Conklin Sec+ Ch. 27
Describe CBC
Cipher Block Chaining (CBC) is a block mode where each block is XORed with the previous ciphertext block before being encrypted. To obfuscate the first block, an initialization vector (IV) is XORed with the first block before encryption. CBC is one of the most common modes used, but it has two major weaknesses. First, because there is a dependence on previous blocks, the algorithm cannot be parallelized for speed and efficiency. Second, because of the nature of the chaining, a plaintext block can be recovered from two adjacent blocks of ciphertext. An example of this is in the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. This type of padding attack works because a one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext, and inverts the corresponding bit in the following block of plaintext, but the rest of the blocks remain intact.
Galois Counter Mode (GCM) is an extension of CTM with the addition of
a Galois mode of authentication. Galois fields are a mathematical representation that has significant utility in practical encoding. The addition of a Galois mode adds an authentication function to the cipher mode. Because the Galois field used in the process can be parallelized, GCM provides an efficient method of adding this capability. GCM is employed in many international standards, including IEEE 802.1ad and 802.1AE. NIST recognized AES-GCM, as well as GCM and GMAC.
At one time, SHA-1 was one of the more secure hash functions, but it has been found vulnerable to
a collision attack.
Describe DSA
A digital signature is a cryptographic implementation designed to demonstrate authenticity and identity associated with a message. Using public key cryptography, the digital signature algorithm (DSA) allows traceability to the person signing the message through the use of their private key. The addition of hash codes allows for the assurance of integrity of the message as well. The operation of a digital signature is a combination of cryptographic elements to achieve a desired outcome. The steps involved in digital signature generation and use are illustrated in Chapter 26.
RIPEMD hash size
It originally provided a 128-bit hash and was later shown to have problems with collisions. RIPEMD was strengthened to a 160-bit hash known as RIPEMD-160 by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel.
In reality, this technique is less effective than the technique that 3DES uses, which is to encrypt with one key, then decrypt with a second, and then encrypt with a third. This greatly increases the number of attempts needed to retrieve the key and is a significant enhancement of security. The additional security comes with a price, however:
. It can take up to three times longer to compute 3DES than to compute DES. However, the advances in memory and processing power in today's electronics make this problem irrelevant in all devices except for very small, low power devices.
Twofish block size
128 bits
AES has three different standard key sizes:
128, 192, and 256,
SHA1 hash size
160 bit
Blowfish key size
32 - 448 bits
Blowfish block size
64 bits
RC4 can use a key length of
8 to 2048 bits, though the most common versions use 128-bit keys.
What has made the PGP standard popular for so long? A. Its flexible use of both symmetric and asymmetric algorithmsB. Simple trust modelC. The ability to run on any platformD. The peer-reviewed algorithms
A. Pretty Good Privacy (PGP) is a popular standard because of its use of both symmetric and asymmetric algorithms when best suited to the type of encryption being done.
In 2012, the __ hash function won the NIST competition and was chosen as the basis for the SHA-3 method.
Keccak
Describe DH Groups
Diffie-Hellman (DH) groups determine the strength of the key used in the key exchange process. Higher group numbers are more secure, but require additional time to compute the key. DH group 1 consists of a 768-bit key, group 2 consists of a 1024-bit key, and group 5 comes with a 1536-bit key. Higher number groups are also supported, with correspondingly longer keys.
Why are hash collisions bad for malware prevention? A. Malware could corrupt the hash algorithm. B. Two different programs with the same hash could allow malware to be undetected. C. The hashed passwords would be exposed. D. The hashes are encrypted and cannot change.
B
Blowfish was designed in 1994 by
Bruce Schneier.
A colleague who is performing a rewrite of a custom application that was using 3DES encryption asks you how 3DES can be more secure than the DES it is based on. What is your response? A. 3DES uses a key that's three times longer. B. 3DES loops through the DES algorithm three times, with different keys each time. C. 3DES uses transposition versus the substitution used in DES. D. 3DES is no more secure than DES.
B. 3DES can be more secure because it loops through the DES algorithm three times, with a different key each time: encrypt with key 1, decrypt with key 2, and then encrypt with key 3.
