D3: Cryptography

Question 1

Cryptography through History

Answer 1

VERY TESTABLE; especially caesar, vernam and engima/purple

Caesar Cipher
Scytale
Vignere
Vernam
Enigma Machine and Purple Machine

A secret is shared with a given method, and the secret is shared “out of band”

when the secret is broken, we make it more complex instead of throwing it away

Question 2

Caesar Cipher

Answer 2

Simple substitution

Shift characters THREE spaces

A=D, B=E, C=F, etc.

Pure substitution ciphers, one letter is always substituted with another, are subject to pattern analysis
- one character appears over and over again - it is probably ‘e’ (most common letter). Then you can fine ‘the’, and so on.

ROT13: shifts the alphabet 13 characters

“out of band” communication is required while using this method or any crypto method. This means they would have to tell you separately, and in advance, the decryption method. It can not be integrated in the process

Question 3

Scytale Cipher

Answer 3

Spartans used this cipher to communicate messages to generals in the field

Wrapped tape around a rod

Diameter of the rod is the pre-agreed upon secret (key)

Question 4

Vignere

Answer 4

First polyalphabetic cipher; where letter intersects with the other one

key word is agreed upon ahead of time

first letter of the key is matched up against first letter of the message, and so on

Question 5

Engima Machine/Purple Machine

Answer 5

Used by Germans/Japanese in WWII

Breaking the cryptography of these devices is credited with reducing the length of war

Rotary based!

Has three 3 rotors, type in the message, and depending on the config of the rotors, it would spit out the cipher text, and then you put in the cipher text, and it would spit out the plain text

It was broken with 3 rotors, so German added another

Question 6

Vernam Cipher

Answer 6

AKA One time pad

TESTABLE: only mathematically unbreakable if these conditions are in place:

• key must be used only once
• pad must be at least as long as the message
• key pad is statistically unpredictable
• key pad must be delivered and stored securely

Question 7

Security Services Provided by Cryptography / Why you should use cryptography

Answer 7

How long is a session key valid for? A session

1. Privacy/Secrecy/Confidentiality: prevents unauthorized disclosure of information
2. Authenticity: verifies the claimed identity
3. Integrity: detects modification or corruption
4. Non-Repudiation: combines authenticity and integrity. A sender can’t dispute having sent a message, nor its contents

Question 8

Plain Text to Cipher Text Transformation

Answer 8

Plain Text Message + Initialization Vector (IV) + Algorithm (cipher) + Key

=

Cipher Text!!!!!!

How it works:

If you want confidentiality - start with plain text, use an initialization vector for additional randomness in the beginning, use an algorithm/cipher that gives you the math to perform, and then the key gives instructions on how to use the math = you get the cipher text

Question 9

Playlist Shuffle Concept / Initialization Vector

Answer 9

Putting a playlist on random, doesn’t always bring you randomness. If you always start at 0 - you don’t have real randomness

Vary the starting point and you will make the process more random!!!!

very similar to “seed” or “salt”
- this same concept with password generation

By using an IV, you’ll get added randomness

IV has to be generated by something not truly random, because a computer cannot randomize - can only pseudo random (PRNG - pseudo random number generator; it’s not really random, it’s based on something else)

Question 10

Algorithm

Answer 10

A collection of math functions that can be performed, and those functions are called substitution block

A chunk of data goes into a substitution block and math is performed - and then goes to a different sub — they are called function

algorithm will chunk data into a block, goes through math processes

how many functions, in what order, in what pattern will it go through? if this is easy to do, it will be easy to tell. The Key provides the instructions on which functions of the algorithm will use

longer key - more math functions

shorter key - less, but can repeat the same functions and can create patterns

Question 11

Desirable Qualities of an Algorithm

Answer 11

• confusion: complex substitution = good, strong math
• diffusion: concatenate plain text with cipher text - brings more complexity and harder to reverse
• avalanche: aka chaining; output form one function, provides input into the next. Ex: Daily totals feed into Weekly totals, and Weekly totals feed into Annual totals Ex. Cipher text from the first block is used as the initialization vector for the second block
• permutations: aka rounds; certain algorithms put their blocks into permutations (ex. DES) - take a block of data and encrypt it and then encrypt it 16 rounds of encryption in total. This was broken. Tripe DES, used 3 instances of DES - every single block of data through 48 permutations (not ideal compared to AES)
• open - Kerchoff’s principle: openness is better > I make the math in my algorithm open to the public, and if someone else can make it more complicated, it’s better. Ex. Open SSL didn’t have any peer review, and it was broken - government doesn’t believe it but ISC2 does

Security through Obscurity - if you can’t find it you cannot break it

Question 12

Desirable qualities of a key

Answer 12

• long
• random
• secret; especially if the algorithm is open

Question 13

Symmetric Cryptography

Answer 13

A shared secret that both coder and decoder knows - the secret is the KEY

Symmetric algorithm provide good strong privacy and is really fast. We really like this

Two types of symm: Block and Stream

Block Cipher: chunks data into blocks, and every algorithm/cipher specifies how big the block is

• most common
• most common is AES - advanced encryption standard
• which algorithm does XYZ use? if you don’t know otherwise, it should be AES

Stream Cipher

• RC-4
• weaker than block ciphers
• they’re very fast & efficient
• fast to encrypt and decrypt