sec+ chp11 (book)
AES performs three steps on every block (128 bits) of plaintext.
AES performs three steps on every block (128 bits) of plaintext.
Advanced Encryption Standard (AES) is a symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.
Advanced Encryption Standard (AES) is a symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.
A Hardware Security Module (HSM) is a secure cryptographic processor.
An HSM includes an onboard key generator and key storage facility, accelerated symmetric and asymmetric encryption, and can even back up sensitive material in encrypted form.
Software encryption suffers from the same fate as any application program: it can be subject to attacks to exploit its vulnerabilities. As another option, cryptography can be embedded in hardware to provide an even higher degree of security. Hardware encryption cannot be exploited like software cryptography. Hardware encryption can be applied to USB devices and standard hard drives.
As another option, cryptography can be embedded in hardware to provide an even higher degree of security.
Asymmetric encryption was developed by Whitfield Diffie and Martin Hellman of the Massachusetts Institute of Technology (MIT) in 1975.
Asymmetric encryption was developed by Whitfield Diffie and Martin Hellman of the Massachusetts Institute of Technology (MIT) in 1975.
Information protections by asymmetric cryptography: Confidentiality Yes Integrity Yes Availability Yes Authenticity Yes Nonrepudiation Yes
Information protections by asymmetric cryptography: Confidentiality Yes Integrity Yes Availability Yes Authenticity Yes Nonrepudiation Yes
One of the most famous ancient cryptographers
Julius Caesar. Caesar shifted each letter of his messages >>three places down in the alphabet<<, so that an A was replaced by a D, a B was replaced by an E, and so forth.
Most Linux systems by default use MD5 for hashing passwords.
Most Linux systems by default use MD5 for hashing passwords.
No other user should have the private key except the owner
No other user should have the private key except the owner
Apple Mac OS X uses SHA-1 hashes. Both Linux and Apple Mac strengthen their passwords by including a random sequence of bits as input along with the user-created password. These random bits are known as a >>salt<< and make some types of password attacks more difficult. The Windows LM hash and NTLM hashes do not use salts. The salt, along with the number of "rounds" (iterations) used with the salt, is stored along with the "salted" password hash.
The salt, along with the number of "rounds" (iterations) used with the salt, is stored along with the "salted" password hash.
PGP and GPG use both asymmetric and symmetric cryptography. PGP/GPG generates a random symmetric key and uses it to encrypt the message.
The symmetric key is then encrypted using the receiver's public key and sent along with the message. When the recipient receives a message, PGP/GPG first decrypts the symmetric key with the recipient's private key. The decrypted symmetric key is then used to decrypt the rest of the message.
Symmetric algorithms can be classified into two categories based on the amount of data that is processed at a time. The first category is known as a stream cipher. A stream cipher takes one character and replaces it with one character.
The wireless Wired Equivalent Privacy (WEP) protocol is a stream cipher.
In 2005, the U.S. National Security Agency (NSA) identified a set of cryptographic algorithms that, when used together, are the "preferred method" for assuring the security and integrity of information passed over public networks such as the Internet. These are called "Suite B" and are composed of encryption using AES 128- or 256-bit keys, digital signatures with the ECC with 256- and 384-bit numbers, key exchange using the ECC Diffie-Hellman method, and hashing based on SHA-2.
These are called "Suite B"
Instead of combining the cipher stream with the plaintext, a variation is to create a truly random key (called a pad) to be combined with the plaintext. This is known as a one-time pad (OTP). If the pad is a random string of numbers that is kept secret and not reused, then an OTP can be considered secure.
This is known as a one-time pad (OTP). If the pad is a random string of numbers that is kept secret and not reused, then an OTP can be considered secure.
This scrambling is a process known as cryptography (from Greek words meaning hidden writing).
This scrambling is a process known as cryptography (from Greek words meaning hidden writing).
DES is a block cipher. DES divides plaintext into 64-bit blocks and then executes the algorithm 16 times. 3 des info?
Triple Data Encryption Standard (3DES) is designed to replace DES. As its name implies, 3DES uses three rounds of encryption instead of just one. The ciphertext of one round becomes the entire input for the second iteration. 3DES employs a total of 48 iterations in its encryption (3 iterations times 16 rounds). The version of 3DES that uses three keys is estimated to be 2 to the power of 56 times stronger than DES.
