Chapter 7 Cryptographic Systems

Chapter 7: Cryptographic Systems
There are a number of ways to secure a network. Networks can be secured through device hardening,
authentication, authorization, and accounting (AAA) access control lists (ACLs), firewall features, and
intrusion prevention system (IPS) implementations. These combined features protect the infrastructure and
end devices within the local network. But how is network traffic protected when traversing the public
Internet? The answer is through cryptographic methods.
The principles of cryptology can be used to explain how modern day protocols and algorithms are used to
secure communications. Cryptology is the science of making and breaking secret codes. The development
and use of codes is called cryptography, and breaking codes is called cryptanalysis. Cryptography has been
used for centuries to protect secret documents. For example, Julius Caesar used a simple alphabetic cipher to
encrypt messages to his generals in the field. His generals would have knowledge of the cipher key required
to decrypt the messages.
Today, modern day cryptographic methods are used in many different ways to ensure secure
communications.
Exist o serie de modaliti de a asigura o reea. Reelele pot fi asigurate prin intermediul
unor liste de control al accesului (ACL), al firewall-ului i al sistemelor de prevenire a intruziunilor
(IPS) prin ntrirea, autentificarea, autorizarea i nregistrarea dispozitivelor. Aceste caracteristici
combinate protejeaz infrastructura i dispozitivele de terminare din reeaua local. Dar cum este
protejat traficul n reea atunci cnd traversai Internetul public? Rspunsul este prin metode
criptografice.
Principiile criptologiei pot fi folosite pentru a explica modul n care protocoalele i algoritmii de zi cu
zi sunt utilizai pentru a asigura comunicaiile. Criptologia este tiina producerii i nclcrii
codurilor secrete. Dezvoltarea i utilizarea codurilor se numete criptografie, iar codurile de rupere
se numete criptanaliz. Criptografia a fost folosit de secole pentru a proteja documentele
secrete. De exemplu, Julius Caesar a folosit un simplu cifru alfabetic pentru a cripta mesajele
ctre generalii si n cmp. Generalele lui ar avea cunotine despre cheia de cifru necesar
pentru decriptarea mesajelor.
Astzi, metodele criptografice moderne sunt folosite n multe moduri diferite pentru a asigura
comunicarea securizat.
Authentication, Integrity, and Confidentiality

To ensure secure communications across both the public and private infrastructure, the network
administrators first goal is to secure the network infrastructure, including routers, switches, servers, and
hosts. This can be accomplished using device hardening, AAA access control, ACLs, firewalls, monitoring
threats using IPS, securing endpoints using Advanced Malware Protection (AMP), and enforcing email and
web security using the Cisco Email Security Appliance (ESA) and Cisco Web Security Appliance (WSA).
The figure shows an example of a secure network topology.
The next goal is to secure the data as it travels across various links. This may include internal traffic, but of
greater concern is protecting the data that travels outside of the organization to branch sites, telecommuter
sites, and partner sites.
There are three primary objectives of securing communications:

Authentication - Guarantees that the message is not a forgery and does actually come from whom it
states.
Integrity - Guarantees that no one intercepted the message and altered it; similar to a checksum
function in a frame.
Confidentiality - Guarantees that if the message is captured, it cannot be deciphered.
Many modern networks ensure authentication with protocols, such as hash message authentication code
(HMAC). Integrity is ensured by implementing either MD5 or SHA hash-generating algorithms. Data
confidentiality is ensured through symmetric encryption algorithms, including Data Encryption Standard
(DES), 3DES, and Advanced Encryption Standard (AES). Symmetric encryption algorithms are based on
the premise that each communicating party knows the pre-shared key. Data confidentiality can also be
ensured using asymmetric algorithms, including Rivest, Shamir, and Adleman (RSA) and the public key
infrastructure (PKI). Asymmetric encryption algorithms are based on the assumption that the two
communicating parties have not previously shared a secret and must establish a secure method to do so.
Note: These primary objectives are similar but not identical to the three primary issues in securing and
maintaining a computer network which are confidentiality, integrity, and availability.
Autentificare, integritate i confidenialitate
Pentru a asigura comunicarea sigur att n infrastructura public, ct i n cea privat, primul
obiectiv al administratorului de reea este s asigure infrastructura de reea, inclusiv routerele,
comutatoarele, serverele i gazdele. Acest lucru poate fi realizat prin ntrirea dispozitivului,
controlul accesului AAA, ACL, firewall-uri, ameninri de monitorizare prin utilizarea IPS,
securizarea obiectivelor prin utilizarea Advanced Anti-Malware Protection (AMP) i asigurarea
securitii e-mail-urilor i web-urilor folosind Cisco Email Security Appliance (ESA) Aparatul
(WSA). Figura arat un exemplu de topologie de reea securizat.
Urmtorul obiectiv este de a asigura datele n timp ce cltorete n diferite linkuri. Acest lucru
poate include traficul intern, dar o preocupare mai mare este protejarea datelor care cltoresc n
afara organizaiei la site-uri de sucursale, site-uri telecommuter i site-uri partenere.
Exist trei obiective primare de asigurare a comunicaiilor:
Autentificare - Garanteaz c mesajul nu este un fals i de fapt vine de la el.
Integritatea - garanteaz c nimeni nu a interceptat mesajul i nu ia modificat-o; Similar cu o
funcie de sum de control ntr-un cadru.
Confidenialitate - Garanteaz c, dac mesajul este capturat, acesta nu poate fi descifrat.
Multe reele moderne asigur autentificarea prin protocoale, cum ar fi codul de autentificare a
mesajelor hash (HMAC). Integritatea este asigurat prin implementarea algoritmilor MD5 sau
SHA-generatoare. Confidenialitatea datelor este asigurat prin intermediul algoritmilor de criptare
simetric, incluznd Standardul de criptare a datelor (DES), 3DES i Advanced Encryption
Standard (AES). Algoritmii de criptare simetric se bazeaz pe premisa c fiecare comunicant
cunoate cheia pre-distribuit. Confidenialitatea datelor poate fi, de asemenea, asigurat folosind
algoritmi asimetrici, inclusiv Rivest, Shamir i Adleman (RSA) i infrastructura cheilor publice (PKI).
Metodele de criptare asimetrice se bazeaz pe presupunerea c cele dou pri comunicante nu
au mprtit anterior un secret i trebuie s stabileasc o metod sigur pentru a face acest lucru.
Not: Aceste obiective primare sunt similare, dar nu identice cu cele trei probleme principale n
securizarea i ntreinerea unei reele de calculatoare care sunt confidenialitate, integritate i
disponibilitate.
Authentication
There are two primary methods for validating a source in network communications: authentication services
and data nonrepudiation services.
Authentication guarantees that a message comes from the source that it claims to come from. Authentication
is similar to entering a secure personal identification number (PIN) for banking at an ATM, as shown in the
figure. The PIN should only be known to the user and the financial institution. The PIN is a shared secret
that helps protect against forgeries. In network communications, authentication can be accomplished using
cryptographic methods. This is especially important for applications or protocols, such as email or IP, that
do not have built-in mechanisms to prevent spoofing of the source.
Data nonrepudiation is a similar service that allows the sender of a message to be uniquely identified. With
nonrepudiation services in place, a sender cannot deny having been the source of that message. It might
appear that the authenticity service and the nonrepudiation service are fulfilling the same function. Although
both address the question of the proven identity of the sender, there is a difference between the two.
The most important part of nonrepudiation is that a device cannot repudiate, or refute, the validity of a
message sent. Nonrepudiation relies on the fact that only the sender has the unique characteristics or
signature for how that message is treated. Not even the receiving device can know how the sender treated
this message to prove authenticity because the receiver could then pretend to be the source.
If the major concern is for the receiving device to validate the source and there is no concern about the
receiving device imitating the source, it does not matter whether the sender and receiver both know how to
treat a message to provide authenticity. An example of authenticity versus nonrepudiation is a data exchange
between two computers of the same company versus a data exchange between a customer and an e-
commerce website. The two computers exchanging data within an organization do not have to prove to the
other which of them sent a message.
This practice is not acceptable in business applications, such as when purchasing items online. If the online
store knows how a customer message was created to prove the authenticity, then it could easily fake
authentic orders. In such a scenario, the sender must be the only party with the knowledge of how the
message was created. The online store can prove to others that the order was, in fact, sent by the customer,
and the customer cannot argue that the order is invalid.
Autentificare
Exist dou metode principale pentru validarea unei surse n comunicaii n reea: servicii de
autentificare i servicii de nonrepudiere de date.
Autentificarea garanteaz c un mesaj provine de la sursa despre care se pretinde c provine.

Autentificarea este similar cu introducerea unui numr de identificare personal securizat (PIN)
pentru bancare la un ATM, aa cum se arat n figur. PIN-ul trebuie s fie cunoscut numai
utilizatorului i instituiei financiare. Codul PIN este un secret comun care v ajut s v protejai
mpotriva falsurilor. n comunicaiile n reea, autentificarea poate fi realizat folosind metode
criptografice. Acest lucru este deosebit de important pentru aplicaii sau protocoale, cum ar fi e-
mail sau IP, care nu au mecanisme integrate pentru a preveni falsificarea sursei.
Nonrepudierea datelor este un serviciu similar care permite expeditorului unui mesaj s fie
identificat n mod unic. Cu serviciile nonrepudiation active, un expeditor nu poate nega c a fost
sursa acestui mesaj. S-ar putea s par c serviciul de autenticitate i serviciul de nerepudiere
ndeplinesc aceeai funcie. Dei ambele abordeaz problema identitii dovedite a expeditorului,
exist o diferen ntre cele dou.
Cea mai important parte a nerepudierii este c un dispozitiv nu poate repudia sau respinge
valabilitatea unui mesaj trimis. Nonrepudierea se bazeaz pe faptul c numai expeditorul are
caracteristicile sau semntura unic pentru modul n care este tratat acest mesaj. Nici mcar
dispozitivul de recepie nu poate ti cum a fost tratat de ctre expeditor acest mesaj pentru a
dovedi autenticitatea deoarece receptorul ar putea s pretind c este sursa.
Dac preocuparea major este ca dispozitivul de recepie s valideze sursa i nu exist nici o
ngrijorare cu privire la dispozitivul de recepie care imit sursa, nu conteaz dac att expeditorul
ct i receptorul tiu cum s trateze un mesaj pentru a asigura autenticitatea. Un exemplu de
autenticitate fa de nonrepudiation este schimbul de date ntre dou computere ale aceleiai
companii fa de un schimb de date ntre un client i un site web de comer electronic. Cele dou
computere care schimb date n cadrul unei organizaii nu trebuie s demonstreze celeilalte care
dintre ele au trimis un mesaj.
Aceast practic nu este acceptabil n aplicaiile de afaceri, cum ar fi cumprarea de articole

online. Dac magazinul online tie cum a fost creat un mesaj client pentru a dovedi autenticitatea,
atunci ar putea falsifica cu uurin comenzile "autentice". ntr-un astfel de scenariu, expeditorul
trebuie s fie singura parte cu cunotine despre modul n care a fost creat mesajul. Magazinul
online poate dovedi altora c comanda a fost, de fapt, trimis de client, iar clientul nu poate
argumenta c ordinul este nevalid.
Data Integrity
Data integrity ensures that messages are not altered in transit. With data integrity, the receiver can verify that
the received message is identical to the sent message and that no manipulation occurred.
European nobility ensured the data integrity of documents by creating a wax seal to close an envelope, as
shown in the figure. The seal was often created using a signet ring. These bore the family crest, initials, a
portrait, or a personal symbol or motto of the owner of the signet ring. An unbroken seal on an envelope
guaranteed the integrity of its contents. It also guaranteed authenticity based on the unique signet ring
impression.
Integritatea datelor
Integritatea datelor asigur c mesajele nu sunt modificate n timpul transportului. Cu integritatea

datelor, receptorul poate verifica dac mesajul primit este identic cu mesajul trimis i c nu a avut
loc nicio manipulare.
Nobilimea european a asigurat integritatea datelor documentelor prin crearea unui sigiliu de
cear pentru a nchide un plic, dup cum se arat n figur. Sigiliul a fost adesea creat folosind un
inel de semntur. Acestea au purtat creasta familiei, iniiale, un portret sau un simbol personal
sau un motto al proprietarului inelului de semnalizare. O sigilare nentrerupt pe un plic
garanteaz integritatea coninutului su. De asemenea, a garantat autenticitatea bazat pe
impresia inelului sigiliu unic.
Data Confidentiality
Data confidentiality ensures privacy so that only the receiver can read the message. This can be achieved
through encryption. Encryption is the process of scrambling data so that it cannot be easily read by
unauthorized parties.
When enabling encryption, readable data is called plaintext, or cleartext, while the encrypted version is
called encrypted text or ciphertext. In this course, we will use the term ciphertext. The plaintext readable
message is converted to ciphertext, which is the unreadable, disguised message. Decryption reverses the
process. A key is required to encrypt and decrypt a message. The key is the link between the plaintext and
ciphertext.
Historically, various encryption algorithms and methods have been used. Julius Caesar is said to have
secured messages by putting two sets of the alphabet, side-by-side, and then shifting one of them by a
specific number of places. The number of places in the shift serves as the key. He converted plaintext into
ciphertext using this key, and only his generals, who also had the key, knew how to decipher the messages.
This method is now known as the Caesar cipher. An encoded message using the Caesar cipher is shown in
the figure.
Using a hash function is another way to ensure data confidentiality. A hash function transforms a string of
characters into a usually shorter, fixed-length value or key that represents the original string. The difference
between hashing and encryption is in how the data is stored. With encrypted text, the data can be decrypted
with a key. With the hash function, after the data is entered and converted using the hash function, the
plaintext is gone. The hashed data is simply there for comparison. For example, when a user enters a
password, the password is hashed and then compared to the stored hashed value. If the user forgets the
password, it is impossible to decrypt the stored value, and the password must be reset.
The purpose of encryption and hashing is to guarantee confidentiality so that only authorized entities can
read the message.
Confidenialitatea datelor
Confidenialitatea datelor asigur confidenialitatea, astfel nct numai receptorul s poat citi
mesajul. Acest lucru se poate realiza prin criptare. Criptarea este procesul de codificare a datelor,
astfel nct s nu poat fi uor citit de pri neautorizate.
Cnd se activeaz criptarea, datele care pot fi citite se numesc plaintext sau text clar, n timp ce
versiunea criptat se numete text criptat sau text cifrat. n acest curs, vom folosi termenul de text
cipher. Mesajul uor de citit este convertit n textul cipher, care este mesajul necitit, deghizat.
Decriptarea inverseaz procesul. Este necesar o cheie pentru criptarea i decriptarea unui
mesaj. Cheia este legtura dintre textul plaintext i textul cipher.
Din punct de vedere istoric, au fost folosii algoritmi i metode de criptare diferite. Se spune c
Julius Caesar a primit mesaje prin plasarea a dou seturi de alfabet, una lng cealalt, i apoi
mutnd una dintre ele ntr-un anumit numr de locuri. Numrul de locuri n schimbare servete
drept cheie. El a transformat textul n cifre folosind cheia, iar numai generalii si, care aveau i
cheia, tiau s descifreze mesajele. Aceast metod este acum cunoscut sub numele de cifru
Caesar. Un mesaj codificat care utilizeaz cifrul Caesar este prezentat n figur.
Folosirea unei funcii hash este un alt mod de a asigura confidenialitatea datelor. O funcie
hash transform un ir de caractere ntr-o valoare, de obicei, mai scurt, cu o lungime fix sau o
cheie care reprezint irul original. Diferena dintre hashing i criptare este modul n care datele
sunt stocate. Cu text criptat, datele pot fi decriptate cu o cheie. Cu ajutorul funciei hash, dup ce
datele au fost introduse i convertite folosind funcia hash, plaintextul a disprut. Datele de tip
hashed sunt pur i simplu acolo pentru comparaie. De exemplu, atunci cnd un utilizator
introduce o parol, parola este hash i apoi comparat cu valoarea hashed stocat. Dac
utilizatorul uit parola, este imposibil s decriptai valoarea stocat i parola trebuie resetat.
Scopul criptrii i al hashing-ului este de a garanta confidenialitatea, astfel nct numai

entitile autorizate s poat citi mesajul.
7.1.2.1 Creating Cipher Text
Creating Cipher Text

The history of cryptography starts in diplomatic circles thousands of years ago. Messengers from a kings
court took encrypted messages to other courts. Occasionally, other courts not involved in the
communication, attempted to steal messages sent to a kingdom they considered an adversary. Not long after,
military commanders started using encryption to secure messages.
Over the centuries, various cipher methods, physical devices, and aids have been used to encrypt and
decrypt text:
Scytale (Figure 1)
Caesar Cipher (Figure 2)
Vigenre Cipher (Figure 3)
Enigma Machine (Figure 4)
Each of these encryption methods uses a specific algorithm, called a cipher, to encrypt and decrypt
messages. A cipher is a series of well-defined steps that can be followed as a procedure when encrypting and
decrypting messages. There are several methods of creating ciphertext:
Transposition
Substitution
One-time pad
Crearea textului de cifru
Istoria criptografiei ncepe n cercurile diplomatice cu mii de ani n urm. Trimisii de la un tribunal
al regelui au primit mesaje criptate altor instane. Ocazional, alte instane care nu au fost implicate
n comunicare, au ncercat s fure mesaje trimise la un regat pe care l-au considerat un adversar.
Nu dup mult timp, comandanii militari au nceput s utilizeze criptarea pentru a asigura
mesajele.
De-a lungul secolelor, diferite metode de cifru, dispozitive fizice i ajutoare au fost folosite pentru
criptarea i decriptarea textului:
Scytale (figura 1)
Caesar Cipher (Figura 2)
Cipherul Vigenre (Figura 3)
Masina Enigma (Figura 4)
Fiecare dintre aceste metode de criptare utilizeaz un algoritm specific, numit un cifru, pentru
criptarea i decriptarea mesajelor. Un cifru este o serie de pai bine definii care pot fi urmrii ca o
procedur atunci cnd criptai i decriptai mesajele. Exist mai multe metode de creare a textului
cipher:
Transpoziie
Substituie
Tampon unic
Transposition Ciphers
In transposition ciphers, no letters are replaced; they are simply rearranged. An example of this type of
cipher is taking the FLANK EAST ATTACK AT DAWN message and transposing it to read NWAD
TAKCATTA TSAE KNALF. In this example, the key is to reverse the letters.
Another example of a transposition cipher is known as the rail fence cipher. In this transposition, the words
are spelled out as if they were a rail fence. They are staggered, some in front, some in the middle and some
in back, across several parallel lines. For example, refer to the plaintext message in Figure 1. Figure 2
displays how to transpose the message using a rail fence cipher with a key of three. The key specifies that
three lines are required when creating the encrypted code. The resulting ciphertext is displayed in Figure 3.
Modern encryption algorithms, such as the DES and the 3DES, still use transposition as part of the
algorithm.
Transpozitive de codificare
n cipurile de transpunere, nu se nlocuiete nici o liter; Acestea sunt pur i simplu rearanjate. Un
exemplu de acest tip de cifru este luarea mesajului FLANK EAST ATTACK AT DAWN i
transpunerea lui pentru a citi NWAD TAKCATTA TSAE KNALF. n acest exemplu, cheia este de a
inversa literele.
Un alt exemplu de cifru de transpunere este cunoscut sub numele de cifru feroviar gard. n
aceast transpunere, cuvintele sunt exprimate ca i cum ar fi un gard feroviar. Ele sunt ealonate,
unele n fa, unele n mijloc i unele n spate, pe mai multe linii paralele. De exemplu, consultai
mesajul plaintext din Figura 1. Figura 2 afieaz modalitatea de transpunere a mesajului folosind
un ir de gard feroviar cu o cheie de trei. Cheia specific faptul c sunt necesare trei rnduri atunci
cnd se creeaz codul criptat. Textul cifrat rezultat este afiat n Figura 3.
Algoritmii moderni de criptare, cum ar fi DES i 3DES, nc utilizeaz transpunerea ca parte a

algoritmului.
Substitution Ciphers
Substitution ciphers substitute one letter for another. In their simplest form, substitution ciphers retain the
letter frequency of the original message.
The Caesar cipher was a simple substitution cipher. For example, refer to the plaintext message in Figure 1.
If the key used was 3, the letter A was moved three spaces to the right, resulting in an encoded message that
used the letter D in place of the letter A, as shown in Figure 2. The letter E would be the substitute for the
letter B, and so on. The resulting ciphertext is displayed in Figure 3. If the key used was 8, then A becomes
I, B becomes J, and so on.
Because the entire message relied on the same single key shift, the Caesar cipher is referred to as a
monoalphabetic substitution cipher. It is also fairly easy to crack. For this reason, polyalphabetic ciphers,
such as the Vigenre cipher, were invented. The method was originally described by Giovan Battista Bellaso
in 1553, but the scheme was later misattributed to the French diplomat and cryptographer, Blaise de
Vigenre.
Substituirea cifrelor (literelor)
Cipurile de substituire nlocuiesc o liter cu alta. n forma lor cea mai simpl, ifonierele de
substituie pstreaz frecvena literelor mesajului original.
Cifrul Caesar era un simplu cifru de substituie. De exemplu, consultai mesajul plaintext din
Figura 1. Dac cheia folosit a fost 3, litera A a fost mutat cu trei spaii n dreapta, rezultnd un
mesaj codificat care folosea litera D n locul literei A, aa cum se arat n Figura 2. Scrisoarea E ar
fi nlocuitorul literei B i aa mai departe. Textul cifrat rezultat este afiat n Figura 3. Dac cheia
folosit a fost 8, atunci A devine I, B devine J i aa mai departe.
Deoarece ntregul mesaj se bazeaz pe aceeai deplasare cu un singur chei, cifrul Caesar este
denumit un cifru de substituie monoalbabetic. De asemenea, este destul de uor s spargei.
Din acest motiv, s-au inventat cipuri polialfabetice, cum ar fi cifrul Vigenre. Metoda a fost descris
iniial de Giovan Battista Bellaso n 1553, dar schema a fost ulterior misatribuit diplomatului i
criptografului francez, Blaise de Vigenre.
Substitution Ciphers (Cont.)
The Vigenre cipher is based on the Caesar cipher, except that it encrypts text by using a different
polyalphabetic key shift for every plaintext letter. The different key shift is identified using a shared key
between sender and receiver. The plaintext message can be encrypted and decrypted using the Vigenre
Cipher Table, as shown in the figure.
To illustrate how the Vigenre Cipher Table works, suppose that a sender and receiver have a shared secret
key composed of these letters: SECRETKEY. The sender uses this secret key to encode the plaintext
FLANK EAST ATTACK AT DAWN:
The F (FLANK) is encoded by looking at the intersection of column F and the row starting with S
(SECRETKEY), resulting in the cipher letter X.
The L (FLANK) is encoded by looking at the intersection of column L and the row starting with E
(SECRETKEY), resulting in the cipher letter P.
The A (FLANK) is encoded by looking at the intersection of column A and the row starting with C
(SECRETKEY), resulting in the cipher letter C.
The N (FLANK) is encoded by looking at the intersection of column N and the row starting with R
(SECRETKEY), resulting in the cipher letter E.
The K (FLANK) is encoded by looking at the intersection of column K and the row starting with E
(SECRETKEY), resulting in the cipher letter O.
The process continues until the entire text message FLANK EAST ATTACK AT DAWN is encrypted. The
process can also be reversed. For instance, the F is still the cipher letter X if encoded by looking at the
intersection of row F (FLANK) and the column starting with S (SECRETKEY).
When using the Vigenre cipher, if the message is longer than the key, the key is repeated. For example,
SECRETKEYSECRETKEYSEC is required to encode FLANK EAST ATTACK AT DAWN:
Secret key: SECRE TKEY SECRET KE YSEC
Plaintext: FLANK EAST ATTACK AT DAWN
Cipher text: XPCEO XKUR SXVRGD KX BSAP
Although the Vigenre cipher uses a longer key, it can still be cracked. For this reason, a better cipher
method was required.
nlocuirea cipurilor (cont.)
Cifrul Vigenre se bazeaz pe cifrul lui Cezar, cu excepia faptului c cripteaz textul folosind o
alt schimbare de taste polyalphabetic pentru fiecare liter scris. Schimbarea diferit a tastelor
este identificat utiliznd o cheie partajat ntre expeditor i receptor. Mesajul de tip plaintext
poate fi criptat i decriptat folosind Vigenre Cipher Table, aa cum se arat n figur.
Pentru a ilustra modul n care funcioneaz tabelul de cifru Vigenre, presupunei c un expeditor
i un receptor au o cheie secret partajat compus din aceste litere: SECRETKEY. Expeditorul
folosete aceast cheie secret pentru a codifica textul FLANK EAST ATTACK la DAWN:
F (FLANK) este codificat privindu-se intersecia coloanei F i rndul care ncepe cu S

(SECRETKEY), rezultnd litera X.
L (FLANK) este codificat prin examinarea interseciei coloanei L i a rndului care ncepe cu E
(SECRETKEY), rezultnd litera litera C
A (FLANK) este codificat prin uitarea interseciei coloanei A i a rndului care ncepe cu C
(SECRETKEY), rezultnd litera C cifra.
N (FLANK) este codificat prin cutarea interseciei coloanei N i a rndului care ncepe cu R
(SECRETKEY), rezultnd litera litera C.
K (FLANK) este codificat prin uitarea interseciei coloanei K i a rndului care ncepe cu E
(SECRETKEY), rezultnd litera O de cifru.
Procesul continu pn cnd ntregul mesaj text FLANK EAST ATTACK AT DAWN este criptat.
Procesul poate fi de asemenea inversat. De exemplu, F este nc litera X de cifru, dac este
codificat, privindu-se la intersecia rndului F (FLANK) i a coloanei ncepnd cu S
(SECRETKEY).
Cnd se utilizeaz cifrul Vigenre, dac mesajul este mai lung dect cheia, se repet cheia. De
exemplu, SECRETKEYSECRETKEYSEC este obligat s codifice atacul FLANK EAST AT DAWN:
Cheie secret: SECRE TKEY SECRET KE YSEC
Plaintext: ATENIE FLANK EAST AT DAWN
Text de cifru: XPCEO XKUR SXVRGD KX BSAP
Dei cifrul Vigenre utilizeaz o cheie mai lung, acesta poate fi totui crpat. Din acest motiv, a
fost necesar o metod de cifru mai bun.
One-Time Pad Ciphers

