Cryptography

Substitution Ciphers: Type of coding or ciphering system that changes one

character or symbol into another.
Caesar Cipher (Julius Caesar): Simply shifting letters a certain number of
spaces in the alphabet
Multi-alphabet: Substitution Cipher where you might move the first letter by
3, second by 3, and third by 1, then repeat the pattern
Transposition Cipher: Transposing or scrambling the letters in a certain manner.
Typically, the message is broken into blocks of equal size, and each block is
scrambled
Rail Fence Cipher: Write the message letters out diagonally over a number
of rows then read off cipher row by row.
o Meet Me After the Toga Party
o mematrhtgpry
o etefeteoaat
o MEMATRHTGPRYETEFETEOAAT
ROT13: One of the oldest known encoding algorithms. It rotates every letter 13
places in the alphabet. A becomes N, B becomes O, etc. ROTATION13
Enigma Machine: Basically a typewriter that typed the encrypted message for
you. Prior to computers, it was extremely hard to break.
Steganography: Embedding hidden information within a medium such as an
image, audio file, etc.
Steganography can also be used to accomplish electronic watermarking.
Mapmakers and artists have used watermarking for years to protect
copyrights
Key Exchange:
In-band: key exchanged through same channel that is being encrypted
(IPSec)
Out-of-band: Uses some other channel than the one being secured
Forward secrecy: If one key is compromised, subsequent keys will not be
o Perfect forward secrecy: Occurs when forward secrecy is
unbreakable
Which cryptography should you use?
Kerckhoffss principle: Security of an algorithm should depend on the
secrecy of the key and not the secrecy of the algorithm itself
Cryptanalysis Methods: Code-breaking techniques
Frequency Analysis: Looking at blocks of an encrypted message to
determine patterns
o Does not work on modern algorithms
Chosen Plaintext: Obtaining cipher texts corresponding to a set of
plaintexts of their own choosing. This can be incredibly difficult, as you have
to have the exact plaintext of the cipher
Related Key Attack: Like chosen-plaintext attack, but the attacker can
obtain cipher texts encrypted under two different keys
Brute-Force Attack: Applying every possible combination of characters that
could be the key
Exploiting Human Error: Sending an unencrypted email containing the key,
etc.
Wifi Encryption: The clients and access point share the same key, using
symmetric encryption. RC4 is used for this purpose. This is also called a preshared
key.

Wired Equivalent Privacy (WEP): Early attempt to add security but is

weak and not used
Wi-Fi Protected Access (WPA) and WPA2: Replaced WEP as the new
secure standard
o WPA couples RC4 algorithm with TKIP
o WPA2 uses Counter Mode with Cipher Block Chaining Message
Authentication Code Protocol (CCMP). CCMP uses 128-bit AES

Cryptographic Systems
A system, method, or process that is used to provide encryption and
decryption

Confidentiality and Strength: Preventing unauthorized disclosure of information,

internal or external

Strength: Effectiveness of a cryptographic system in preventing

unauthorized decryption
Work Factor: Algorithms strength measurement, as amount of time and
effort to crack 94936

Symmetric Algorithms: Both ends of the encrypted message must

have the same key and algorithm

Uses a secret or private key that isnt available to anyone but authorized
users
Block cipher: Algorithm works on chunks of dataencrypting one and then
moving to the next.
Stream cipher: Data is encrypted one bit, or byte, at a time.
Data Encryption Standard (DES):
o Since the mid-1970s
o Primarily used by government until being replaced by AES
o Based on 56-bit key, considered insecure due to small key size
Triple-DES: Upgrade of DES
o 3DES is still used, even though AES is preferred choice for government
applications
o Uses 168-bit key (using 3 56-bit DES keys)
o Considerably harder to break than DES due to key size, and is still
considered secure
Advanced Encryption Standard (AES): Replaced DES as the current
standard
o Uses the Rijndael algorithm (Joan Daemen and Vincent Rijmen)
o Supports key sizes of 128, 192, and 256, with 128 being the default
AES256: AES using 256 bits instead of 128. Standard for top secret
classification in government
CAST: Cast is an algorithm developed by Carlisle Adams and Stafford Tavares
o 40-bit to 128-bit key
o Extremely fast and efficient
o CAST-128 and CAST-256 also exist
Rons Cipher: Encryption family produced by RSO laboratories
o Current levels are RC4, RC5, and RC6
RC5 uses a key size of up to 2048 bits
Extremely strong system
RC4 is popular with WEP/WPA, SSL, and TLS encryptions
Streaming cipher with keys between 40 and 2048
Blowfish:
o Invented by a team led by Bruce Schneier
o Uses 64-bit block cipher
o Variable key lengths (32-448 bits)
Twofish:
o Uses 128-bit blocks
o Different in that it uses an extremely complex key schedule
Internation Data Encryption Algorithm (IDEA):
o Developed by Swiss consortium
o 128-bit Key
o Similar to DES, but much more secure
o IDEA is used in Pretty Good Privacy (PGP)
One-Time Pads:
o Only truly completely secure cryptographic implementations
Use a key that is as long as a plaintext message, which means
there is no pattern
Used only once then are discarded

