Ch. 6- Encryption- lecture, ebook and quiz

Name the 4 hashing methods:

- Secure Hash Algorithm (SHA) - MD5 - RACE Integrity Primitives Evaluation Message Digest (RIPEMD) - HAVAL

Binary Operations AND - This operation states that 1 + 1 = _ OR - There must be a 1 in either of the numbers to result in _ for that position XOR - If a position has 1 in one number but not the other, then the result is _

1 1 1

Factors to consider when selecting a block cipher 1. large amounts of data: __ is almost as important as __ 2. standard business data: __ accepted encryption method should be secure enough, and you can focus on things such as __ length and __ in your decision-making process. However, if you are sending highly sensitive data, such as research or military data, you should be more concerned about __, regardless of speed.

1. speed security 2. any key speed security

Name the 3 Single-Alphabet Substitution methods of early encryption

1. Caesar Cipher 2. ROT 13 3. Atbash Cipher

Name the 4 early substitution ciphers

1. Caesar cipher 2. ROT 13 3. Atbash cipher 4. Vigenère cipher

Name the two widely used key stretching algorithms:

1. PBKDF2 (Password-Based Key Derivation Function 2) 2. bcrypt

In selecting a block cipher, there's no single answer. Factors to consider: 1. __ of data to be encrypted 2. __ of data 3. Whether __ __ keys are needed

1. amount 2. sensitivity 3. Variable length

Windows password hashing methodology: 1. Windows __ the password 2. Stores the hash in the ___ file in Windows System Directory 3. When you log in, Windows takes the password you type in, __ it, and compare the result to what's in the __ file -- If they match, you can __ __

1. hashes 2. SAM (Security Accounts Manager) 3. hash SAM log in

PRNG properties: 1. Uncorrelated sequences: You cannot take a given stretch of numbers (say 16 bits) and use it to __ subsequent bits. 2. Long period: Ideally, the series of digits (usually bits) should never have any repeating __, it happens though. The __ (in digits or bits) between repetitions is the period. The __ the period the better. 3. Uniformity: Usually represented in _ format. There should be an _ number of 1s and 0s, but no pattern needed. The __ of random numbers should be uniform and unbiased.

1. predict 2. patterns distance longer 3. binary equal sequence

With AES: For 128-bit keys, there are __ rounds. For 192-bit keys, there are __ rounds. For 256-bit keys, there are __ rounds.

10 12 14

The AES encryption scheme uses a total of 52 16-bit sub-keys. These are generated from the ___-__ ___-__ with the following procedure: 1. The 128-bit key is split into __ 16-bit keys, which are the first sub-keys. 2. The digits are shifted 25 bits to the left to make a new key, which is then split into the next eight 16-bit sub-keys. 3. The second step is repeated until the 52 sub-keys have been generated.

128-bit sub key 8

Fiestel method (for each round) 1. divide a x-bit block into _ halves (data block and subkey) 2. apply the __ function to the data half to be encrypted, 3. that output is __ with the subkey half

2 round XORed

The 2 truncated versions of each SHA-2 standard are known as SHA-__ and SHA-___.

224 384

SHA-2: This is actually two similar hash functions, with different block sizes, known as SHA-___ and SHA-___. They differ in the _ size; - SHA-___ uses 32-byte (256 bits) words - SHA-___ uses 64-byte (512 bits) words. These were also designed by the NSA.

256 512 word 256 512

Factors to consider when selecting a block cipher 3. __ __ keys are important only if you __ them. If you have some encryption products used inside the United States and some outside, then at least __ lengths are needed. 4. If you have some data you want more strongly encrypted even if it means slower speed, and other data that needs to be fast but not as secure, then a __ __ key is also important

3. Variable-length need two 4. variable-length

AES encryption consists of __ rounds of encrypting.

8

Which encryption cipher is this? - you reverse the alphabet - a becomes z, and so on

Atbash cipher

Name the 5 Early Methods of Encryption

Binary Operations Single-Alphabet Substitution/Mono-alphabetic Multi-Alphabet Substitution/Polyalphabetic Enigma Rail Fence Vigenère (B-SMERV) ?