Gilbert Vernam was an AT&T Bell Labs engineer who, in 1917, invented, and later patented, the stream
cipher displayed in Figure 1. He also co-invented the one-time pad cipher. Vernam proposed a teletype
cipher in which a prepared key consisting of an arbitrarily long, non-repeating sequence of numbers was
kept on paper tape. It was then combined character by character with the plaintext message to produce the
ciphertext. Figure 2 displays an example of a Vernam cipher teletype device.
To decipher the ciphertext, the same paper tape key was again combined character by character, producing
the plaintext. Each tape was used only once; hence, the name one-time pad. As long as the key tape does not
repeat or is not reused, this type of cipher is immune to cryptanalytic attack. This is because the available
ciphertext does not display the pattern of the key.
Several difficulties are inheren

uruburi pentru o singur dat
Gilbert Vernam a fost un inginer AT & T Bell Labs, care, n 1917, a inventat i mai trziu brevetat,
cifrul fluxului afiat n figura 1. De asemenea, el a co-inventat cifra unic a tampoanelor. Vernam a
propus un cifru de teletype n care o cheie pregtit constnd dintr-o secven de numere
arbitrare, lung i nerepresiv, a fost pstrat pe band de hrtie. A fost combinat caracterul dup
caracter cu mesajul plaintext pentru a produce textul cifrat. Figura 2 afieaz un exemplu de
dispozitiv teletype de tip Vernam.
Pentru a descifra textul cifrat, aceeai cheie de band de hrtie a fost din nou combinat
caracterul dup caracter, producnd plaintext. Fiecare band a fost utilizat o singur dat; Prin
urmare, numele de un singur timp pad. Atta timp ct banda de chei nu se repet sau nu este
reutilizat, acest tip de cifru este imun la atacul criptanalitice. Acest lucru se datoreaz faptului c
textul cifrat disponibil nu afieaz modelul cheii.
Mai multe dificulti sunt inerente
Cracking Code
For as long as there has been cryptography, there has been cryptanalysis. Cryptanalysis is the practice and
study of determining the meaning of encrypted information (cracking the code), without access to the shared
secret key.
Throughout history, there have been many instances of cryptanalysis:
The Vigenre cipher had been absolutely secure until it was broken in the 19th century by English
cryptographer Charles Babbage.
Mary, Queen of Scots, was plotting to overthrow Queen Elizabeth I from the throne and sent
encrypted messages to her co-conspirators. The cracking of the code used in this plot led to the
beheading of Mary in 1587.
The Enigma-encrypted communications were used by the Germans to navigate and direct their U-
boats in the Atlantic. The Polish and British cryptanalysts broke the German Enigma code. Winston
Churchill was of the opinion that it was a turning point in WWII.
https://ro.wikipedia.org/wiki/Ma%C8%99ina_Enigma
The figure symbolizes that many keys must be tried before successfully breaking a code.
Cod cracking
Atta timp ct a existat criptografie, a existat criptanaliz. Criptanalizarea este practica i studiul
determinrii semnificaiei informaiilor criptate (spargerea codului), fr acces la cheia secret
partajat.
De-a lungul istoriei, au existat multe cazuri de criptanaliz:

Cifrul Vigenre fusese absolut sigur pn cnd a fost spart n secolul al XIX-lea de ctre
criptograful englez Charles Babbage.
Maria, regina scoian, a complotat pentru a rsturna regina Elisabeta I de pe tron i a trimis
mesaje criptate co-conspiratorilor ei. Crparea codului folosit n acest complot a dus la
decapitarea Mariei n 1587.
Comunicrile criptate de enigma au fost folosite de germani pentru a naviga i a direciona

ambarcaiunile lor n Atlantic. Criptanalitii polonezi i britanici au nclcat codul german Enigma.
Winston Churchill era de prere c a fost un punct de cotitur n cel de-al doilea rzboi mondial.
Figura simbolizeaz faptul c multe chei trebuie s fie ncercate nainte de a rupe cu succes un
cod.
Methods for Cracking Code

Several methods are used in cryptanalysis:
Brute-force method - The attacker tries every possible key knowing that eventually one of them
will work.
Ciphertext method - The attacker has the ciphertext of several encrypted messages but no
knowledge of the underlying plaintext.
Known-Plaintext method - The attacker has access to the ciphertext of several messages and knows
something about the plaintext underlying that ciphertext.
Chosen-Plaintext method - The attacker chooses which data the encryption device encrypts and
observes the ciphertext output.
Chosen-Ciphertext method - The attacker can choose different ciphertext to be decrypted and has
access to the decrypted plaintext.
Meet-in-the-Middle method - The attacker knows a portion of the plaintext and the corresponding
ciphertext.
Note: Details of how these methods are implemented is beyond the scope of this course.
The simplest method to understand is the brute-force method. For example, if a thief attempted to steal a
bicycle secured with the combination lock displayed in the figure, they would have to attempt a maximum of
10,000 different possibilities (0000 to 9999). All encryption algorithms are vulnerable to this attack. On
average, a brute-force attack succeeds about 50 percent of the way through the keyspace, which is the set of
all possible keys.
The objective of modern cryptographers is to have a keyspace large enough that it takes too much time and
money to accomplish a brute-force attack.
Metode pentru codul de cracare
n criptanaliz se utilizeaz mai multe metode:
Metoda Brute-force - Atacatorul ncearc fiecare cheie posibil, tiind c n cele din urm unul
dintre ei va funciona.
Metoda textului criptat - Atacatorul are textul criptat al mai multor mesaje criptate, dar nu are
cunotine despre textul subiectiv.
Metoda cunoscut-Plaintext - Atacatorul are acces la textul cipher al mai multor mesaje i tie
ceva despre textul care st la baza acelui text cipher.
Metoda Chosen-Plaintext - Atacatorul alege datele pe care dispozitivul de criptare le cripteaz i

observ ieirea de tip ciphertext.
Metoda Chief-Ciphertext - Atacatorul poate alege un text cifrat diferit pentru a fi decriptat i are
acces la textul decriptat decriptat.
Metoda Meet-in-Middle - Atacantul cunoate o poriune a textului plaintei i a textului cifrat

corespunztor.
Not: Detalii despre modul n care sunt implementate aceste metode depesc sfera acestui curs.
Cea mai simpl metod de a nelege este metoda forei brute. De exemplu, dac un ho a
ncercat s fure o biciclet fixat cu blocul de combinaie afiat n figur, ar trebui s ncerce
maximum 10.000 de posibiliti diferite (0000 - 9999). Toi algoritmii de criptare sunt vulnerabili la
acest atac. n medie, un atac de for brute reuete aproximativ 50% din drum prin spaiul de
chei, care este setul tuturor cheilor posibile.
Obiectivul criptografilor moderni este s aib un spaiu de chei suficient de mare nct s dureze
prea mult timp i bani pentru a realiza un atac brutal.
Cracking Code Example

When choosing a cryptanalysis method, consider the Caesar cipher encrypted code. The best way to crack
the code is to use brute force. Because there are only 25 possible rotations, the effort is relatively small to try
all possible rotations and see which one returns something that makes sense.
A more scientific approach is to use the fact that some characters in the English alphabet are used more
often than others. This method is called frequency analysis. For example, the graph in Figure 1 outlines the
frequency of letters in the English language. The letters E, T, and A are the most popular letters used in the
English language. The letters J, Q, X, and Z are the least popular. Understanding this pattern can help
discover which letters are probably included in the cipher message.
In the Caesar ciphered message IODQN HDVW DWWDFN DW GDZQ, shown in Figure 2, the cipher
letter D appears six times while the cipher letter W appears four times. There is a good possibility that the
cipher letters D and W represent either the plaintext E, T or A. In this case, the D represents the letter A, and
the W represents the letter T.
Exemplu de cod de crack
Cnd alegei o metod de criptanaliz, luai n considerare codul criptat al cifrului Caesar. Cea mai
bun metod de a sparge codul este de a folosi fora brute. Deoarece exist doar 25 de rotaii
posibile, efortul este relativ mic pentru a ncerca toate rotaiile posibile i pentru a vedea care
dintre ele reda ceva care are sens.
O abordare mai tiinific este folosirea faptului c anumite caractere din alfabetul englezesc sunt
folosite mai des dect altele. Aceast metod se numete analiz de frecven. De exemplu,
graficul din Figura 1 prezint frecvena literelor n limba englez. Literele E, T i A sunt cele mai
populare litere utilizate n limba englez. Literele J, Q, X i Z sunt cele mai puin populare.
nelegerea acestui model v poate ajuta s descoperii ce litere sunt probabil incluse n mesajul
de cifru.
n mesajul cifrat Cezar IODQN HDVW DWWDFN DW GDZQ, prezentat n figura 2, litera cifbrului
D apare de ase ori n timp ce litera cifric W apare de patru ori. Exist o bun posibilitate ca
literele de cifru D i W s reprezinte fie expresia E, T sau A. n acest caz, D reprezint litera A, iar
W reprezint litera T.
Making and Breaking Secret Codes

Cryptology is the science of making and breaking secret codes. As shown in the figure, cryptology combines
two separate disciplines:
Cryptography - the development and use of codes
Cryptanalysis - the breaking of those codes
There is a symbiotic relationship between the two disciplines because each makes the other one stronger.
National security organizations employ practitioners of both disciplines and put them to work against each
other.
There have been times when one of the disciplines has been ahead of the other. For example, during the
Hundred Years War between France and England, the cryptanalysts were leading the cryptographers. France
mistakenly believed that the Vigenre cipher was unbreakable, and then the British cracked it. Some
historians believe that the successful cracking of encrypted codes and messages had a major impact on the
outcome of World War II. Currently, it is believed that cryptographers are in the lead.
Efectuarea i ruperea codurilor secrete
Criptologia este tiina producerii i nclcrii codurilor secrete. Dup cum se arat n figur,
criptologia combin dou discipline separate:
Criptografie - dezvoltarea i utilizarea codurilor
Criptanaliza - ruperea acestor coduri
Exist o relaie simbiotic ntre cele dou discipline, deoarece fiecare o face pe cealalt mai
puternic. Organizaiile naionale de securitate angajeaz practicieni din ambele discipline i i fac
s lucreze unul mpotriva celuilalt.
Au fost momente cnd una dintre discipline a fost naintea celuilalt. De exemplu, n timpul
rzboiului de o sut de ani ntre Frana i Anglia, criptanalitii conduceu criptografii. Frana a
crezut n mod eronat c cifrul Vigenre era de nentemeiat, iar britanicii l-au spart. Unii istorici cred
c reuita crprii codurilor i mesajelor criptate a avut un impact major asupra rezultatului celui
de-al doilea rzboi mondial. n prezent, se crede c criptografii sunt n frunte.
Cryptanalysis
Cryptanalysis is often used by governments in military and diplomatic surveillance, by enterprises in testing
the strength of security procedures, and by malicious hackers in exploiting weaknesses in websites.
Cryptanalysts are individuals who perform cryptanalysis to crack secret codes. A sample job description is
displayed in the figure.
While cryptanalysis is often linked to mischievous purposes, it is actually a necessity. It is an ironic fact of
cryptography that it is impossible to prove that any algorithm is secure. It can only be proven that it is not
vulnerable to known cryptanalytic attacks. Therefore, there is a need for mathematicians, scholars, and
security forensic experts to keep trying to break the encryption methods.
Criptanaliza
Criptanalizarea este adesea folosit de guverne n supravegherea militar i diplomatic, de ctre

ntreprinderi n testarea forei procedurilor de securitate i de ctre hackerii ru intenionai n
exploatarea deficienelor n site-urile web.
Criptanalitii sunt persoane care efectueaz criptanaliz pentru a sparge codurile secrete. n figura
este afiat o descriere a lucrrii.
n timp ce criptanalizarea este adesea legat de scopuri rutcioase, este de fapt o necesitate.
Este un fapt ironic al criptografiei c este imposibil s se demonstreze c orice algoritm este sigur.
Se poate demonstra doar c nu este vulnerabil la atacurile criptanalitice cunoscute. Prin urmare,
este necesar ca matematicienii, oamenii de tiin i experii n domeniul criminalitii s continue
s ncerce s sparg metodele de criptare.
The Secret is in the Keys

In the world of communications and networking, authentication, integrity, and data confidentiality are
implemented in many ways using various protocols and algorithms. The choice of protocol and algorithm
varies based on the level of security required to meet the goals of the network security policy.
As an example, for message integrity, message-digest 5 (MD5) is faster but less secure than Secure Hash
Algorithm 2 (SHA2). Confidentiality can be implemented using DES, 3DES, or the very secure AES. Again,
the choice varies depending on the security requirements specified in the network security policy document.
The table in the figure lists common cryptographic hashes, protocols, and algorithms.
Old encryption algorithms, such as the Caesar cipher or the Enigma machine, were based on the secrecy of
the algorithm to achieve confidentiality. With modern technology, where reverse engineering is often
simple, public-domain algorithms are frequently used. With most modern algorithms, successful decryption
requires knowledge of the appropriate cryptographic keys. This means that the security of encryption lies in
the secrecy of the keys, not the algorithm.
Secretul se afl n chei
n lumea comunicaiilor i a reelelor, autentificarea, integritatea i confidenialitatea datelor sunt

puse n aplicare n mai multe moduri, folosind diferite protocoale i algoritmi. Alegerea protocolului
i a algoritmului variaz n funcie de nivelul de securitate necesar pentru ndeplinirea obiectivelor
politicii de securitate a reelei.
De exemplu, pentru integritatea mesajelor, mesajul digest 5 (MD5) este mai rapid, dar mai puin
sigur dect Algoritmul securizat Hash (SHA2). Confidenialitatea poate fi implementat utiliznd
DES, 3DES sau AES foarte sigur. Din nou, alegerea variaz n funcie de cerinele de securitate
specificate n documentul privind politica de securitate a reelei. Tabelul din figur enumer hash-
urile criptografice comune, protocoalele i algoritmii.
Algoritmii de criptare vechi, cum ar fi cifrul Caesar sau maina Enigma, s-au bazat pe secretul
algoritmului de a atinge confidenialitatea. Cu tehnologia modern, n cazul n care ingineria
invers este adesea simpl, se folosesc frecvent algoritmi de domeniu public. Cu majoritatea
algoritmilor moderni, decriptarea cu succes necesit cunoaterea cheilor criptografice
corespunztoare. Aceasta nseamn c securitatea criptrii const n secretul cheilor, nu al
algoritmului.
Cryptographic Hash Function
Hashes are used for integrity assurance. As shown in the figure, a hash function takes binary data, called the
message, and produces a fixed-length, condensed representation, called the hash. The resulting hash is also
sometimes called the message digest, digest, or digital fingerprint.
Hashing is based on a one-way mathematical function that is relatively easy to compute, but significantly
harder to reverse. Grinding coffee is a good analogy of a one-way function. It is easy to grind coffee beans,
but it is almost impossible to put all of the tiny pieces back together to rebuild the original beans.
The cryptographic hashing function is designed to verify and ensure data integrity. It can also be used to
verify authentication. The procedure takes a variable block of data and returns a fixed-length bit string called
the hash value or message digest.
Hashing is similar to calculating cyclic redundancy check (CRC) checksums, but it is much stronger
cryptographically. For instance, given a CRC value, it is easy to generate data with the same CRC. With
hash functions, it is computationally infeasible for two different sets of data to come up with the same hash
output. Every time the data is changed or altered, the hash value also changes. Because of this,
cryptographic hash values are often called digital fingerprints. They can be used to detect duplicate data
files, file version changes, and similar applications. These values are used to guard against an accidental or
intentional change to the data and accidental data corruption.
The cryptographic hash function is applied in many different situations:
To provide proof of authenticity when it is used with a symmetric secret authentication key, such as
IP Security (IPsec) or routing protocol authentication
To provide authentication by generating one-time and one-way responses to challenges in

authentication protocols such as the PPP Challenge Handshake Authentication Protocol (CHAP)
To provide message integrity check proof, such as those used in digitally signed contracts, and public
key infrastructure (PKI) certificates, like those accepted when accessing a secure site using a browser
Funcia de criptare Hash
Hashes sunt folosite pentru asigurarea integritii. Aa cum se arat n figur, o funcie hash are
nevoie de date binare, numite mesaj, i produce o reprezentare condensat pe lungime fix,
numit hash. Hashul rezultat este, de asemenea, numit uneori digestul mesajului, digestul sau
amprenta digital.
Hashing-ul se bazeaz pe o funcie matematic unidirecional, care este relativ uor de calculat,
dar semnificativ mai greu de inversat. Cafeaua de mcinat este o bun analogie a unei funcii ntr-
o singur direcie. Este uor s mnnci boabele de cafea, dar este aproape imposibil s
reintroducei toate piesele mici pentru a reconstrui fasolea original.
Funcia de hash criptografic este conceput pentru a verifica i a asigura integritatea datelor.
Poate fi folosit i pentru a verifica autentificarea. Procedura ia un bloc variabil de date i
returneaz un ir de bii cu lungime fix numit valoarea hash sau digestul mesajului.
Hashing-ul este similar cu calculul sumelor de verificare a verificrii de redundan ciclic (CRC),
dar este mult mai puternic criptografic. De exemplu, dat fiind o valoare CRC, este uor s se
genereze date cu acelai CRC. Cu funciile hash, este imposibil de calculat pentru dou seturi
diferite de date s vin cu aceeai ieire hash. De fiecare dat cnd datele sunt modificate sau
modificate, se modific i valoarea hash. Din acest motiv, valorile hash criptografice sunt adesea
numite amprente digitale. Ele pot fi utilizate pentru a detecta fiierele de date duplicate,
modificrile versiunilor de fiiere i aplicaii similare. Aceste valori sunt folosite pentru a preveni o
schimbare accidental sau intenionat a datelor i coruperea datelor accidentale.
Funcia hash criptografic este aplicat n multe situaii diferite:

Pentru a furniza o dovad a autenticitii cnd este utilizat cu o cheie de autentificare secret
simetric, cum ar fi autentificarea protocolului de securitate IP (IPsec) sau autentificare a
protocolului de rutare
Pentru a asigura autentificarea prin generarea de rspunsuri unice i unice la provocrile din
protocoalele de autentificare, cum ar fi PPP Challenge Handshake Authentication Protocol
(CHAP)
Pentru a furniza dovada verificrii integritii mesajelor, cum ar fi cele utilizate n contractele
semnate digital i certificatele de infrastructur de cheie public (PKI), cum ar fi cele acceptate
atunci cnd accesai un site securizat utiliznd un browser.
O functie hash este o procedura bine definita sau o functie matematica ce converteste o cantitate de date de
dimensiuni varibile intr-o secventa de date de dimensiuni mici, de obicei de dimensiune fixa, care depinde
de tipul algoritmului folosit si nu de cantitatea (lungimea) datelor de intrare.
O functie hash are (ar trebui sa aiba) urmatoarea proprietate: este imposibil de gasit, prin calcule, un alt bloc
de date care sa aiba aceeasi valoare hash. Cu alte cuvinte, daca pentru un bloc se date dat calculam valoarea
hash, este imposibila gasirea prin intermediul unui calcul a unui alt bloc a carui valoare hash sa fie aceeasi.
Functiile hash sunt folosite in semnaturi digitale sau pentru verificarea integritatii datelor.
Valoarea hash are o lungime fixa indiferent de lungimea datelor pentru care a fist calculata. Valoarea hash a
doua blocuri de date ar trebui sa fie identica daca cele doua blocuri de date sunt identice. Modificari minore
in blocul de date duce la aparitia de modificari nepredictibile si importante in valoarea hash calculata.
O functie Hash nu este inversabila. Este imposibila reconstituirea satelor care au generau o anumita valoare
hash.
.Net, in namespace-ul System.Security.Cryptography contine o serie de clase care implementeaza divesi

algoritmi hash. HashAlgorithm este o clasa abstracta, folosita ca baza pentru diversi algoritmi de hash. In
exemplul pe care vreau sa il prezint aici o sa folosesc 4 clase, derivate din HashAlgorithm care
implementeaza 4 lgoritmi de criptare: SHA1, SHA256, SHA384, SHA512. Aceste clase sunt:
SHA1Managed, SHA256Managed, SHA384Managed si SHA512Managed.
Pentru inceput am construit un enum, in care am introdus cei 4 algoritmi pe care il voi folosi, si cu ajutorul
caruia userul va putea alege functia de hash dorita:
public enum HashAlgoritm

{
SHA1,
SHA256,
SHA384,
SHA512
}
Aplicatia exemplu este o aplicatie winform, care contine 2 textbox-uri, un comboBox si un buton. Primul
textbox va fi locul unde userul poate introduce un text pe care vrea sa il cripteze. Al doilea textbox va afisa
stringul encriptat folosind algoritmul ales din comboBox. Operatia de criptare va avea loc la apasarea
butonului. Form-ul e atat de simplu, incat nu o sa pun screenshot-uri sau codul care il defineste.
Functia care face criptarea este urmatoarea:
public static string ComputeHash(string textToHash, HashAlgoritm hashAlgorithm)

{
// plain text to a byte array.
byte[] textToHashBytes = Encoding.UTF8.GetBytes(textToHash);
HashAlgorithm hash;
// Initialize the hashing algorithm class.

switch (hashAlgorithm)
{
case HashAlgoritm.SHA1:
hash = new SHA1Managed();
break;
break;
break;
break;
default:
break;
}
// Compute hash value for the text

byte[] hashBytes = hash.ComputeHash(textToHashBytes);
// Convert the result into a base64-encoded string.

string hashValue = Convert.ToBase64String(hashBytes);
// Return the result.

return hashValue;
}
Criptarea, asa cum se observa din cosul de mai sus, se aplica pe array de biti, motiv pentru care textul este
convertit in byte[]. Deasemeni, rezultatul criptatii este tot un array de biti, care, pentru a fi reprezentat ca
string se foloseste Convert.ToBase64String
Aplicatii ale functiilor hash:
1. Sistemele de parole.
De cele mai multe ori parola nu este salvata pe hard-disk in clar ci se salveaza un hash al acesteia. Astfel in momentul
in care userul introduce parola, se calculeaza hash-ul acesteia care este comparat apoi cu hash-ul salvat in momentul
setarii initiale a parolei din fisierul de pe hard disk. Daca cele doua hash-uri sunt egale atunci parola este corecta.
Daca parola ar fi fost introdusa gresit, hash-ul ei ar fi fost diferit de cel salvat pe hard disk fiindca fiecare mesaj are
propriul hash, nu exista 2 mesaje (2 parole cu acelasi hash). Avantajul acestui mod de salvare a parolelor este ca
nimeni (nici root pe Linux sau Administrator pe Windows) nu poate afla parolele utilizatorilor. In plus daca un cracker
compromite sistemul si are astfel acces la fisierul cu parole, acesta poate observa hash-ul parolelor si nu parolele. Iar
din hash nu se poate obtine parola... (proprietatea 3).
2. Garantarea integritatii unui fisier, program executabil etc.

Toti producatorii de software includ pe langa fisierul binar care reprezinta programul si hash-ul acestuia. Astfel dupa
ce se downloadeaza fisierul, se calculeaza hash-ul acestuia apoi se compara cu cel afisat pe site-ul producatorului.
Daca hashurile nu sunt identice atunci fisierul a fost modificat (poate fi un virus, cal troian sau pur si simplu a fost
copiat cu erori). Un singur bit modificat in informatia a carui hash calculam genereaza un Diggest complet diferit
(proprietatea 4 si 5).
3. Semnarea digitala a unui mesaj.
Hash-ul mesajului se cripteaza cu cheia privata, iar rezultatul se numeste semnatura digitala. Mai multe detalii in
sectiunea dedicata semnaturii digitale.
Algoritmi de hashing
1. MD5 - Message Diggest Version 5

- genereaza un hash pe 128 biti exprimat in 32 cifre hexazecimale;
- a fost creat de prof. Ronald Rivest de la MIT in 1991;
- a fost standardizat in RFC1321;
- este unul dintre cei mai folositi algoritmi de hashing in prezent (2009);
- incepand cu anul 2004 au inceput sa fie descoperite diferite vulnerabilitati in algoritm multe ne-fatale. Se considera
ca va fi inlocuit in curand de alt algoritm mai sigur;
2. SHA1 - Secure Hash Algorithm Version 1

genereaza un hash output pe 160 biti exprimat in 40 cifre hexazecimale;
- a fost creat si publicat de guvernul USA (NSA) in 1993;
- opereaza pe mesaje de maximum 2^64-1 biti;
- este unul dintre cei mai folositi algoritmi de hashing in prezent (2009);
- incepand cu anul 2004 au inceput sa fie descoperite diferite vulnerabilitati in algoritm multe ne-fatale. Se considera
ca va fi inlocuit in curand de alt algoritm mai sigur;
- SHA2 este o noua familie de algoritmi de Hash publicati in 2001 care contine SHA-224, SHA-256, SHA-384 si SHA-
512 dupa nr. de biti ai outputului;
- SHA3 reprezinta un nou protocol care este inca in dezvoltare si va fi supus unei competitii publice pana in 2012;
3. Whirlpool
- a fost creat in 1995;
produce un hash de 512 biti;
- este o functie noua de hashing care poate opera cu mesaje de maxim de 2^256 biti;
4. Tiger
optimizat pentru procesoarele pe 64 biti;
- outputul poate fi de 128 sau 160 pentru compatibilitate cu algoritmii mai vechi sau 192 biti;
Tipuri de atacuri asupra functiilor de hash
1. Collision attack
Presupune gasirea a doua mesaje oarecare cu acelasi hash in mai putin de 2^(L/2) iteratii. Acest tip de vulnerabilitate
nu reprezinta o problema de securitate.
2. First pre-image attack

Presupune gasirea unui mesaj care determina un hash dat in mai putin de 2^L iteratii. Acest tip de vulnerabilitate
reprezinta o grava problema de securitate.
3. Second pre-image attack

Presupune gasirea unui mesaj M2, avandu-se un mesaj M1 care sa determine acelasi hash in mai putin de 2^L
iteratii. Acest tip de vulnerabilitate reprezinta o grava problema de securitate.
L = lungimea hash-ului rezultat
MAC - Message Authentication Code
MAC se foloseste pentru garantarea identitatii sursei si integritatii mesajului.

