Ch. 13 Encryption and Hashing Concepts
Triple DES
(aka 3DES0 or Triple Data Encryption Algorithm (TDEA)) similar to DES but applies the cipher algorithm three times to each cipher block
One-Time Pad
(aka Vernam cipher) Is a stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext. Uses a string of bits that is generated at random (known as a keystream).
RC6
A block cipher entered into the AES competition and was one of the five finalists
RC5
A block cipher noted for its simplicity and for its variable sie (32-,64- or 128-). The strongest block cipher that has been cracked via brute force as of the writing of this book is a 64-bit key.
Twofish Cipher
A block cipher with a size of 128 bits and a key size up to 256 bits and is also based on Feistel.
Threefish Cipher
A block cipher with key sizes up to 1024-bits.
Symmetric Key Algorithm
A class of cipher that uses a single key, identical keys, or closely related keys for both encryption and decryption. Examples are DES, 3DES, RC, and AES. An example of a technology that uses this is Kerkeros. Kerberos makes use of third party known as a Key Distribution Center (KDC) for the secure transmission of it, also referred to a tickets. The following types are symmetric key algorithms: Stream Cipher, Block Cipher
Hash Function
A mathematical procedure that converts a variable-sized amount of data into a smaller block of data. Can fall into the category of a One-Way Function, which means it is easy to compute when generated but difficult (or impossible) to compute in reverse.
Message Authentication Code (MAC)
A short piece of information used to authenticate a message and to provide integrity and authenticity assurances on the message.
Hashing
A summary of a file or message, often in numeric format. Are used in digital signatures, in file and message authentication, and as a way to protect the integrity of sensitive data; For example, data entered into databases, or perhaps entire hard drives.
Key Stretching
A technique that will take a weak key, process it, and output an enhanced and more powerful key. Often, this process will increase the size of the key to 128 bits, making attacks such as brute-force attacks much more difficult, if not impossible. Example of this software include PBKDF2 and bcrypt.
Block Cipher
A type of algorithm that encrypts a group of bits collectively as individual units known as blocks.
Stream Cipher
A type of algorithm that encrypts each binary digit in the data stream, one bit at a time.
Elliptic Curve
A type of public key cryptography based on the structure of an elliptic curve. Uses logarithms calculated against a finite field and is based on the difficulty of certain mathematically problems. Uses smaller keys than most other encryption methods.
Happy Birthday!
An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.
Cryptographic Hash Functions
Based on block ciphers. The methods used to resemble that of cipher modes used in encryption. Examples are MD5 and SHA.
Birthday Paradox
Based on the birthday problem in probability theory (aka the birthday paradox). Can be summed up as: a randomly chosen group of people will have a pair of persons with the same calendar birthdate. Given the standard calendar year of 365, the probability of this occurring with 366 people (367 for leap year) is 100%. The paradox comes into play when fewer people are involved. With only 57 people, there is a 99% probability of a match (a much higher percentage than one would think), and with only 23 people, there is 50% probability. By this, use hashing functions with strong collision resistance. If an attacker can find any two messages that digest the same way (use the same hash value), they can deceive a user into receiving the wrong message. To protect against this, use a secure transmission media, such as SSH, or encrypt the entire message that has been hashed.
Hash-base Message Authentication Code (HMAC)
HMAC is a calculation of a MAC through the use of a cryptographic hash function such as MD5 or SHA-1.
Cipher
Is an algorithm that can perform encryption or decryption
Public Key
Is know to all parties involved in encrypted transactions within a given group
Steganography
Is the science (and art) of writing hidden messages; it is a form of security through obscurity.
SHA-2
More secure; It has 256-bit and 512-bit block sizes but uses even more resources and is less widely accepted.
Secure Hash Algorithm (SHA)
One of a number of hash functions designed by the U.S. National Security Agency (NSA) and published by the NIST.
Diffie-Hellman Key Exchange Summary
Relies on secure key exchange before data can be transferred. This key establishes a shared secret key that can be used for secret communications but over a public network. Considered secure against eavesdroppers due to the difficulty of mathematically solving the Diffie-Hellman problem. However is it vulnerable to man-in-the-middle attacks. Used by the Transport Layer Security protocol.
Diffie-Hellman Key Exchange
The first practical method for establishing a shared secret key over an unprotected communications channel.