Hashing is most commonly used for which of the following?A. Digital signaturesB. Secure storage of passwords for authenticationC. Key management D. Block cipher algorithm padding
B. Hashing is most commonly used to securely store passwords on systems so that users can authenticate to the system.
Two common forms of key stretching employed in use today include: (describe)
BCRYPT and Password-Based Key Derivation Function 2. BCRYPT is a key-stretching mechanism that uses the Blowfish cipher and salting, and adds an adaptive function to increase the number of iterations. The result is the same as other key-stretching mechanisms (single use is computationally feasible), but when attempting to brute force the function, the billions of attempts make it computationally unfeasible. Password-Based Key Derivation Function 2 (PBKDF2) is a key derivation function designed to produce a key derived from a password. This function uses a password or passphrase and a salt and applies an HMAC to the input thousands of times. The repetition makes brute force attacks computationally unfeasible.
Describe BCRYPT
BCRYPT is a key-stretching mechanism that uses the Blowfish cipher and salting, and adds an adaptive function to increase the number of iterations. The result is the same as other key-stretching mechanisms (single use is computationally feasible), but when attempting to brute force the function, the billions of attempts make it computationally unfeasible.
BCRYPT is a key-stretching mechanism that uses the __ cipher and __, and adds an adaptive function to increase the number of iterations.
Blowfish; salting
What is a key consideration when implementing an RC4 cipher system?A. Key entropyB. External integrity checksC. Checks for weak keys D. Secure key exchange
C. As RC4 is susceptible to weak keys, one key in 256 is considered weak and should not be utilized. Any implementation should have a check for weak keys as part of the protocol.
Why would you use PBKDF2 as part of your encryption architecture? A. To use the speed of the crypto subsystems built into modern CPUsB. To increase the number of rounds a symmetric cipher has to performC. To stretch passwords into secure-length keys appropriate for encryptionD. To add hash-based message integrity to a message authentication code
C. PBKDF2 is a key stretching algorithm that stretches a password into a key of suitable length by adding a salt and then performing an HMAC to the input thousands of times.
Your organization wants to deploy a new encryption system that will protect the majority of data with a symmetric cipher of at least 256 bits in strength. What is the best choice of cipher for large amounts of data at rest? A. RC4B. 3DESC. AESD. Twofish
C. The most likely utilized cipher is AES. It can be run at 128-, 192-, and 256-bit strengths and is considered the gold standard of current symmetric ciphers, with no known attacks, and is computationally efficient.
What cipher mode is potentially vulnerable to a POODLE attack?
CBC
EXAM TIP: __ and __ are considered to be secure and are the most widely used modes.
CBC; CTM/CTR
CTM is also abbreviated __ in some circles.
CTR
Describe CTM/CTR
Counter Mode (CTM) uses a "counter" function to generate a nonce that is used for each block encryption. The sequence of operations is to take the counter function value (nonce), encrypt using the key, then XOR with plaintext. Each block can be done independently, resulting in the ability to multithread the processing. CTM is also abbreviated CTR in some circles.
Common symmetric algorithms are (6)
DES, 3DES, AES, Blowfish, Twofish, and RC4
Describe ECB
Electronic Code Book (ECB) is the simplest mode operation of all. The message to be encrypted is divided into blocks, and each block is encrypted separately. This has several major issues, most notable of which is that identical blocks yield identical encrypted blocks, telling the attacker that the blocks are identical. ECB is not recommended for use in cryptographic protocols.
the previous ciphertext block before being encrypted. To obfuscate the first block, an initialization vector (IV) is XORed with the first block before encryption. CBC is one of the most common modes used, but it has two major weaknesses:
First, because there is a dependence on previous blocks, the algorithm cannot be parallelized for speed and efficiency. Second, because of the nature of the chaining, a plaintext block can be recovered from two adjacent blocks of ciphertext. An example of this is in the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack. This type of padding attack works because a one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext, and inverts the corresponding bit in the following block of plaintext, but the rest of the blocks remain intact.
What cipher mode is used in the IEEE 802.1AE standard and recognized by NIST?
GCM
Describe GCM
Galois Counter Mode (GCM) is an extension of CTM with the addition of a Galois mode of authentication. Galois fields are a mathematical representation that has significant utility in practical encoding. The addition of a Galois mode adds an authentication function to the cipher mode. Because the Galois field used in the process can be parallelized, GCM provides an efficient method of adding this capability. GCM is employed in many international standards, including IEEE 802.1ad and 802.1AE. NIST recognized AES-GCM, as well as GCM and GMAC.