Ideea de baza din spatele unui MAC este simpla. In loc de a calcula doar hash-ul unui mesaj, sursa adauga la mesaj o
cheie secreta stiuta doar de catre destinatie si calculeaza hash mesaj+cheie. Catre destinatie se trimite mesajul in
clar si MAC-ul sau. Astfel destinatia calculeaza hash-ul mesajului primit + cheia secreta. Daca MAC-ul primit de la
sursa este identic cu cel calculat local de catre destinatie exista garantia integritatii mesajului si identitatii sursei
(non-repudiation).
Cryptographic Hash Function Properties

Mathematically, a hash function H takes an input x and returns a fixed-size string called the hash value h.
The equation reads: h= H(x).
The example in the figure summarizes the mathematical process.
A cryptographic hash function should have the following properties:
The input can be any length.
The output has a fixed length.
H(x) is relatively easy to compute for any given x.
H(x) is one way and not reversible.
H(x) is collision free, meaning that two different input values will result in different hash values.
If a hash function is hard to invert, it is considered a one-way hash. Hard to invert means that given a
hash value of h, it is computationally infeasible to find an input for x such that h=H(x).
Proprietile funciei Hash criptografic
Din punct de vedere matematic, o funcie hash H are o intrare x i returneaz un ir de mrime fix
numit hash value h. Ecuaia citete: h = H (x).
Exemplul din figur rezum procesul matematic.
O funcie hash criptografic trebuie s aib urmtoarele proprieti:
Intrarea poate avea orice lungime.
Ieirea are o lungime fix.
H (x) este relativ uor de calculat pentru orice x.
H (x) este un mod i nu este reversibil.
H (x) este liber de coliziune, ceea ce nseamn c dou valori de intrare diferite vor avea ca
rezultat valori hash diferite.
Dac o funcie de hash este greu de inversat, este considerat o metod hash cu o singur
cale. Greu de inversat nseamn c, dat fiind o valoare hash de h, este imposibil de calculat s
gsim o intrare pentru x astfel nct h = H (x).
Well-Known Hash Functions

Hash functions are helpful when ensuring data is not changed accidentally, such as by a communication
error. For instance, the sender wants to ensure that the message is not altered on its way to the receiver. The
sending device inputs the message into a hashing algorithm and computes its fixed-length digest or
fingerprint.
In the example in the figure, the calculated hash is 4ehiDx67NMop9. Both the message and the hash are in
plaintext. This fingerprint is then attached to the message and sent to the receiver. The receiving device
removes the fingerprint from the message and inputs the message into the same hashing algorithm. If the
hash that is computed by the receiving device is equal to the one that is attached to the message, the message
has not been altered during transit. If the hashes are not equal, as shown in the figure, then the integrity of
the message can no longer be trusted.
While hashing can be used to detect accidental changes, it cannot be used to guard against deliberate
changes. There is no unique identifying information from the sender in the hashing procedure. This means
that anyone can compute a hash for any data, as long as they have the correct hash function. For example,
when the message traverses the network, a potential attacker could intercept the message, change it,
recalculate the hash, and append it to the message. The receiving device will only validate against whatever
hash is appended. Therefore hashing is vulnerable to man-in-the-middle attacks and does not provide
security to transmitted data.
Two well-known hash functions are:
MD5 with 128-bit digest
SHA-256 with 256-bit digest
Funcii bine cunoscute de Hash
Funciile Hash sunt utile atunci cnd nu se schimb accidental datele, cum ar fi o eroare de
comunicare. De exemplu, expeditorul dorete s se asigure c mesajul nu este modificat n drum
spre receptor. Dispozitivul de trimitere introduce mesajul ntr-un algoritm de hash i i calculeaz
digestul sau amprenta cu lungime fix.
n exemplul din figur, hash-ul calculat este 4ehiDx67NMop9. Att mesajul, ct i hash-ul sunt n
text. Aceast amprent este apoi ataat la mesaj i trimis la receptor. Dispozitivul receptor
ndeprteaz amprenta de la mesaj i introduce mesajul n acelai algoritm de tergere. Dac
hash-ul calculat de dispozitivul de recepie este egal cu cel ataat mesajului, mesajul nu a fost
modificat n timpul tranzitului. Dac hash-urile nu sunt egale, aa cum se arat n figur, atunci
integritatea mesajului nu mai poate fi de ncredere.
n timp ce hacarea poate fi utilizat pentru a detecta modificrile accidentale, nu poate fi utilizat
pentru a se proteja mpotriva modificrilor deliberate. Nu exist informaii unice de identificare de
la expeditor n procedura de hash. Aceasta nseamn c oricine poate calcula un hash pentru
orice date, atta timp ct acestea au funcia hash corect. De exemplu, atunci cnd mesajul
traverseaz reeaua, un atacator potenial poate intercepta mesajul, l poate modifica, recalcula
hash-ul i l poate aduga mesajului. Dispozitivul de recepie va valida numai mpotriva oricrui
hash adugat. Prin urmare, hashing-ul este vulnerabil la atacurile de tip "man-in-the-middle" i nu
ofer securitate datelor transmise.
Dou funcii de tip hash bine cunoscute sunt:
MD5 cu digestare pe 128 bii
SHA-256 cu digestie de 256 bii
Message Digest 5 Algorithm

The MD5 algorithm is a hashing algorithm that was developed by Ron Rivest and is used in a variety of
Internet applications today.
MD5 is a one-way function that makes it easy to compute a hash from the given input data but makes it very
difficult to compute input data given only a hash value. MD5 is essentially a complex sequence of simple
binary operations, such as exclusive OR (XOR) and rotations, which are performed on input data and
produce a 128-bit hashed message digest, as shown in the figure.
MD5 is now considered a legacy algorithm and should be avoided. MD5 should be used only when no better
alternatives are available, such as when interoperating with legacy equipment. It is recommended that MD5
be phased out and replaced with a stronger algorithm such as SHA-2.
Mesaj Digest 5 Algoritm
Algoritmul MD5 este un algoritm de tip hashing dezvoltat de Ron Rivest i este folosit astzi ntr-o
varietate de aplicaii Internet.
MD5 este o funcie cu o singur cale care face mai uor s se calculeze un hash din datele de
intrare date, dar face foarte dificil calcularea datelor de intrare date doar cu o valoare hash. MD5
este n esen o secven complex de operaii binare simple, cum ar fi OR (XOR) exclusiv i
rotaii, care sunt efectuate pe datele de intrare i produc un mesaj de conversie a mesajelor rulate
de 128 bii, dup cum se arat n figur.
MD5 este considerat acum un algoritm motenitor i ar trebui evitat. MD5 ar trebui s fie utilizat
numai atunci cnd nu sunt disponibile alternative mai bune, cum ar fi atunci cnd se
interacioneaz cu echipamentele vechi. Se recomand ca MD5 s fie eliminat i nlocuit cu un
algoritm mai puternic, cum ar fi SHA-2.
Secure Hash Algorithm
The U.S. National Institute of Standards and Technology (NIST) developed SHA, the algorithm specified in
the Secure Hash Standard (SHS). SHA-1, published in 1994, corrected an unpublished flaw in SHA. The
SHA design is very similar to the MD5 hash functions that Ron Rivest developed.
The SHA-1 algorithm takes a message of less than 2^64 bits in length and produces a 160-bit message
digest. The algorithm is slightly slower than MD5, but the larger message digest makes it more secure
against brute-force collision and inversion attacks.
Note: 2^64 represents the exponential number of 2 raised to the 64th power.
SHA-1 is now considered to be a legacy algorithm. Therefore, NIST published four additional hash
functions in the SHA family, which are collectively known as SHA-2:
SHA-224 (224 bit)
SHA-256 (256 bit)
SHA-384 (384 bit)
SHA-512 (512 bit)
SHA-2 algorithms are the secure hash algorithms that the U.S. Government requires by law for use in
certain applications. This includes use in other cryptographic algorithms and protocols, for the protection of
sensitive unclassified information.
Note: SHA-256, SHA-384, and SHA-512 are considered to be next-generation algorithms and should be
used whenever possible.
Secure Algorithm Hash

Institutul Naional de Standarde i Tehnologie din S.U.A. (NIST) a dezvoltat SHA, algoritmul
specificat n standardul Secure Hash Standard (SHS). SHA-1, publicat n 1994, a corectat un
defect nepublicat n SHA. Proiectul SHA este foarte asemntor cu funciile de tip hash MD5
dezvoltate de Ron Rivest.
Algoritmul SHA-1 ia un mesaj de mai puin de 2 ^ 64 bii n lungime i produce un mesaj de

digestare pe 160 de bii. Algoritmul este uor mai lent dect MD5, dar o digest mai mare a
mesajului o face mai sigur mpotriva atacurilor de coliziune i atac de inversiune.
Not: 2 ^ 64 reprezint numrul exponenial de 2 ridicate la puterea a 64-a.
SHA-1 este acum considerat a fi un algoritm motenitor. Prin urmare, NIST a publicat patru funcii
hash suplimentare n familia SHA, care sunt colectiv cunoscute sub numele de SHA-2:
SHA-224 (224 bii)
SHA-256 (256 bii)
SHA-384 (384 bii)
SHA-512 (512 bii)
Algoritmii SHA-2 sunt algoritmii de hash sigure pe care guvernul S.U.A. le solicit prin lege pentru
utilizarea n anumite aplicaii. Aceasta include utilizarea n ali algoritmi i protocoale criptografice,
pentru protecia informaiilor neclasificate sensibile.
Not: SHA-256, SHA-384 i SHA-512 sunt considerate a fi algoritmi de generaie urmtoare i ar

trebui folosii ori de cte ori este posibil.
MD5 versus SHA

Figure 1 displays the resulting hashes of the various hashing algorithms. Remember that the longer the hash
values are, the more secure they are.
Both MD5 and SHA-1 are based on a previous version of the message digest algorithm. This makes MD5
and SHA-1 similar in many ways. SHA-1 and SHA-2 are more resistant to brute-force attacks because their
digest is at least 32 bits longer than the MD5 digest.
SHA-1 involves 80 steps, and MD5 involves 64 steps. The SHA-1 algorithm must also process a 160-bit
buffer instead of the 128-bit buffer of MD5. Because there are fewer steps, MD5 usually executes more
quickly, given the same device.
To verify the integrity of an IOS image, Cisco provides MD5 and SHA digests for all IOS images available
here at Ciscos Download Software website. A comparison of this MD5 digest against the MD5 digest of an
IOS image installed on a device can be made using the verify /md5 command, as shown in Figure 2.
When choosing a hashing algorithm, use SHA-256 or higher as they are currently the most secure. Security
flaws were discovered in SHA-1 and MD5. Therefore, it is now recommended that these algorithms be
avoided.
Note: Specifically, only SHA-256 or higher should be implemented in production networks. Click here for
more information.
MD5 versus SHA
Figura 1 afieaz hash-urile rezultate ale diferitelor algoritmi de hashing. Reinei c, cu ct sunt
mai mari valorile hash, cu att sunt mai sigure.
Att MD5 ct i SHA-1 se bazeaz pe o versiune anterioar a algoritmului digest mesaj. Acest
lucru face ca MD5 i SHA-1 s fie similare n multe moduri. SHA-1 i SHA-2 sunt mai rezistente la
atacurile de for brute, deoarece digestia lor este de cel puin 32 de bii mai lung dect digestul
MD5.
SHA-1 implic 80 de pai, iar MD5 implic 64 de pai. De asemenea, algoritmul SHA-1 trebuie s
proceseze un tampon de 160 bii n loc de tamponul de 128 bii din MD5. Deoarece exist mai
puini pai, MD5 se execut de obicei mai repede, avnd n vedere acelai dispozitiv.
Pentru a verifica integritatea unei imagini IOS, Cisco ofer soluii MD5 i SHA pentru toate
imaginile IOS disponibile aici pe site-ul Cisco's Download Software. O comparaie ntre acest
digest MD5 i digestul MD5 al unei imagini IOS instalate pe un dispozitiv poate fi fcut folosind
comanda verificare / md5, aa cum se arat n figura 2.
Cnd alegei un algoritm de tergere, utilizai SHA-256 sau o versiune superioar, deoarece
acestea sunt n prezent cele mai sigure. Deficienele de securitate au fost descoperite n SHA-1 i
MD5. Prin urmare, acum este recomandat s se evite aceste algoritmi.
Not: n mod specific, numai SHA-256 sau mai mare ar trebui implementat n reele de producie.
Facei clic pe AICI pentru mai multe informaii.
Google Traducere pentru companii:Translator ToolkitInstrumentul de traducere a site-urilor

webGlobal Market Fiind
Next Generation Encryption

April 2012
Last updated: October 2015
Contents
Introduction
Recommendations for Cryptographic Algorithms
Introduction to Cryptography
NGE Background Information
Categories of Cryptographic Algorithms
Symmetric Key
Public Key
Elliptic Curve
Hash
Security Levels
Cryptographic Algorithm Configuration Guidelines
IPsec VPN with Encapsulating Security Payload
Internet Key Exchange in VPN Technologies
Transport Layer Security and Cipher Suites
Acknowledgments
References
Appendix A: Minimum Cryptography Recommendations
Introduction
Over the years, numerous cryptographic algorithms have been developed and used in many different
protocols and functions. Cryptography is by no means static. Steady advances in computing and the science
of cryptanalysis have made it necessary to adopt newer, stronger algorithms and larger key sizes. Older
algorithms are supported in current products to ensure backward compatibility and interoperability.
However, some older algorithms and key sizes no longer provide adequate protection from modern threats
and should be replaced. This paper summarizes the security of cryptographic algorithms and parameters,
gives concrete recommendations regarding which cryptography should be used and which cryptography
should be replaced, and describes alternatives and mitigations.
Recommendations for Cryptographic Algorithms
The following table can help customers migrate from legacy ciphers to current or more secure ciphers. The
table explains each cryptographic algorithm that is available, the operations that each algorithm supports,
and whether an algorithm is Cisco's best recommendation. Customers should pay particular attention to
algorithms designated asAvoid or Legacy. The status labels are explained following the table.
Table 1. Recommendations for Cryptographic Algorithms
Algorithm Operation Status Alternative QCR1 Mitigation
DES Encryption Avoid AES
Short key
3DES Encryption Legacy AES
lifetime
RC4 Encryption Avoid AES
(256-
AES-CBC mode Encryption
Acceptable AES-GCM bit)
AES-GCM Authenticated
NGE2 (256-
mode encryption
bit)
Avoid DH-3072 (Group
DH-768, -1024 Key exchange
15)
RSA-768, -1024 Encryption
RSA-3072
DSA-768, -1024
Authentication DSA-3072
DH-2048 Key exchange Acceptable ECDH-256

RSA-2048 Encryption
DSA-2048 ECDSA-256
Authentication
Acceptable ECDH-256
DH-3072 Key exchange
RSA-3072 Encryption
ECDSA-256
DSA-3072 Authentication
MD5 Integrity Avoid SHA-256
SHA-1 Integrity Legacy SHA-256
SHA-256 Integrity NGE SHA-384

SHA-384
SHA-512

Short key
HMAC-MD5 Integrity Legacy HMAC-SHA-256
lifetime
HMAC-SHA-1 Integrity Acceptable HMAC-SHA-256
HMAC-SHA-256 Integrity NGE
ECDH-256 Key exchange Acceptable ECDH-384

ECDSA-256 ECDSA-384
Authentication
ECDH-384 Key exchange NGE

ECDSA-384
Authentication
1. QCR = quantum computer resistant.
2. NGE = next generation encryption.
Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and
should not be used to protect sensitive information. It is recommended that these algorithms be replaced
with stronger algorithms.
Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only
when no better alternatives are available, such as when interoperating with legacy equipment. It is
recommended that these legacy algorithms be phased out and replaced with stronger algorithms.
Acceptable: Acceptable algorithms provide adequate security.
Next generation encryption (NGE): NGE algorithms are expected to meet the security and scalability
requirements of the next two decades. For more information, see Next Generation Encryption.
Quantum computer resistant (QCR): As of October 2015, there has been attention on quantum computers
(QCs) and their potential impact on current cryptography standards. Although practical QCs would pose a
threat to crypto standards for public-key infrastructure (PKI) key exchange and encryption, no one has
demonstrated a practical quantum computer yet. It is an area of active research and growing interest.
Although it is possible, it can't be said with certainty whether practical QCs will be built in the future. An
algorithm that would be secure even after a QC is built is said to have postquantum security or be quantum
computer resistant (QCR). AES-256, SHA-384, and SHA-512 are believed to have postquantum security.
There are public key algorithms that are believed to have postquantum security too, but there are no
standards for their use in Internet protocols yet.
Cisco is committed to providing the best cryptographic standards to our customers. NGE still includes the
best standards that one can implement today to meet the security and scalability requirements for network
security in the years to come or to interoperate with the cryptography that will be deployed in that time
frame. The biggest threat to crypto nowadays is another high-impact implementation issue, not a QC. So
while we need to get smart about postquantum crypto, we need to do it in a way that doesn't create more
complexity and less robustness. Cisco will remain actively involved in quantum resistant cryptography and
will provide updates as postquantum secure algorithms are standardized.
Short key lifetime: Use of a short key lifetime improves the security of legacy ciphers that are used on
high-speed connections. In IPsec, a 24-hour lifetime is typical. A 30-minute lifetime improves the security
of legacy algorithms and is recommended.
Introduction to Cryptography
Cryptography can provide confidentiality, integrity, authentication, and nonrepudiation for communications
in public networks, storage, and more. Some real-world applications include protocols and technologies
such as VPN networks, HTTPS web transactions, and management through SSH.
Over the years, some cryptographic algorithms have been deprecated, "broken," attacked, or proven to be
insecure. There have been research publications that compromise or affect the perceived security of almost
all algorithms by using reduced step attacks or others such as known plaintext, bit flip, and more.
Additionally, advances in computing reduce the cost of information processing and data storage to retain
effective security. Because of Moore's law and a similar empirical law for storage costs, symmetric
cryptographic keys must grow by 1 bit every 18 months. For an encryption system to have a useful shelf life
and securely interoperate with other devices throughout its life span, the system should provide security for
10 or more years into the future. The use of good cryptography is more important now than ever before
because of the very real threat of well-funded and knowledgeable attackers.
Cryptographic algorithms, in general, are divided into the following categories:
Symmetric key algorithms: These algorithms share the same key for encryption and decryption. Examples
include Triple Data Encryption Standard (3DES) and Advanced Encryption Standard (AES).
Public key algorithms: These algorithms use different, mathematically related keys for encryption and
decryption. Examples include Digital Signature Algorithm (DSA) and the Rivest-Shamir-Adleman (RSA)
algorithm.
Elliptic curve algorithms: These algorithms function over points that belong to elliptic curves. Examples
include Elliptic Curve Diffie-Hellman (ECDH) and Elliptic Curve Digital Signature Algorithm (ECDSA).
Hash: These algorithms provide a constant-sized output for any input and their most important property is
irreversibility.
The following section presents the recommended algorithms and key sizes for each category.

Next generation encryption (NGE) technologies satisfy the security requirements described in the preceding
sections while using cryptographic algorithms that scale better. This document presents algorithms that are
considered secure at present, the status of algorithms that are no longer considered secure, the key sizes that
provide adequate security levels, and next generation cryptographic algorithms.
NGE Background Information
NGE offers the best technologies for future-proof cryptography and it is setting the industry trend. These are
the best standards that one can implement today to meet the security and scalability requirements for years
to come and to interoperate with the cryptography that will be deployed in that time frame.
The algorithms that comprise NGE are the result of more than 30 years of global advancement and
evolution in cryptography. Each constituent component of NGE has its own history, depicting the diverse
history of the NGE algorithms as well as their long-standing academic and community review. For instance,
AES was named by the U.S. National Institute of Standards and Technology (NIST) but AES was not
created by NIST. AES was originally called Rijndael and was created by two Belgian cryptographers.
Additionally, ECDSA and ECDH have had fundamental contributions by cryptographers from around the
world, including Japan, Canada, and the United States. In the end, NGE is composed of globally created,
globally reviewed, and publicly available algorithms.
The following sections discuss the NGE algorithms in more detail.
Categories of Cryptographic Algorithms
There are four groups of cryptographic algorithms.
Symmetric Key
Symmetric key algorithms use the same key for encryption and decryption. Examples include 3DES and
AES. 3DES, which consists of three sequential Data Encryption Standard (DES) encryption-decryptions, is
a legacy algorithm. This designation means that 3DES provides a marginal but acceptable security level, but
its keys should be renewed relatively often. Because of its small key size, DES is no longer secure and
should be avoided. RC4 should be avoided too.
AES with 128-bit keys provides adequate protection for sensitive information. AES with 256-bit keys is
required to protect classified information of higher importance.
Public Key
Public key algorithms use different keys for encryption and decryption. These keys are usually called
the private key, which is secret, and the public key, which is publicly available. The private and public keys
are cryptographically related. The private key cannot be derived from the public key. The private key can be
used only by its owner and the public key can be used by third parties to perform operations with the key
owner.
The RSA algorithms for encryption and digital signatures are less efficient at higher security levels, as is the
integer-based Diffie-Hellman (DH) algorithm. There are subexponential attacks that can be used against
these algorithms. To compensate, their key sizes must be substantially increased. In practice, this means that
RSA and DH are becoming less efficient every year. DH, DSA, and RSA can be used with a 3072-bit
modulus to protect sensitive information. Smaller DH, DSA, and RSA key sizes, such as 768 or 1024,
should be avoided.
Elliptic Curve
Elliptic Curve Cryptography (ECC) is a newer alternative to public key cryptography. ECC operates on
elliptic curves over finite fields. The main advantage of elliptic curves is their efficiency. They can offer the
same level of security for modular arithmetic operations over much smaller prime fields. Thus, the relative
performance of ECC algorithms is significantly better than traditional public key cryptography.
ECDH is a method for key exchange and ECDSA is used for digital signatures. ECDH and ECDSA using
256-bit prime modulus secure elliptic curves provide adequate protection for sensitive information. ECDH
and ECDSA over 384-bit prime modulus secure elliptic curves are required to protect classified information
of higher importance.
Hash
Hash algorithms are also called digital fingerprinting algorithms. They are irreversible functions that
provide a fixed-size hash based on various inputs. Irreversibility and collision resistance are necessary
attributes for successful hash functions. Examples of hash functions are Secure Hash Algorithm 1 (SHA-1)
and SHA-256.
Message Digest 5 (MD5) is a hash function that is insecure and should be avoided. SHA-1 is a legacy
algorithm and thus is adequately secure. SHA-256 provides adequate protection for sensitive information.
On the other hand, SHA-384 is required to protect classified information of higher importance.
Hashed Message Authentication Code (HMAC) is a construction that uses a secret key and a hash function
to provide a message authentication code (MAC) for a message. HMAC is used for integrity verification.
HMAC-MD5, which uses MD5 as its hash function, is a legacy algorithm. Note that MD5 as a hash
function itself is not secure. It provides adequate security today but its keys should be renewed relatively
often. Alternatively, the NIST-recommended HMAC function is HMAC-SHA-1.
Security Levels
The following table shows the relative security level provided by the recommended and NGE algorithms.
The security level is the relative strength of an algorithm. An algorithm with a security level of x bits is
stronger than one of y bits if x > y. If an algorithm has a security level of x bits, the relative effort it would
take to "beat" the algorithm is of the same magnitude of breaking a secure x-bit symmetric key algorithm
(without reduction or other attacks). The 128-bit security level is for sensitive information and the 192-bit
level is for information of higher importance.
Table 2. Security Strength by Algorithm
Algorithm Security Level
AES-128
DH, DSA, RSA-3072
128 bits
SHA-256
ECDH, ECDSA-256
AES-192
SHA-384 192 bits
ECDH, ECDSA-384
AES-256
SHA-512 256 bits
ECDH, ECDSA-521
Cryptographic Algorithm Configuration

Guidelines
After the review of NGE algorithms and recommendations on choosing cryptographic algorithms, it is
worthwhile to review specific guidelines for security technology configuration. The guidelines in this
section are by no means all inclusive. Cryptography is widely deployed in almost every technology; thus, it
is impossible to provide exhaustive guidelines for every technology that employs cryptography.
IPsec VPN with Encapsulating Security Payload
Use the following guidelines when configuring IPsec VPN encryption with Encapsulating Security Payload
(ESP):
Do not use NULL encryption (esp-null).

Use both an authentication algorithm (esp-sha256-hmac is recommended) and an encryption algorithm
(esp-aes is recommended).
The following example shows a Cisco IOS Software or Cisco Adaptive Security Appliance (ASA)
transform set configuration that uses 256-bit AES encryption and HMAC-SHA-256 authentication for ESP
IPsec in tunnel mode:
crypto ipsec transform my-transform-set esp-aes 256 esp-sha256-hmac
Internet Key Exchange in VPN Technologies
Use the following guidelines when configuring Internet Key Exchange (IKE) in VPN technologies:
Avoid IKE Groups 1, 2, and 5.