Say Alice wanted to read the encrypted msg Bob sent. An encrypted msg can only be read by using the recipient's private key, aka Alice's key.
Using Alice's private key.
Using a digital signature does not encrypt the message itself.
Using a digital signature does not encrypt the message itself.
Rinjdael, which is more often referred to as AES. AES is now the official standard for encryption by the U.S. government. Vincent Rijmen, one of the cocreators of AES, is also one of the designers of Whirlpool.
Vincent Rijmen, one of the cocreators of AES, is also one of the designers of Whirlpool.
Whirlpool Named after the first galaxy recognized to have a spiral structure, Whirlpool creates a hash of 512 bits.
Whirlpool Named after the first galaxy recognized to have a spiral structure, Whirlpool creates a hash of 512 bits.
With most symmetric ciphers, the final step is to combine the cipher stream with the plaintext to create the ciphertext. The process is accomplished through the exclusive OR (XOR) binary logic operation because all encryption occurs in binary. XOR is used to combine two streams of bits into one with a modified addition process
XOR is used to combine two streams of bits into one with a modified addition process
Cryptography can provide five basic protections: -Availability Ensures that data is accessible to authorized users Authorized users are provided the decryption key to access the information -Authenticity Provides proof of the genuineness of the user
-Confidentiality Ensures that only authorized parties can view the information Encrypted information can only be viewed by those who have been provided the key -Integrity Ensures that the information is correct and no unauthorized person or malicious software has altered that data Encrypted information cannot be changed except by authorized users who have the key
3DES performs better in hardware than as software.
3DES performs better in hardware than as software.
A file system is a method used by operating systems to store, retrieve, and organize files.
A file system is a method used by operating systems to store, retrieve, and organize files.
The simplest type of stream cipher is a substitution cipher. Substitution ciphers simply substitute one letter or character for another. Also known as a monoalphabetic substitution cipher, this stream cipher can be easy to break.
A homoalphabetic substitution cipher maps a single plaintext character to multiple ciphertext characters. Although a homoalphabetic substitution cipher creates several ciphertext characters for each plaintext character, it is still considered a stream cipher because it processes one plaintext character at a time.
A more complicated stream cipher is a transposition cipher, which rearranges letters without changing them.
A more complicated stream cipher is a transposition cipher, which rearranges letters without changing them.
A quantum computer uses the properties of quantum mechanics to look for patterns within a large number.
A quantum computer uses the properties of quantum mechanics to look for patterns within a large number.
One of the most widely used asymmetric cryptography system for files and e-mail messages on Windows systems is a commercial product called Pretty Good Privacy (PGP).
A similar program known as GNU Privacy Guard (GPG) is an open-source product. GPG versions run on Windows, UNIX, and Linux operating systems. Messages encrypted by PGP can generally be decrypted by GPG and vice versa
Microsoft Encrypting File System (EFS) is a cryptography system for Windows operating systems that use the Windows NTFS file system.
Because EFS is tightly integrated with the file system, file encryption and decryption are transparent to the user. Any file created in an encrypted folder or added to an encrypted folder is automatically encrypted. When an authorized user opens a file, it is decrypted by EFS as data is read from a disk; when a file is saved, EFS encrypts the data as it is written to a disk.
Cryptography can also be applied to entire disks. This is known as whole disk encryption and protects all data on a hard drive.
BitLocker encrypts the entire system volume, including the Windows Registry and any temporary files that might hold confidential information. BitLocker prevents attackers from accessing data by booting from another operating system or placing the hard drive in another computer.
Block ciphers are considered more secure because the output is more random. When using a block cipher, the cipher is reset to its original state after each block is processed. This results in the ciphertext being more difficult to break.
Block ciphers are considered more secure because the output is more random.
Nonrepudiation Proves that a user performed an action Cryptographic nonrepudiation prevents an individual from fraudulently denying they were involved in a transaction
Cryptographic nonrepudiation prevents an individual from fraudulently denying they were involved in a transaction
Data that is in an unencrypted form is called cleartext data.
Cleartext data is data that is either stored or transmitted "in the clear," without any encryption.
Cleartext data that is to be encrypted is called plaintext. Plaintext data is input into an encryption algorithm, which consists of procedures based on a mathematical formula used to encrypt the data. A key is a mathematical value entered into the algorithm to produce ciphertext, or text that is "scrambled." in cryptography a unique mathematical key is input into the encryption algorithm to create the ciphertext.
