+ Digital SIgnature = C.I.A.

Confusion: each character of the ciphertext should depend on several parts of the key

Diffusion: if we change a character of the plaintext, then several characters of the ciphertext should change,

+ Encryption = C.I.A.

The Digital Signature Standard allows use of DSA, RSA, or ECC in conjunction with SHA-1 to produce secure digital signatures.

Hashes are one-way math -> Cannot be reversed

Collision: when 2 different documents create the same hash

MD5 produces a 128-bit message digest

SHA-1 produces a 160-bit message digest

SHA-256 produces a 256-bit message digest

cryptographist creates

cryptoanalyst tries to break

Kerckhoffs, 19th century - "Algo should be public, only key should be secret"

"Security of an algo rests in the key generation" - Bruce Schneier

ATBASH, Ceasar's Cipher, Scytale

Blaise de Vigenere

Steganography

Vernam Cipher

Quantum cryptography

DES, 3DES, AES, IDEA, Twofish, Blowfish, SAFER, Rivest

Shared = Secret

Confidentiality only, No non-repud

+ Fast

- Key distribution, Scalability: n(n-1)/2

Kerberos is a computer-network authentication protocol that builds on Symmetric Key Cryptography

See Also: Encryption, Block Ciphers, Stream Ciphers

Public <> Private

It uses one-way functions which are easy to compute but difficult to reverse.

Key number with n participant = (n * (n-1)) / 2

Advantage:

- It is possible to send a message across an untrusted medium in a secure manner without the overhead of prior key exchange or key material distribution.

Disadvantages:

- Asymmetric cryptography is extremely slow compared to its

symmetric counterpart.

- The ciphertext output may be much larger than the plaintext.

See Also: Encryption, RSA, El Gamal, ECC, DSA, Merkle-Hellman knapsack, Diffie-Hellman

Key size 1,024 to 4,096

Round 1

NIST recommended moving away from 1024-bit RSA key size by the end of 2010

Approaches to attack:

-brute force

- mathematical attacks, factoring the product of two prime

numbers; and timing attacks,

-measuring the running time of the decryption algorithm

See Also: ASYMM

Msg divided into blocks of bits

See Also: SYMM, DES, 3DES, 2DES, AES, IDEA, Blowfish - Twofish, RC5 - RC6, Skipjack

Processes single bit at time.

Plaintext XOR Random cipher bit stream

ALG: Lucifer, BLK: 64, KEY: 56 (+ 8 parity bits), METH: C+D

See Also: Block Ciphers, CBC, OFB, ECB, CFB, CTR

Electronic Code Book (the simplest and weakest mode)

plaintext + key = always gives same ciphertext

See Also: DES

Cipher Block Chaining (uses chaining to destroy patterns, but errors can propagate)

Some ciphertext created from the previous block is inserted into the next one.

See Also: DES

Cipher Feedback Mode

Emulates a stream cipher and can be used to encrypt individual characters. Errors can propagate.

Ciphertext from previous block + Key -> Encrypts plaintext

See Also: DES

Output Feedback Mode

Initialization Vector (IV) used.

Values used to encrypt the next block of plaintext are coming directly from the keystream -> Errors do not propagate -> better way to encrypt error sensitive data (digitized video or voice signal)

It turns a block cipher into a synchronous stream cipher.

See Also: DES

COUNTER (CTR) turns a block cipher into a stream cipher.

It uses a counter as feedback. Errors do not propagate.

See Also: DES

BLK LGTH: 64, KEY LGTH: 168, METH: C+D

Applies Single DES encryption 3 times. Recommended standard since 1999.

See Also: Block Ciphers, DES EEE2, DES EDE2, DES EEE3, DES EDE3

Encrypted 3 times with 2 keys

Key1 Encrypts -> Key2 Encrypts -> Key1 Encrypts

See Also: 3DES

Key1 Encrypts -> Key2 Decrypts -> Key1 Encrypts

See Also: 3DES

Plaintext encrypted 3 times using 3 different keys

See Also: 3DES

Key1 Encrypts -> Key2 Decrypts -> Key3 Encrypts

(2 layers of encryption)

See Also: 3DES

Key length: 112 bit.

It is not more secure than DES. Same work factor to crack as demonstrated by the Meet-in-the-middle attack.

See Also: Block Ciphers

Advanced Encryption Standard aka Rijndael

U.S. Standard - NIST 2002

Block: 128

Key / Rounds:

128 / 10

192 / 12

256 /15

Round:

SubBytes > ShiftRows > MixColumns > AddRoundKey

See Also: Block Ciphers

International Data Encryption Algorithm

Block length: 64

Key length: 128

Designed as International replacement to DES.

It's at the base of PGP.

See Also: Block Ciphers

Blow

Block: 64

Key: 32 -448 Key

Two

Block:128

Key: 128 - 256

Developed to meet AES requirements.

Uses prewhitening and postwhitening: additional subkeys are XORed into the text block both before the first round and after the last round.

See Also: Block Ciphers

RC5

Block: 32, 64 or 128

Key: 0 - 2040 (128 suggested)

Rounds: 1 - 255 (12 suggested)

RC6

Block: 128

Key: 128, 192, 256

Rounds: 20

See Also: Block Ciphers

It is a method of securely exchanging cryptographic keys over a public channel. It is not for encryption or decryption.

See Also: ASYMM

Asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie–Hellman key exchange.

DSA is based on El Gamal.

A general ElGamal encryption produces a 2:1 expansion in size from plaintext to ciphertext.

See Also: ASYMM

Elliptic Curve Cryptography.

The elliptic curve algorithms have the highest strength per bit of key length of any of the asymmetric algorithms.

See Also: ASYMM

Developed by the US government for digital signatures. It can be used only for signing data and it cannot be used for encryption.

Although intended to have a maximum key size of 1,024 bits, longer key sizes are now supported.

It is based on El Gamal.

See Also: ASYMM

Combines the strengths of both symmetric cryptography (great speed and secure algorithms) and asymmetric cryptography (ability to securely exchange session keys, message authentication, and

nonrepudiation).

Asymmetric cryptography can handle the initial setup of the communications session through the exchange or negotiation of the symmetric keys to be used for this session.

All practical implementations of public key cryptography today employ the use of a hybrid system. Examples include the TLS protocol which uses a public-key mechanism for key exchange (such as Diffie-Hellman) and a symmetric-key mechanism for data encapsulation (such as AES)

See Also: Encryption

Block: 64

Key: 80

See Also: Block Ciphers

Key size: 40 - 2048

Multiple vulnerabilities have been discovered in RC4, rendering it insecure.

Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.

See Also: Stream Ciphers

It can be implemented faster than RSA, yet it was found insecure.

Unlike RSA, it is one-way: the public key is used only for encryption, and the private key is used only for decryption. Thus it is unusable for authentication by cryptographic signing.

See Also: ASYMM