Ch12 - 12.01 - Intro to Cryptography Services Flashcards
Encryption
The most common cryptography service is encryption, which allows you to maintain confidentiality of data by converting plain text information into ciphertext.
Plain text is the information in a readable format. Ciphertext is the information in an encrypted, unreadable format.
Substitution Ciphers
A substitution cipher involves substituting one
character for another. For example, you might substitute every letter in the message with a letter that is five characters later in the alphabet.
This would mean that every letter e would be converted to the letter j, each a would be converted to an f, and so on.
Two classic examples of algorithms that use substitution ciphers are the Caesar cipher and ROT13. The Caesar cipher substitutes every character in the message by incrementing the characters by a certain number, such as three. The ROT13 cipher increments the character by 13.
Transposition Ciphers
A transposition cipher involves shifting the characters in the message a certain number of places. For example, in the following example, the message is encrypted by shifting the characters two placeholders to the right
Example:
Plain Text : Glen
Cipher Text : enGl
Hashing
Hashing is used to maintain the integrity of the information. With hashing, the goal is to prove that the information has not been altered since the data was sent to a recipient or stored on disk. In order to verify that the data has not been changed, the data is run through a hashing algorithm to generate a hash value (known as a message digest). The hash value is then stored with the data.
When the data is read later, it is run through the hashing algorithm again to have a new hash value generated. The new hash value is then compared to the stored hash value, and if the two are the same, then the data has not been altered
Authentication
“Authentication services” is a method for cryptography to prove the creator, or the sender of information, is who it says it is. By authenticating the sender of the message, you can ensure nonrepudiation, which is making sure that a person cannot say, “I didn’t send that.”
Nonrepudiation
Nonrepudiation is the term for ensuring that senders cannot say they did not send a message
Digitally signing a message with the sender’s private key
Digitally signing a message with the sender’s private key is a method to ensure nonrepudiation
Encryption/Decryption Algorithms
An Encryption Algorithm is a mathematical operation
performed on the data to convert the data from plain text to cipher text (or vice versa - Decryption Algorithm).
Key
A key is a variable piece of information that is used by the encryption algorithm to perform the encryption or decryption of the data.
Key Strength
Key strength, also known as key space, refers to how many bits are in the encryption key. The larger the key space, the better the encryption. This is because a larger keyspace has more possible values that need to be calculated if someone is trying to crack the key.
Common key spaces today are 64-bit, 128-bit, 256-bit, and sometimes 512-bit.
Work Factor
The term work factor refers to a value indicating the time it would take to break the encryption. The work factor is normally measured in time, and it is usually a higher value with a larger key space.
One-Time Pads
A one-time pad (OTP) is a very secure method of encrypting information that involves using a key only once. The key is a randomly generated value that is used to encrypt the data, and then never used again.
The benefit of using different keys is that hackers are cracking encryption based on working with different pieces of data that have been encrypted with the same key in order to reverse-engineer the process and crack the key.
Stream vs. Block Ciphers
Stream cipher algorithms encrypt data one bit at a time. Plain text bits are converted into encrypted cipher text. This method is usually not as secure as block cipher techniques, discussed next, but it generally executes faster. In addition, the cipher text is always the same size as the original plain text and is less prone to errors. If an error occurs during the encryption process, usually this affects only a single bit instead of the whole string. In contrast, when block ciphers contain errors, the entire block becomes unintelligible. The plain text bits are typically encrypted with the bits of a key by using an exclusive OR (XOR) function (described shortly).
Instead of encrypting a bit at a time, block cipher algorithms encrypt data in blocks. Block ciphers have more overhead than stream ciphers. This overhead is provided separately, depending on the implementation and the block size that can be modified (the most common size is 64 bits). Because a block cipher handles encryption at a higher level, it is generally more secure. The downside is that the execution takes longer.
Padding
When encrypting data, plain text messages usually do not take up an even number of blocks. Many times, padding must be added to the last block to complete the data stream.
The data added can contain all ones, all zeros, or a combination of ones and zeros. The encryption algorithm used is responsible for determining the padding that will be applied. Various padding techniques are available, depending on the algorithm implementation.
Salt,
A salt is a random value that is generated and combined with the data before the data is hashed. This is a technique to ensure that the same data input (typically a password) would generate different hash values when the password hashes are generated.
