (NTLM) with the release of Windows NT.
MAC
Message Authentication Code Message added to a hash to validate the integrity of the message
Birthday Attack
Method of code breaking technique that attacks on cryptographic hashes, based on something called the birthday theorem.
PBKDF2
Password-Based Key Derivation Function 2 part of PKCS #5 v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase along with Salt to produce a derived key.
PFS
Perfect forward secrecy occurs when the process of key exchange is unbreakable.
PRNG
Pseudo Random Number Generator (PRNG) is an algorithm that generates a sequence of numbers that seems random but is actually completely predictable.
RIPEMD
RACE Integrity Primitives Evaluation Message Digest There were questions regarding its security, and it has been replaced by RIPEMD-160, which uses 160 bits. There are versions in existence that use 256 and 320 bits (RIPEMD-256 and RIPEMD-320, espectively), but all versions of RIPEMD remain.
Downgrade Attack
The idea is to trick the user into shifting to a less secure version of the protocol, one that might be easier to break. used normally in secure communications such as TLS
Function of the public key in an asymmetric algorithm
The receiver uses the private key to decrypt the message
Replay Attack
When a user sends their login information, even if it is encrypted, the attacker captures it and later sends the same information. The user never decrypted that login information; they simply replayed it.
Collision
When two different inputs into a cryptographic hash produce the same output, this is known as a collision.
Vigenère cipher (Vee-zha-nair)
a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword.
Transposition Cipher
involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled.
Substitution Cipher
is a type of coding or ciphering system that changes one character or symbol into another.
PSK
preshared key Mode where the client and the wireless access point must negotiate and share a key prior to initiating communications.
Symmetric Algorithms
require both the sender and receiver of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected
Atbash
reverse the order of the letters of the alphabet. This is, by modern standards, a very primitive and easy-to-break cipher. For example, in English: A becomes Z, B becomes Y, C becomes X, and so forth.
GOST
symmetric cipher developed in the old Soviet Union that has been modified to work as a hash function. GOST processes a variable-length message into a fixed-length output of 256 bits.
Cryptographic System
system, method, or process that is used to provide encryption and decryption. It may be a hardware, software, or manually performed process
Steganography
the art and science of hiding information by embedding messages within other, seemingly harmless messages
Cryptology
the science of interpreting secret writings, codes, ciphers, and the like
Cryptanalysis
the study and practice of finding weaknesses in ciphers
What are the two approaches with Key Exchange?
+ In-band key exchange + out-ofband key exchange.
What are the 3 major areas of modern Cryptography
+ Symmetric cryptography + Asymmetric cryptography + Hashing algorithms
List common code breaking techniques
+Brute Force +Frequency Analysis +Known Plain Text +Chosen Plain Text +Related Key Attack +Birthday Attack +Downgrade Attack +Replay Attack +Dictionary attack
Methods of "key Stretching"
+PBKDF2 +Bcrypt
List of the two variations of ECC
1. Elliptic Curve Diffie-Hellman (ECC-DH) 2. Elliptic Curve Digital Signature Algorithm (ECC-DSA)
List the Improvements caused by CBC
1. Introduces more diffusion 2. Makes known plaintext attacks tottally ineffective
Three key characteristics of a hashing function
1. It must be one-way. This means that it is not reversible. Once you hash something, you cannot un-hash it. 2. Variable-length input produces fixed-length output. This means that whether you hash two characters or two million, the hash size is the same. 3. The algorithm must have few or no collisions. This means that hashing two different inputs does not give the same output.
What are the uses for PRNG?
1. Produces better random numbers used for cipher keys 2. Generates IVs
Name of the two keys used by the asymmetric algorithms
1. Public key 2. Private key
List of the four asymmetric systems used today
1. RSA 2. Diffie-Hellman Key Exchange 3. ECC 4. ElGamal
Why are OTPs completely secure?
1. They use a key that is as long as a plain-text message. This means that there is no pattern in the key application for an attacker to use. 2. One-time pad keys are used only once and then discarded.