Message-Digest Algorithm 5 (MD5)
The newest of a series of algorithms designed by Ron Rivest. It uses a 128-bit key. This is a widely used hashing algorithm; By checking the hash produced by the downloaded file against the original hash, you can verify the file's integrity with a level of certainty. However they are susceptible to collisions. A collision occurs when 2 different files end up using the same Hash. Also susceptible to threats such as rainbow tables and pre-image attacks. To protect against this, using a stronger hashing algorithm such as SHA-2 or higher is preferred.
Rivest, Shamir, and Adleman (RSA) Algorithm
The original and very common public key cryptography algorithm. As long as the proper size keys are used, it is considered to be a secure protocol and is used in many e-commerce scenarios. Slower than symmetric key algorithms but has advantages being suitable for signing and for encryption. Works well with credit card security and TLS/SSL.
Cryptography
The practice of hiding the meaning of a message. However it is not the message that is hidden, rather the significance of the message.
The RSA Private key/Public Key
The private key is used to decrypt data that has been encrypted by the public key. Usage is as follows: Send an encrypted message, Receiver uses a Public key, Decrypt an encrypted message, Receiver uses a Private key, Send an encrypted signature, Sender uses a Private key, Decrypt an encrypted signature, Sender uses a Public Key
Encryption
The process of changing information using an algorithm (or cipher) into another form that is unreadable by others- unless they possess the key to that data.
Advanced Encryption Standard (AES)
The successor to DES/3DES and is another symmetric key encryption standard composed of three different versions of block ciphers.
Rivest Cipher (RC aka Ron's Code)
There are multiple versions of RC, but RC4, RC5, and RC6 are talked about more
Asymmetric Key Algorithms
Uses a pair of different keys to encrypt and decrypt data. They keys might be related, but they are not identical or even close to it in the way symmetric keys are. The two keys are related mathematically. Examples are RSA, the Diffie-Hellman system, and elliptic curve cryptography. SSL and TLS protocols use these but generally do so in a public key cryptographic environment.
Public Key Cryptography
Uses asymmetric keys alone or in addition to symmetric keys. It doesn't need the secure exchange of secret keys mentioned in the symmetric key section.
NTMLv2
Uses the MD5 hash, making it difficult to crack; it is a 128-bit system
RC4
Widely used stream cipher in protocols such as SSL, WEP, and RDP. Known for its speed and simplicity.
Blowfish Cipher
a block cipher designed as an alternative to DES. It has a 64-bit block size and variable key size between 1 and 448 bits.
LANMAN Hash
aka the LAN Manager hash or simply LM Hash, was the original hash used to store Windows Passwords. It was used in Windows operating systems before Windows NT but is supported by some versions of Windows as a legacy backward attempt be backward compatible
NTLM Hash
aka the NT LAN Manager Hash, was first supplied with Windows NT 3.1; it provides Unicode support and, more important to this conversation, the RC4 cipher.
Examples of RSA Encryption
include tokens in the form of SecurID USB dongles, and devices such as Hardware Security Models (HSMs) and Trusted Platform Modules (TPMs). All these devices can store RSA asymmetric keys and can be used to assist in user authentication.
Pretty Good Privacy (PGP)
is an encryption program used primarily for signing, encrypting, and decrypting e-mails is an attempt to increase the security of e-mail communications. Uses key sizes of atleast 128 bits.
Data Encryption Standard (DES)
is an older type of block cipher selected by the U.S. federal government back in the 1970's as its encryption standard.
RSA Group Of Standards
known as PKCS (Public-Key Cryptography Standards) in an effort to promote its various public key techniques.
Private Key
only known to a specific users or users who keep the key a secret
Key
the essential piece of information that determines the output of a cipher. It is indispensable; With out it there would be no result to the cipher computation.
SHA-1
the most commonly used version, which employs a 160-unit hash, which is reasonably secure but uses a lot of resources on the computer generating the hash.
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
the original RIPEMD (128-bit) has a collision reported, therefore it is recommended to use RIPEMD-160 (160-bit), RIPEMD-256, or RIPEMD-320. The commonly used RIPEMD-160 is a 160-bit message digest algorithm used in cryptographic hashing
The RSA algorithm
uses what is known as integer factorization cryptography. Works by: First multiplying two distinct prime numbers that cannot be factored, Then it moves on to some more advanced math in order to derive a set of two numbers, Finally, from these two numbers, it creates a private and pubic key pair.
Algorithm
well-defined instructions that describe computation from their initial state to their final state. (IF-THEN statements are good examples)