Describe HMAC
HMAC, or Hashed Message Authentication Code, is a special subset of hashing technology. Message authentication codes are used to determine if a message has changed during transmission. Using a hash function for message integrity is common practice for many communications. When you add a secret key and crypto function, the MAC becomes a HMAC and you also have the ability to determine authenticity in addition to integrity. Popular hash algorithms are Message Digest (MD5), the Secure Hash Algorithm (SHA) series, and the RIPEMD algorithms.
RIPEMD-160 is an algorithm based on __, but it uses two parallel channels with five rounds.
MD4
EXAM TIP: The commonly used hash functions in HMAC are (3)
MD5, SHA-1, and SHA-256. Although MD5 has been deprecated because of collision attacks, when used in the HMAC function, the attack methodology is not present and the hash function still stands as useful.
When you add a secret key and crypto function, the MAC becomes a HMAC and you also have the ability to determine authenticity in addition to integrity. Popular hash algorithms are (3)
Message Digest (MD5), the Secure Hash Algorithm (SHA) series, and the RIPEMD algorithms.
__ has now certified the Advanced Encryption Standard (AES) to replace DES.
NIST
Because of collision-based weaknesses in the SHA-1 and SHA-2 series,
NIST conducted a search for a new version, the result of which is known as SHA-3.
Gnu Privacy Guard (GPG), also called GnuPG, is an open source implementation of the __ standard.
OpenPGP
POODLE stands for
POODLE (Padding Oracle On Downgraded Legacy Encryption)
Cipher Block Chaining (CBC) is a block mode where each block is XORed with the previous ciphertext block before being encrypted. To obfuscate the first block, an initialization vector (IV) is XORed with the first block before encryption. CBC is one of the most common modes used, but it has two major weaknesses. First, because there is a dependence on previous blocks, the algorithm cannot be parallelized for speed and efficiency. Second, because of the nature of the chaining, a plaintext block can be recovered from two adjacent blocks of ciphertext. An example of this is in the __ attack.
POODLE (Padding Oracle On Downgraded Legacy Encryption) (This type of padding attack works because a one-bit change to the ciphertext causes complete corruption of the corresponding block of plaintext, and inverts the corresponding bit in the following block of plaintext, but the rest of the blocks remain intact.)
Describe PBKDF2
Password-Based Key Derivation Function 2 (PBKDF2) is a key derivation function designed to produce a key derived from a password. This function uses a password or passphrase and a salt and applies an HMAC to the input thousands of times. The repetition makes brute force attacks computationally unfeasible.
Describe RIPEMD
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) is a hashing function developed by the RACE Integrity Primitives Evaluation (RIPE) consortium. It originally provided a 128-bit hash and was later shown to have problems with collisions. RIPEMD was strengthened to a 160-bit hash known as RIPEMD-160 by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel.
RIPEMD-160 is an algorithm based on MD4, but it uses two parallel channels with five rounds. The output consists of five 32-bit words to make a 160-bit hash. There are also larger output extensions of the RIPEMD-160 algorithm. These extensions are: (2) While these offer larger output sizes, this does not make the hash function inherently stronger.
RIPEMD-256 and RIPEMD-320, offer outputs of 256 bits and 320 bits, respectively.
(5)__ are all popular asymmetric protocols.
RSA, DSA, Diffie-Hellman, elliptic curve cryptography (ECC), and PGP/GPG
Because of the advancement of technology and the progress being made in quickly retrieving DES keys, NIST put out a request for proposals (RFP) for a new Advanced Encryption Standard (AES). NIST called for a block cipher using symmetric key cryptography and supporting key sizes of 128, 192, and 256 bits. After evaluation, NIST had five finalists.... In the fall of 2000, NIST picked __ to be the new AES.
Rijndael
SHA-2 is a collective name for (4)
SHA-224, SHA-256, SHA-384, and SHA-512.
Diffie-Hellman, introduced in Chapter 26, is one of the most common encryption protocols in use today. It plays a role in the electronic key exchange method of the (3)(protocols) .
