Cryptology
Is the science of making and breaking secret codes. The development and use of codes is called cryptography, and breaking codes is called crypt-analysis
Data Encryption Standard (DES)
- is a cipher/ a method of encrypting information
- DES is now considered to be insecure for many applications: chiefly due to the 56-bit key size being too small. Can be broken in as few as 24 hours.
- is believed to be practically secure in the form of triple DES
Advanced Encryption Standard (AES)
- successor of DES
- Is a symmetric cipher defined in federal information processing (FIPS) standard number 197 in 2001
- NSA approves 128-bit for SECRET and 192-bit AES for TOP SECRET
- AES has a fixed block size of 128, 192, or 256 bits (those are the 3 approved key lengths)
3 Approved AES key lengths
128 bit
192 bit
256 bit
Triple DES / 3DES
- 3des is 256 times stronger than DES
- It takes a 64-bit block of data and then performs 3 DES operations in sequence, encrypt, decrypt, encrypt
- requires additional processing time
- can use 1,2, or 3 different keys (1 key = DES)
Software-optimized Encryption Algorithm (SEAL)
Is an alternative algorithm to software based DES, 3DES, and AES
- Is a stream cipher that uses a 160-bit encryption key
- Because it is a stream cipher, data to be encrypted is continuously encrypted and therefore much faster than block ciphers
- longer initialization phase during which a large set of tables is created using SHA
- SEAL has a lower impact on CPU compared to other software-based algorithms
- SEAL support was added to cisco IOS release 12.3(7)T
RC Algorithms
Rc algorithms are widely deployed in many networking applications because of their favorable speed and variable key-length capabilities Several Variations of RC algorithms: -RC2 -RC4 -RC5 -RC6
RC2
Variable key-size block cipher that was designed as a “drop-in” replacement for DES
RC4
- Worlds most widely used stream cipher.
- Variable key-size stream cipher that is often used in file encryption products and for secure communications, such as within SSL
- It is not considered a one-time pad, because the key is not random
- The cipher can be expected to run very quickly in software and is considered secure, although it can be implemented insecurely, as in Wired Equivalent Privacy (WEP)
RC5
a fast block cipher that has a variable block size and key size. RC5 can be used as a drop-in replacement for DES if the block size is set to 64-bit
RC6
RC6 was an AES finalist. a 128-bit to 256-bit block cipher that was designed by rivest, sidney, and yin and is based on RC5.
Bulk Data Encryption - symmentric keys
- The best encryption method for bulk encryption is AES
- AES provides good security and speed and versatility across a variety of computer platforms.
- RSA keys are large numbers that are only suitable for short messages
- DES can be brute forced
- 3DES can take a long time (3 times as long as DES)
Symmetric Encryption Algorithm examples (3)
- DES
- 3DES
- AES
Symmetric encryption requires a much larger key size to achieve the same level of protection as asymmetric encryption.
Stream Cipher
A stream cipher converts one symbol of plaintext directly to a symbol of ciphertext
- Stream ciphers encrypt plaintext one byte or one bit at a time
- Can be much faster than block ciphers, and generally do not increase the message size
Block Ciphers
Encrypt a group of plaintext symbols as one block
- most modern symmetric encryption algorithms are block ciphers
-block sizes vary, 64=des 128=aes
-Block ciphers transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits
-
Stream Encryption Advantages
- Speed of transformation: algorithms are linear in time and constant in space
- low error propagation: an error in encrypting one symbol likely will not affect subsequent symbols
Stream Encryption Disadvantages
Low Diffusion: All information of plaintext symbols is contained in a single ciphertext symbol
Susceptibility to insertions/modifications: and active interceptor who breaks the algorithm might insert spurious text that looks authentic
Block Encryption Advantages
High diffusion: information from one plaintext symbol is diffused into several ciphertext symbols.
Immunity to tampering: difficult to insert symbols without detection
Block Encryption Disadvantages
Slowness of encryption: an entire block must be accumulated before encryption / decryption can begin
Error propagation: An error in one symbol may corrupt the entire block.
Message Digest 5 (MD5)
- is a widely used cryptographic hash function with a 128-bit hash value
- As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files
- An MD5 hash is typically expressed as a 32-character hexadecimal number.
- In 1996, a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found vulnerable itself)
Secure Hash Algorithm (SHA1, SHA2)
The Sha hash functions are five cryptographic hash functions designed by the NSA and published by the NIST
-The five algorithms are denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
the latter 4 variants are somtimes collectivly called SHA-2
-SHA-1 produces a message digest that is 160 bits long, the number in the other 4 variants denote the bit length of the digest they produce.
-SHA-1 is employed in several widely used security applications and protocols: TLS, SSL, PGP, SSH, S/MIME, and IPsec
-considered to be the successor to MD5
SHA-3
winner of a contest IN 2007 afteR SHA-2 has vulnerability worries
- known as keccak
MD5 vs. SHA
- Longer hash values = more secure
- MD5 and SHA-1 are based on previous version of the message digest algorithm
- sha-1 involves 80 steps, and MD5 involves 64 steps
- when choosing a hashing algorithm, use SHA-256 or higher
HMAC
is a message authentication code (MAC) that is calculated using a hash function and a secret key
- hash functions are the basis of the protection mechanism of HMACs
- the output of the hash function now depends on the input data and the secret key
- authenticity is guarenteed because only the sender and the reciever know the secret key
- The above characteristic defeats man-in-the-middle attacks and provides authentication of the data origin
