Intro to Cryptography
.docx
School
Western Governors University**We aren't endorsed by this school
Course
IT D334
Subject
Computer Science
Date
Jan 15, 2025
Pages
4
Uploaded by MajorFireGoat41
Intro to CryptographyDESData Encryption Standard (DES) cipher, worldwide standard created in 1976. DES uses the same key to encrypt and decrypt a message, so both the sender and the receiver must know and use the same private key. Some key features affecting how DES works include the following:Block cipher: A cryptographic key and algorithm are applied to a block of data simultaneously rather than one bit at a time. To encrypt a plaintext message, DES groups it into 64-bit blocks. Each block is enciphered using the secret key into a 64-bit ciphertext by means of permutation and substitution.Several rounds of encryption:The DES process involves encrypting 16 times. It can run in four different modes, encrypting blocks individually or making each cipher block dependent on all the previous blocks. Decryption is simply the inverse of encryption, the same steps but reversing the order the keys are applied.64-bit key:DES uses a 64-bit key, 8 of those bits are for parity checks, so the key length is only 56 bits. The encryption algorithm generates 16 different 48-bit subkeys, one for each of the 16 encryption rounds. Subkeys are generated by selecting and permuting parts of the key as defined by the DES algorithm.Replacement and permutation:The algorithm defines sequences of replacement and permutation that the ciphertext undergoes during the encryption process.Backward compatibility:DES also provides this capability in some instances.The effective DES key length of 56 bits would require a maximum of 256, or about 72 quadrillion, attempts to find the correct key. This is not enough to protect data with DES against brute-force attempts with modern computers. Many security experts felt the 56-bit key length was inadequate even before DES was adopted as a standard. DES remained a trusted and widely used encryption algorithm through the mid-1990s. However, in 1998, a computer built by the Electronic Frontier Foundation (EFF) decrypted a DES-encoded message in 56 hours. Today, reliance on DES for data confidentiality is a serious security design error in any computer system and should be avoided. In 1997, NIST announced an initiative to choose a successor to DES and undertook a five-year evaluation process of 15 encryption algorithms. In 2001, NIST selected the Rijndael cipher, and with some tweaks, it became the new AES.Diffie-Hellman MethodIn 1976 Whitfield Diffie, Martin Hellman, and Ralph Merkle proposed a method of using a publicly known key – the public key – which could be used to encrypt the data, and only an associated private key could be used to decrypt it. The system would then be equivalent to distributing a padlock to anyone who wanted to secure something, and using a secret key to open the padlocks. This system is defined as asymmetric encryption and uses with two keys, whereas symmetric encryption, as used with DES, only has one key. 3DESa variant of DES that can use up to three different keys for greater effective key length, increasing the effective key length to 168 bits. However, due to the likelihood of a meet-in-the-middle attack, the effective security it provides is only 112 bits. 3DES encryption is slower than plain DES.MD5Message-Digest Algorithm. A cryptographic protocol used for authenticating messages as well as content verification and digital signatures. MD5 is based on a hash function that verifies that a file you sent matches the file received by the person you sent it to. Previously, MD5 was used for data encryption, but now it’s used primarily for authentication. MD5 runs entire files through a mathematical hashing algorithm to generate a signature that can be matched with an original file. That way, a received file can be authenticated as matching the original file that was sent, ensuring that the right files get where they need to go. An MD5 hash is 16 bytes. Each MD5 hash looks like 32 numbers and letters, but each digit is in hexadecimal and represents four bits. Since a single character represents eight bits (to form a byte), the total bit count of an MD5 hash is 128 bits. Two hexadecimal characters form a byte, so 32 hexadecimal characters equal 16 bytes. When you send that file to someone, their computer authenticates its hash to ensure it matches the one you sent. If you change just one bit in a file, no matter how large the file is, the hash output will be completely and irreversibly changed. Nothing less than an exact copy will pass the MD5 test. MD5 was secure enough for many years, but these days it’s no longer complex enough for cryptographic purposes and data encryption. Computers have become powerful enough to crack MD5 hashes easily. A hacker can create a file that has the exact same hash as an entirely different file. When this happens, and two distinct files share the same hash, it’s called MD5 collision, which can happen accidentally or on purpose.RC4A stream cipher created in 1987, is one of the most commonly used stream ciphers, having
(Rivest Cipher 4)initially been used in many applications, like SSL/TLS and WEP, until severe vulnerabilities were found in RC4 in 2003 and 2013. As RC4 was used in WEP, attackers had a chance to practice cracking it as often as they wished. With this practice, a flaw was found in RC4 where the encryption key used by RC4 could be cracked in less than a minute. RC4 keys can come in sizes of 64 or 128-bits, and the 128-bit key is able to be obtained in seconds. At the time, WEP was the only security protocol used for Wi-Fi, so the next phase, Wi-Fi Protected Access (WPA), had to be rushed for use.RC4 boasts a number of advantages compared to other stream ciphers:RC4 is extremely simple to use, thus making the implementation simple as well.RC4 is fast, due to its simplicity, which makes it a better performing cipher.RC4 also works with large streams of data swiftly and easily.Though it has advantages, RC4 has many disadvantages as well:The vulnerabilities found in RC4 means it is extremely insecure, so very few applications use it now.RC4 cannot be used on smaller streams of data, so its usage is more niche than other stream ciphers.RC4 does not provide authentication, so a Man in the Middle attack could occurRC5a block encryption algorithm based on the symmetric key. The main feature of this is, it is quite fast as it uses only primitive computer operations. It allows a variable number of rounds and variable bit size key to add flexibility. Another advantage of using RC5 is that it requires less memory for execution. This feature enables RC 5 to be used for various purposes like desktop operation, smart cards, etc.PGPSHA-1SHA-256SymetricAsymetricHash FunctionsRainbow TablesDictionary AttacksStream EncryptionA stream cipher is a type of cipher that operates on data a byte at a time to encrypt that data. RC4 – Uses RC4 and Cha ChaBlock EncryptionRC2 (40-bit key size), RC5 (variable block size), IDEA, DES, 3-DES, AES (Rijndael), Blowfish and Twofish.Paddinga way to take data that may or may not be a multiple of the block size for a cipher and extend it out so that it is. This is required for many block cipher modes as they require the data to be encrypted to be an exact multiple of the block size. We can then define a number of padding methods:• CMS (Cryptographic Message Syntax). This pads with the same value as the number of padding bytes. Defined in RFC 5652, PKCS#5, PKCS#7 and RFC 1423 PEM.