Use IKE Group 15 or 16 and employ 3072-bit and 4096-bit DH, respectively.
When possible, use IKE Group 19 or 20. They are the 256-bit and 384-bit ECDH groups, respectively.
Use AES for encryption.
Caution: Administrators are advised to use caution regarding processing load when they choose IKE
groups. Load depends on platform limitations. Some platforms may not support Group 15 or 16 in
hardware, and handling them in the CPU could add significant load to the processor in lower-end products
or multiple simultaneous IKE negotiation scenarios.
For Cisco ASA 5500 Series models, administrators are strongly advised to enable hardware processing
instead of software processing for large modulus operations, such as 3072-bit certificates. Initially enabling
hardware processing by using the crypto engine large-mod-accel command, which was introduced in ASA
version 8.3(2), during a low-use or maintenance period will minimize a temporary packet loss that can occur
during the transition of processing from software to hardware. For the Cisco ASA 5540 and ASA 5550
using SSL VPN, administrators may want to continue to use software processing for large keys in specific
load conditions. If VPN sessions are added very slowly and the ASA device runs at capacity, the negative
impact to data throughput is larger than the positive impact for session establishment.
The following example shows a Cisco IOS Software IKE configuration that uses 128-bit AES for
encryption, pre-shared key authentication, and 256-bit ECDH (Group 19):
crypto isakmp policy 10

encryption aes
authentication pre-share
group 19
The following example shows a Cisco IOS Software IKEv2 proposal configuration that uses 256-bit CBC-
mode AES for encryption, SHA-256 for the hash, and 3072-bit DH (Group 15):
crypto ikev2 proposal my-ikev2-proposal

encryption aes-cbc-256
integrity sha256
group 15
Not all product versions support SHA-256 or IKE Group 14, 19, 20, or 24. Recent releases of Cisco IOS
Software and some other product version releases have incorporated support for some of these features.
Transport Layer Security and Cipher Suites
Many products are managed through a web interface using HTTPS. HTTPS uses SSL/Transport Layer
Security (TLS) to encrypt communications. TLS is the successor of SSL and provides encryption,
authentication, and integrity for web communications. TLS 1.2 is the current version. Where possible, TLS
1.2 is preferred over SSL 3.0, TLS 1.0, and TLS 1.1. TLS is also used in various Cisco products to provide
VPN services.
Cipher suites are combinations of security algorithms that are used in TLS. When configuring products that
support TLS, administrators are advised to use secure algorithms in the cipher suites of the TLS negotiation
when possible. Some recommendations are as follows:
Use 3072-bit certificates with cipher suites that include TLS_RSA_.

Use 3072-bit DH or 256-bit or 384-bit ECDH and ECDSA with cipher suites that include:
o TLS_DH_
o TLS_ECDH_
o TLS_ECDH_ECDSA or TLS_RSA_ECDSA
Configure the negotiated TLS cipher suites to include AES-128 or AES-256 GCM as the encryption algorithms
and SHA-256 or SHA-384 for the hashes. The negotiated cipher suites should include:
o WITH_AES_128_GCM_SHA256 or WITH_AES_256_GCM_SHA384
o WITH_AES_256_GCM_SHA256 or WITH_AES_256_GCM_SHA384
Alternatives are:
o WITH_AES_128_CBC_SHA256
o WITH_AES_256_CBC_SHA256
Browsers should support the preceding cipher suites, as should the HTTP server or SSL VPN concentrator.
However, not all product versions support the preceding cipher suites. Support is progressively added.
References
NIST SP 800-131A, B, and C
http://csrc.nist.gov/publications/PubsSPs.html
NIST Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key
Lengths (SP800-131A)
http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
IANA Transport Layer Security (TLS) Parameters

http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-3
IANA Internet Key Exchange (IKE) Attributes

http://www.iana.org/assignments/ipsec-registry
Appendix A: Minimum Cryptography Recommendations
The following table lists recommended cryptographic algorithms that satisfy minimum security
requirements for technology as of October 2015.
Table 3. Recommended Minimum Security Algorithms

Operation Recommended Minimum Security Algorithms
Encryption AES-128-CBC mode
Authentication RSA-3072, DSA-3072
Integrity SHA-256
Key exchange DH Group 15 (3072-bit)
Keyed-Hash Message Authentication Code

In cryptography, a keyed-hash message authentication code (HMAC or KHMAC) is a type of message
authentication code (MAC). HMACs use an additional secret key as input to the hash function. This adds
authentication to integrity assurance. An HMAC is calculated using a specific algorithm that combines a
cryptographic hash function with a secret key, as shown in the figure. Hash functions are the basis of the
protection mechanism of HMACs.
Only the sender and the receiver know the secret key, and the output of the hash function now depends on
the input data and the secret key. Only parties who have access to that secret key can compute the digest of
an HMAC function. This characteristic defeats man-in-the-middle attacks and provides authentication of the
data origin.
If two parties share a secret key and use HMAC functions for authentication, a properly constructed HMAC
digest of a message that a party has received indicates that the other party was the originator of the message.
This is because the other party is the only other entity possessing the secret key.
The cryptographic strength of the HMAC depends on the cryptographic strength of the underlying hash
function, on the size and quality of the key, and the size of the hash output length in bits.
Cisco technologies use two well-known HMAC functions:
Keyed MD5 (HMAC-MD5) - Based on the MD5 hashing algorithm, it provides a marginal but
acceptable security level. It should be used only when no better alternatives are available, such as
when interoperating with legacy equipment.
Keyed SHA-1 (HMAC-SHA-1) - Based on the SHA-1 hashing algorithm, it provides adequate
security.
When an HMAC digest is created, data of an arbitrary length and the secret key are input into the hash
function. The result is a fixed-length hash that depends on the data and the secret key.
Care must be taken to distribute secret keys only to those who require the key. If the secret key is
compromised, packets can be forged; thereby violating the data integrity.
Codul de autentificare a mesajelor cheie Hash
n criptografie, un cod de autentificare cu mesaj cheie (HMAC sau KHMAC) este un tip de cod de
autentificare a mesajelor (MAC). HMAC-urile utilizeaz o cheie secret suplimentar ca intrare
pentru funcia hash. Aceasta adaug autentificare pentru asigurarea integritii. Un HMAC este
calculat folosind un algoritm specific care combin o funcie hash criptografic cu o cheie secret,
aa cum se arat n figur. Funciile Hash sunt baza mecanismului de protecie al HMAC.
Numai expeditorul i receptorul cunosc cheia secret, iar ieirea funciei hash depinde acum de
datele de intrare i de cheia secret. Doar prile care au acces la acea cheie secret pot calcula
digestul unei funcii HMAC. Aceast caracteristic nvinge atacurile "om-in-the-middle" i ofer
autentificarea originii datelor.
Dac dou pri au o cheie secret i utilizeaz funcii HMAC pentru autentificare, o digest
HMAC construit corect a unui mesaj primit de o parte indic faptul c cealalt parte a fost
iniiatorul mesajului. Acest lucru se datoreaz faptului c cealalt parte este singura entitate care
deine cheia secret.
Rezistena criptografic a HMAC depinde de puterea criptografic a funciei hash de baz, de

dimensiunea i calitatea cheii i de mrimea lungimii de ieire a hash-ului n bii.
Tehnologiile Cisco utilizeaz dou funcii HMAC bine cunoscute:
Keyed MD5 (HMAC-MD5) - Bazat pe algoritmul de hashing MD5, acesta ofer un nivel de
securitate marginal dar acceptabil. Ar trebui s fie utilizat numai atunci cnd nu sunt disponibile
alternative mai bune, cum ar fi atunci cnd se interacioneaz cu echipamentele vechi.
Keyed SHA-1 (HMAC-SHA-1) - Bazat pe algoritmul de tergere SHA-1, acesta asigur o

securitate adecvat.
Cnd se creeaz o digest HMAC, datele de lungime arbitrar i cheia secret sunt introduse n
funcia hash. Rezultatul este un hash cu lungime fix care depinde de date i cheia secret.
Trebuie s avei grij s distribuii cheile secrete numai celor care au nevoie de cheia. Dac cheia
secret este compromis, pachetele pot fi forjate; nclcnd astfel integritatea datelor.
HMAC Operation
Consider an example where a sender wants to ensure that the message is not altered in transit and wants to
provide a way for the receiver to authenticate the origin of the message.
As shown in Figure 1, the sending device inputs data (such as Terry Smiths pay of $100 and the secret key)
into the hashing algorithm and calculates the fixed-length HMAC digest or fingerprint. This authenticated
fingerprint is then attached to the message and sent to the receiver.
In Figure 2, the receiving device removes the fingerprint from the message and uses the plaintext message
with its secret key as input to the same hashing function. If the fingerprint that is calculated by the receiving
device is equal to the fingerprint that was sent, the message has not been altered. Additionally, the origin of
the message is authenticated because only the sender possesses a copy of the shared secret key. The HMAC
function has ensured the authenticity of the message.
IPsec VPNs rely on HMAC functions to authenticate the origin of every packet and provide data integrity
checking.
Operaiunea HMAC
Luai n considerare un exemplu n care un expeditor dorete s se asigure c mesajul nu este

modificat n timpul transportului i dorete s ofere o modalitate prin care receptorul s poat
autentifica originea mesajului.
Dup cum se arat n Figura 1, dispozitivul de trimitere introduce date (cum ar fi plata Terry Smith
de $ 100 i cheia secret) n algoritmul de hashing i calculeaz digestul sau amprenta HMAC cu
lungime fix. Aceast amprent autentificat este apoi ataat la mesaj i trimis la receptor.
n figura 2, dispozitivul de recepie ndeprteaz amprenta din mesaj i utilizeaz mesajul cu textul
secret cu cheia secret ca intrare la aceeai funcie de tergere. Dac amprenta calculat de
dispozitivul receptor este egal cu amprenta trimis, mesajul nu a fost modificat. n plus, originea
mesajului este autentificat deoarece numai expeditorul posed o copie a cheii secretului partajat.
Funcia HMAC a asigurat autenticitatea mesajului.
VPN-urile IPsec se bazeaz pe funciile HMAC pentru a autentifica originea fiecrui pachet i
pentru a asigura verificarea integritii datelor.
In cryptography, a keyed-hash message authentication code (HMAC) is a specific type of message

authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It may
be used to simultaneously verify both the data integrity and the authentication of a message, as with any
MAC. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an
HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The
cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash
function, the size of its hash output, and on the size and quality of the key.
An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a
compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of
HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1,
respectively), although it can be truncated if desired.
HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the
HMAC hash. Parties with the secret key will hash the message again themselves, and if it is authentic, the
received and computed hashes will match.
The definition and analysis of the HMAC construction was first published in 1996 by Mihir Bellare, Ran
Canetti, and Hugo Krawczyk,[1] who also wrote RFC 2104. This paper also defined a variant called NMAC
that is rarely, if ever, used. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA1
and HMAC-MD5 are used within the IPsec and TLS protocols.
where
H is a cryptographic hash function,
K is the secret key,
m is the message to be authenticated,
K' is another secret key, derived from the original key K (by padding K to the right with extra zeroes to the
input block size of the hash function, or by hashing K if it is longer than that block size),
|| denotes concatenation,
denotes exclusive or (XOR),
opad is the outer padding (0x5c5c5c5c5c, one-block-long hexadecimal constant),
and ipad is the inner padding (0x3636363636, one-block-long hexadecimal constant).
The following pseudocode demonstrates how HMAC may be implemented. Blocksize is 64 (bytes) when
using one of the following hash functions: SHA-1, MD5, RIPEMD-128/160.[2]
function hmac (key, message) {

if (length(key) > blocksize) {
key = hash(key) // keys longer than blocksize are shortened
}
if (length(key) < blocksize) {
// keys shorter than blocksize are zero-padded (where is concatenation)
key = key [0x00 * (blocksize - length(key))] // Where * is repetition.
}
o_key_pad = [0x5c * blocksize] key // Where blocksize is that of the underlying

hash function
i_key_pad = [0x36 * blocksize] key // Where is exclusive or (XOR)
return hash(o_key_pad hash(i_key_pad message)) // Where is concatenation
Hashing in Cisco Products

As shown in the figure, Cisco products use hashing for entity authentication, data integrity, and data
authenticity purposes:
Cisco IOS routers use hashing with secret keys in an HMAC-like manner to add authentication
information to routing protocol updates.
IPsec gateways and clients use hashing algorithms, such as MD5 and SHA-1 in HMAC mode, to
provide packet integrity and authenticity.
Cisco software images that are downloaded from Cisco.com have an MD5-based checksum available
so that customers can check the integrity of downloaded images.
Note: The term entity can refer to devices or systems within an organization.
Note: Digital signatures are an alternative to HMAC.

Hashing n produsele Cisco
Dup cum se arat n figur, produsele Cisco utilizeaz hashing pentru autentificarea entitii,
integritatea datelor i autenticitatea datelor:
Routerele Cisco IOS utilizeaz hashing cu chei secrete ntr-o manier asemntoare cu HMAC
pentru a aduga informaii de autentificare la actualizrile protocolului de rutare.
Porturile IPsec i clienii utilizeaz algoritmi de hash, cum ar fi MD5 i SHA-1 n modul HMAC,
pentru a asigura integritatea i autenticitatea pachetelor.
Imaginile software-ului Cisco descrcate de pe Cisco.com au un control de control bazat pe

MD5, astfel nct clienii s poat verifica integritatea imaginilor descrcate.
Not: Entitatea de termen se poate referi la dispozitive sau sisteme din cadrul unei organizaii.
Not: semnturile digitale reprezint o alternativ la HMAC.
Characteristics of Key Management

Key management is often considered the most difficult part of designing a cryptosystem. Many
cryptosystems have failed because of mistakes in their key management, and all modern cryptographic
algorithms require key management procedures. In practice, most attacks on cryptographic systems are
aimed at the key management level, rather than at the cryptographic algorithm itself.
As shown in the figure, there are several essential characteristics of key management to consider.
Caracteristicile managementului cheilor criptografice
Managementul cheie este adesea considerat ca fiind cea mai dificil parte a proiectrii unui sistem
criptos. Multe criptosisteme au euat din cauza unor greeli n gestionarea lor cheie, iar toi
algoritmii criptografici moderni necesit proceduri cheie de gestionare. n practic, majoritatea
atacurilor asupra sistemelor criptografice sunt orientate spre nivelul de gestionare cheie, mai
degrab dect la algoritmul criptografic nsui.
Dup cum se arat n figur, exist cteva caracteristici eseniale ale managementului cheie care
trebuie luate n considerare.
Key Length and Keyspace

Two terms that are used to describe keys are:
Key length - Also called the key size, this is the measure in bits. In this course, we will use the term
key length.
Keyspace - This is the number of possibilities that can be generated by a specific key length.
As key length increase, the keyspace increases exponentially:
A 2-bit (2^2) key length = a keyspace of 4 because there are four possible keys (00, 01, 10, and 11).
A 3-bit (2^3) key length = a keyspace of 8, because there are eight possible keys (000, 001, 010, 011,
100, 101, 110, 111).
A 4-bit (2^4) key length = a keyspace of 16 possible keys.
A 40-bit (2^40) key length = a keyspace of 1,099,511,627,776 possible keys.
The figure displays the characteristics of the AES encryption algorithm. Notice how AES uses long key
lengths. This dramatically increases the keyspace which affects the time it takes to crack the code.
Lungime cheie i spaiu cheie
Doi termeni utilizai pentru a descrie cheile sunt:
Lungimea cheii - De asemenea, numit dimensiunea cheii, aceasta este msura n bii. n
acest curs, vom folosi termenul cheie lungime.
Keyspace - Acesta este numrul de posibiliti care pot fi generate de o anumit lungime a
cheilor.
n ceea ce privete creterea lungimii cheie, spaiul cu chei crete exponenial:
O lungime a cheii de 2 bii (2 ^ 2) = un spaiu de chei de 4 deoarece exist patru taste posibile
(00, 01, 10 i 11).
O lungime a cheii de 3 bii (2 ^ 3) = un spaiu de chei de 8, deoarece exist opt chei posibile
(000, 001, 010, 011, 100, 101, 110, 111).
O lungime a cheii de 4 bii (2 ^ 4) = un spaiu de chei cu 16 taste posibile.
O lungime a cheii de 40 de bii (2 ^ 40) = un spaiu de chei de 1.099.511.627.776 chei posibile.
Figura prezint caracteristicile algoritmului de criptare AES. Observai cum utilizeaz AES
lungimile cheie lungi. Acest lucru crete dramatic spaiul de chei care afecteaz timpul necesar
pentru a sparge codul.
The Keyspace
The keyspace of an algorithm is the set of all possible key values. A key that has n bits produces a keyspace
that has 2^n possible key values. By adding one bit to the key, the keyspace is effectively doubled. For
example, DES with its 56-bit keys has a keyspace of more than 72,000,000,000,000,000 (2^56) possible
keys. By adding one bit to the key length, the keyspace doubles, and an attacker needs twice the amount of
time to search the keyspace. The figure summarizes the number of possible keys that are created by adding
additional bits. For example, adding 1 bit to 56-bit (i.e., 57-bit) doubles the number of keys. Adding an
additional bit to a 57-bit key size means that it would now take an attacker four times the amount of time to
search the keyspace. Adding 4 more bits to 56-bits would create a 60-bit key. A 60-bit key would take 16
times longer to crack than a 56-bit key.
Note: Longer keys are more secure; however, they are also more resource intensive. Caution should be
exercised when choosing longer keys because handling them could add a significant load to the processor in
lower-end products.
Almost every algorithm has some weak keys in its keyspace that enable an attacker to break the encryption
via a shortcut. Weak keys show the regularities in encryption. For instance, DES has four keys for which
encryption is the same as decryption. This means that if one of these weak keys is used to encrypt plaintext,
an attacker can use the weak key to decrypt the ciphertext and reveal the plaintext.
The DES weak keys are those that produce 16 identical subkeys. This occurs when the key bits are:
Alternating ones and zeros (0101010101010101)
Alternating F and E (FEFEFEFEFEFEFEFE)
E0E0E0E0F1F1F1F1
1F1F1F1F0E0E0E0E
It is very unlikely that such keys would be chosen, but network administrators should still verify all keys
that are implemented and prevent weak keys from being used. With manual key generation, take special care
to avoid defining weak keys.
Spaiul de chei
Spaiul de chei al unui algoritm este setul tuturor valorilor-cheie posibile. O cheie care are n
bii produce un spaiu de chei care are 2 ^ n valori cheie posibile. Prin adugarea unui bit la cheie,
spaiul de chei este efectiv dublat. De exemplu, DES cu cheile de pe 56 de bii are un spaiu de
chei de chei posibile de peste 72.000.000.000.000.000 (2 ^ 56). Prin adugarea unui bit la
lungimea cheii, spaiul de chei se dubleaz, iar un atacator are nevoie de dou ori mai mult timp
pentru a cuta n spaiul de chei. Figura sumarizeaz numrul de chei posibile care sunt create
prin adugarea de bii suplimentari. De exemplu, adugarea unui bit la 56 de bii (adic 57 de bii)
dubleaz numrul de taste. Adugarea unui bit suplimentar la o dimensiune a cheii pe 57 de bii
nseamn c ar lua acum un atacator de patru ori mai mult timp pentru a cuta n spaiul de chei.
Adugarea a nc 4 bii la 56 de bii ar crea o cheie de 60 de bii. O cheie pe 60 de bii ar dura 16
ori mai mult dect o cheie pe 56 de bii.
Not: cheile mai lungi sunt mai sigure; Cu toate acestea, acestea sunt, de asemenea, mai
intensive din punct de vedere al resurselor. Atenie ar trebui s fie exercitat atunci cnd alegei
chei mai lungi, deoarece manipularea acestora ar putea aduga o ncrctur semnificativ
procesorului n produsele de baz inferioare.
Aproape fiecare algoritm are cteva chei slabe n spaiul su de chei care permit unui atacator s
sparg criptarea printr-o comand rapid. Tastele slabe arat regulile n criptare. De exemplu,
DES are patru chei pentru care criptarea este identic cu cea de decriptare. Aceasta nseamn
c, dac una dintre aceste chei slabe este folosit pentru a cripta textul plaintext, un atacator
poate folosi cheia slab pentru a decripta textul cifrat i pentru a dezvlui textul plaintext.
Tastele slabe DES sunt cele care produc 16 subchei identice. Acest lucru se ntmpl atunci cnd
biii cheie sunt:
Alternatoare i zerouri (0101010101010101)
Alternarea F i E (FEFEFEFEFEFEFEFEFE)
E0E0E0E0F1F1F1F1
1F1F1F1F0E0E0E0E
Este foarte puin probabil ca astfel de chei s fie alese, dar administratorii de reea ar trebui s
verifice totui toate cheile implementate i s previn utilizarea cheilor slabe. Cu generarea cheilor
manuale, avei grij deosebit pentru a evita definirea tastelor slabe.
Types of Cryptographic Keys

Several types of cryptographic keys can be generated:
Symmetric keys - Can be exchanged between two routers supporting a VPN
Asymmetric keys - Are used in secure HTTPS applications
Digital signatures - Are used when connecting to a secure website
Hash keys - Are used in symmetric and asymmetric key generation, digital signatures, and other
types of applications
Regardless of the key type, all keys share similar issues. Choosing a suitable key length is one issue. If the
cryptographic system is trustworthy, the only way to break it is with a brute-force attack. If the keyspace is
large enough, the search requires an enormous amount of time, making such an exhaustive effort
impractical. The figure summarizes the key length required to secure data for the indicated amount of time.
On average, an attacker has to search through half of the keyspace before the correct key is found. The time
that is needed to accomplish this search depends on the computer power that is available to the attacker.
Current key lengths can easily make any attempt insignificant because it takes millions or billions of years to
complete the search when a sufficiently long key is used. With modern algorithms that are trusted, the
strength of protection depends solely on the size of the key. Choose the key length so that it protects data
confidentiality or integrity for an adequate period of time. Data that is more sensitive and needs to be kept
secret longer must use longer keys.
Tipuri de chei criptografice
Pot fi generate mai multe tipuri de chei criptografice:
Cheile simetrice - pot fi schimbate ntre dou routere care suport o reea VPN
Taste asimetrice - Sunt utilizate n aplicaii HTTPS securizate

Semnturi digitale - sunt folosite atunci cnd v conectai la un site securizat
Cheile hash (de tergere) - Sunt utilizate n generarea de chei simetrice i asimetrice, semnturi
digitale i alte tipuri de aplicaii
Indiferent de tipul de cheie, toate cheile prezint probleme similare. Alegerea unei lungimi
adecvate a cheilor este o problem. Dac sistemul criptografic este demn de ncredere, singura
modalitate de a-l rupe este cu un atac brutal. Dac spaiul pentru chei este suficient de mare,
cutarea necesit un timp enorm, fcnd un astfel de efort exhaustiv nepractic. Figura
sumarizeaz lungimea cheii necesar pentru a asigura datele pentru perioada indicat.
n medie, un atacator trebuie s caute jumtate din spaiul de chei nainte de a gsi cheia corect.
Timpul necesar pentru realizarea acestei cutri depinde de puterea computerului disponibil
atacatorului. Lungimile curente ale cheilor pot face cu uurin orice ncercare nesemnificativ,
deoarece dureaz milioane sau miliarde de ani pentru a finaliza cutarea atunci cnd se utilizeaz
o cheie suficient de lung. Cu algoritmi moderni de ncredere, puterea de protecie depinde numai
de dimensiunea cheii. Alegei lungimea cheii pentru a proteja confidenialitatea sau integritatea
datelor pentru o perioad adecvat de timp. Datele care sunt mai sensibile i trebuie pstrate mai
mult timp n secret trebuie s utilizeze chei mai lungi.
Choosing Cryptographic Keys

Performance is another issue that can influence the choice of a key length. An administrator must find a
good balance between the speed and protective strength of an algorithm, because some algorithms, such as
the Rivest, Shamir, and Adleman (RSA) algorithm, run slowly due to large key lengths. Strive for adequate
protection, while enabling communication over untrusted networks.
The estimated funding of the attacker should also affect the choice of key length. When assessing the risk of
someone breaking the encryption algorithm, estimate the resources of the attacker and how long the data
must be protected. For example, classic DES can be broken by a $1 million machine in a couple of minutes.
If the data that is being protected is worth significantly more than the $1 million dollars needed to acquire a
cracking device, then classic DES is a bad choice.
Because of the rapid advances in technology and cryptanalytic methods, the key length that is needed for a
particular application is constantly increasing. For example, part of the strength of the RSA algorithm is the
difficulty of factoring large numbers where factors are the numbers that are multiplied together to get
another number. For example, the factors of 12 would be 1 x 12, 2 x 6, and 3 x 4. Therefore, a 1024-bit
number is an unimaginably large number with many factors. Increasing that number to 2048-bit number
creates even more factors. Of course, this advantage is lost if an easy way to factor large numbers is found,
but cryptographers consider this possibility unlikely. The rule the longer the key, the better is valid, except
for possible performance reasons, as shown in the figure.
Alegerea cheilor criptografice
Performana este o alt problem care poate influena alegerea unei lungimi de cheie. Un
administrator trebuie s gseasc un echilibru bun ntre viteza i puterea de protecie a unui
algoritm, deoarece unii algoritmi, cum ar fi algoritmul Rivest, Shamir i Adleman (RSA), ruleaz
ncet din cauza lungimilor mari ale cheilor. Se strduiete s asigure o protecie adecvat,
permind n acelai timp comunicarea prin reelele nencredere.
Finanarea estimat a atacatorului ar trebui s afecteze i alegerea lungimii cheii. Atunci cnd
evalueaz riscul ca cineva s sparg algoritmul de criptare, estima resursele atacatorului i ct
timp datele trebuie protejate. De exemplu, DES clasic poate fi spart cu o main de 1 milion USD
n cteva minute. Dac datele protejate merit cu mult mai mult dect cele 1 milioane de dolari
necesare pentru a obine un dispozitiv de cracare, atunci clasicul DES este o alegere proast.
Datorit progreselor rapide ale tehnicilor i metodelor criptanalitice, lungimea cheii care este
necesar pentru o anumit aplicaie este n continu cretere. De exemplu, o parte din puterea
algoritmului RSA este dificultatea de a factoriza numere mari unde factorii sunt numerele care se
nmulesc mpreun pentru a obine un alt numr. De exemplu, factorii de 12 ar fi 1 x 12, 2 x 6 i 3
x 4. Prin urmare, un numr de 1024 de bii este un numr de neimaginat de mare cu muli factori.
Creterea numrului la numrul de 2048 de bii creeaz i mai muli factori. Desigur, acest avantaj
se pierde dac se gsete un mod uor de a determina un numr mare, dar criptografii consider
aceast posibilitate puin probabil. Regula "cu ct este mai mult cheia, cu att mai bine" este
valabil, cu excepia posibilelor motive de performan, aa cum se arat n figur.
Two Classes of Encryption Algorithms
As shown in Figure 1, cryptographic encryption can provide confidentiality at several layers of the OSI
model by incorporating various tools and protocols.
There are two approaches to ensuring the security of data when using encryption. The first is to protect the
algorithm. If the security of an encryption system is based on the secrecy of the algorithm itself, the
algorithm code must be heavily guarded. If the algorithm is revealed, every party that is involved must
change the algorithm. The second approach is to protect the keys. With modern cryptography, all algorithms
are public. The cryptographic keys ensure the secrecy of the data. Cryptographic keys are sequences of bits
that are input into an encryption algorithm together with the data to be encrypted.
There are two classes of encryption algorithms:
Symmetric algorithms - These algorithms use the same pre-shared key, sometimes called a secret
key, to encrypt and decrypt data. A pre-shared key is known by the sender and receiver before any
encrypted communications commence. Because both parties are guarding a shared secret, the
encryption algorithms used can have shorter key lengths. Shorter key lengths mean faster execution.
Asymmetric algorithms - These encryption algorithms use different keys to encrypt and decrypt
data. Secure messages can be exchanged without having to have a pre-shared key. Because neither
party has a shared secret, very long key lengths must be used. These algorithms are resource
intensive and slower to execute.
Figure 2 highlights differences between each encryption algorithm method.