The Naval Enigma machine was eventually cracked by __ cryptographers working at the now famous Bletchley Park Many say this shortened WW__ by 2 years.

British II

Which encryption cipher is this? choose a number and shift each letter of a text x places left or right

Caesar cipher 2 most common words are "a" and "the"

Advantages of __ - efficiency - complexity with which is scrambles the text

DES

Name 6 symmetric encryption methods: D__ B_______ A__ __ __ __ __ T______ S______

DES Blowfish AES International Data Encryption Algorithm (IDEA) Twofish Serpent (D-BAITS) acronym

By key size comparison from smallest to potential largest, - __ keys are 56 bits long - __ uses a 128 bit key - __ specifies three key sizes: 128, 192, and 256 bits. - __ allows three sizes: 128, 192, and 256 bits - __ allows varying key lengths from 32 to 448 bits.

DES IDEA AES Twofish Blowfish

By block size comparison from smallest to largest, - __ uses a 56-bit cipher key applied to a 64-bit block -__ works on 64-bit blocks of data 2 at a time - __ uses varying keys with a 128-bit block size

DES IDEA Twofish

Fiestel ciphers?

DES Twofish Blowfish

Disadvantages of __ - how do you transmit the key without becoming compromised? --led to developing __ __ encryption - no longer used because the __ _ __ isn't adequate against brute force attacks

DES public key short key size

Probably the most well known asymmetric algorithm is __, which was the __ to be publicly described. This cryptographic protocol allows two parties to establish a shared key over an __ channel. In other words, it's often used to allow parties to exchange a __ key through some unsecure medium, such as the Internet. It was developed by Whitfield Diffie and Martin Hellman in 1976

Diffie-Hellman first insecure symmetric

__ is described in U.S. Patent 5,231,668, filed July 26, 1991, and attributed to David W. Kravitz. It was adopted by the U.S. government in 1993 with FIPS 186. Although any asymmetric algorithm can be used for __ __, this algorithm was designed for that purpose.

Digital Signature Algorithm (DSA) digital signatures

__ is based on the Diffie-Hellman key exchange algorithm. It was first described by Taher Elgamal in 1984. It is used in some versions of Pretty Good Privacy (PGP).

ElGamal

The __ algorithm security is based on the fact that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is difficult to the point of being impractical to do. It was first described in 1985 by Victor Miller (IBM) and Neil Koblitz (University of Washington).

Elliptic Curve

Twofish is a __ cipher that uses a 128-bit block size and key sizes of __, __, and __ bits. It also has __ rounds, like DES.

Feistel 128, 192, and 256 bits 16

DES's overall structure, called a __ network or __ cipher is the basis for many algorithms still used today, such as Blowfish. The __ cipher, DES, was used for its successor __

Feistel, Feistel Rijndael AES

What is this process called? Takes a variable-size input m and returns a fixed-size string value

Hashing

SHA-1: This 160-bit hash function resembles the __ algorithm. This was designed by the National Security Agency (NSA) to be part of the __ __ Algorithm.

MD5 Digital Signature

Like ElGamal, __ is a protocol for key agreement that is based on Diffie-Hellman. It was first proposed by Menezes, Qu, and Vanstone in 1995 and then modified in 1998. It's incorporated in the public key standard __ P1363.

MQV (Menezes-Qu-Vanstone) IEEE

Differences in mono-alphabetic and multi-alphabet substitution. Mono: - __ letter is substituted for one other letter - drawback: if you find a substitution letter for one, you find them for them for __ __ in that message Multi: - you select __ letters by which to shift letters - __ secure than single substitution **both can be cracked easily and are not acceptable for modern use

Mono: - one - all letters Multi: - multiple - more

__ has endorsed ECC (Elliptic Curve Cryptography) by including schemes based on it in its Suite B set of recommended algorithms and allows their use for protecting information classified up to __ __ with 384-bit keys

