Lesson 5 Basic Cryptography Concepts Flashcards
(36 cards)
Cryptographic systems do what?
Cryptography encodes data in a way only authorized users can decode
It is NOT security by obscurity, which merely keeps something secret by hiding it
Encryption is not cryptography, it is a type of cryptography
Cryptographic algorithms
Hashing algorithms
symmetric encryption algorithm
asymmetric encryption algorithm
Hashing
like a fingerprint, one way, anti-collision
used mainly to store pass words
MD5 (message digest) older method of hashing; depricated
SHA (Security Hashing Algorithm) newer using more bits
NOT encryption
collision is when different inputs produce the same outputs - this is BAD
CAT and RAT using MD5 causes a collision and why MD5 is depricated
hashing algorithm
used to prove integrity
comparing passwords after transfer
comparing files after transfer
Hashing facts
prove integrity by:
identical inputs = identical outputs
Good:
longer outputs = less chance for collisions
longer input = less chance for collisions and more strength against cracking
salt - adding something to make password more secure against crackers, rainbow tables, collisions
Bad:
collisions - two different inputs with same output
Considered one-way encryption
Symmetric Encryption
Uses the same key to encrypt and decrypt, similar to a house key
flaw: how to share key w/out compromise
can NOT be used for authentication or integrity because the same secret can be created from the same key, both parties know the key as well
an attacker only needs to intercept the key to unlock the cypher
useful for ‘bulk’ encrypting because it is much faster then asymmetrical encryption
also called single key or shared key or private key (not asymmetrical)
Stream Ciphers
symmetrical encryption technique to encrypt streams of data
good for when message length in unknown
Block Cipher
symmetrical encryption technique dividing plaintext in to equal sized blocks of data
AES
Advanced Encryption Standard for block ciphers
Asymmetrical Encryption
Used to prove identity, authentication, non-repudiation, key agreement and key exchange
Uses key pairs and is aka Public Key exchange
important: Each key is capable of reversing the operation of its pair (private/public)
The keys are linked in such a way as to make it impossible to derive one from the other, allowing users to share the public key; private key is kept secret
- Both parties trade their public keys
- Sending encrypted messages:
Sender encrypts message with recipients public key
Recipient decrypts message with recipients private key - Signing:
Sender encrypts signature with senders private key
Recipient decrypts with senders public key
Symmetrical vs Asymmetrical - Pros/cons
Symmetrical
Pro: Much more efficient/much faster; key lengths are 128-256 bits
Con: need direct access for keys, impossible to have secure exchange
Asymmetrical
Pro: Good for unsecured connection, good key exchange; provides authentication and non-repudiation
Con: Much, much slower; key lengths are 1024-2048 bits
Do bulk in symmetrical
Do keys in asymmetrical
RSA
Algorithm for deriving key pairs and performing encrypt/decrypt operations
RSA - Rivest/Shamir/Adleman published in 1977
Also called a trapdoor function as it is easy to perform using the public key but difficult to reverse without knowing the private key
ECC
Elliptic Curve Cryptography which is also a trapdoor function
no known shortcuts to cracking the cypher as there are with RSA
can user smaller keys to obtain same security as RSA
Digital Signature
Using public key crypto with hashing
Provides integrity, authentication and non-repudiatioin
uses RSA
- sender creates hash of message and encrypts hash with private key
- sender attaches digital signature to original message
- recipient decrypts the signature using sender public key, resulting in original hash
- recipient calculates own checksum for the message, and compares the two hashes
if hashes match means message has not been altered
Sender identity is also proven, authenticated
DSA
Another digital signature algorithm but using ECC instead of RSA
Digital Envelops and key exchanges
Process to overcome the deficiencies of asymmetrical and symmetrical encryption techniques
- Sender obtains recipient (rec) public key
- Sender encrypts message using her symmetrical key (private/secret key) Also known as a session key
- Sender encrypts the session key with recipient public key (asymmetrical encryption)
- Sender attaches encrypted session key to the cipher text message in a digital envelope and sends to the recipient
- Recipient uses his private key to decrypt the session key (asymmetrical encryption)
- Recipient uses the session key to decrypt the cipher text message (symmetrical encryption)
Digital Certificate
A method for ensuring identity of the person or server issuing a public key
Uses a CA (certificate authority) as a third party to validate the owner of a public key
The CA issues a certificate signed by the CA
If the recipient trusts the CA, they can trust the public key wrapped in the subjects certificate
This process is known as PKI - public key infrastructure
Perfect Forward Secrecy
Allows two parties to derive the same secret value that an attacker cannot guess
mitigates the issue of a private key being compromised allowing previously captured transmissions to be deciphered
uses Diffie-Hellman (D-H) key agreement protocols
Cipher Suite
a signature algorithm to prove messages were created by the server
used to bulk encrypt data
uses session keys to keep data confidential
Bulk Encryption
uses symmetrical encryption AES
Key Exchange
uses asymmetrical encryption (RSA/D-H/ECC)
Signature
uses asymmetrical encryption (DSA)
Unauthenticated
does not use a hash
cannot prove integrity
vulnerable to insertion and modification attacks
Authenticated
uses a hash of the combination of the message and a shared secret
Message Authentication Code (MAC)
vulnerable to padding oracle attacks