Dou clase de algoritmi de criptare
Dup cum se arat n figura 1, criptarea criptografic poate oferi confidenialitate la mai multe
straturi ale modelului OSI prin ncorporarea diferitelor instrumente i protocoale.
Exist dou modaliti de a asigura securitatea datelor atunci cnd se utilizeaz criptarea. Primul
este de a proteja algoritmul. Dac securitatea unui sistem de criptare se bazeaz pe secretul
algoritmului n sine, codul algoritmului trebuie s fie puternic pzit. Dac algoritmul este dezvluit,
fiecare parte implicat trebuie s modifice algoritmul. A doua abordare este de a proteja cheile. Cu
criptografia modern, toi algoritmii sunt publici. Cheile criptografice asigur secretul datelor.
Cheile criptografice sunt secvene de bii care sunt introduse ntr-un algoritm de criptare mpreun
cu datele care trebuie criptate.
Exist dou clase de algoritmi de criptare:
Metode algoritmice simetrice - Aceti algoritmi utilizeaz aceeai cheie pre-partajat, uneori
numit cheie secret, pentru criptarea i decriptarea datelor. O cheie pre-partajat este cunoscut
de ctre expeditor i receptor nainte de a ncepe orice comunicare criptat. Deoarece ambele
pri pstreaz un secret comun, algoritmii de criptare utilizai pot avea lungimi mai scurte ale
cheilor. Lungimile mai scurte ale cheilor nseamn execuie mai rapid.
Modele asimetrice - Aceti algoritmi de criptare utilizeaz chei diferite pentru criptarea i
decriptarea datelor. Mesajele securizate pot fi schimbate fr a avea o cheie pre-partajat.
Deoarece nici una din pri nu are un secret comun, trebuie folosite lungimi cheie foarte lungi.
Aceti algoritmi sunt resurse intensive i mai lent de executat.
Figura 2 evideniaz diferenele dintre fiecare metod de algoritm de criptare.
Symmetric and Asymmetric Encryption

To help understand the differences between the two types of algorithms, consider an example where Alice
and Bob live in different locations and want to exchange secret messages with one another through the mail
system. In this example, Alice wants to send a secret message to Bob.
In the symmetric algorithm example in Figure 1, Alice and Bob have identical keys to a single padlock.
These keys were exchanged prior to sending any secret messages. Alice writes a secret message and puts it
in a small box that she locks using the padlock with her key. She mails the box to Bob. The message is
safely locked inside the box as the box makes its way through the post office system. When Bob receives the
box, he uses his key to unlock the padlock and retrieve the message. Bob can use the same box and padlock
to send a secret reply back to Alice.
In the asymmetric algorithm example in Figure 2, Bob and Alice do not exchange keys prior to sending
secret messages. Instead, Bob and Alice each have a separate padlock with separate corresponding keys. For
Alice to send a secret message to Bob, she must first contact him and ask him to send his open padlock to
her. Bob sends the padlock but keeps his key. When Alice receives the padlock, she writes her secret
message and puts it in a small box. She also puts her open padlock in the box but keeps her key. She then
locks the box with Bobs padlock. When Alice locks the box, she is no longer able to get inside because she
does not have a key to that padlock. She mails the box to Bob. As the box is sent through the mail system,
no one is able to open the box. When Bob receives the box, he can use his key to unlock the box and retrieve
the message from Alice. To send a secure reply, Bob puts his secret message in the box along with his open
padlock and locks the box using Alices padlock. Bob mails the secured box back to Alice.
Criptarea simetric i asimetric
Pentru a ajuta la nelegerea diferenelor dintre cele dou tipuri de algoritmi, ia n considerare un
exemplu n care Alice i Bob locuiesc n diferite locaii i doresc s fac schimb de mesaje secrete
ntre ele prin sistemul de e-mail. n acest exemplu, Alice dorete s trimit un mesaj secret Bob.
n exemplul algoritmului simetric din Figura 1, Alice i Bob au cheile identice cu un singur lact.
Aceste chei au fost schimbate nainte de a trimite mesaje secrete. Alice scrie un mesaj secret i o
pune ntr-o cutie mic pe care o blocheaz folosind lactul cu cheia. Ea trimite pota ctre Bob.
Mesajul este blocat n siguran n interiorul casetei, deoarece caseta i face drumul prin sistemul
post office. Cnd Bob primete caseta, el folosete cheia pentru a debloca lactul i a prelua
mesajul. Bob poate folosi aceeai cutie i lact pentru a trimite un rspuns secret napoi lui Alice.
n exemplul algoritmului asimetric din Figura 2, Bob i Alice nu schimb cheile nainte de a
trimite mesaje secrete. n schimb, Bob i Alice au fiecare un lact separat, cu taste separate
separate. Pentru ca Alice s trimit un mesaj secret Bob, trebuie s-l contacteze mai nti i s-i
cear s-i trimit lactul deschis. Bob trimite lactul, dar i pstreaz cheia. Cnd Alice primete
lactul, ea scrie mesajul secret i o pune ntr-o cutie mic. De asemenea, ea pune lactul deschis
n cutie, dar i pstreaz cheia. Apoi blocheaz cutia cu lactul lui Bob. Cnd Alice blocheaz
cutia, nu mai este n stare s intre nuntru pentru c nu are o cheie la lactul. Ea trimite pota
ctre Bob. ntruct caseta este trimis prin sistemul de e-mail, nimeni nu poate deschide caseta.
Cnd Bob primete caseta, el poate folosi cheia pentru a debloca caseta i a prelua mesajul de la
Alice. Pentru a trimite un rspuns sigur, Bob i pune mesajul secret n cutie mpreun cu lactul
deschis i blocheaz caseta folosind lactul lui Alice. Bob trimite poeta securizat ctre Alice.
Symmetric Encryption
Symmetric, or secret key encryption, is the most commonly used form of cryptography because the
shorter key length increases the speed of execution. Additionally, symmetric key algorithms are based on
simple mathematical operations that can easily be accelerated by hardware. Symmetric encryption is often
used for wire-speed encryption in data networks and to provide bulk encryption when data privacy is
required, such as to protect a VPN.
With symmetric encryption, key management can be a challenge. The encryption and decryption keys are
the same. The sender and the receiver must exchange the symmetric, secret key using a secure channel
before any encryption can occur. The security of a symmetric algorithm rests in the secrecy of the symmetric
key. By obtaining the key, anyone can encrypt and decrypt messages.
DES, 3DES, AES, Software Encryption Algorithm (SEAL), and the Rivest ciphers (RC) series, which
includes RC2, RC4, RC5, and RC6, are all well-known encryption algorithms that use symmetric keys. The
figure highlights common encryption algorithms and their key lengths.
Note: There are many other symmetric encryption algorithms, such as Blowfish, Twofish, Threefish, and
Serpent. However, these protocols are either not supported on Cisco platforms or have yet to gain wide
acceptance.
Criptarea simetric
Chemaia simetric sau cheia secret este cea mai frecvent utilizat form de criptografie,
deoarece lungimea mai scurt a cheii crete viteza de execuie. n plus, algoritmii cheie simetrice
se bazeaz pe operaii matematice simple care pot fi uor accelerate de hardware. Criptarea
simetric este adesea folosit pentru criptarea vitezelor prin fir n reelele de date i pentru a
furniza criptare n mas atunci cnd este necesar confidenialitatea datelor, cum ar fi protejarea
unei reele VPN.
Cu criptare simetric, gestionarea cheilor poate fi o provocare. Cheile de criptare i decriptare sunt
aceleai. Expeditorul i receptorul trebuie s schimbe cheia simetric secret folosind un canal
securizat nainte de orice criptare. Securitatea unui algoritm simetric se bazeaz pe secretul cheii
simetrice. Prin obinerea cheii, oricine poate cripta i decripta mesajele.
DES, 3DES, AES, Algoritmul de criptare software (SEAL) i seria cipuri Rivest (RC), care include
RC2, RC4, RC5 i RC6, sunt toi cunoscui algoritmi de criptare care utilizeaz chei simetrice.
Cifra evideniaz algoritmi de criptare obinuii i lungimile lor cheie.
Not: Exist muli ali algoritmi de criptare simetrici, cum ar fi Blowfish, Twofish, Threefish i
Serpent. Cu toate acestea, aceste protocoale fie nu sunt suportate pe platformele Cisco, fie au
fost nc acceptate pe scar larg.
Symmetric Block Ciphers and Stream Ciphers
The most commonly used techniques in symmetric encryption cryptography are block ciphers and stream
ciphers.
Block Ciphers
Block ciphers transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128
bits, as shown in Figure 1. Block size refers to how much data is encrypted at any one time. Currently, the
block size, also known as the fixed length, for many block ciphers is either 64 bits or 128 bits. This
ciphertext is decrypted by applying the reverse transformation to the ciphertext block, using the same secret
key.
Block ciphers usually result in output data that is larger than the input data, because the ciphertext must be a
multiple of the block size. For example, DES encrypts blocks in 64-bit chunks using a 56-bit key. To
accomplish this, the block algorithm takes data one chunk at a time, for example, 8 bytes per chunk, until the
entire block size is full. If there is less input data than one full block, the algorithm adds artificial data, or
blanks, until the full 64 bits are used.
Common block ciphers include DES with a 64-bit block size and AES with a 128-bit block size.
Stream Ciphers
Unlike block ciphers, stream ciphers encrypt plaintext one byte or one bit at a time, as shown in Figure 2.
Stream ciphers can be thought of as a block cipher with a block size of one bit. With a stream cipher, the
transformation of these smaller plaintext units varies, depending on when they are encountered during the
encryption process. Stream ciphers can be much faster than block ciphers, and generally do not increase the
message size, because they can encrypt an arbitrary number of bits.
The Vigenre cipher is an example of a stream cipher. This cipher is periodic because the key is of finite
length, and the key is repeated if it is shorter than the message.
Common stream ciphers include A5, which is used to encrypt GSM cell phone communications, and the
RC4 cipher. DES can also be used in stream cipher mode.
Blocuri simetrice de blocuri i cipuri de flux
Cele mai frecvent utilizate tehnici de criptare simetric de criptare sunt cipurile de blocuri i cipurile
de fluxuri.
Blocurile criptate
Criptare de blocuri transform un bloc de lungime fix de plaintext ntr-un bloc comun de
text cipher de 64 sau 128 de bii, dup cum se arat n figura 1. Dimensiunea blocurilor se refer
la cantitatea de date criptat la un moment dat. n prezent, dimensiunea blocului, cunoscut i ca
lungimea fix, pentru multe blocuri de cifru este de 64 de bii sau 128 de bii. Acest text cipher
este decriptat prin aplicarea transformrii inverse n blocul de cifre, folosind aceeai cheie secret.
Blocurile de blocuri au, de obicei, ca rezultat date de ieire care sunt mai mari dect datele de
intrare, deoarece textul cifrat trebuie s fie mai mare dect dimensiunea blocului. De exemplu,
DES cripteaz blocuri n buci pe 64 de bii utiliznd o cheie pe 56 de bii. Pentru a realiza acest
lucru, algoritmul de blocuri ia datele dintr-o singur bucat la un moment dat, de exemplu, 8 octei
per bucat, pn cnd ntreaga dimensiune a blocului este plin. Dac exist mai puine date de
intrare dect un bloc complet, algoritmul adaug date artificiale sau blancuri pn la utilizarea
tuturor 64 de bii.
Cipurile de blocuri obinuite includ DES cu o dimensiune de bloc pe 64 bii i AES cu o

dimensiune a blocului de 128 de bii.
Stream Ciphers
Spre deosebire de cipurile blocurilor, cipurile de flux cripteaz un plaintext un octet sau cte un bit
la un moment dat, aa cum se arat n figura 2. Cipurile de flux pot fi considerai ca un cifru bloc
cu o dimensiune a blocului de un bit. Cu un cifru de flux, transformarea acestor uniti de plaintext
mai mici variaz, n funcie de momentul n care acestea se ntlnesc n timpul procesului de
criptare. Cipurile de flux pot fi mult mai rapide dect cipurile bloc i, n general, nu mresc
dimensiunea mesajului, deoarece pot cripta un numr arbitrar de bii.
Cifrul Vigenre este un exemplu de cifru de flux. Acest cifru este periodic, deoarece cheia este de
lungime finit, iar cheia este repetat dac este mai scurt dect mesajul.
Comutatoarele curente de flux includ A5, care este folosit pentru criptarea comunicaiilor prin
telefonul mobil GSM i cifrul RC4. DES poate fi, de asemenea, utilizat n modul cip de flux.
Choosing an Encryption Algorithm

Choosing an encryption algorithm is one of the most important decisions a network security professional
makes when building a cryptosystem.
The figure summarizes the two main criteria that should be considered when selecting an encryption
algorithm for an organization:
The algorithm is trusted by the cryptographic community - Most new algorithms are broken very
quickly, so algorithms that have been resisting attacks for a number of years are preferred.
The algorithm adequately protects against brute-force attacks - A good cryptographic algorithm
is designed in such a way that it resists common cryptographic attacks. The best way to break data
that is protected by the algorithm is to try to decrypt the data using all the possible keys. If the
algorithm is considered trusted, there is no shortcut to break it, and the attacker must search through
the keyspace to guess the correct key. The algorithm must allow key lengths that satisfy the
confidentiality requirements of an organization. For example, DES does not provide enough
protection for most modern needs because of its short key.
Other criteria to consider:
The algorithm supports variable and long key lengths and scalability - Variable key lengths and
scalability are also desirable attributes of a good encryption algorithm. The longer the encryption
key, the longer it takes an attacker to break it. Scalability provides flexible key length and enables
the administrator to select the strength and speed of the encryption required.
The algorithm does not have export or import restrictions - Carefully consider export and import
restrictions when using encryption internationally. Some countries do not allow the export of
encryption algorithms or allow only the export of those algorithms with shorter keys. Some countries
impose import restrictions on cryptographic algorithms.
Alegerea unui algoritm de criptare
Alegerea unui algoritm de criptare este una dintre cele mai importante decizii pe care un
profesionist de securitate de reea o face atunci cnd construiete un sistem criptos.
Figura sumarizeaz cele dou criterii principale care trebuie luate n considerare la selectarea
unui algoritm de criptare pentru o organizaie:
Algoritmul este de ncredere de ctre comunitatea criptografic - majoritatea algoritmilor noi

sunt rupi foarte repede, astfel nct algoritmii care au rezistat atacurilor de mai muli ani sunt
preferai.
Algoritmul protejeaz n mod adecvat mpotriva atacurilor de for brute - Un algoritm

criptografic bun este proiectat astfel nct s reziste atacurilor criptografice comune. Cea mai bun
modalitate de a sparge datele protejate de algoritm este s ncercai s decriptai datele utiliznd
toate cheile posibile. Dac algoritmul este considerat de ncredere, nu exist o comand rapid
care s l rup, iar atacatorul trebuie s caute prin spaiul de chei pentru a ghida cheia corect.
Algoritmul trebuie s permit lungimea cheie care s satisfac cerinele de confidenialitate ale
unei organizaii. De exemplu, DES nu ofer o protecie suficient pentru majoritatea nevoilor
moderne datorit cheii sale scurte.
Alte criterii de luat n considerare:
Algoritmul susine lungimile i scalabilitatea cheie variabile i lungi - Lungimile i scalabilitatea

cheilor variabile sunt, de asemenea, atributele dorite ale unui algoritm bun de criptare. Cu cat este
mai lunga cheia de criptare, cu atat mai mult este nevoie de un atacator pentru ao sparge.
Scalabilitatea ofer o lungime flexibil a cheii i permite administratorului s selecteze intensitatea
i viteza criptrii necesare.
Algoritmul nu are restricii privind exportul sau importul. - Luai n considerare cu atenie
restriciile privind exportul i importul atunci cnd utilizai criptarea la nivel internaional. Unele ri
nu permit exportul de algoritmi de criptare sau permit doar exportul acelor algoritmi cu taste mai
scurte. Unele ri impun restricii de import asupra algoritmilor criptografici.
DES Symmetric Encryption

Data Encryption Standard (DES) is a legacy symmetric encryption algorithm that usually operates in block
mode by encrypting data in 64-bit blocks. The DES algorithm is essentially a sequence of permutations and
substitutions of data bits combined with an encryption key. The same algorithm and key are used for
encryption and decryption.
DES has a fixed key length. The key is 64-bits long, but only 56 bits are used for encryption. The
remaining 8 bits are used for parity to verify the keys integrity. The least significant bit of each key
byte is used to indicate odd parity.
A DES key is always 56 bits long. When DES is used with a weaker encryption of a 40-bit key, the
encryption key is 40 secret bits and 16 known bits, which make the key length 56 bits. In this case,
DES has a key strength of 40 bits.
A summary of DES is displayed in the figure.

Criptarea simetric DES
Standardul de criptare a datelor (DES) este un algoritm de criptare simetric veche, care
funcioneaz de obicei n modul bloc prin criptarea datelor n blocuri pe 64 de bii. Algoritmul DES
este n esen o secven de permutri i substituii ale biilor de date combinate cu o cheie de
criptare. Acelai algoritm i cheie sunt folosite pentru criptare i decriptare.
DES are o lungime fix a cheii. Cheia este lung de 64 de bii, dar numai 56 de bii sunt utilizai
pentru criptare. Restul de 8 bii sunt utilizai pentru paritate pentru a verifica integritatea cheii. Cel
mai puin semnificativ bit al fiecrui octet cheie este folosit pentru a indica paritatea ciudat.
O cheie DES are ntotdeauna lungime de 56 de bii. Cnd se utilizeaz DES cu o criptare mai
slab a unei chei de 40 de bii, cheia de criptare este de 40 bii secrete i 16 bii cunoscui, ceea
ce face ca lungimea cheii s fie de 56 de bii. n acest caz, DES are o for cheie de 40 de bii.
Un rezumat al DES este afiat n figur.
DES Summary
DES should no longer be used in to protect production networks. However, if the devices cannot support
more secure encryption algorithms, then there are several things to consider when securing DES-encrypted
data:
Change keys frequently to help prevent brute-force attacks.
Use a secure channel to communicate the DES key from the sender to the receiver.
Consider using DES in CBC mode. CBC is Cipher Block Chaining Mode. It is a block cipher mode
of encryption. With CBC, the encryption of each 64-bit block depends on previous blocks. CBC is
the most widely used mode of DES.
Test a key to see if it is a weak key before using it. DES has 4 weak keys and 12 semi-weak keys.
Because there are 2^56 possible DES keys, the chance of picking one of these keys is very small.
However, because testing the key has no significant impact on the encryption time, testing is
recommended.
Note: Because of its short key length, DES is acceptable to protect data for a very short time. When
possible, use 3DES or AES as they provide more security to protect data.
DES sumar
DES nu ar trebui s fie utilizat pentru protejarea reelelor de producie. Cu toate acestea, dac
dispozitivele nu pot suporta algoritmi de criptare mai sigure, atunci exist cteva lucruri de luat n
considerare la securizarea datelor criptate DES:
Schimbai frecvent cheile pentru a preveni atacurile de for brute.
Utilizai un canal securizat pentru a comunica cheia DES de la expeditor la receptor.
Luai n considerare utilizarea DES n modul CBC. CBC este modul Cipher Block Chaining.
Este un mod de criptare bloc de cifre. Cu CBC, criptarea fiecrui bloc de 64 de bii depinde de
blocurile anterioare. CBC este cel mai utilizat mod de DES.
Testai o cheie pentru a vedea dac este o cheie slab nainte de ao utiliza. DES are 4 taste
slabe i 12 chei semi-slabe. Deoarece exist 2 ^ 56 posibile chei DES, ansa de a alege una
dintre aceste chei este foarte mic. Cu toate acestea, deoarece testarea cheii nu are un impact
semnificativ asupra timpului de criptare, se recomand testarea.
Not: datorit lungimii scurte a cheii, DES este acceptabil pentru a proteja datele pentru un timp
foarte scurt. Atunci cnd este posibil, utilizai 3DES sau AES deoarece ofer o mai mare
securitate pentru a proteja datele
7.3.2.3 Improving DES with 3DES .
Improving DES with 3DES