Cleartext data that is to be encrypted is called plaintext.
Cryptography can be applied through either software or hardware.
Cryptography can be applied through either software or hardware. Encryption can be implemented through cryptographic software running on a system. This can be applied to individual files by using the software to encrypt and decrypt each file. The encryption can also be performed on a larger scale through using the file system or by encrypting the entire disk drive.
Cryptography is the science of transforming information into a secure form so that it can be transmitted or stored and unauthorized persons cannot access it.
Cryptography is the science of transforming information into a secure form so that it can be transmitted or stored and unauthorized persons cannot access it.
Another asymmetric algorithm known as the Diffie-Hellman algorithm does not encrypt and decrypt text. Rather, the strength of Diffie-Hellman is that it allows two users to share a secret key securely over a public network. Once the key has been shared, then both parties can use it to encrypt and decrypt messages using symmetric cryptography.
Diffie-Hellman algorithm does not encrypt and decrypt text.
ECC is considered an alternative for prime-number-based asymmetric cryptography for mobile and wireless devices.
ECC is considered an alternative for prime-number-based asymmetric cryptography for mobile and wireless devices. ECC offers security that is comparable to other asymmetric cryptography, but with smaller key sizes. This can result in faster computations and lower power consumption.
Existing cracking techniques must examine each digit in that number; with a quantum computer, that is not necessary.
For example, using existing techniques, a key of 100 bits would require 1.125 quadrillion steps in order to break it. With a quantum computer, it would take no more than 50 steps, and with a stronger key of 128 bits, it would take only 264 steps. This means a key could be broken almost in the same amount of time as it took to encrypt the message in the first place.
symmetric algorithms are designed to encrypt anddecrypt the ciphertext; a document encrypted with a symmetric cryptographic algorithm by Bob will be decrypted when received by Alice. It is therefore essential that the key be kept confidential, because if an attacker obtained the key, he could read all the encrypted documents. For this reason, symmetric encryption is also called private key cryptography
For this reason, symmetric encryption is also called private key cryptography
Hashed Message Authentication Code (HMAC)
HMAC begins with a shared secret key that is in the possession of both the sender and receiver. The sender creates a hash and then encrypts that hash with the key before transmitting it with the original data. The receiver uses their key to decrypt the hash and then creates their own hash of the data, comparing the two values.
HMAC is widely used by Internet security protocols to verify the integrity of transmitted data during secure communications.
HMAC is widely used by Internet security protocols to verify the integrity of transmitted data during secure communications.
PGP uses symmetric cryptography because it is faster than asymmetric cryptography.
PGP uses symmetric cryptography because it is faster than asymmetric cryptography. PGP uses RSA for protecting digital signatures and 3DES or IDEA for symmetric encryption. GPG is unable to use IDEA because IDEA is patented. Instead, GPG uses one of several open-source algorithms.
Plaintext should not be confused with "plain text." Plain text is text that has no formatting (such as bolding or underlining) applied.
Plaintext should not be confused with "plain text." Plain text is text that has no formatting (such as bolding or underlining) applied.
Proof can be provided with asymmetric cryptography by creating a digital signature, which is an electronic verification of the sender.
Proof can be provided with asymmetric cryptography by creating a digital signature, which is an electronic verification of the sender. The basis for a digital signature rests on the ability of asymmetric keys to work in both directions
Quantum cryptography attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys as well as to detect eavesdropping.
Quantum cryptography attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys as well as to detect eavesdropping.
Quantum cryptography is not the same as quantum computing
Quantum cryptography is not the same as quantum computing Quantum cryptography exploits the properties of microscopic objects such as photons.
RSA is slower than other algorithms. DES is approximately 100 times faster than RSA in software and between 1,000 and 10,000 times as fast in hardware
RSA is slower than other algorithms. DES is approximately 100 times faster than RSA in software and between 1,000 and 10,000 times as fast in hardware
The asymmetric algorithm RSA was published in 1977 and patented by MIT in 1983. The RSA algorithm is the most common asymmetric cryptography algorithm and is the basis for several products RSA stands for the last names of its three developers, Ron Rivest, Adi Shamir, and Leonard Adleman.
RSA stands for the last names of its three developers, Ron Rivest, Adi Shamir, and Leonard Adleman.