What are 2 issues with Symmetric cipher?
1. latency refers to the difference between the time you input plain text and the time get out cipher text. You might think that it would be good simply to keep churning away at input, scrambling it more and more. However, low latency is a goal of any cipher. This is particularly important in low-power devices. The longer it takes to encrypt data, the more power is consumed. 2. High resiliency The concern is various rather advanced attacks that can "leak" a portion of the secret key, such as with side-channel attacks. The nature of these attacks is beyond the scope of this text. Nonetheless, the concept of high resiliency is that algorithms that are resilient are less prone to leaking bits of data.
Value produced by the SHA
160-bit Hash Value
Value produced by the SHA-2
224, 256, 334, and 512 bit. SHA-2 is the most widely used
Diffusion
A symmetric cipher where a change in a single bit of input changes more than one bit of the output
Confusion
A symmetric cipher where the relationship between the plain text, cipher text, and key are very difficult to see
Rainbow Table
A table of precomputed hashes used to guess passwords by searching for the hash of a password.
Caesar cipher
A technique for encryption that shifts the alphabet by some number of characters. Here is an example: I will pass the Security plus test. If you shift each letter three to the right, you get the following: L zloo sdvv wkh Vhfxulwb soxv whvw.
AES
Advanced Encryption Standard (AES) Replaced DES as the current standard, and it uses the Rijndael algorithm. AES is the current product used by U.S. governmental agencies. It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
ElGamal
An asymmetric algorithm, and several variations of ElGamal have been created, including Elliptic Curve ElGamal. ElGamal and related algorithms use what is called an ephemeral key. An ephemeral key is simply a key that exists only for that session. Essentially, the algorithm creates a key
Symmetric Cipher
Any cryptographic algorithm that uses the same key to encrypt and decrypt. DES, AES, and Blowfish are examples.
The Enigma machine was created by German engineer _____________ by the end of _______________
Arthur Scherbius, World War I
CAST
Carlisle Adams and Stafford Tavares (CAST) encryption algorithm used in some products offered by Microsoft and IBM. CAST uses a 40-bit to 128-bit key, and it's very fast and efficient. Two additional versions, CAST-128 and CAST-256, also exist.
CHAP
Challenge Handshake Authentication Protocol (CHAP) is a challenge-response authentication protocol which uses MD5 hashing, that periodically re authenticates
CTM or CTR
Counter Mode Used to convert a block cipher into a stream cipher. It basically works by generating a keystream block by encrypting sequential values of some counter.
ECC
Elliptic Curve Cryptography Provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security. ECC encryption systems are based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems. Many vendors have implemented, or are implementing, the ECC system for security. The National Security Agency has also recommended several implementations of ECC. You can expect that ECC will be commonly implemented in mobile devices in the near future.
In-band key exchange
Encryption key is exchanged between parties as part of the communication
Blowfish Encryption
Encryption that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).
GCM
Galois Counter Mode A mode of operation used for encryption. It combines the Counter (CTM) mode with hashing techniques for data authenticity and confidentiality. In normal counter mode, each block is encrypted with a cipher in a sequential manner to produce a stream cipher.
GOST
Gosudarstvennyy (GOST) It was classified but released to the public in 1994. It uses a 64-bit block and a key of 256 bits. It is a 32-round Feistel cipher. The official designation is GOST 28147-89. It was meant as an alternative to the U.S. DES algorithm and has some similarities to DES.
Exclusive OR (XOR)
If one and only one, of the bits has the value of 1 then the result is 1. Else result value is 0 0+0=0 0+1=1 1+0=1 1+1=0
LSB method
If you changed the very last bit (the least significant bit in each byte), then that would not make a noticeable change in the image. In other words, you could not tell that anything had been changed. Using this fact, you can store data by putting it in the least significant bits of an image file.
IV
Initialization vector Provides randomization of encryption keys to help ensure that keys are not reused. WEP was susceptible to IV attacks because it used relatively small IVs. In an IV attack, the attacker uses packet injection, increasing the number of packets to analyze, and discovers the encryption key.