With advances in computer-processing power, the original 56-bit DES key became too short to withstand an
attack from those with a medium-sized budget for hacking technology. One way to increase the DES
effective key length, without changing the well-analyzed algorithm itself, is to use the same algorithm with
different keys several times in a row.
The technique of applying DES three times in a row to a plaintext block is called 3DES. Today, brute-force
attacks on 3DES are considered infeasible because the basic algorithm has been well tested in the field for
more than 35 years. It is considered very trustworthy.
The Cisco IPsec implementation uses DES and 3DES in CBC mode.
A summary of 3DES is shown in the figure.
Note: 3DES should be implemented using very short key lifetimes.
mbuntirea DES cu 3DES
Cu avansarea n puterea de procesare a computerului, tasta original de 56 de bii DES a devenit

prea scurt pentru a rezista unui atac de la cei cu un buget mediu pentru tehnologie de hacking. O
modalitate de a crete lungimea cheii efective DES, fr a schimba algoritmul bine analizat, este
acela de a folosi acelai algoritm cu diferite chei de mai multe ori la rnd.
Tehnica de a aplica DES de trei ori la rnd ntr-un bloc plaintext se numete 3DES. Astzi,
atacurile de for brute asupra 3DES sunt considerate imposibile, deoarece algoritmul de baz a
fost bine testat pe teren de peste 35 de ani. Se consider foarte demn de ncredere.
Implementarea IPsec Cisco utilizeaz DES i 3DES n modul CBC.
Un rezumat al 3DES este prezentat n figur.
Not: 3DES ar trebui s fie implementat folosind durate de via cheie foarte scurte.
3DES Operation
3DES uses a method called 3DES-Encrypt-Decrypt-Encrypt (3DES-EDE) to encrypt plaintext. For example,
refer to Figure 1:
The plaintext message from Alice is encrypted using the first 56-bit key, known as K1.
The resulting ciphertext is decrypted using the second 56-bit key, known as K2.
The resulting ciphertext is encrypted again, using the third 56-bit key, known as K3.
The 3DES-EDE procedure is much more effective at increasing security than simply encrypting the data
three times with three different keys. The 3DES-EDE procedure provides encryption with an effective key
length of 168 bits. If keys K1 and K3 are equal, a less secure encryption of 112 bits is achieved.
Figure 2 shows how 3DES decrypts the message, which is basically the reverse of the 3DES-EDE method.
First, the ciphertext is decrypted using key K3. Next, the data is encrypted using key K2. Finally, the data is
decrypted using key K1.
Although 3DES is very secure, it is also resource intensive. To better manage resources, the AES encryption
algorithm was developed. AES is as secure as 3DES and much faster.
Operaia 3DES
3DES utilizeaz o metod numit 3DES-Encrypt-Decrypt-Encrypt (3DES-EDE) pentru criptarea

textului. De exemplu, consultai Figura 1:
Mesajul de tip plaintext de la Alice este criptat folosind prima cheie de 56 bii, cunoscut sub
numele de K1.
Textul cifrat rezultat este decriptat utiliznd a doua cheie de 56 bii, cunoscut sub numele de
K2.
Textul cifrat rezultat este criptat din nou, utiliznd a treia cheie de 56 bii, cunoscut sub numele
de K3.
Procedura 3DES-EDE este mult mai eficient la creterea securitii dect prin simpla criptare a
datelor de trei ori cu trei chei diferite. Procedura 3DES-EDE ofer criptare cu o lungime efectiv a
cheii de 168 de bii. Dac tastele K1 i K3 sunt egale, se obine o criptare mai puin sigur de 112
bii.
Figura 2 arat modul n care 3DES decripteaz mesajul, ceea ce este n principiu inversul metodei
3DES-EDE. n primul rnd, textul cifric este decriptat folosind tasta K3. Apoi, datele sunt criptate
folosind tasta K2. n cele din urm, datele sunt decriptate folosind tasta K1.
Cu toate c 3DES este foarte sigur, este, de asemenea, resurse intensive. Pentru a gestiona mai
bine resursele, algoritmul de criptare AES a fost dezvoltat. AES este la fel de sigur ca 3DES i
mult mai rapid.
AES Origins
In 1997, the AES initiative was announced, and the public was invited to propose encryption schemes to
replace DES. After a five-year standardization process in which 15 competing designs were presented and
evaluated, the U.S. National Institute of Standards and Technology (NIST) selected the Rijndael block
cipher as the AES algorithm.
The Rijndael cipher, developed by Joan Daemen and Vincent Rijmen, has a variable block length and key
length. Rijndael is an iterated block cipher, which means that the initial input block and cipher key undergo
multiple transformation cycles before producing output. The algorithm can operate over a variable-length
block using variable-length keys. A 128-, 192-, or 256-bit key can be used to encrypt data blocks that are
128, 192, or 256 bits long, and all nine combinations of key and block length are possible.
The accepted AES implementation of Rijndael contains only some of the capabilities of the Rijndael
algorithm. The algorithm is written so that the block length, or the key length, or both, can easily be
extended in multiples of 32 bits, and the system is specifically designed for efficient implementation in
hardware or software on a range of processors.
The AES algorithm has been analyzed extensively and is now used worldwide. Although it has not been
proven in day-to-day use to the degree that 3DES has, AES with the Rijndael cipher is the more efficient
algorithm of the two. It can be used in high-throughput, low-latency environments, especially when 3DES
cannot handle the throughput or latency requirements. AES is expected to gain trust as time passes, and
more attacks have been attempted against it.
A summary of AES is shown in the figure.
AES (de la Advanced Encryption Standard - n limba englez, Standard Avansat de Criptare), cunoscut i sub numele
de Rijndael, este un algoritm standardizat pentru criptarea simetric, pe blocuri, folosit astzi pe scar larg n
aplicaii i adoptat ca standard de organizaia guvernamental american NIST.[1] Standardul oficializeaz algoritmul
dezvoltat de doi criptografi belgieni, Joan Daemen i Vincent Rijmen i trimis la NIST pentru selecie sub numele
Rijndael.
n propunerea avansat NIST, cei doi autori ai algoritmului Rijndael au definit un algoritm de criptare pe
blocuri n care lungimea blocului i a cheii puteau fi independente, de 128 de bii, 192 de bii, sau 256 de
bii. Specificaia AES standardizeaz toate cele trei dimensiuni posibile pentru lungimea cheii, dar
restricioneaz lungimea blocului la 128 de bii.[4] Astfel, intrarea i ieirea algoritmilor de criptare i
decriptare este un bloc de 128 de bii. n publicaia FIPS numrul 197, operaiile AES sunt definite sub
form de operaii pe matrice, unde att cheia, ct i blocul sunt scrise sub form de matrice.[5] La nceputul
rulrii cifrului, blocul este copiat ntr-un tablou denumit stare (n englez state), primii patru octei pe prima
coloan, apoi urmtorii patru pe a doua coloan, i tot aa pn la completarea tabloului.[5]
Algoritmul modific la fiecare pas acest tablou de numere denumit state, i l furnizeaz apoi ca ieire.
Funcionarea sa este descris de urmtorul pseudocod:[6]
Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])

begin
byte state[4,Nb]
state = in
AddRoundKey(state, w[0, Nb-1])
for round = 1 step 1 to Nr1
SubBytes(state)
ShiftRows(state)
MixColumns(state)
AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])
end for
SubBytes(state)
ShiftRows(state)
AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])
out = state
end
Aici, Nb este numrul de coloane al strii, n varianta standardizat acesta fiind ntotdeauna 4. Se observ
din descrierea algoritmului c o anumit secven este realizat iterativ, de un numr de Nr ori. Acest Nr
depinde de lungimea cheii i este 10, 12 sau 14, pentru chei pe 128, 192, respectiv 256 bii.[7]
Pasul SubBytes este un cifru cu substituie, fr punct fix, denumit Rijndael S-box, care ruleaz independent
pe fiecare octet din state. Aceast transformare este neliniar i face astfel ntreg cifrul s fie neliniar, ceea
ce i confer un nivel sporit de securitate.
Fiecare octet este calculat astfel:
unde bi este bitul corespunztor poziiei i din cadrul octetului, iar ci este bitul corespunztor poziiei i din
octetul ce reprezint valoarea hexazecimal 63, sau, pe bii, 01100011.[8] Maparea octeilor se poate reine
ntr-un tabel, explicitat n FIPS PUB 197, n care este specificat rezultatul operaiei de mai sus efectuat pe
fiecare din cele 256 de valori posibile reprezentabile pe un octet
Pasul ShiftRows opereaz la nivel de rnd al matricii de stare state. Pasul const n simpla deplasare ciclic a octeilor
de pe rnduri, astfel: primul rnd nu se deplaseaz; al doilea rnd se deplaseaz la stnga cu o poziie; al treilea rnd
se deplaseaz la stnga cu dou poziii; al patrulea se deplaseaz la stnga cu trei poziii.[10] Rezultatul acestui pas
este c fiecare coloan din tabloul state rezultat este compus din octei de pe fiecare coloan a strii iniiale. Acesta
este un aspect important, din cauz c tabloul state este populat iniial pe coloane, iar paii ulteriori, inclusiv
AddRoundKey n care este folosit cheia de criptare, operaiile se efectueaz pe coloane.[11]
Pasul MixColumns
n pasul MixColumns, fiecare coloan este nmulit cu un polinom, notat n figur cu c(x)
n acest pas, fiecare coloan a tabloului de stare este considerat un polinom de gradul 4 peste corpul Galois
Fiecare coloan, tratat ca polinom, este nmulit, modulo cu polinomul . Operaia se poate scrie
ca nmulire de matrice astfel:[12]
unde sunt elementele de pe un vector coloan rezultate n urma nmulirii, iar sunt elementele de
pe acelai vector naintea aplicrii pasului.
Rezultatul are proprietatea c fiecare element al su depinde de toate elementele de pe coloana strii
dinaintea efecturii pasului. Combinat cu pasul ShiftRows, acest pas asigur c dup cteva iteraii, fiecare
octet din stare depinde de fiecare octet din starea iniial (tabloul populat cu octeii mesajului n clar).[13]
Aceti doi pai, mpreun, sunt principala surs de difuzie n algoritmul Rijndael. Coeficienii polinomului
a(x) sunt toi 1, 2 i 3, din motive de performan, criptarea fiind mai eficient atunci cnd coeficienii sunt
mici. La decriptare, coeficienii pasului corespunztor acestuia sunt mai mari i deci decriptarea este mai
lent dect criptarea. S-a luat aceast decizie pentru c unele din aplicaiile n care urma s fie folosit
algoritmul implic numai criptri, i nu i decriptri, deci criptarea este folosit mai des.[13]
Pasul AddRoundKey i planificarea cheilor
n pasul AddRoundKey, se efectueaz o operaie de sau exclusiv pe bii ntre octeii strii i cei ai cheii de rund
Pasul AddRoundKey este pasul n care este implicat cheia. El const ntr-o simpl operaie de sau
exclusiv pe bii ntre stare i cheia de rund (o cheie care este unic pentru fiecare iteraie, cheie calculat pe
baza cheii secrete). Operaia de combinare cu cheia secret este una extrem de simpl i rapid, dar
algoritmul rmne complex, din cauza complexitii calculului cheilor de rund (Key Schedule), precum i a
celorlali pai ai algoritmului.[14]
Cheia de rund este calculat dup algoritmul urmtor:[15]
KeyExpansion(byte key[4*Nk], word w[Nb*(Nr+1)], Nk)

begin
word temp
i = 0
while (i < Nk)
w[i] = word(key[4*i], key[4*i+1], key[4*i+2], key[4*i+3])
i = i+1
end while
i = Nk
while (i < Nb * (Nr+1)]
temp = w[i-1]
if (i mod Nk = 0)
temp = SubWord(RotWord(temp)) xor Rcon[i/Nk]
else if (Nk > 6 and i mod Nk = 4)
temp = SubWord(temp)
end if
w[i] = w[i-Nk] xor temp
i = i + 1
end while
end
Acest algoritm lucreaz pe cheia algoritmului, de lungime Nk cuvinte de 4 octei (4, 6 sau 8, conform
standardului), populnd un tabel de cuvinte, Nb fiind numrul de cuvinte al blocului (n versiunea

standardizat, 4), iar Nr numrul de runde (iteraii), dependent de lungimea cheii. Algoritmul de planificare
a cheilor folosete transformarea SubWord, care este o substituie a octeilor identic cu cea din pasul
SubBytes.[16] RotWord este o rotaie ciclic la stnga cu un octet a octeilor dintr-un cuvnt.[16] Cu Rcon[i] se
noteaz n algoritm un cuvnt format din octeii . Operaia de ridicare la putere este aici cea valabil n
corpul Galois .[16] Tabloul w conine la finalul prelucrrii cuvintele de pe coloanele cheilor de rund, n
ordinea n care urmeaz s fie aplicate.
Securitatea
Rijndael, ca i toi ceilali algoritmi ajuni n etapa final de selecie pentru standardul AES, a fost
revizuit de NSA i, ca i ceilali finaliti, este considerat suficient de sigur pentru a fi folosit la criptarea
informaiilor guvernamentale americane neclasificate. n iunie 2003, guvernul SUA a decis ca AES s poat
fi folosit pentru informaii clasificate. Pn la nivelul SECRET, se pot folosi toate cele trei lungimi de cheie
standardizate, 128, 192 i 256 bii. Informaiile TOP SECRET (cel mai nalt nivel de clasificare) pot fi
criptate doar cu chei pe 256 bii.[17]
Atacul cel mai realizabil mpotriva AES este ndreptat mpotriva variantelor Rijndael cu numr redus de
iteraii. AES are 10 iteraii la o cheie de 128 de bii, 12 la cheie de 192 de bii i 14 la cheie de 256 de bii.
La nivelul anului 2008, cele mai cunoscute atacuri erau accesibile la 7, 8, respectiv 9 iteraii pentru cele trei
lungimi ale cheii.[
AES Origins
n 1997, a fost anunat iniiativa AES, iar publicul a fost invitat s propun scheme de criptare
pentru nlocuirea DES. Dup un proces de standardizare de cinci ani n care au fost prezentate i
evaluate 15 modele concurente, Institutul Naional de Standarde i Tehnologie din S.U.A. (NIST) a
selectat cifrul blocului Rijndael ca algoritm AES.
Cifrul Rijndael, dezvoltat de Joan Daemen i Vincent Rijmen, are o lungime variabil a blocului i
lungimea cheii. Rijndael este un cifru blocat iterativ, ceea ce nseamn c blocul de intrare iniial i
cheia de cifru sunt supuse mai multor cicluri de transformare nainte de producerea rezultatelor.
Algoritmul poate funciona pe un bloc cu lungime variabil utiliznd tastele cu lungime variabil. O
cheie de 128, 192 sau 256 de bii poate fi utilizat pentru a cripta blocuri de date care sunt lungi
de 128, 192 sau 256 de bii, iar toate cele nou combinaii ale lungimii cheii i a blocului sunt
posibile.
Implementarea AES acceptat de Rijndael conine doar cteva dintre capabilitile algoritmului
Rijndael. Algoritmul este scris astfel nct lungimea blocului sau lungimea cheii sau amndou pot
fi uor extinse n multipli de 32 de bii, iar sistemul este proiectat special pentru o implementare
eficient n hardware sau software pe o serie de procesoare.
Algoritmul AES a fost analizat pe scar larg i este utilizat acum la nivel mondial. Dei nu a fost
dovedit n utilizarea de zi cu zi n msura n care 3DES are, AES cu cifrul Rijndael este algoritmul
mai eficient al celor dou. Poate fi utilizat n medii cu performane ridicate i latente reduse, mai
ales cnd 3DES nu poate face fa cerinelor de transfer sau de laten. Se ateapt ca AES s
ctige ncredere pe msur ce timpul trece i au fost ncercate mai multe atacuri mpotriva
acestuia.
Un rezumat al AES este prezentat n figur.
AES Summary
AES was chosen to replace DES for a number of reasons. The key length of AES makes the key much
stronger than DES. AES runs faster than 3DES on comparable hardware. AES is more efficient than DES
and 3DES on comparable hardware, usually by a factor of five when it is compared with DES. AES is more
suitable for high-throughput, low-latency environments, especially if pure software encryption is used.
Figures 1 through 4 show an example of encrypting text using AES.
Despite these advantages, AES is a relatively young algorithm. The golden rule of cryptography states that a
mature algorithm is always more trusted. 3DES is, therefore, a more trusted choice in terms of strength
because it has been tested and analyzed for 35 years.
Rezumat AES
AES a fost aleas pentru a nlocui DES din mai multe motive. Lungimea cheie a AES face cheia
mult mai puternic dect DES. AES ruleaz mai repede dect 3DES pe hardware comparabil.
AES este mai eficient dect DES i 3DES pe hardware comparabil, de obicei cu un factor de
cinci atunci cnd este comparat cu DES. AES este mai potrivit pentru medii cu performane
ridicate i latente reduse, mai ales dac se utilizeaz o criptare pur a software-ului.
Figurile 1 pn la 4 prezint un exemplu de criptare a textului utiliznd AES.

n ciuda acestor avantaje, AES este un algoritm relativ tnr. Regula de aur a criptografiei afirm
c un algoritm matur este ntotdeauna mai de ncredere. 3DES este, prin urmare, o alegere mai
de ncredere n ceea ce privete puterea, deoarece a fost testat i analizat timp de 35 de ani.
Software-Optimized Encryption Algorithm

The Software-Optimized Encryption Algorithm (SEAL) is an alternative algorithm to software-based DES,
3DES, and AES. Phillip Rogaway and Don Coppersmith designed SEAL in 1993. It is a stream cipher that
uses a 160-bit encryption key. Because it is a stream cipher, data to be encrypted is continuously encrypted.
This makes it much faster than block ciphers.
SEAL has a lower impact on the CPU compared to other software-based algorithms. However, it has a
longer initialization phase during which a large set of tables is created using SHA.
SEAL has several restrictions:
The Cisco router and the peer must support IPsec.
The Cisco router and the other peer must run an IOS image that supports encryption. These IOS
images are identified with the string k9 in the IOS filename.
The router and the peer must not have hardware IPsec encryption.
A summary of SEAL is shown in the figure.

Software-optimizat de criptare algoritm
Algoritmul de criptare optimizat pentru software (SEAL) este un algoritm alternativ la DES, 3DES
i AES bazate pe software. Phillip Rogaway i Don Coppersmith au proiectat SEAL n 1993.
Acesta este un cip de flux care utilizeaz o cheie de criptare de 160 de bii. Deoarece este un cip
de flux, datele care urmeaz s fie criptate sunt criptate continuu. Acest lucru face mult mai rapid
dect blocarea cifrelor.
SEAL are un impact mai mic asupra procesorului n comparaie cu ali algoritmi bazai pe
software. Cu toate acestea, are o faz de iniializare mai lung n timpul creia este creat un set
mare de tabele utiliznd SHA.
SEAL are mai multe restricii:
Router-ul Cisco i partenerul trebuie s accepte IPsec.
Router-ul Cisco i cealalt parte trebuie s ruleze o imagine IOS care suport criptarea. Aceste
imagini IOS sunt identificate cu irul "k9" n fiierul IOS.
Router-ul i peerul nu trebuie s aib criptare IPsec hardware.
Un rezumat al SEAL este prezentat n figur.
RC Algorithms
The RC algorithms were designed all or in part by Ronald Rivest, who also invented MD5. The RC
algorithms are widely deployed in many networking applications because of their favorable speed and
variable key-length capabilities.
There are a number of widely used RC algorithms:
RC2 This is a variable key-size block cipher that was designed as a drop-in replacement for
DES.
RC4 This is the world's most widely used stream cipher. This algorithm is a variable key-size
Vernam stream cipher that is often used in file encryption products and for secure communications,
such as within SSL. It is not considered a one-time pad because its key is not random. The cipher can
be expected to run very quickly in software and is considered secure, although it can be implemented
insecurely, as in Wired Equivalent Privacy (WEP).
RC5 This is a fast block cipher that has a variable block size and key length. RC5 can be used as a
drop-in replacement for DES if the block size is set to 64-bit.
RC6 This was developed in 1997. RC6 was an AES finalist. It is a 128-bit to 256-bit block cipher
that was designed by Rivest, Sidney, and Yin. It is based on RC5 and was designed to meet the
requirement of AES.
A summary of the RC algorithms is shown in the figure.
Note: In general RC algorithms are considered weak and should be avoided.

RC algoritmi
Algoritmii RC au fost proiectai integral sau parial de ctre Ronald Rivest, care a inventat i MD5.
Algoritmii RC se desfoar pe scar larg n multe aplicaii de reea din cauza vitezei lor
favorabile i a capacitilor variabile de lungime cheie.
Exist un numr de algoritmi RC folosii pe scar larg:
RC2 - Acesta este un cifru variabil de chei de dimensiune cheie care a fost proiectat ca un
"drop-in" nlocuitor pentru DES.
RC4 - Acesta este cel mai utilizat cifru de flux din lume. Acest algoritm este un cifru variabil de
dimensiuni cheie Vernam, care este adesea folosit n produsele de criptare a fiierelor i pentru
comunicaii sigure, cum ar fi SSL. Nu este considerat un tampon unic, deoarece cheia nu este
aleatorie. Se poate atepta ca cifrul s ruleze foarte rapid n software i este considerat sigur, dei
poate fi pus n aplicare n mod nesigur, ca n WEP (Wired Equivalent Privacy).
RC5 - Acesta este un cifru rapid bloc care are o dimensiune variabil a blocului i lungimea
cheii. RC5 poate fi folosit ca nlocuitor de tip drop-in pentru DES dac dimensiunea blocului este
setat la 64 de bii.
RC6 - Acesta a fost dezvoltat n 1997. RC6 a fost un finalist al AES. Este un cifru de bloc de
128 bii pn la 256 de bii proiectat de Rivest, Sidney i Yin. Acesta se bazeaz pe RC5 i a fost
conceput pentru a ndeplini cerinele AES.
Un rezumat al algoritmilor RC este prezentat n figur.
Not: n general, algoritmii RC sunt considerai slabi i trebuie evitai.
Diffie-Hellman Algorithm
Whitfield Diffie and Martin Hellman invented the Diffie-Hellman (DH) algorithm in 1976. The DH
algorithm is the basis of most modern automatic key exchange methods, and is one of the most common
protocols used in networking today. Diffie-Hellman is not an encryption mechanism and is not typically
used to encrypt data. Instead, it is a method to securely exchange the keys that encrypt data.
In a symmetric key system, both sides of the communication must have identical keys. Securely exchanging
those keys has always been a challenge. Asymmetric key systems address this challenge because they use
two keys. One key is called the private key, and the other is the public key. The private key is secret and
known only to the user. The public key is openly shared and easily distributed.
DH is a mathematical algorithm that allows two computers to generate an identical shared secret on both
systems, without having communicated before. The new shared key is never actually exchanged between the
sender and receiver. However, because both parties know it, the key can be used by an encryption algorithm
to encrypt traffic between the two systems.
The security of DH is based on the fact that it uses unbelievably large numbers in its calculations. For
example, a DH 1024-bit number is roughly equal to a decimal number of 309 digits. Considering that a
billion is 10 decimal digits (1,000,000,000), one can easily imagine the complexity of working with not one,
but multiple 309 digit decimal numbers.
DH is commonly used when data is exchanged using an IPsec VPN, when data is encrypted on the Internet
using either SSL or TLS, or when SSH data is exchanged.
Unfortunately, asymmetric key systems are extremely slow for any sort of bulk encryption. This is why it is
common to encrypt the bulk of the traffic using a symmetric algorithm, such as 3DES or AES and use the
DH algorithm to create keys that will be used by the encryption algorithm.
A summary of DH characteristics is shown in the figure.
Algoritmul Diffie-Hellman
Whitfield Diffie i Martin Hellman au inventat algoritmul Diffie-Hellman (DH) n 1976.

Algoritmul DH este baza celor mai moderne metode automate de schimb de chei i este unul
dintre cele mai comune protocoale utilizate n reelele de astzi. Diffie-Hellman nu este un
mecanism de criptare i nu este utilizat n mod obinuit pentru criptarea datelor. n schimb, este o
metod de a schimba n siguran cheile care cripteaz datele.
ntr-un sistem de chei simetrice, ambele pri ale comunicrii trebuie s aib chei identice.
Schimbarea sigur a cheilor a fost ntotdeauna o provocare. Sistemele cheie asimetrice
abordeaz aceast provocare deoarece folosesc dou chei. O cheie este numit cheia privat, iar
cealalt este cheia public. Cheia privat este secret i cunoscut numai de utilizator. Cheia
public este distribuit n mod deschis i distribuit cu uurin.
DH este un algoritm matematic care permite celor dou computere s genereze un secret
partajat identic pentru ambele sisteme, fr a fi comunicat nainte. Noua cheie partajat nu este
niciodat schimbat ntre expeditor i receptor. Cu toate acestea, deoarece ambele pri o
cunosc, cheia poate fi utilizat de un algoritm de criptare pentru criptarea traficului ntre cele dou
sisteme.
Securitatea DH se bazeaz pe faptul c utilizeaz n calculele sale cifre incredibil de mari. De
exemplu, un numr DH 1024-bii este aproximativ egal cu un numr zecimal de 309 de cifre.
Avnd n vedere c un miliard este de 10 cifre zecimale (1.000.000.000), se poate imagina cu
uurin complexitatea de a lucra cu unul nu, dar mai multe numere zecimal 309 cifre.
DH este frecvent utilizat atunci cnd datele sunt schimbate utiliznd o VPN IPsec, atunci cnd
datele sunt criptate pe Internet utiliznd fie SSL sau TLS, fie atunci cnd sunt schimbate date
SSH.
Din pcate, sistemele cheie asimetrice sunt extrem de lente pentru orice tip de criptare n vrac.
Acesta este motivul pentru care este comun s se cripteze cea mai mare parte a traficului folosind
un algoritm simetric, cum ar fi 3DES sau AES, i s se utilizeze algoritmul DH pentru a crea chei
care vor fi utilizate de algoritmul de criptare.
Un rezumat al caracteristicilor DH este prezentat n figur.
DH Operation
DH uses modular arithmetic in its calculations. Modular arithmetic creates a remainder. For example, 38
modulo 7, is 38/7 = 5 and 3/7. In this case, modulus 7 divides into 38 with a remainder of 3. Therefore 38
modulo 7 = 3.
To help understand how DH is used, consider this example of communication between Alice and Bob. There
are six steps in the DH process. Refer to Figure 1 for steps 1 to 3 and refer to Figure 2 for steps 4 to 6.
Step 1. To start a DH exchange, Alice and Bob must agree on two non-secret numbers. The first number, g,
is a base number, also called the generator. The second number, p, is a prime number that is used as the
modulus. These base number and prime numbers are usually public and are chosen from a table of known
values. Typically, g is a very small number, and p is a larger prime number. In the graphic g =5 and p=23.
Note that in our example, we are using small numbers to make it easier to understand. DH uses much larger
numbers.
Step 2. Alice generates a secret number 6 and Bob generates his secret number 15.
Step 3. Based on g, p, and Alices secret number, Alice calculates using modular arithmetic which creates a
public value of 8 using the DH algorithm. She sends her public value to Bob.
Step 4. Bob calculates a public value using g, p, and his secret number. Bob sends his public value of 19 to
Alice. Notice that these values are not the same.
Step 5. Alice performs a second DH algorithm using Bobs public value as the new base number.
Step 6. Bob performs a second DH algorithm using Alices public value as the new base number.
Alice and Bob both come up with the same result (2). This new value is now a shared secret between Alice
and Bob and can be used by an encryption algorithm as a shared secret key between them.
Anyone listening on the channel cannot compute the secret value because only public valuesare known, and
at least one secret value is needed to calculate the shared secret. Unless the attackers can compute the
discrete algorithm of the equation to recover Alice or Bobs secret number, they cannot obtain the shared
secret.
Although DH is used with symmetric algorithms to create shared keys, it is important to remember that it is
actually an asymmetric algorithm.
Funcionare DH
DH folosete aritmetica modular n calculele sale. Aritmetica modular creeaz un rest. De