Secure Sockets Layer (SSL) and TLS protocols. It is also used by the Secure Shell (SSH) and IP Security (IPsec) protocols.
PGP is now a commercial enterprise encryption product offered by
Symantec.
Comment on PBKDF2 vulnerability to brute force
This function uses a password or passphrase and a salt and applies an HMAC to the input thousands of times. The repetition makes brute force attacks computationally unfeasible. (not vulnerable to it)
EXAM TIP: RC4 is the most widely used stream cipher and is used in popular protocols such as (2)
Transport Layer Security (TLS) and Wi-Fi Protected Access (WPA).
Password-Based Key Derivation Function 2 (PBKDF2) is a key derivation function designed to produce a key derived from a password. This function uses (describe process)
a password or passphrase and a salt and applies an HMAC to the input thousands of times. The repetition makes brute force attacks computationally unfeasible.
There are several variants of the Diffie-Hellman key exchange. Diffie-Hellman Ephemeral (DHE) is a variant where
a temporary key is used in the key exchange rather than reusing the same key over and over.
Gnu Privacy Guard (GPG), also called GnuPG, is
an open source implementation of the OpenPGP standard. This command-line-based tool is a public key encryption program designed to protect electronic communications such as e-mail. It operates similarly to PGP and includes a method for managing public/private keys.
Counter Mode (CTM) uses a "counter" function to generate a nonce that is used for each block encryption. The sequence of operations is to take the counter function value (nonce), encrypt using the key, then XOR with plaintext. Each block can be
done independently, resulting in the ability to multithread the processing. CTM is also abbreviated CTR in some circles.
Cipher Block Chaining (CBC) is a block mode where
each block is XORed with the previous ciphertext block before being encrypted. To obfuscate the first block, an initialization vector (IV) is XORed with the first block before encryption. CBC is one of the most common modes used, but it has two major weaknesses.
Typically, RSA and the other public key systems are used in conjunction with symmetric key cryptography. Public key, the slower protocol, is used to exchange the symmetric key (or shared secret), and then the communication uses the faster symmetric key protocol. This process is known as
electronic key exchange.
Elliptic Curve Diffie-Hellman (ECDH) is a variant of the Diffie-Hellman protocol that uses elliptic curve cryptography. ECDH can also be used with
ephemeral keys, becoming Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), to enable perfect forward secrecy
Blowfish was designed in 1994 by Bruce Schneier. It is a block-mode cipher using 64-bit blocks and a variable key length from 32 to 448 bits. It was designed to run quickly on 32-bit microprocessors and is optimized for situations with
few key changes. The only successful cryptanalysis to date against Blowfish has been against variants that used reduced rounds. There does not seem to be a weakness in the full 16-round version.
RIPEMD-160 is an algorithm based on MD4, but it uses two parallel channels with five rounds. The output consists of (size)
five 32-bit words to make a 160-bit hash.
A simple substitution cipher replaces each character with a corresponding substitute character, the length of the message. Although this has an entropy of 88 bits, because of structures in language, this is relatively easily broken using
frequency analysis of the substituted characters.
As described in Chapter 26, key stretching is a mechanism that takes what would otherwise be weak keys and "stretches" them to make the system more secure against brute force attacks. A typical methodology used for key stretching involves
increasing the computational complexity by adding iterative rounds of computations. To extend a password to a longer length of key, you can run it through multiple rounds of variable-length hashing, each increasing the output by bits over time. This may take hundreds or thousands of rounds, but for single- use computations, the time is not significant. Two common forms of key stretching employed in use today include BCRYPT and Password-Based Key Derivation Function 2.
Galois Counter Mode (GCM) is an extension of CTM with the addition of a Galois mode of authentication. Galois fields are a mathematical representation that has significant utility in practical encoding. The addition of a Galois mode adds an authentication function to the cipher mode. Because the Galois field used in the process can be parallelized, GCM provides an efficient method of adding this capability. GCM is employed in many
international standards, including IEEE 802.1ad and 802.1AE. NIST recognized AES-GCM, as well as GCM and GMAC.
Diffie-Hellman is important because
it enables the sharing of a secret key between two people who have not contacted each other before.
Twofish is an improvement over Blowfish in that
it is less vulnerable to certain classes of weak keys.