Rivest Cipher (RC) is a family of cipher algorithms designed by Ron Rivest.
Rivest Cipher (RC) is a family of cipher algorithms designed by Ron Rivest.
SHA pads messages of fewer than 512 bits with zeros and an integer that describes the original length of the message. The padded message is then run through the SHA algorithm to produce the hash.
SHA pads messages of fewer than 512 bits with zeros and an integer that describes the original length of the message. The padded message is then run through the SHA algorithm to produce the hash.
SHA-1 was developed in 1993 by the U.S. National Security Agency (NSA) and the National Institute of Standards and Technology (NIST).
SHA-1 was developed in 1993 by the U.S. National Security Agency (NSA) and the National Institute of Standards and Technology (NIST).
Say Bob wanted to send Alice an encrypted message. When an encrypted message is to be sent, the recipient's key is used. So Alice is the recipient, use her key.
Sending encrypted msg to Alice, public key.
Say Bob wanted to send a copy to himself of the encrypted msg that he sent to Alice. An encrypted msg can only be read by the recipient's private key; so Bob would need to encrypt it with his own PUBLIC key and then use his own private key to decrypt it.
So public key to encrypt and then his private key to decrypt.
Steganography takes the data, divides it into smaller sections, and hides it in unused portions of the file
Steganography may hide data in the file header fields that describe the file, between sections of the metadata (data that is used to describe the content or structure of the actual data), or in the areas of a file that contain the content itself. Steganography can use image files, audio files, or even video files to contain hidden information.
The original cryptographic algorithms for encrypting and decrypting documents are SYMMETRIC cryptographic algorithms. These include the Data Encryption Standard, Triple Data Encryption Standard, and Advanced Encryption Standard.
Symmetric cryptographic algorithms use the same shared single key to encrypt and decrypt a document.
The Trusted Platform Module (TPM) is essentially a chip on the motherboard of the computer that provides cryptographic services.
TPM includes a true random number generator instead of a pseudorandom number generator (PRNG) as well as full support for asymmetric encryption (TPM can also generate public and private keys). Because all of this is done in hardware and not through the software of the operating system, malicious software cannot attack it. Also, TPM can measure and test key components as the computer is starting up. It will prevent the computer from booting if system files or data have been altered. With TPM, if the hard drive is moved to a different computer, the user must enter a recovery password before gaining access to the system volume.
EFS files are encrypted with a single symmetric key, and then the symmetric key is encrypted twice: once with the user's EFS public key (to allow transparent decryption), and once with the recovery agent's key to allow data recovery. When a user encrypts a file, EFS generates a file encryption key (FEK) to encrypt the data.
The FEK is encrypted with the user's public key, and the encrypted FEK is then stored with the file. When decrypting, EFS decrypts the FEK by using the user's private key, and then decrypts the data by using the FEK.
The International Data Encryption Algorithm (IDEA) algorithm dates back to the early 1990s and is used in European nations.
The International Data Encryption Algorithm (IDEA) algorithm dates back to the early 1990s and is used in European nations. t is a block cipher that processes 64 bits with a 128-bit key with 8 rounds.
Microsoft Windows operating systems hash passwords in two ways. The first is known as the LM (LAN Manager) hash.
The LM hash is not actually a hash, because a hash is a mathematical function used to fingerprint the data. The LM hash instead uses a cryptographic one-way function (OWF): instead of encrypting the password with another key, the password itself is the key.
The TCP/IP protocol Simple Network Management Protocol (SNMP) version 3 default protocol is MD5.
The TCP/IP protocol Simple Network Management Protocol (SNMP) version 3 default protocol is MD5.
The algorithm Blowfish is a block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits. Blowfish was designed to run efficiently on 32-bit computers.
The algorithm Blowfish is a block cipher that operates on 64-bit blocks and can have a key length from 32 to 448 bits. Blowfish was designed to run efficiently on 32-bit computers.
The common asymmetric cryptographic algorithms are RSA, elliptic curve, quantum cryptography, and NTRUEncrypt.
The common asymmetric cryptographic algorithms are RSA, elliptic curve, quantum cryptography, and NTRUEncrypt.
