Documente Academic
Documente Profesional
Documente Cultură
Cryptographic Systems
A system, method, or process that is used to provide encryption and
decryption
Uses a secret or private key that isnt available to anyone but authorized
users
Block cipher: Algorithm works on chunks of dataencrypting one and then
moving to the next.
Stream cipher: Data is encrypted one bit, or byte, at a time.
Data Encryption Standard (DES):
o Since the mid-1970s
o Primarily used by government until being replaced by AES
o Based on 56-bit key, considered insecure due to small key size
Triple-DES: Upgrade of DES
o 3DES is still used, even though AES is preferred choice for government
applications
o Uses 168-bit key (using 3 56-bit DES keys)
o Considerably harder to break than DES due to key size, and is still
considered secure
Advanced Encryption Standard (AES): Replaced DES as the current
standard
o Uses the Rijndael algorithm (Joan Daemen and Vincent Rijmen)
o Supports key sizes of 128, 192, and 256, with 128 being the default
AES256: AES using 256 bits instead of 128. Standard for top secret
classification in government
CAST: Cast is an algorithm developed by Carlisle Adams and Stafford Tavares
o 40-bit to 128-bit key
o Extremely fast and efficient
o CAST-128 and CAST-256 also exist
Rons Cipher: Encryption family produced by RSO laboratories
o Current levels are RC4, RC5, and RC6
RC5 uses a key size of up to 2048 bits
Extremely strong system
RC4 is popular with WEP/WPA, SSL, and TLS encryptions
Streaming cipher with keys between 40 and 2048
Blowfish:
o Invented by a team led by Bruce Schneier
o Uses 64-bit block cipher
o Variable key lengths (32-448 bits)
Twofish:
o Uses 128-bit blocks
o Different in that it uses an extremely complex key schedule
Internation Data Encryption Algorithm (IDEA):
o Developed by Swiss consortium
o 128-bit Key
o Similar to DES, but much more secure
o IDEA is used in Pretty Good Privacy (PGP)
One-Time Pads:
o Only truly completely secure cryptographic implementations
Use a key that is as long as a plaintext message, which means
there is no pattern
Used only once then are discarded
Algorithm
Strength
Mode
AES
128-bit
Block
AES256
256-bit
Block
Blowfish
64-bit
Block
CAST
40-128-bit
Block
DES
56-bit
Block
3DES
168-bit
Block
IDEA
128-bit
Block
RC4
Variable
Stream
RC5
128-bit
Block
RC6
128-256-bit
Block
Twofish
128-bit
Block
Algorithm
Common Use
DiffieHellman
Key agreement.
El Gamal
Elliptic
Curve (ECC)
An option to RSA that uses less computing power than RSA and
is popular in smaller devices like smart phones.
RSA
Hashing Algorithms
Must be one-way: Its not reversible. Once hashed, it cant be unhashed
Variable-length input produces fixed-length output: Hashing 2 characters or 2
million produces same length hash value
Algorithm must have few or no collisions: Two hash inputs do not produce the
same output
Rainbow Tables: A reversing method where all the possible hashes are
computed in advanced
1. Create a series of tables; each has all the possible two-letter, threeletter, four-letter, and so forth combinations and the hash of that
combination
2. Now if you search the table for a given hash, the letter combination in
the table that produced the hash must be the password you are
seeking
Salt: Addition of bits at key locations, before or after the hash
o Used to prevent the effectiveness of rainbow tables
o Bits are added before the hash begins, so the rainbow table gives the
wrong output
Key Stretching: Process used to take a weak key and make it stronger,
usually by lengthening.
PBKDF2: PBKDF2 (Password-Based Key Derivation Function 2) It
applies some function (like a hash or HMAC) to the password or
passphrase along with Salt to produce a derived key.
Bcrypt: Used with passwords, and it uses a derivation of the
Blowfish algorithm, converted to a hashing algorithm, to hash a
password and add Salt to it.
Secure Hash Algorithm (SHA): Designed to ensure integrity of message
o One-way hash that can be used with encryption protocols
o Produces 160-bit hash value
o SHA-2: 224, 256, 334, and 512-bit value options
Widely used and recommended
o SHA-3: has been released and is now the standard
SHA-2 has no known issues so its still widely used and
recommended
Message Digest Algorithm (MD): Also used to ensure integrity
o MD5, MD4, and MD2 options
o MD5 is newest version
Produces 128-bit hash
o Has weak collision resistance, so it is no longer recommended
RACE Integrity Primitives Evaluation Message Digest (RIPEMD):
o Based on MD4
o Replaced by RIPEMD-160, which uses 160 bits
o RIPEMD-256 and RIPEMD-320 also exist
GOST: Symmetric cipher developed by Soviet Union, modified to work as a
hash function
o Produces 256-bit output
LANMAN: Prior to Windows NT, Microsoft OSs used LANMAN protocol for
authentication
o Used LM Hash and two DES keys
o Replaced by NT LAN Manager (NTLM) with the release of Windows NT
NT LAN Manager (NTLM):
o Uses MD4/MD5 hashing
o
o
o
o