NSA top secret

MD5 is a 128-bit hash specified by RFC 1321. Designed by Ron Rivest in 1991 to replace MD4. Flaw found, other algorithms recommended. Biggest flaw: __ __ __ Also, can't produce hashes of different __

Not collision resistant lengths

Symmetric ciphers need a cipher key; The __ process ___ these keys

Pseudo-Random Number Generators (PRNG) generates

Which encryption cipher is this? all characters are rotated 13 places through the alphabet

ROT 13

Name the 6 Public Key Encryption Methods Hint: use acronym

RSA ElGamal Elliptic Curve Diffie-Hellman Digital Signature Algorithm (DSA) MQV (REED-DM)

This describes what cipher? Encrypt: 1. Write each letter of a message on a different row 2. Write down the text reading from left to right (2 cols into 1) Decrypt: 1. Write text out in rows 2. Reconstruct original message Can use as many rows as you wish

Rail Fence Example with 2 rows: Attack at dawn A t c a d w t a k t a n atcadwtaktan A t c a d w t a k t a n Attack at dawn

Advanced Encryption Standard (AES) 1. Uses __ algorithm 2. __ cipher 3. Specifies three key sizes: ___, ___, and ___ bits

Rijndael Block 128, 192, and 256

RSA- history behind __, __, and __ created in 1977 RSA= first letter of each last name

Rivest, Shamir, and Adleman

___ provides the following hashing advantages: 1. complicates __ attacks that use pre-encryption of __ entries 2. effective against __ __ attacks For best security, the salt value is kept __, __ from the password database/file.

Salting dictionary, dictionary rainbow table secret, separate

Most widely used hashing method?

Secure Hash Algorithm (SHA)

The __ algorithm was submitted to the AES competition but not selected due to its performance being __ than AES. However, since the AES competition, computational power has increased dramatically, leading some experts to reconsider use. - invented by Ross Anderson, Eli Biham, and Lars Knudsen.

Serpent slower

__ encryption is where the same key is used to encrypt and decrypt the plaintext

Symmetric

Name 5 Modern Encryption Methods __ Encryption __ Stretching P____ __ __ Encryption Digital ___

Symmetric Encryption Key Stretching PRNG Public Key Encryption Digital Signatures

T or F? Single-Alphabet Substitution = Mono-alphabetic Substitution Multi-Alphabet Substitution = Polyalphabetic Substitution

T

A __ __ is using asymmetric cryptography, in reverse order. They can verify who __ the message Some part of the message is encrypted or signed with the user's __ key Any recipient can verify the signature using the sender's __ key

digital signature sent private public

A public key infrastructure (PKI) __ digital certificates. This is a network of trusted __ servers that serves as the infrastructure for distributing digital certificates that contain public keys. A PKI is an arrangement that binds __ keys with respective __ identities by means of a CA.

distributes CA public user

DES (Data Encryption Standard)- simplified concept 1. Data is __ into __-__ blocks and transposed 2. Transposed data is then sent through a series of steps, manipulated by __ rounds of encryption involving substitutions, bit-shifting, and logical operations using a __-__ cipher __. 3. Finally __ one last time

divided, 64-bit 16 56-bit cipher key transposed

Substitution ciphers: __ __ in the encrypted message is substituted by __ __ in the encrypted text

each character one character

Public keys are widely distributed. Getting someone's public key is fairly __ to do. Public keys are also needed to verify a __ __. As to how public keys are distributed, probably the most common way is through __ __.

easy digital signature digital certificates

You can freely distribute your public key so that anyone can __ a message to send to you, but only you have the private key and only you can __ the message

encrypt decrypt

For DES there is actually a 64-bit key, but one bit of every byte is used for __ __, leaving 56 bits for actual key __. DES is a __ cipher with 16 rounds and a 48-bit round key for each round. DES's general functionality follows the Feistel method of dividing the 64-bit block into two halves, applying the __ function to one half, then __ that output with the other half.

error detection operations Feistel round XORing

X.509 is an international standard for the __ and __ contained in a digital certificate. It's the most widely used type of digital certificate in the __

format information world

PBKDF2 (Password-Based Key Derivation Function 2) is part of PKCS #5 v. 2.01. It applies some __ (like a __ or HMAC) to the password or __ along with __ produce a derived key.