Microsoft Windows operating systems hash passwords in two ways. NTLM (New Technology LAN Manager) hash. Unlike the LM hash, the NTLM hash does not limit stored passwords to two 7-character parts. In addition, it is case sensitive and has a larger character set of 65,535 characters. The original version of NTLM uses a weak cryptographic function and does not support more recent cryptographic methods; Microsoft recommends that it should not be used. The current version is NTLMv2 and uses HMAC with MD5. It is considered a much stronger hashing algorithm
The current version is NTLMv2 and uses HMAC with MD5.
Data Encryption Standard (DES). The predecessor of DES was a product originally designed in the early 1970s by IBM called Lucifer that had a key length of 128 bits.
The key was later shortened to 56 bits and renamed DES. DES effectively catapulted the study of cryptography into the public arena. Until the deployment of DES, cryptography was studied almost exclusively by military personnel.
The padding is always the number of bytes that must be added to create a length of 16 bytes
The padding is always the number of bytes that must be added to create a length of 16 bytes
RIPEMD stands for RACE Integrity Primitives Evaluation Message Digest
The primary design feature of RIPEMD is two different and independent parallel chains of computation, the results of which are then combined at the end of the process.
Whereas a stream cipher works on one character at a time, a block cipher manipulates an entire block of plaintext at one time. The plaintext message is divided into separate blocks of 8 to 16 bytes, and then each block is encrypted independently. For additional security, the blocks can be randomized.
a block cipher manipulates an entire block of plaintext at one time.
asymmetric cryptographic algorithms, also known as public key cryptography.
asymmetric cryptographic algorithms, also known as public key cryptography. Asymmetric encryption uses two keys instead of only one. These keys are mathematically related and are known as the public key and the private key. The public key is known to everyone and can be freely distributed, while the private key is known only to the individual to whom it belongs.
the primary weakness of symmetric encryption algorithms; distributing and maintaining a secure single key among multiple users often scattered geographically poses significant challenges.
distributing and maintaining a secure single key among multiple users often scattered geographically poses significant challenges.
a cryptography known as Data Encryption Standard (DES) introduced in 1976 with a key length of 56 bits had to be replaced in 2001 by the Advanced Encryption Standard (AES), which uses keys that are 128 or 256 bits in length
had to be replaced in 2001 by the Advanced Encryption Standard (AES), which uses keys that are 128 or 256 bits in length
There are three categories of cryptographic algorithms. These are known as hash algorithms, symmetric encryption algorithms, and asymmetric encryption algorithms.
hash algorithms, symmetric encryption algorithms, and asymmetric encryption algorithms.
Hashing is a process for creating a unique digital fingerprint for a set of data. This fingerprint, called a hash (sometimes called a one-way hash or digest) represents the contents.
hashing is "one-way" in that its contents cannot be used to reveal the original set of data. Hashing is primarily used for comparison purposes. A hash that is created from a set of data cannot be reversed. Hashing is used to determine the integrity of a message or contents of a file.
Although hashing and checksums are similar in that they both create a value based on the contents of a file, hashing is not the same as creating a checksum. Checksums are designed to catch data-transmission errors and not deliberate attempts to tamper with data.
hashing is not the same as creating a checksum.
A relatively new asymmetric cryptographic algorithm is NTRUEncrypt. NTRUEncrypt uses lattice-based cryptography that relies on a set of points in space.
in addition to being faster than RSA and ECC, it is believed the NTRUEncrypt will be more resistant to quantum computing attacks. NTRUEncrypt is used to encrypt customer credit card information at gasoline service stations that is then transmitted through satellites, and has been approved for use in the financial services industry.
integrity is the only protection hashing provides
integrity is the only protection hashing provides
gpu is primarily used to render screen displays, but a gpu can also be used to accelerate specific applications, most notably floating-point operations.
most notably floating-point operations. A $500 GPU today can process about 2 trillion floating-point operations (teraflops) per second, whereas just 10 years ago the fastest supercomputer in the world ran at 7 teraflops and cost $110 million.
Whereas cryptography scrambles a message so that it cannot be viewed, steganography hides the existence of the data. What appears to be a harmless image can contain hidden data, usually some type of message, embedded within the image.
steganography hides the existence of the data.
A stream cipher is fast when the plaintext is short, but can consume much more processing power if the plaintext is long. In addition, stream ciphers are more prone to attack because the engine that generates the stream does not vary; the only change is the plaintext itself.
stream ciphers are more prone to attack
symmetric cryptography provides
symmetric cryptography provides confidentiality, integrity, and availability