exemplu, 38 modulo 7, este 38/7 = 5 i 3/7. n acest caz, modulul 7 se mparte n 38 cu un rest de
3. Prin urmare, 38 modulo 7 = 3.
Pentru a v ajuta s nelegei modul n care este folosit DH, luai n considerare acest exemplu
de comunicare ntre Alice i Bob. Exist ase pai n procesul DH. Consultai Figura 1 pentru
etapele de la 1 la 3 i consultai Figura 2 pentru etapele 4 pn la 6.
Pasul 1. Pentru a ncepe un schimb de DH, Alice i Bob trebuie s convin asupra a dou numere
non-secrete. Primul numr, g, este un numr de baz, numit i generatorul. Al doilea numr, p,
este un numr prime care este folosit ca modul. Aceste numere de baz i prime sunt de obicei
publice i sunt alese dintr-un tabel cu valori cunoscute. De obicei, g este un numr foarte mic i p
este un numr mai mare. n graficul g = 5 i p = 23. Reinei c n exemplul nostru folosim numere
mici pentru a fi mai uor de neles. DH utilizeaz numere mult mai mari.
Pasul 2. Alice genereaz un numr secret 6 i Bob genereaz numrul secret 15.
Pasul 3. Bazat pe g, p, i numrul secret al lui Alice, Alice calculeaz folosind o aritmetic
modular care creeaz o valoare public de 8 folosind algoritmul DH. Ea i trimite valoarea public
lui Bob.
Pasul 4. Bob calculeaz o valoare public folosind g, p, i numrul su secret. Bob i trimite lui
Alice valoarea lui public de 19. Observai c aceste valori nu sunt aceleai.
Pasul 5. Alice efectueaz un al doilea algoritm DH utiliznd valoarea public a lui Bob ca nou
numr de baz.
Pasul 6. Bob realizeaz un al doilea algoritm DH utiliznd valoarea public a lui Alice ca nou
numr de baz.
Alice i Bob vin cu acelai rezultat (2). Aceast nou valoare este acum un secret comun ntre
Alice i Bob i poate fi folosit de un algoritm de criptare ca o cheie secret partajat ntre ele.
Oricine ascult pe canal nu poate calcula valoarea secret, deoarece sunt cunoscute numai
valorile publice i este necesar o valoare secret minim pentru a calcula secretul partajat. Cu
excepia cazului n care atacatorii pot calcula algoritmul discret al ecuaiei pentru a recupera
numrul secret al lui Alice sau Bob, ei nu pot obine secretul comun.
Dei DH este folosit cu algoritmi simetrici pentru a crea chei partajate, este important s ne
amintim c este de fapt un algoritm asimetric.
Asymmetric Key Algorithms
Asymmetric algorithms, also called public-key algorithms, are designed so that the key that is used for
encryption is different from the key that is used for decryption. The decryption key cannot, in any
reasonable amount of time, be calculated from the encryption key and vice versa.
In the example of Alice and Bob, they did not exchange pre-shared keys prior to communication. Instead,
they each had separate padlocks and corresponding keys, as shown in the figure. In this same manner,
asymmetric algorithms are used to exchange secret messages without ever having had a shared secret before
the exchange.
There are four protocols that use asymmetric key algorithms:
Internet Key Exchange (IKE), which is a fundamental component of IPsec VPNs.
Secure Socket Layer (SSL), which is now implemented as IETF standard TLS.
Secure Shell (SSH), which is a protocol that provides a secure remote access connection to network
devices.
Pretty Good Privacy (PGP), which is a computer program that provides cryptographic privacy and
authentication and is often used to increase the security of email communications.
Asymmetric algorithms use two keys: a public key and a private key. Both keys are capable of the
encryption process, but the complementary matched key is required for decryption. For example, if a public
key encrypts the data, the matching private key decrypts the data. The opposite is also true. If a private key
encrypts the data, the corresponding public key decrypts the data.
This process enables asymmetric algorithms to achieve confidentiality, authentication, and integrity.
These are the characteristics of asymmetric keys:
The typical key length is 512 to 4,096 bits.
Key lengths greater than or equal to 1,024 bits can be trusted.
Key lengths that are shorter than 1,024 bits are considered unreliable for most algorithms.
Algoritmi cu Chei asimetrice
Modelele asimetrice, denumite i algoritmi cu cheie public, sunt proiectate astfel nct
cheia care este utilizat pentru criptare s fie diferit de cea utilizat pentru decriptare. Cheia de
decriptare nu poate fi calculat, n orice moment rezonabil, din cheia de criptare i invers.
n exemplul lui Alice i Bob, nu au schimbat cheile pre-distribuite nainte de comunicare. n

schimb, fiecare dintre ele avea lacte separate i chei corespunztoare, dup cum se arat n
figur. n acest mod, algoritmi asimetrici sunt folosii pentru a schimba mesaje secrete fr a avea
un secret comun nainte de schimb.
Exist patru protocoale care folosesc algoritmi cheie asimetrici:
Internet Key Exchange (IKE), care este o component fundamental a VPN-urilor IPsec.
Secure Socket Layer (SSL), care este implementat acum ca TLS standard IETF.
Secure Shell (SSH), care este un protocol care ofer o conexiune securizat de acces la
distan la dispozitivele de reea.
Destul de bun confidenialitate (PGP), care este un program de calculator care asigur
confidenialitatea i autentificarea criptografic i este adesea folosit pentru a spori securitatea
comunicaiilor de e-mail.
Modelele asimetrice utilizeaz dou chei: o cheie public i o cheie privat. Ambele chei sunt
capabile de procesul de criptare, dar cheia complementar este potrivit pentru decriptare. De
exemplu, dac o cheie public cripteaz datele, cheia privat potrivit decripteaz datele. Opusul
este, de asemenea, adevrat. Dac o cheie privat cripteaz datele, cheia public
corespunztoare decodific datele.
Acest proces permite algoritmilor asimetrici s obin confidenialitate, autentificare i integritate.
Acestea sunt caracteristicile cheilor asimetrice:
Lungimea cheie tipic este de 512 pn la 4096 de bii.
Lungimea cheii mai mare sau egal cu 1.024 de bii poate fi de ncredere.
Lungimile cheie care sunt mai scurte de 1.024 de bii sunt considerate nesigure pentru
majoritatea algoritmilor.
Public Key + Private Key = Confidentiality

The confidentiality objective of asymmetric algorithms is initiated when the encryption process is started
with the public key. The process can be summarized using the formula:
Public Key (Encrypt) + Private Key (Decrypt) = Confidentiality
When the public key is used to encrypt the data, the private key must be used to decrypt the data. Only one
host has the private key; therefore, confidentiality is achieved.
If the private key is compromised, another key pair must be generated to replace the compromised key.
For example, in Figure 1, Alice requests and obtains Bobs public key. In Figure 2, Alice uses Bobs public
key to encrypt a message using an agreed-upon algorithm. Alice sends the encrypted message to Bob. Bob
then uses his private key to decrypt the message as shown in Figure 3.
Cheie public + cheie privat = Confidenialitate
Obiectivul de confidenialitate al algoritmilor asimetrici este iniiat cnd procesul de criptare este
iniiat cu cheia public. Procesul poate fi rezumat folosind formula:
Cheie public (criptare) + cheie privat (Decrypt) = Confidenialitate
Atunci cnd cheia public este utilizat pentru a cripta datele, cheia privat trebuie utilizat pentru
a decripta datele. Numai o gazd are cheia privat; Prin urmare, se obine confidenialitatea.
Dac cheia privat este compromis, trebuie s fie generat o alt pereche de chei pentru a
nlocui cheia compromis.
De exemplu, n figura 1, Alice cere i obine cheia public a lui Bob. n figura 2, Alice utilizeaz
cheia public a lui Bob pentru a cripta un mesaj folosind un algoritm convenit. Alice trimite mesajul
criptat lui Bob. Bob utilizeaz apoi cheia privat pentru a decripta mesajul aa cum se arat n
figura 3.
Private Key + Public Key = Authentication

The authentication objective of asymmetric algorithms is initiated when the encryption process is started
with the private key. The process can be summarized using the formula:
Private Key (Encrypt) + Public Key (Decrypt) = Authentication
When the private key is used to encrypt the data, the corresponding public key must be used to decrypt the
data. Because only one host has the private key, only that host could have encrypted the message, providing
authentication of the sender. Typically, no attempt is made to preserve the secrecy of the public key, so any
number of hosts can decrypt the message. When a host successfully decrypts a message using a public key,
it is trusted that the private key encrypted the message, which verifies who the sender is. This is a form of
authentication.
For example, in Figure 1, Alice encrypts a message using her private key. Alice sends the encrypted
message to Bob. Bob needs to authenticate that the message did indeed come from Alice. Therefore, in
Figure 2, Bob requests Alices public key. In Figure 3 Bob uses Alices public key to decrypt the message.
Cheie privat + cheie public = Autentificare
Obiectivul de autentificare a algoritmilor asimetrici este iniiat cnd procesul de criptare este pornit
cu cheia privat. Procesul poate fi rezumat folosind formula:
Cheia privat (Criptare) + Cheia public (Decrypt) = Autentificare

Atunci cnd cheia privat este utilizat pentru criptarea datelor, cheia public
corespunztoare trebuie utilizat pentru decriptarea datelor. Deoarece numai o gazd are cheia
privat, numai acea gazd ar fi putut cripta mesajul, furniznd autentificarea expeditorului. n mod
tipic, nu se face nici o ncercare de a pstra secretul cheii publice, astfel nct orice numr de
gazde s decripteze mesajul. Atunci cnd o gazd decripteaz cu succes un mesaj utiliznd o
cheie public, se crede c cheia privat a criptat mesajul, care verific cine este expeditorul.
Aceasta este o form de autentificare.
De exemplu, n figura 1, Alice cripteaz un mesaj utiliznd cheia privat. Alice trimite mesajul
criptat lui Bob. Bob trebuie s se autentifice c mesajul a venit ntr-adevr de la Alice. Prin urmare,
n figura 2, Bob solicit cheia public a lui Alice. n figura 3, Bob utilizeaz cheia public a lui Alice
pentru a decripta mesajul.
Asymmetric Algorithms
When sending a message that requires message confidentiality, authentication, and integrity, the
combination of two encryption phases is necessary.
Phase 1 - Confidentiality
Figure 1 shows that Alice wants to send a message to Bob ensuring that only Bob can read the document. In
other words, Alice wants to ensure message confidentiality. Alice uses the public key of Bob to cipher the
message. Only Bob can decipher it, using his private key.
Phase 2 - Authentication and Integrity
Alice also wants to ensure message authentication and integrity. Authentication ensures Bob that the
document was sent by Alice, and integrity ensures that it was not modified. As shown in Figure 2, Alice uses
her private key to cipher a hash of the message. Alice sends the encrypted message with its encrypted hash
to Bob.
In Figure 3, Bob uses Alices public key to verify that the message was not modified. The received hash is
equal to the locally determined hash based on Alice's public key. Additionally, this verifies that Alice is
definitely the sender of the message because nobody else has Alice's private key. Finally, in Figure 4, Bob
uses his private key to decipher the message.
By sending a message that was ciphered using Bobs public key and a ciphered hash that was encrypted
using Alices private key, confidentiality, authenticity, and integrity are ensured.
Modele asimetrice
Atunci cnd trimitei un mesaj care necesit confidenialitate, autentificare i integritate a

mesajelor, este necesar combinarea a dou faze de criptare.
Faza 1 - Confidenialitate
Figura 1 arat c Alice dorete s trimit un mesaj lui Bob asigurndu-se c numai Bob poate citi
documentul. Cu alte cuvinte, Alice dorete s asigure confidenialitatea mesajului. Alice utilizeaz
cheia public a lui Bob pentru a cifra mesajul. Numai Bob l poate descifra, folosind cheia privat.
Faza 2 - autentificare i integritate
Alice dorete, de asemenea, s asigure autentificarea mesajelor i integritatea. Autentificarea i

asigur lui Bob c documentul a fost trimis de Alice, iar integritatea asigur c nu a fost
modificat. Dup cum se arat n figura 2, Alice utilizeaz cheia privat pentru a cifra un hash al
mesajului. Alice trimite mesajul criptat cu hash criptat lui Bob.
n figura 3, Bob utilizeaz cheia public a lui Alice pentru a verifica dac mesajul nu a fost
modificat. Hash-ul primit este egal cu hash-ul determinat local bazat pe cheia public a lui Alice. n
plus, aceasta verific faptul c Alice este cu siguran expeditorul mesajului deoarece nimeni
altcineva nu are cheia privat a lui Alice. n cele din urm, n figura 4, Bob folosete cheia privat
pentru a descifra mesajul.
Prin trimiterea unui mesaj care a fost ciphered folosind cheia public Bob i un hash cu cifru care
a fost criptat folosind cheia privat a lui Alice, confidenialitatea, autenticitatea i integritatea sunt
asigurate.
Types of Asymmetric Algorithms

The figure summarizes a variety of well-known asymmetric key algorithms.
Although the mathematics differ, these algorithms all have one thing in common; they require complicated
calculations. Their design is based on computational problems, such as factoring extremely large numbers or
computing discrete logarithms of extremely large numbers. As a result, the computation takes more time for
asymmetric algorithms. In fact, asymmetric algorithms can take up to 1,000 times longer to compute than
symmetric algorithms. Because they lack speed, asymmetric algorithms are typically used in low-volume
transactions, such as when a user connects to their online bank to verify their balance or when making online
puchases. They are also used to create digital signatures.
The key management of asymmetric algorithms tends to be simpler than that of symmetric algorithms
because usually one of the two encryption or decryption keys can be made public.
Note: Do not compare the key length of asymmetric and symmetric algorithms because the underlying
design of the two algorithm families differs greatly. For example, a 2,048-bit RSA encryption key is roughly
equivalent to a 128-bit RC4 key in terms of resistance against brute-force attacks.
Tipuri de algoritmi asimetrici
Figura sumarizeaz o varietate de algoritmi binecunoscui de chei asimetrice.
Dei matematica difer, toi aceti algoritmi au un singur lucru n comun; Ele necesit calcule
complicate. Designul lor se bazeaz pe probleme de calcul, cum ar fi factorizarea unor numere
extrem de mari sau calculul logaritmilor discrete de numere extrem de mari. Ca rezultat, calculul
dureaz mai mult timp pentru algoritmi asimetrici. De fapt, algoritmii asimetrici pot dura pn la
1.000 de ori mai mult pentru a calcula dect algoritmi simetrici. Deoarece le lipsete viteza,
algoritmii asimetrici sunt utilizai n mod obinuit n tranzaciile cu volum redus, cum ar fi atunci
cnd un utilizator se conecteaz la banca lor online pentru a verifica soldul lor sau pentru a face
paapoarte online. Ele sunt, de asemenea, folosite pentru a crea semnturi digitale.
Managementul cheie al algoritmilor asimetrici tinde s fie mai simplu dect cel al algoritmilor
simetrici deoarece, de obicei, una dintre cele dou chei de criptare sau decriptare poate fi fcut
public.
Not: Nu comparai lungimea cheii algoritmilor asimetrici i simetrici deoarece proiectarea de baz
a celor dou familii de algoritmi difer foarte mult. De exemplu, o cheie de criptare RSA de 2048
bii este aproximativ echivalent cu o cheie RC4 de 128 bii n ceea ce privete rezistena
mpotriva atacurilor de for brute.
Using Digital Signatures

Handwritten signatures and stamped seals have long been used as a proof of authorship of the contents of a
document. Digital signatures can provide the same functionality as handwritten signatures. Specifically, they
are a mathematical technique used to provide three basic security services shown in Figure 1.
Digital signatures have specific properties that enable entity authentication and data integrity as shown in
Figure 2.
Digital signatures are commonly used in the following two situations:
Code signing - Used to verify the integrity of executable files downloaded from a vendor website.
Code signing also uses signed digital certificates to authenticate and verify the identity of the site.
Digital certificates - Used to verify the identity of an organization or individual to authenticate a
vendor website and establish an encrypted connection to exchange confidential data.
Utilizarea semnturilor digitale
Semnturile scrise i semnele tampilate au fost folosite de mult timp ca o dovad a autoritii
coninutului unui document. Semnturile digitale pot furniza aceeai funcionalitate ca semnturile
scrise de mn. Mai exact, acestea reprezint o tehnic matematic utilizat pentru a furniza trei
servicii de securitate de baz prezentate n Figura 1.
Semnturile digitale au proprieti specifice care permit autentificarea entitii i integritatea

datelor, dup cum se arat n figura 2.
Semnturile digitale sunt utilizate n mod obinuit n urmtoarele dou situaii:
Semnarea codului - Utilizat pentru a verifica integritatea fiierelor executabile descrcate de

pe un site web al furnizorului. Semnarea codului utilizeaz, de asemenea, certificate digitale
semnate pentru autentificarea i verificarea identitii site-ului.
Certificate digitale - utilizate pentru a verifica identitatea unei organizaii sau a unei persoane
pentru a autentifica un site furnizor i pentru a stabili o conexiune criptat pentru schimbul de date
confideniale.
Code Signing
Dgital signatures are commonly used to provide assurance of the authenticity and integrity of software codes
and answer the question, How can users trust code downloaded from the Internet?
The answer is, With digital code signing. Executable files are wrapped in a digitally signed envelope,
which allows the end user to verify the signature before installing the software.
Digitally signing code provides several assurances about the code:
The code is authentic and is actually sourced by the publisher.
The code has not been modified since it left the software publisher.
The publisher undeniably published the code. This provides nonrepudiation of the act of publishing.
Refer to the Figures 1 through 5 to see the properties of a file with a digitally signed signature contained in a
certificate.
Semnarea codului
Semnturile dgital sunt folosite n mod obinuit pentru a asigura autenticitatea i integritatea
codurilor software i a rspunde la ntrebarea "Cum pot fi ncredinai utilizatorii codul descrcat de
pe Internet?"
Rspunsul este: "Cu semnarea codului digital". Fiierele executabile sunt nfurate ntr-un plic
semnalizat digital, care permite utilizatorului final s verifice semntura nainte de a instala
software-ul.
Codul digital de semnare ofer mai multe asigurri despre cod:
Codul este autentic i este de fapt furnizat de editor.
Codul nu a fost modificat de cnd a prsit editorul de software.
Editorul a publicat fr ndoial codul. Acest lucru ofer nerepudierea actului de publicare.
Consultai figurile de la 1 la 5 pentru a vedea proprietile unui fiier cu semntura semnat digital
coninut ntr-un certificat.
Digital Certificates
A digital certificate is equivalent to an electronic passport. They enable users, hosts, and organizations to
securely exchange information over the Internet. Specifically, a digital certificate is used to authenticate and
verify that a user sending a message is who they claim to be. Digital certificates can also be used to provide
confidentiality for the receiver with the means to encrypt a reply.
Digital certificates are similar to physical certificates. For example, the paper-based Cisco Certified Network
Associate Security (CCNA-S) certificate in Figure 1 identifies who the certificate is issued to, who
authorized the certificate, and for how long the certificate is valid. Notice how the digital certificate in
Figure 2 also identifies similar elements.
Certificate digitale
Un certificat digital este echivalent cu un paaport electronic. Ele permit utilizatorilor, gazdei
i organizaiilor s fac schimb de informaii n siguran prin Internet. n mod specific, un certificat
digital este utilizat pentru a autentifica i a verifica dac un utilizator care trimite un mesaj este
acela despre care pretind c este. Certificatele digitale pot fi, de asemenea, folosite pentru a
asigura confidenialitatea receptorului cu mijloacele de criptare a unui rspuns.
Certificatele digitale sunt similare cu certificatele fizice. De exemplu, certificatul Cisco Certified
Network Associate Security (CCNA-S) pe suport de hrtie din Figura 1 identific persoanele
crora li se elibereaz certificatul, care au autorizat certificatul i pentru ct timp certificatul este
valabil. Observai cum certificatul digital din Figura 2 identific, de asemenea, elemente similare.
Using Digital Certificates

To help understand how a digital certificate is used, refer to Figure 1. In this scenario, Bob is confirming an
order with Alice.
Click the plus signs (+) in Figure 2 to display how Alice will use the digital certificate.
Utilizarea certificatelor digitale
Pentru a nelege modul n care este folosit un certificat digital, consultai Figura 1. n acest
scenariu, Bob confirm o comand cu Alice.
Facei clic pe semnele plus (+) din Figura 2 pentru a afia modul n care Alice va utiliza certificatul
digital.
Digital Signature Algorithms

There are three Digital Signature Standard (DSS) algorithms that are used for generating and verifying
digital signatures:
Digital Signature Algorithm (DSA) - DSA is the original standard for generating public and private
key pairs, and for generating and verifying digital signatures.
Rivest-Shamir Adelman Algorithm (RSA) digital signature algorithm - RSA is an asymmetric

algorithm that is commonly used for generating and verifying digital signatures.
Elliptic Curve Digital Signature Algorithm (ECDSA) - ECDSA is a newer variant of DSA and
provides digital signature authentication and non-repudiation with benefits of computational
efficiency, small signature sizes, and minimal bandwidth.
A summary of DSA is displayed in Figure 1 and a summary of RSA is displayed in Figure 2.
Note: DSA signature generation is faster than RSA, but DSA signature verification is slower. RSA signature
verification is much faster than DSA, but RSA signature generation is slower.
Algoritmi de semntur digital
Exist trei algoritmi Digital Signature Standard (DSS) care sunt utilizai pentru generarea i
verificarea semnturilor digitale:
Algoritmul de semntur digital (DSA) - standardul original pentru generarea perechilor de chei
publice i private i pentru generarea i verificarea semnturilor digitale.
Algoritmul de semntur digital al algoritmului de semnalizare digital RSA - RSA este un

algoritm asimetric utilizat n mod obinuit pentru generarea i verificarea semnturilor digitale.
Elgoriu digital al semnalului curbelor eliptice (ECDSA) - ECDSA este o variant mai nou a
DSA i ofer autentificare digital i non-repudiere cu avantajele eficienei computaionale,
dimensiunilor mici de semnturi i limii de band minim.
Un rezumat al DSA este afiat n Figura 1 i un rezumat al RSA este afiat n Figura 2.
Not: Generarea de semnturi DSA este mai rapid dect RSA, dar verificarea semnturii DSA
este mai lent. RSA verificarea semnturii este mult mai rapid dect DSA, dar generarea
semnturii RSA este mai lent.
Digitally Signed Cisco Software

The US Government Federal Information Processing Standard (FIPS) Publication 140-3, specifies that
software is to be digitally signed and verified. The purpose of digitally signed software is to ensure that the
software has not been tampered with, and that it originated from the trusted source as claimed.
Cisco provides digitally signed IOS images for many of their network devices, including the ISR series
routers. A digitally signed image can be recognized by the SPA character string contained within the
filename. For example: c1900-universalk9-mz.SPA.154-3.M2.bin.
Each character of SPA has the following meaning:
S: Stands for digitally signed software.
P: Stands for a production image.
A: Indicates the key version used to digitally sign the image.
To verify a digitally signed image on an ISR router, use the show software authenticity command, as
shown in the figure.
Click here for more information about the Digitally Signed Cisco Software feature.
Software Cisco semnat digital
Publicaia Federal a Statelor Unite pentru prelucrarea informaiilor (FIPS) 140-3 specific faptul
c software-ul trebuie s fie semnat i verificat digital. Scopul software-ului digital semnat este s
se asigure c software-ul nu a fost manipulat i c a provenit din sursa de ncredere aa cum a
fost revendicat.
Cisco furnizeaz imagini IOS digitale semnate pentru multe dintre dispozitivele lor de reea,
inclusiv routerele seriei ISR. O imagine semnat digital poate fi recunoscut de irul de caractere
SPA coninut n numele fiierului. De exemplu: c1900-universalk9-mz.SPA.154-3.M2.bin.
Fiecare caracter al SPA are urmtorul neles:
S: Staii pentru software digital semnat.
P: Suport pentru o imagine de producie.
R: Indic versiunea cheie utilizat pentru semnarea digital a imaginii.
Pentru a verifica o imagine semnat digital pe un router ISR, utilizai comanda de demonstrare a
autenticitii software-ului, dup cum se arat n figur.
Facei clic aici pentru mai multe informaii despre caracteristica software Cisco Digital Signed.
Public Key Infrastructure Overview
On the Internet, continually exchanging identification between all parties would be impractical. Therefore,
individuals agree to accept the word of a neutral third party. Presumably, the third party does an in-depth
investigation prior to the issuance of credentials. After this in-depth investigation, the third party issues
credentials that are difficult to forge. From that point forward, all individuals who trust the third party
simply accept the credentials that the third party issues.
For example, in the figure Alice applies for a drivers license. In this process, she submits evidence of her
identity, such as birth certificate, picture ID, and more to a government licensing bureau. The bureau
validates Alices identity and permits Alice to complete a drivers examination. Upon successful
completion, the licensing bureau issues Alice a driver license. Later, Alice needs to cash a check at the bank.
Upon presenting the check to the bank teller, the bank teller asks her for ID. The bank, because it trusts the
government licensing bureau, verifies her identity and cashes the check.
The Public Key Infrastructure (PKI) is the framework used to securely exchange information between
parties. The foundation of a PKI identifies a certificate authority analogous to the licensing bureau. The
certificate authority issues digital certificates that authenticate the identity of organizations and users. These
certificates are also used to sign messages to ensure that the messages have not been tampered with.
How does the PKI actually work?