• Bits. This pads with 0x80 (10000000) followed by zero (null) bytes. Defined in ANSI X.923 and ISO/IEC 9797-1.• ZeroLength. This pads with zeros except for the last byte which is equal to the number (length) of padding bytes.• Null. This pads will NULL bytes and is only used with ASCII text.• Space. This pads with spaces and is only used with ASCII text.• Random. This pads with random bytes with the last byte defined by the number of padding bytes.PKCSPublic-Key Cryptography Standards#1RSA cryptography standard. This is the base standard that defines the syntax of the public and private keys, the format of the messages and digital signatures, the different algorithms to be used for each level of encryption and decryption, and the format of the digital certificate. Besides the syntax of the key, it also specifies which mathematical requirements the keys must satisfy to be unbreachable for brute-force attacks. Some libraries implementing PKCS#1 are BSAFE, cryptlib, OpenSSL, and Nettle.#5Password-based cryptography standard. This standard explores the usage of passwords in the key agreement phase. It specifies how one should apply pseudo-random functions such as HMAC to the password along with a salt value. This text derived from the password now forms the secret key. This additional layer of encryption makes up for the pitfalls of using plain, user-fed passwords during communication. Password-Based Key Derivation Function 2 (PBKDF2) is the
recommended implementation by PKCS #5. It involves hashing the password repeatedly to derive the key. The number of repetitions is based on the CPU speed. The more repetitions, the harder it is to break. #7Cryptographic message syntax standard. Specifies the syntax of stored, encrypted data. PKCS#7 is used by certificate authorities to store digital certificates that they’ve issued.It also specifies how to handle certificates that have been invalidated for reasons other than expiry. Any storage of digital signatures should also adhere to PKCS #7. One implementation of this standard can be seen in Single sign-on applications.#10Certification request syntax standard. Specifies the format of the messages sent to a certificate authority (CA) to request a digital certificate. This is called a certificate signing request. These messages usually contain the public key chosen by a business, domain name or other identifying details, and proof of authenticity.#12Personal information exchange syntax standard. Defines the file format in which the private key issued with the public key is stored. It also specifies how to store various other private information, such as the digital certificate. More often than not, all the private encryption information is bundled and stored in internal containers called SafeBags. Some SafeBags have a predefined structure that enables the storage of certificate requests, X.509 certificates, and private keys. Some SafeBags are more flexible and allow the storage of custom, private information. Besides storage, PKCS #12 also provides the mechanism for transferring this data across a network, along with the necessary syntax. PKCS #12 is built on PKCS #8 which only deals with private keys. It adds an extra layer to check for the integrity of this data both in transit and storage.Saltthe process of adding an initialization vector to the ciphering process to change its operation and ensure that the ciphertext does not give the original plaintext when played back. A random string of characters (salt) is added to passwords to enhance them. Each user is assigned a different salt, which is only known to the server, making them unique and more secure. The salt can be placed on either side of the password. For example, adding salt to the password "Password" could result in a salted password like "4(j3Li95Password" or "Password4(j3Li95." After the salt is added, the combination of plaintext password and salt is then hashed, making it more secure than a hashed password alone.Exclusive-OR (XOR) EncryptionXOR, or “exclusive or” operates on binary data. It compares two input bits and generates one output bit. The logic is simple. If the bits are the same, the result is 0. If the bits are different, the result is 1.Cypher Block Chainingdata is encrypted in specific blocks, and each block is dependent on the blocks before it for decryption. The process uses an initialization vector to help tie these blocks of encrypted data together. It provides a consistent way to encrypt and decrypt large amounts of data. In cipher block chaining, each cipher text block is decrypted in a process that requires observing the blocks that have already been processed. The cipher block chaining process uses a logical gate called XOR to administer this process of observation. Cipher block chaining is often suggested as a stronger method of decryption, ensuring quality. However, some experts warn against certain vulnerabilities of cipher block chaining, including the use of predictable initialization vectors.Cypher Feedback – Block to StreamOutput FeedbackCounter Mode– Generates a NonceAES Rounds128-bit (16 bytes) key -> N=10 Rounds192-bit (24 bytes) key -> N=12 Rounds
256-bit (32 bytes) key -> N=14 RoundsSecret Key Encryption Symmetric encryption, makes use of a single secret key for both encryption and decryption. Since the same key is used for both, a challenge is finding a secure way to share the key between the entity encrypting and the one decrypting. The most widely used secret-key encryption methods are:•RC2 - (40-bit key size, 64-bit blocks).•RC4 - (stream cipher) – used in SSL and WEP.•RC5 - (variable key size, 32, 64 or 128-bit block sizes).•AES - (128, 192 or 256-bit key size, 128-bit block size).•DES - (56 bit key size, 64 bit block size).•3-DES - (112 bit key size, 64 bit block size).Mod Math (Remainder)Simply divide the first number by the second and return the remainder. A nnotated using the (mod) or (%). Example: 5 mod 2 = 1 2 goes into 5 a max of twice (4), 5 4 = the remainder which is 1