Summarize the challenges of key management
- Share keys with the right people
- Choose keys an attacker can’t guess
- Handle keys so attackers can’t intercept them or guess them
If we need enough entropy for a 16-byte key, why should we hash a 20-byte (or larger) passphrase?
We should hash a 20-byte (or larger) passphrase to generate a key that needs 16 bytes of entropy is primarily to maximize the entropy derived from user-selected text and ensure the resulting key is highly random and resistant to dictionary attacks, while meeting the fixed size requirement of the encryption algorithm.
Explain the reused key stream problem
The reused key stream problem occurs when the same key stream is used to encrypt multiple messages in a stream cipher. By XORing the resulting ciphertexts, an attacker can remove the key stream and expose parts of the original messages, making decryption much easier.
Describe the role of the nonce in preventing reused key streams when using the same passphrase to encrypt different files
A nonce prevents reused key streams by ensuring a unique internal key is created each time a file is encrypted, even with the same passphrase. The program combines the passphrase with a newly generated nonce and hashes them together to form a different key for each encryption. This way, attackers cannot exploit repeated key streams across files
Describe how key wrapping may be applied to file encryption
Key wrapping uses two separate and unrelated keys to encrypt the file.
We encrypt the actual data in the file with the content encryption key (CEK).
We must generate a new, truly random CEK whenever we encrypt the file.
We then use the passphrase to produce a key encrypting key (KEK).
We produce the wrapped key by encrypting the CEK with the KEK.
(Paragraph form ni ha not bullet, just did this para easy to memorize xD)
What is the difference between key splitting and key wrapping
Key wrapping protects an encryption key (the content encryption key, or CEK) by encrypting it with another key called the key encryption key (KEK). This lets each file have its own random CEK while the passphrase only protects the wrapped key.
Key splitting, on the other hand, is a simpler form of key wrapping that uses XOR to combine the CEK and KEK. Both keys come from truly random sources, and XORing them “splits” the key so it can be safely shared or stored separately.
Summarize the reasons for rekeying an encrypted file
- We use the document regularly over a long period of time.
- At minimum, change the key whenever some other major event occurs.
- For safety’s sake, rekey more often on larger cryptonets. - We suspect that the key has been leaked.
- A person who knows the key must leave the cryptonet.
The more data we encrypt, the more vulnerable our keys become to cryptanalysis. We rekey periodically to reduce the risk.
Describe the different categories of asymmetric encryption algorithms and how they are used in practice
- Diffie-Hellman (D-H) – Enables two parties to share a secret key without directly sending it. Often used for temporary key exchanges in sessions.
- Rivest-Shamir-Adleman (RSA) – Performs asymmetric encryption and decryption using large prime numbers and modular arithmetic. Commonly used for secure message exchange and digital signatures.
- Elliptic Curve Cryptography (ECC) – Similar to D-H but uses elliptic curves for stronger security with smaller keys. Used for key exchange and digital signatures, widely adopted in government and military systems for efficiency and high security.
What information must be shared to implement Diffie-Hellman key sharing? Whst is the result?
both participants must have a public/private key pair. Each one multiplies their own private key by the other’s public key to compute the shared secret.
What information must be shared to exchange a wrapped key using RSA?
Only the recipient’s RSA public key needs to be shared to exchange a wrapped key securely
What information must be shared to validate a digital signature using RSA?
To validate a digital signature using RSA, the signer’s public key (e, N) must be shared, where e is the public exponent and N is the modulus.
What information must be available to validate a chain of certificates?
- Each certificate in the chain, including:
• The public key contained in the certificate.
• The identity of the Certificate Authority (CA) that issued (signed) it. - The public key of the root Certificate Authority (CA)
- Digital signatures on each certificate
Describe the differences between a hierarchical PKI and one that relies on a web of trust
Hierarchical structure: the most common
- the “root” certificate is distributed widely
- other certificates are verified against it
Web of trust
- an alternative based on personal trust in other certificate signers
Explain how one might establish trust in a self-signed certificate
- If the certificate contains other data that we can independently verify
- If the certificate is used for a series of transactions
Checklist for Key Handling
- Use either passwords or passphrases
- Allow really long passphrases
- Use the entropy of the entire passphrase
- Preserve entropy
- Erase the passphrase ASAP after use
- Let the user keep the passphrase available
- Don’t put passphrase on the hard drive unless it’s encrypted
- Suppress echo
- Permit echo if chosen by the user
- Use an internal key for only one file
Memorization trade-offs
- It’s hard to remember unusual capitalizations, misspellings, or character substitutions
- It may be easier to remember a longer phrase with conventional syntax
Explain Separation of Duty
Dividing up a task so that it requires two or more people to do it. Reduces risks because a malicious worker will need the others to cooperate
Explain the two public-key cryptography
(Techniques to share secret uinformation without sharing a secret ahead of time)
Techniques are named for their inventors:
- Diffie-Hellman (D-H): Constructs a shared secret from information shared in public
- Rivest-Shamir-Adleman (RSA): Encrypt data readable only by the recipient. Verify that a particular sender encrypted (“signed”) a particular message
Difference of public and private keys
Public/private key belongs to a single entity
- Public keys can be shared with attackers
- Private keys are kept secret by the owner
RSA is the product of mathematical tricks, so, of course, mathematical tricks can bring it down. In other words, RSA is vulnerable to mathematical attack if we use it in certain unfortunate ways: (RSA ATTACKS)
- Decrypt a small plaintext with cube root of 3
- Small private keys are especially vulnerable
- Timing of calculation indicates the key values
- Chosen ciphertext: trick user into applying crypto