function hash passphrase salt

Other applications of _: - in computer forensics, __ a drive before investigating -- laster __ again to see if anything changed

hashing

The German Federal Office for Information Security (BSI) has established four criteria for quality of PSNGs: K1: A sequence of numbers with a low probability of containing __ consecutive elements. K2: A sequence of numbers that is __ from "true random" numbers according to specified statistical tests. K3: It should be impossible for any attacker to calculate, or otherwise guess, from any given sub-__, or from any __ or __ values in the sequence. K4: It should be impossible for an attacker to calculate, or guess from an inner __ of the generator, any __ numbers in the sequence or any __ inner generator states.

identical indistinguishable sequence previous or future state previous previous

Concept of encryption: Messages must be changed in such a way that they cannot be read easily by any party that intercepts them but can be decoded easily by the __ __

intended recipient

A certificate authority __ digital certificates. The primary role of the CA is to __ __ and __ the public key bound to a given user. It is an entity trusted by one or more users to __ certificates.

issues digitally sign publish manage

It is sometimes necessary to lengthen a key to make it stronger. This process is often called __ __ The key is put through an algorithm that will __ it, or make it longer.

key stretching. stretch

Advantages of RSA public key encryption method, so no concerns with distributing __ for encryption RSA has become a popular, __ used encryption method. It is considered quite secure and is often used in situations where a __ level of security is needed.

keys widely high

RSA is based on __ __ numbers. You might think, "Couldn't someone take the public key and use factoring to derive the private key?" Well, hypothetically, yes. However, factoring really large numbers into their prime factors is pretty difficult. No efficient algorithm exists for doing it. By "large numbers," we mean that RSA can use __-, 2048-, 4096-bit and larger keys. Of course, if anyone ever invents an efficient algorithm that will factor a large number into its prime factors, RSA would be dead.

large prime 1024

The Enigma is not a single machine but rather a family of __. The first version was invented by German engineer Arthur Scherbius near the end of World War I. It was used by several different militaries, not just the Nazi Germans.

machines

History of encryption: - Originally used in __ communications - Initially associated with __ communications - Evolved to include telephone, radio, Internet/computer communications

military written

multi-alphabet substitution (also called polyalphabetic substitution). -you select _ __ by which to shift letters (that is, __ __ alphabets).

multiple numbers multiple substitution For example, if you select three substitution alphabets (12, 22, 13), then "A CAT" becomes "C ADV" ? 12 = right 2 22 = left 2 13 = right 3

Characteristics: 1. Hashing is __; you cannot un-hash something 2. Hashing is how __ stores passwords 3. Hashing is __-free; -- 2 different input values don't produce the same output

one-way Windows collision

brcypt is used with __, and uses a derivation of the __ algorithm, which is converted to a hashing algorithm to __ a password and add a __ to it.

passwords Blowfish hash salt

You can think of the Enigma as a sort of mechanical __ cipher. The operator of the Enigma machine would be given a message in __ and then type that message into Enigma. For each letter that was typed in, Enigma would provide a different ciphertext based on a different substitution alphabet. The recipient would type in the __, getting out the plaintext, provided both Enigma machines had the same __ settings.

polyalphabetic plaintext ciphertext rotor

Having a secure system using less well-known or even new encryption methods is __. All the widely used methods of today were once new and untested. However, taking extra __ to ensure that you are not being misled when using a less well-known method is necessary.

possible precautions

The digital certificate contains a __ key and some means to verify __ public key it is. Therefore, it's a digital document that contains a __ key signed by a trusted third party, a __

public whose public Certificate Authority (CA)

The __ __ cipher may be the most widely known transposition cipher. You take the message you wish to encrypt and alter each letter on a __ __

rail fence different row.