MD5
MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security. Its biggest weakness is that it does not have strong collision resistance, and thus it is no longer recommended for use. SHA (1 or 2) are the recommended alternatives.
MDA
Message Digest Algorithm Creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2. MD4 was used by NTLM to compute the NT Hash.
Dictionary Attack
Method of code breaking technique that involves attempting common words that might be used as a password, hoping one will work.
Frequency Analysis attack
Method of code breaking technique that involves looking at the blocks of an encrypted message to determine any patterns
Known Plain Text attack
Method of code breaking technique that involves the attacker having pairs of known plain text along with the corresponding cipher text. This gives the attacker a place to start attempting to derive the key.
Brute Force attack
Method of code breaking technique that involves trying every possible key
NTLM
Network LAN Manager Uses MD4/MD5 hashing algorithms. Several versions of this protocol exist (NTLMv1, NTLMv2), and it is still in widespread use despite the fact that Microsoft has pointed to Kerberos as being its preferred authentication protocol.
Collision
Occurs when two different inputs to a hashing algorithm produce the same output.
What is RC4 recognized for?
RC4 is popular with wireless and WEP/WPA encryption. It is a streaming cipher that works with key sizes between 40 and 2,048 bits, and it is used in SSL and TLS. It is also popular with utilities used for downloading BitTorrent files, since many providers limit the download of these. By using RC4 to obfuscate the header and the stream, it makes it more difficult for the service provider to realize that they are indeed BitTorrent files being moved about.
Symmetric Key
Referred to as a secret key or private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system
Key stretching
Refers to processes used to take a key that might be a bit weak and make it stronger, usually by making it longer
Security through obscurity
Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security practices.
RSA Encryption
Rivest-Shamir-Adleman (RSA) is the most common internet encryption and authentication system. The system used an algorithm that involves multiplying two large prime numbers to generate a public key, used to encrypt data and decrypt an authentication, and a private key, used to decrypt the data and encrypt an authentication. This symmetric Key of a minimum length of 2,048 bits.
RSA
Ron Rivest, Adi Shamir, and Leonard Adleman The RSA algorithm is an early public key encryption system that uses large integers as the basis for the process. It's widely implemented, and it has become a de-facto standard. RSA works with both encryption and digital signatures
RC
Ron's Cipher (RC) Is an encryption family produced by RSA laboratories. RC stands for Ron's Cipher or Ron's Code. (Ron Rivest is the author of this algorithm.) The current levels are RC4, RC5, and RC6. RC5 uses a key size of up to 2,048 bits. It's considered to be a strong system.
SHA
Secure Hash Algorithm Designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol.
Out-of-band key exchange
Some other channel that is going to be secured, is used to exchange the key.
X.509
The X.509 standard is the most widely used standard for digital certificates.
Function of the public key in an asymmetric algorithm
The sender uses a public key to encrypt the message
Related Key Attack
This is like a chosen plain-text attack, except the attacker can obtain cipher texts encrypted under two different keys.
ROT13
This simple algorithm rotates every letter 13 places in the alphabet. Thus an A becomes an N, a B becomes an O, and so forth. The same rotation of 13 letters that is used to encrypt the message is also used to decrypt the message.
3DES
Triple Digital Encryption Standard A symmetric algorithm used to encrypt data and provide confidentiality. It was originally designed as a replacement for DES. It uses multiple keys and multiple passes and is not as efficient as AES, but is still used in some applications, such as when hardware doesn't support AES.
Towfish Encryption
Twofish is quite similar to blowfish, and it works on 128-bit blocks. The distinctive feature of the latter is that it has a complex key schedule.
Bcrypt
Used with passwords, and it essentially uses a derivation of the Blowfish algorithm converted to a hashing algorithm to hash a password and add Salt to it.
Ciphering
is the process of using a cipher to do that type of scrambling to a message.
Cryptography
is the science of altering information so that it cannot be decoded without a key