Crypto Flashcards Preview

Cryptography > Crypto > Flashcards

Flashcards in Crypto Deck (18)
Loading flashcards...
1

Block Cipher

takes n bits as input and produces n bits. Based on iteration.

2

3DES

n or block size is 64 bits. Key size is 168 bits. FiestelNetwork. Half of bits are unchanged.

3

AES

n or block size is 128 bits. Key size is 156, 512, 1025. Permutation Substitution network.

4

Modes of operation

use the same key to encrypt multiple times

5

CBC Mode

Cipher block chaining with random IV

6

Carter Wagman MAC

Use the fast hash function on the larger input and use slower encryption algorithm on hashed output.

7

SHA256

Markel dagmard function, davies mayer compressionl

8

Authenticated Encryption

Provides ciphertext integrity, cannot protect against replay attacks.

9

SSL

mac then encrypt E(Ke, m||tag)

10

SSH

enc then mac E(ke,m) and calculate tag on the message.

11

IPSEC

enc then mac E(ke,m) and calculate tag on the cipher text. IPSec is the best option.

12

Authenticated encryption modes

combining encryption and MAC

13

GalolisCounterMode

ctr mode encryption then cw-mac (cartel wagman)

14

CCM

cbc mac then ctr mode encryption. Uses AES.

15

TLS 1.2

( CBC AES-128, HMAC-SHA1). Mac then encypt.
Browser side enc (k b->s, data, ctr b->s) :
1. Tag – S(kmac, [++ctr b->s||header||data) value of ctr is included in tag. Ctr is acting as nonce and not send since both sides know what ctr has to be.
2. Pad [header||data||tag] to AES block.
3. CBC encypt with k and new random IV
4. prepend header.
Server side dec(kb->s, record, ctr b->s)
1.CBC decrpt record using kenc
2.Check pad format : send bad_record_mac if invalid
3.Check tag on [++ctr b->s||header||data]. Send bad_record_mac if invalid.

Replay attack prevented using ctr, since ctr won’t match.

16

Password based KDF

uses salt and slow hash function. PKCS#5. H©(pwd||salt) – iterate hash function c times.

17

Assymetric encryption

G generates public, private key pair
E (publickey, m)
D (privatekey, c)

18

TLS 1.3

1. The TLS 1.3 handshake process involves only one round-trip as opposed to three in TLS 1.2. This results in reduced latency.
2. 0-RTT- 0-RTT Resumption. It means that if the client has connected to the server before, TLS 1.3 permits a zero-round trip handshake.
Issues - lack of full forward secrecy. It means that if these session ticket keys are compromised, an attacker can decrypt the 0-RTT data sent by the client on the first flight
TLS 1.3 0-RTT is that it doesn’t provide a guarantee of non-replay between connections.
3. algorithms all use Authenticated Encryption with Associated Data (AEAD) algorithms.
4. Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
5. All handshake messages after the ServerHello are now encrypted.
6. Key derivation functions have been re-designed, with the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) being used as a primitive.
7. The handshake state machine has been restructured to be more consistent and remove superfluous messages.