Algorithm

Strength

Mode

AES

128-bit

Block

AES256

256-bit

Block

Blowfish

64-bit

Block

CAST

40-128-bit

Block

DES

56-bit

Block

3DES

168-bit

Block

IDEA

128-bit

Block

RC4

Variable

Stream

RC5

128-bit

Block

RC6

128-256-bit

Block

Twofish

128-bit

Block

Asymmetric Algorithms: two keys are used to encrypt and

decrypt data

Public Key: Used to encrypt a message

Private Key: Used to decrypt the message
What one key does, the other undoes
Each end has one key
The public key may be truly public, or it may be a secret between two parties
RSA:
o Inventors are Ron Rivest, Adi Shamir, and Leonard Adleman
o Uses large integers as the basis for the process it uses
o Widely used as a standard for asymmetric encryption
o Uses digital signatures as an option
Diffie-Hellman:
o Used to send keys across public networks
o Isnt used to encrypt or decrypt messages, just for symmetric key
creation
Elliptic Curve Cryptography (ECC):
o Similar to RSA, but uses smaller key sizes to obtain same level of
security
o Nation Security Agency uses and recommends this
o Expect to be used for cellular devices in the future
ElGamal:
o Developed by Taher Elgamal in 1984
o Uses an ephemeral key, which is simply a key that exists only for that
session

Algorithm

Common Use

DiffieHellman

Key agreement.

El Gamal

Transmitting digital signatures and key exchanges.

Elliptic
Curve (ECC)

An option to RSA that uses less computing power than RSA and
is popular in smaller devices like smart phones.

RSA

The most commonly used public-key algorithm, RSA is used for

encryption and digital signatures.

Hashing Algorithms
Must be one-way: Its not reversible. Once hashed, it cant be unhashed
Variable-length input produces fixed-length output: Hashing 2 characters or 2
million produces same length hash value
Algorithm must have few or no collisions: Two hash inputs do not produce the
same output
Rainbow Tables: A reversing method where all the possible hashes are
computed in advanced
1. Create a series of tables; each has all the possible two-letter, threeletter, four-letter, and so forth combinations and the hash of that
combination
2. Now if you search the table for a given hash, the letter combination in
the table that produced the hash must be the password you are
seeking
Salt: Addition of bits at key locations, before or after the hash
o Used to prevent the effectiveness of rainbow tables
o Bits are added before the hash begins, so the rainbow table gives the
wrong output
Key Stretching: Process used to take a weak key and make it stronger,
usually by lengthening.
PBKDF2: PBKDF2 (Password-Based Key Derivation Function 2) It
applies some function (like a hash or HMAC) to the password or
passphrase along with Salt to produce a derived key.
Bcrypt: Used with passwords, and it uses a derivation of the
Blowfish algorithm, converted to a hashing algorithm, to hash a
password and add Salt to it.
Secure Hash Algorithm (SHA): Designed to ensure integrity of message
o One-way hash that can be used with encryption protocols
o Produces 160-bit hash value
o SHA-2: 224, 256, 334, and 512-bit value options
Widely used and recommended
o SHA-3: has been released and is now the standard
SHA-2 has no known issues so its still widely used and
recommended
Message Digest Algorithm (MD): Also used to ensure integrity
o MD5, MD4, and MD2 options
o MD5 is newest version
Produces 128-bit hash
o Has weak collision resistance, so it is no longer recommended
RACE Integrity Primitives Evaluation Message Digest (RIPEMD):
o Based on MD4
o Replaced by RIPEMD-160, which uses 160 bits
o RIPEMD-256 and RIPEMD-320 also exist
GOST: Symmetric cipher developed by Soviet Union, modified to work as a
hash function
o Produces 256-bit output
LANMAN: Prior to Windows NT, Microsoft OSs used LANMAN protocol for
authentication
o Used LM Hash and two DES keys
o Replaced by NT LAN Manager (NTLM) with the release of Windows NT
NT LAN Manager (NTLM):
o Uses MD4/MD5 hashing

o
o
o
o

Still used widespread even though Kerberos is used preferable

Used primarily for the purpose of authentication
Version 2 uses 128-bit encryption
Most secure form of challenge/response authentication