One of the unique features of PGP is
its use of both symmetric and asymmetric encryption methods, accessing the strengths of each method and avoiding the weaknesses of each as well. Symmetric keys are used for bulk encryption, taking advantage of the speed and efficiency of symmetric encryption. The symmetric keys are passed using asymmetric methods, capitalizing on the flexibility of this method.
XOR (exclusive OR) is a simple cipher operation and is performed by the addition of the text and the key, using modulus 2 arithmetic. A string of text can be encrypted by applying the bitwise XOR operator to every character using a given key. To decrypt the output,
merely reapplying the XOR function with the key will remove the cipher
In symmetric or block algorithms, there is a need to deal with multiple blocks of identical data to prevent multiple blocks of ciphertext that would identify the blocks of identical input data. There are multiple methods of dealing with this, called
modes of operation.
Triple DES (3DES) is a follow-on implementation of DES. Depending on the specific variant, it uses either two or three keys instead of the single key that DES uses. It also spins through the DES algorithm three times via what's called
multiple encryption.
Comment on BCRYPT vulnerability to brute force
not vulnerable to it
A transposition cipher is
one where the order of the characters is changed per a given algorithm.
ECDH can also be used with ephemeral keys, becoming Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), to enable
perfect forward secrecy
RC4 was created before RC5 and RC6, but it differs in operation. RC4 is a stream cipher, whereas all the symmetric ciphers we have looked at so far have been block-mode ciphers. A stream cipher works by enciphering the plaintext in a stream, usually bit by bit. This makes stream ciphers faster than block-mode ciphers. Stream ciphers accomplish this by
performing a bitwise XOR with the plaintext stream and a generated key stream. RC4 can use a key length of 8 to 2048 bits, though the most common versions use 128-bit keys. The algorithm is fast, sometimes ten times faster than DES. The most vulnerable point of the encryption is the possibility of weak keys. One key in 256 can generate bytes closely correlated with key bytes. Proper implementations of RC4 need to include weak key detection.
Pretty Good Privacy (PGP), created by Philip Zimmermann in 1991, passed through several versions that were available for free under a noncommercial license. PGP is now a commercial enterprise encryption product offered by Symantec. It can be applied to
popular e-mail programs to handle the majority of day-to-day encryption tasks using a combination of symmetric and asymmetric encryption protocols.
As mentioned, RSA can be used for both
regular encryption and digital signatures.
Stream operations have become more common with the streaming of audio and video across the Web. The primary characteristic of stream data is that it is not available in large chunks, but rather either bit by bit or byte by byte, pieces too small for block operations. Stream ciphers operate using __ only and therefore offer less robust protection than block ciphers.
substitution
Electronic Code Book (ECB) is the simplest mode operation of all. The message to be encrypted is divided into blocks, and each block is encrypted separately. This has several major issues, most notable of which is
that identical blocks yield identical encrypted blocks, telling the attacker that the blocks are identical. ECB is not recommended for use in cryptographic protocols.
Secure Hash Algorithm (SHA) refers to a set of hash algorithms designed and published by
the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA).
The most vulnerable point of the encryption is
the possibility of weak keys. One key in 256 can generate bytes closely correlated with key bytes. Proper implementations of RC4 need to include weak key detection.
Multiple encryption can be performed in several different ways. The simplest method of multiple encryption is just to stack algorithms on top of each other— taking plaintext, encrypting it with DES, then encrypting the first ciphertext with a different key, and then encrypting the second ciphertext with a third key. In reality, this technique is less effective than the technique that 3DES uses, which is
to encrypt with one key, then decrypt with a second, and then encrypt with a third.
Counter Mode (CTM) uses a "counter" function to generate a nonce that is used for each block encryption. The sequence of operations is
to take the counter function value (nonce), encrypt using the key, then XOR with plaintext. Each block can be done independently, resulting in the ability to multithread the processing. CTM is also abbreviated CTR in some circles.
When encryption operations are performed on data, there are two primary modes of operation, block and stream. Block operations are performed on blocks of data, enabling both __ and __ operations.
transposition; substitution
Twofish key size
variable up to 256 bits
The weakness of using the XOR method is
when the text length is significantly longer than the key, forcing reuse of the key across the length of the cipher. If the key is as long as the text being encrypted and is never reused, then this forms a perfect cipher from a mathematical perspective.