PRNG are "__ enough" Three desired properties 1. __ sequences 2. Long __ 3. __

random 1. Uncorrelated 2. period 3. Uniformity

In relationship to hashing, salt is the __ __ used as one of the __ to the hash. ---intermixed with the message to be hashed The hashing value returned is called the hash __ h or the __

random bits inputs value digest

No matter how secure the network is, if the data is not encrypted at __ or during __, then that data is vulnerable

rest transmission

XORing has a an interesting property in that it is __. If you XOR the resultant number with the second number, you get back the first number. And, if you XOR the resultant number with the first number, you get the second number.

reversible

The core of the Enigma machine was the __, or disks, that were arranged in a circle with __ __ on them. Each rotor represented a different __ substitution cipher.

rotors 26 letters single

PGP offers digital __, __ encryption, and __ encryption.

signatures asymmetric symmetric

Public key encryption is essentially the opposite of __-key encryption. A public key is used to __ a message and private key is used to __ the message.

single encrypt decrypt

Public key encryption is __ than symmetric ciphers

slower

The level of security afforded by an RSA-based system with a large modulus can be achieved with a much __ elliptic curve group. There are actually several ECC algorithms. There is an ECC version of __, an ECC version of __, and many others.

smaller Diffie-Hellman DSA

A round key is just a __ __ that is derived from the __ __ each round, according to a key schedule algorithm.

sub key cipher key

Blowfish is a __ __ cipher - works on "blocks" of the message at a time. - uses a variable-length key ranging from __ to ___ bits. - This flexibility in key size allows you to use it in various situations. - Cost: __

symmetric block 32 to 448 free

Pretty Good Privacy (PGP) is not a specific encryption algorithm, but rather a __. It is often found in __ clients.

system e-mail

Identifying Good Encryption Be suspicious of encryption methods that: 1. Are advertised as ___ 2. Are advertised as __ 3. Are put forth by __ vendors No guaranteed way exists to detect fraud.

unbreakable certified inexperienced

A registration authority (RA) is often used to take the burden off of a CA by handling __ prior to certificates being issued. RAs act as a proxy between users and CAs. RAs receive a request, ___ it, and forward it to the CA.

verification authenticate

__ was one of the five finalists of the AES contest It is related to the block cipher __, Bruce Schneier also was part of the team that worked on this algorithm.

Twofish Blowfish

What are the two algorithms that are in the public domain and can be used without restrictions by anyone who wishes to use it? And why?

Twofish and Blowfish they're not patented

One of the most widely known early multi-alphabet ciphers was the __ cipher. - a method of encrypting alphabetic text using a series of different mono-alphabet ciphers selected based on the letters of a __. - invented in 1553 by Giovan Battista Bellaso, not Vigenère.

Vigenère keyword

In general, __ ciphers are slower than __ ciphers.

asymmetric symmetric

International Data Encryption Algorithm (IDEA) is another __ cipher. This algorithm works with __-bit blocks of data, __ at a time and uses a __-bit key. The procedure uses sub-keys generated from the key to carry out a series of modular arithmetic and XOR operations on segments of the 64-bit plaintext block.

block 64- bit blocks 2 128-bit key

PGP uses its own __ format. The main difference, however, is that PGP certificates are __-generated. They are not generated by any __.

certificate self CA

What if a certificate is expired, or revoked? A __ __ __ is a list of certificates that have been revoked for one reason or another. __ __ publish their own certificate revocation lists. A newer method for verifying certificates is Online Certificate Status Protocol (OSCP), a real-time protocol for verifying certificates.

certificate revocation list (CRL) Certificate authorities (CAs)

Secure Hash Algorithm (SHA) hashing method - all versions are secure and __ free - versions: __ __ and __

collision SHA-1, SHA-2, SHA-3

A digital signature is not used to ensure the __ of a message, but rather to guarantee who sent the message. This is referred to as ___.

confidentiality non-repudiation

Polish cryptanalysts Marian Rejewski, Jerzy Rozycki, and Henryk Zygalski: - reverse engineered a working Enigma machine and - used that information to - develop tools for breaking Enigma ciphers, including one tool named the __ __.

cryptologic bomb

The size of the elliptic curve determines the __ of the finding the algorithm, and thus the __ of the implementation.

difficulty security