Prezentarea general a infrastructurii cheilor publice
Pe Internet, schimbul continuu de identificare ntre toate prile ar fi impracticabil. Prin

urmare, persoanele sunt de acord s accepte cuvntul unui ter neutru. Se presupune c partea
ter face o investigaie aprofundat nainte de eliberarea prerogativelor. Dup aceast
investigaie aprofundat, partea ter emite acreditri dificil de creat. Din acel moment nainte, toi
indivizii care au ncredere n tere pri accept pur i simplu acreditrile pe care terul le emite.
De exemplu, n figura Alice se aplic permisul de conducere. n acest proces, ea prezint dovezi
ale identitii sale, cum ar fi certificatul de natere, imaginea ID, i mai mult la un birou
guvernamental de liceniere. Biroul valideaz identitatea lui Alice i permite Alice s efectueze o
examinare a conductorului auto. Dup finalizarea cu succes, Biroul de liceniere emite o licen
de conducere pentru Alice. Mai trziu, Alice trebuie s plteasc un cec la banc. La prezentarea
cecului la banca, banca i solicit identitatea. Banca, pentru c are ncredere n biroul
guvernamental de liceniere, i verific identitatea i ncaseaz cecul.
Infrastructura cu chei publice (PKI) este cadrul utilizat pentru schimbul sigur de informaii ntre
pri. nfiinarea unui PKI identific o autoritate de certificare analoag biroului de liceniere.
Autoritatea de certificare elibereaz certificate digitale care autentific identitatea organizaiilor i a
utilizatorilor. Aceste certificate sunt, de asemenea, folosite pentru a semna mesaje pentru a se
asigura c mesajele nu au fost modificate.
Cum funcioneaz PKI-ul?
PKI Framework
PKI is needed to support large-scale distribution and identification of public encryption keys. PKI enables
users and computers to securely exchange data over the Internet and to verify the identity of the other party.
The PKI identifies the encryption algorithms, levels of security, and distribution policy to users.
Any form of sensitive data exchanged over the Internet is reliant on PKI for security. Without PKI,
confidentiality can still be provided but authentication is not guaranteed. For example, the information could
be encrypted and exchanged. However, there would be no assurance of the identity of the other party.
The PKI framework consists of the hardware, software, people, policies, and procedures needed to create,
manage, store, distribute, and revoke digital certificates. Specifically, the main elements of the PKI are
described in Figure 1.
Figure 2 illustrates how these elements interoperate.
Note: Not all PKI certificates are directly received from a CA. A registration authority (RA) is asubordinate
CA and is certified by a root CA to issue certificates for specific uses.
Cadrul PKI
PKI este necesar pentru a sprijini distribuia pe scar larg i identificarea cheilor publice de
criptare. PKI permite utilizatorilor i computerelor s fac schimb de date n siguran prin Internet
i s verifice identitatea celeilalte pri. PKI identific algoritmii de criptare, nivelurile de securitate
i politica de distribuie pentru utilizatori.
Orice form de date sensibile schimbate pe Internet se bazeaz pe PKI pentru securitate. Fr
PKI, confidenialitatea poate fi furnizat, dar autentificarea nu este garantat. De exemplu,
informaiile ar putea fi criptate i schimbate. Cu toate acestea, nu ar exista nici o asigurare a
identitii celeilalte pri.
Cadrul PKI const n hardware, software, oameni, politici i proceduri necesare pentru crearea,
gestionarea, stocarea, distribuirea i revocarea certificatelor digitale. n mod specific, elementele
principale ale PKI sunt descrise n figura 1.
Figura 2 ilustreaz modul n care aceste elemente interacioneaz.
Not: Nu toate certificatele PKI sunt primite direct de la o CA. O autoritate de nregistrare (RA)
este CA subordonat i este autorizat de o autoritate central de a emite certificate pentru
anumite utilizri.
Certificate Authorities
Many vendors provide CA servers as a managed service or as an end-user product, including Symantec
Group (VeriSign), Comodo, Go Daddy Group, GlobalSign, DigiCert, and others.
CAs, especially those that are outsourced, can issue certificates of a number of classes, which determine
how trusted a certificate is. Figure 1 provides a description of the classes.
A single outsourcing vendor such as VeriSign might run a single CA, issuing certificates of different classes.
VeriSign customers use the CA they need depending on the desired level of trust. The higher the class
number, the more trusted the certificate. This is usually determined by how rigorous the procedure was that
verified the identity of the holder when the certificate was issued.
For example, a class 1 certificate might require an email reply from the holder to confirm the wish to enroll.
This kind of confirmation is a weak authentication of the holder. For a class 3 or 4 certificate, the future
holder must prove identity and authenticate the public key by showing up in person with at least two official
ID documents.
Figure 2 displays various VeriSign certificates contained in the certificate store on the host.
Note: An enterprise can also implement PKI for internal use. PKI can be used to authenticate employees
who are accessing the network. In this case, the enterprise is its own CA.
Autoritile de certificare
Muli furnizori ofer servere CA ca serviciu administrat sau ca produs utilizator final, inclusiv
Symantec Group (VeriSign), Comodo, Go Daddy Group, GlobalSign, DigiCert i altele.
CA-urile, n special cele care sunt externalizate, pot emite certificate din mai multe clase, care
determin gradul de ncredere al unui certificat. Figura 1 ofer o descriere a clasei.
Un singur furnizor de outsourcing, cum ar fi VeriSign, ar putea rula o singur CA, emite certificate
de diferite clase. Clienii VeriSign utilizeaz CA de care au nevoie n funcie de nivelul de
ncredere dorit. Cu ct este mai mare numrul de clas, cu att este mai de ncredere certificatul.
Aceasta este, de obicei, determinat de ct de riguroas a procedat procedura care a verificat
identitatea titularului n momentul eliberrii certificatului.
De exemplu, un certificat de clas 1 poate necesita un rspuns de la titular pentru a confirma

dorina de nscriere. Acest tip de confirmare este o autentificare slab a deintorului. Pentru un
certificat de clasa 3 sau 4, titularul viitor trebuie s dovedeasc identitatea i s autentifice cheia
public, prezentnd personal cel puin dou documente oficiale de identitate.
Figura 2 afieaz diferite certificate VeriSign coninute n magazinul de certificate din gazd.
Not: O ntreprindere poate implementa, de asemenea, PKI pentru uz intern. PKI poate fi folosit
pentru a autentifica angajaii care acceseaz reeaua. n acest caz, ntreprinderea este CA
propriu.
Interoperability of Different PKI Vendors
Interoperability between a PKI and its supporting services, such as Lightweight Directory Access Protocol
(LDAP) and X.500 directories, is a concern because many CA vendors have proposed and implemented
proprietary solutions instead of waiting for standards to develop.
Note: LDAP and X.500 are protocols that are used to query a directory service, such as Microsoft Active
Directory, to verify a username and password.
To address this interoperability concern, the IETF formed the PKI X.509 (PKIX) workgroup, which is
dedicated to promoting and standardizing PKI on the Internet. This workgroup has published the Internet
X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework (RFC2527).
X.509 is a well-known standard that defines basic PKI formats, such as the certificate and certificate
revocation list (CRL) format, to enable basic interoperability. Specifically, the X.509 version 3 (X.509v3)
standard defines the format of a digital certificate.
As shown in the figure, the X.509 format is already extensively used in the infrastructure of the Internet.
Interoperabilitatea diferiilor furnizori PKI
Interoperabilitatea dintre un PKI i serviciile sale de suport, cum ar fi directoarele Lightweight

Directory Access Protocol (LDAP) i directoarele X.500, este o preocupare deoarece muli
furnizori de CA au propus i implementat soluii brevetate n loc s atepte dezvoltarea
standardelor.
Not: LDAP i X.500 sunt protocoale care sunt folosite pentru a interoga un serviciu de directoare,
cum ar fi Microsoft Active Directory, pentru a verifica un nume de utilizator i o parol.
Pentru a aborda aceast preocupare privind interoperabilitatea, IETF a format grupul de lucru PKI
X.509 (PKIX), care este dedicat promovrii i standardizrii PKI pe Internet. Acest grup de lucru a
publicat cadrul de certificare a politicii de certificare a infrastructurii cheii publice de Internet X.509
i Cadrul de practici de certificare (RFC2527).
X.509 este un standard binecunoscut care definete formatele PKI de baz, cum ar fi formatul
certificatelor i certificatului de revocare a certificatelor (CRL), pentru a permite interoperabilitatea
de baz. n mod specific, standardul X.509 versiunea 3 (X.509v3) definete formatul unui certificat
digital.
Dup cum se arat n figur, formatul X.509 este deja folosit pe scar larg n infrastructura
Internetului.
Public-Key Cryptography Standards

Another important set of PKI standards are the Public-Key Cryptography Standards (PKCS). PKCS refers to
a group of Public Key Cryptography Standards devised and published by RSA Laboratories. PKCS provides
basic interoperability of applications that use public-key cryptography. PKCS defines the low-level formats
for the secure exchange of arbitrary data, such as an encrypted piece of data or a signed piece of data.
As the RSA Laboratories website states, The Public-Key Cryptography Standards are specifications
produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of
accelerating the deployment of public-key cryptography.
The figure lists important PKCS standards.
Standarde criptografice cu cheie public
Un alt set important de standarde PKI sunt standardele de criptografie public (PKCS).
PKCS se refer la un grup de standarde criptografice cu cheie public concepute i publicate de
laboratoarele RSA. PKCS ofer interoperabilitatea de baz a aplicaiilor care utilizeaz criptografia
cu chei publice. PKCS definete formatele de nivel sczut pentru schimbul securizat de date
arbitrare, cum ar fi o pies criptat de date sau o pies de date semnat.
Dup cum afirm site-ul Web RSA Laboratories, "Standardele de criptografie public sunt
specificaii produse de RSA Laboratories n colaborare cu dezvoltatorii de sisteme sigure din
ntreaga lume, n scopul accelerrii implementrii criptografiei cu cheie public".
Cifra enumer standardele importante ale PKCS.

Simple Certificate Enrollment Protocol
Public key technology is increasingly deployed and becoming the basis for standards-based security, such as
the IPsec and IKE protocols. Due to the use of public key certificates in network security protocols, there is
a need for a certificate management protocol for PKI clients and CA servers. These clients and servers can
support certificate lifecycle operations, such as certificate enrollment and revocation and certificate and CRL
access.
In the example in the figure, an end entity starts an enrollment transaction by creating a certificate request
using PKCS #10 (a certification request syntax standard) and sends it to the CA. The CA then encapsulates
it using the PKCS #7 (a cryptographic message syntax standard). After the CA receives the request, it can
perform one of three functions:
Automatically approve the request.
Send the certificate back.
Compel the end entity to wait until the operator can manually authenticate the identity of the
requesting end entity.
Note: The PKCS #7 and PKCS #10 standards are commonly used PKI communication protocols used in
VPN PKI enrollment.
The end goal is that any network user should be able to request a digital certificate easily and electronically.
Previously, these processes required intensive input from network administrators and were not suited to
large scale deployments. The IETF designed the Simple Certificate Enrollment Protocol (SCEP) to make
issuing and revocation of digital certificates as scalable as possible. The goal of SCEP is to support the
secure issuance of certificates to network devices in a scalable manner using existing technology whenever
possible.
SCEP is now being referenced by network equipment manufacturers and software companies who are
developing simplified means of handling certificates for large-scale implementation to everyday users.
Simplu protocol de nregistrare a certificatului
Tehnologia cheie-cheie este implementat din ce n ce mai mult i devine baza pentru securitatea
bazat pe standarde, cum ar fi protocoalele IPsec i IKE. Datorit utilizrii certificatelor de chei
publice n protocoalele de securitate a reelei, este nevoie de un protocol de gestionare a
certificatelor pentru clienii PKI i serverele CA. Aceti clieni i servere pot s susin operaiunile
ciclului de via ale certificatului, cum ar fi nscrierea i revocarea certificatului, certificatul i
accesul CRL.
n exemplul din figur, o entitate final iniiaz o tranzacie de nscriere crend o solicitare de
certificat utiliznd PKCS # 10 (un standard de sintax a cererii de certificare) i o trimite ctre CA.
CA apoi o ncapsuleaz utiliznd PKCS # 7 (un standard de sintax a mesajelor criptografice).
Dup primirea solicitrii, CA poate efectua una din urmtoarele trei funcii:
Aprob automat cererea.
Trimitei certificatul napoi.

Obligai entitatea final s atepte pn cnd operatorul poate autentifica manual identitatea
entitii finale solicitante.
Not: Standardele PKCS # 7 i PKCS # 10 sunt utilizate n mod obinuit protocoale de comunicaii
PKI folosite n procesul de nscriere PKI VPN.
Obiectivul final este ca orice utilizator al retelei sa poata solicita un certificat digital usor si
electronic. Anterior, aceste procese au necesitat o intrare intens de la administratorii de reea i
nu erau potrivite pentru implementri la scar larg. IETF a elaborat Protocolul de nregistrare a
certificatelor simple (SCEP) pentru a face ca emiterea i revocarea certificatelor digitale s fie ct
mai scalabile posibil. Scopul SCEP este de a sprijini eliberarea sigur a certificatelor pentru
dispozitivele de reea ntr-o manier scalabil utiliznd tehnologia existent ori de cte ori este
posibil.
SCEP se refer acum la productorii de echipamente de reea i la companiile de software care

dezvolt mijloace simplificate de gestionare a certificatelor pentru implementarea pe scar larg
pentru utilizatorii de zi cu zi.
7.4.3.7 PKI Topologies
PKI Topologies
PKIs can form different topologies of trust. The simplest is the single-root PKI topology shown in Figure 1.
A single CA, called the root CA, issues all the certificates to the end users, which are usually within the
same organization. The benefit to this approach is its simplicity. However, it is difficult to scale to a large
environment because it requires a strictly centralized administration, which creates a single point of failure.
On larger networks, PKI CAs may be linked using two basic architectures:
Cross-certified CA topologies - As shown in Figure 2, this is a peer-to-peer model in which
individual CAs establish trust relationships with other CAs by cross-certifying CA certificates. Users
in either CA domain are also assured that they can trust each other. This provides redundancy and
eliminates the single-point of failure.
Hierarchical CA topologies - As shown in Figure 3, the highest level CA is called the root CA. It
can issue certificates to end users and to a subordinate CA. The sub-CAs could be created to support
various business units, domains, or communities of trust. The root CA maintains the established
community of trust by ensuring that each entity in the hierarchy conforms to a minimum set of
practices. The benefits of this topology include increased scalability and manageability. This
topology works well in most large organizations. However, it can be difficult to determine the chain
of the signing process.
A hierarchical and cross-certification topology can be combined to create a hybrid infrastructure. For
example, when two hierarchical communities want to cross-certify each other in order for members of each
community to trust each other.
Topologiile PKI
PKI-urile pot forma diferite topologii de ncredere. Cel mai simplu este topologia PKI cu o singur
rdcin prezentat n Figura 1. O singur CA, numit CA rdcin, elibereaz toate certificatele
utilizatorilor finali, care sunt, de obicei, n cadrul aceleiai organizaii. Beneficiul acestei abordri
este simplitatea acesteia. Cu toate acestea, este dificil s se adapteze la un mediu mare,
deoarece necesit o administrare strict centralizat, ceea ce creeaz un singur punct de eec.
Pe reele mai mari, CA-urile PKI pot fi conectate folosind dou arhitecturi de baz:
Cross-certificatele de topologie CA - Aa cum se arat n figura 2, acesta este un model peer-

to-peer n care CA-urile individuale stabilesc relaii de ncredere cu alte autoriti competente prin
certificate de certificare ncruciat. Utilizatorii din fiecare domeniu CA sunt, de asemenea, siguri
c pot avea ncredere reciproc. Aceasta ofer redundan i elimin singurul punct al eecului.
Ierarhice topologii CA - Dup cum se arat n Figura 3, cel mai nalt nivel CA este numit
rdcina CA. Acesta poate emite certificate utilizatorilor finali i unui CA subordonat. Sub-CA-urile
ar putea fi create pentru a sprijini diverse uniti de afaceri, domenii sau comuniti de ncredere.
Rdcina CA menine comunitatea de ncredere stabilit, asigurndu-se c fiecare entitate din
ierarhie este conform cu un set minim de practici. Beneficiile acestei topologii includ o
scalabilitate i o gestionabilitate sporit. Aceast topologie funcioneaz bine n majoritatea
organizaiilor mari. Cu toate acestea, poate fi dificil s se determine lanul procesului de semnare.
O topologie ierarhic i certificare ncruciat poate fi combinat pentru a crea o infrastructur

hibrid. De exemplu, atunci cnd dou comuniti ierarhice vor s se ncrucieze reciproc pentru
ca membrii fiecrei comuniti s aib ncredere reciproc.
Registration Authority
Another entity in the PKI is a Registration Authority (RA). In a hierarchical CA topology, the RA can accept
requests for enrollment in the PKI. This will help reduce the burden on CAs in an environment that supports
a large number of certificate transactions or where the CA is offline. The RA is responsible for the
identification and authentication of subscribers, but does not sign or issue certificates. The RA may handle
three specific tasks:
Authentication of users when they enroll with the PKI
Key generation for users that cannot generate their own keys
Distribution of certificates after enrollment
The figure illustrates how an RA operates.
Note: It is important to note that the RA only has the power to accept registration requests and forward them
to the CA. It is not allowed to issue certificates or publish CRLs. The CA is responsible for these functions.
Autoritatea de nregistrare
O alt entitate din PKI este o autoritate de nregistrare (RA). ntr-o topologie ierarhic CA, RA
poate accepta cereri de nscriere n PKI. Acest lucru va ajuta la reducerea sarcinii asupra CA n
mediul care suport un numr mare de tranzacii cu certificat sau n cazul n care CA este offline.
RA este responsabil pentru identificarea i autentificarea abonailor, dar nu semneaz i nu
elibereaz certificate. RA poate gestiona trei sarcini specifice:
Autentificarea utilizatorilor cnd se nscriu la PKI
Generarea de chei pentru utilizatorii care nu pot genera propriile chei
Distribuirea certificatelor dup nscriere
Figura ilustreaz modul n care o RA opereaz.
Not: Este important s reinei c RA are doar puterea de a accepta cererile de nregistrare i de
a le transmite CA. Nu este permis emiterea de certificate sau publicarea LCR-urilor. CA este
responsabil pentru aceste funcii.
Digital Certificates and CAs

In the CA authentication procedure, the first step when contacting the PKI is to securely obtain a copy of the
public key of the CA. The public key verifies all the certificates issued by the CA and is vital for the proper
operation of the PKI.
The public key, called the self-signed certificate, is also distributed in the form of a certificate issued by the
CA itself. Only a root CA issues self-signed certificates.
CA certificates are retrieved in-band over a network, and the authentication is done out-of-band using the
telephone. For example, refer to Figure 1 to understand how CA certificates are retrieved.
After retrieving the CA certificate, Alice and Bob submit certificate requests to the CA, as shown in Figure
2.
Having installed certificates signed by the same CA, Bob and Alice are now ready to authenticate each
other, as shown in Figure 3.
Authentication no longer requires the presence of the CA server, and each user exchanges their certificates
containing public keys.
Certificatele digitale i CA-urile
n procedura de autentificare CA, primul pas n momentul contactrii PKI este obinerea n
siguran a unei copii a cheii publice a CA. Cheia public verific toate certificatele emise de CA i
este vital pentru buna funcionare a PKI.
Cheia public, numit certificat auto-semnat, este de asemenea distribuit sub forma unui
certificat emis de CA nsui. Doar un CA rdcin elibereaz certificate auto-semnate.
Certificatele CA sunt preluate n band ntr-o reea, iar autentificarea este realizat n afara benzii
prin intermediul telefonului. De exemplu, consultai Figura 1 pentru a nelege modul n care sunt
recuperate certificatele CA.
Dup ce a preluat certificatul CA, Alice i Bob trimit solicitri de certificate ctre CA, aa cum se
arat n figura 2.
Dup instalarea certificatelor semnate de acelai CA, Bob i Alice sunt gata s se autentifice
reciproc, dup cum se arat n Figura 3.
Autentificarea nu mai necesit prezena serverului CA, iar fiecare utilizator i schimb certificatele
care conin chei publice.
Video Demonstration - Wireshark Packet Sniffing

Usernames, Passwords, and Web Pages
This video demonstrates how to use Wireshark for packet sniffing usernames, passwords, and web pages.
The video includes the following:
Use of Wireshark
Set up Wireshark to capture Telnet, SSH, FTP, and HTTP traffic

Use the filter to examine specific traffic
Use Follow TCP Stream to view the contents of the data stream
Export captured HTTP images
Click here to read the transcript of this video.
Demonstraie video - Wireshark Packet Sniffing nume de utilizator, parole i pagini Web
Acest videoclip demonstreaz modul de utilizare a serviciului Wireshark pentru identificarea

numelor de utilizator, a parolelor i a paginilor web. Videoclipul include urmtoarele:
Utilizarea Wireshark
Configurai Wireshark pentru a capta traficul Telnet, SSH, FTP i HTTP
Utilizai filtrul pentru a examina traficul specific
Utilizai Urmrii fluxul TCP pentru a vizualiza coninutul fluxului de date
Exportai imagini HTTP capturate
Facei clic aici pentru a citi transcrierea acestui videoclip.
Lab - Exploring Encryption Methods

In this lab, you will complete the following objectives:
Decipher a pre-encrypted message using the Vigenre cipher.
Create a Vigenre cipher encrypted message and decrypt it.
Lab - Exploring Encryption Methods
Chapter 7: Cryptographic Systems

Secure communications employ cryptographic methods to protect the integrity, authentication, and
confidentiality of network traffic when traversing the public Internet.
Cryptology is the combination of two areas of focus:
Cryptography - Related to the making and using of encryption methods.
Cryptanalysis - Related to the solving or breaking of a cryptographic encryption method.
Cryptographic hashes play a vital role in securing network traffic. For example, integrity is provided by
using the MD5 algorithm or the SHA algorithms, authenticity is provided by using HMAC, and
confidentiality is provided by using various encryption algorithms.
Encryption can be implemented using two kinds of algorithms:

Symmetric algorithm - Various symmetric encryption algorithms can be used including DES,
3DES, AES, or SEAL. Each option varies with regard to the degree of protection and the ease of
implementation. DH is a hashing algorithm that is used to support DES, 3DES, and AES.
Asymmetric algorithm - Asymmetric encryption algorithms can use digital signatures to provide
authentication and confidentiality. Asymmetric encryption is usually implemented using the PKI.
Capitolul 7: Sisteme criptografice
Comunicaiile sigure utilizeaz metode criptografice pentru a proteja integritatea, autentificarea i

confidenialitatea traficului de reea atunci cnd traverseaz Internetul public.
Criptologia este combinaia a dou domenii de focalizare:
Criptografie - legate de crearea i utilizarea metodelor de criptare.
Cryptanalysis - legate de rezolvarea sau ruperea unei metode criptografice de criptare.
Crizele hashes joac un rol vital n asigurarea traficului n reea. De exemplu, integritatea este
asigurat prin utilizarea algoritmului MD5 sau a algoritmilor SHA, autenticitatea este furnizat prin
utilizarea HMAC, iar confidenialitatea este asigurat prin utilizarea unor algoritmi de criptare
diferii.
Criptarea poate fi implementat utiliznd dou tipuri de algoritmi:
Algoritmul simetric - pot fi utilizai diferii algoritmi de criptare simetrici, inclusiv DES, 3DES,
AES sau SEAL. Fiecare opiune variaz n funcie de gradul de protecie i de uurina
implementrii. DH este un algoritm de hash care este folosit pentru a suporta DES, 3DES i AES.
Modul asimetric - Algoritmi de criptare asimetrici pot utiliza semnturi digitale pentru a furniza
autentificare i confidenialitate.
Criptarea asimetric este implementat de obicei folosind PKI.

Chapter 7 Cryptographic Systems

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Chapter 7 Cryptographic Systems

Încărcat de

Drepturi de autor:

Formate disponibile

Chapter 7: Cryptographic Systems

Authentication, Integrity, and Confidentiality

There are three primary objectives of securing communications:

Confidentiality - Guarantees that if the message is captured, it cannot be deciphered.

Autentificare, integritate i confidenialitate

Exist trei obiective primare de asigurare a comunicaiilor:

Autentificare - Garanteaz c mesajul nu este un fals i de fapt vine de la el.

Integritatea - garanteaz c nimeni nu a interceptat mesajul i nu ia modificat-o; Similar cu o

funcie de sum de control ntr-un cadru.

Confidenialitate - Garanteaz c, dac mesajul este capturat, acesta nu poate fi descifrat.

Autentificarea garanteaz c un mesaj provine de la sursa despre care se pretinde c provine.

Aceast practic nu este acceptabil n aplicaiile de afaceri, cum ar fi cumprarea de articole

Integritatea datelor asigur c mesajele nu sunt modificate n timpul transportului. Cu integritatea

Scopul criptrii i al hashing-ului este de a garanta confidenialitatea, astfel nct numai

7.1.2.1 Creating Cipher Text

Creating Cipher Text

Caesar Cipher (Figure 2)

Vigenre Cipher (Figure 3)

Enigma Machine (Figure 4)

Crearea textului de cifru

Caesar Cipher (Figura 2)

Cipherul Vigenre (Figura 3)

Masina Enigma (Figura 4)

Algoritmii moderni de criptare, cum ar fi DES i 3DES, nc utilizeaz transpunerea ca parte a

Secret key: SECRE TKEY SECRET KE YSEC

Plaintext: FLANK EAST ATTACK AT DAWN

Cipher text: XPCEO XKUR SXVRGD KX BSAP

F (FLANK) este codificat privindu-se intersecia coloanei F i rndul care ncepe cu S

Cheie secret: SECRE TKEY SECRET KE YSEC

Plaintext: ATENIE FLANK EAST AT DAWN

Text de cifru: XPCEO XKUR SXVRGD KX BSAP

One-Time Pad Ciphers

Several difficulties are inheren

Mai multe dificulti sunt inerente

Throughout history, there have been many instances of cryptanalysis:

De-a lungul istoriei, au existat multe cazuri de criptanaliz:

Comunicrile criptate de enigma au fost folosite de germani pentru a naviga i a direciona

Methods for Cracking Code

Metode pentru codul de cracare

n criptanaliz se utilizeaz mai multe metode:

Metoda Chosen-Plaintext - Atacatorul alege datele pe care dispozitivul de criptare le cripteaz i

Metoda Meet-in-Middle - Atacantul cunoate o poriune a textului plaintei i a textului cifrat

Cracking Code Example

Exemplu de cod de crack

Making and Breaking Secret Codes

Cryptanalysis - the breaking of those codes

Efectuarea i ruperea codurilor secrete

Criptografie - dezvoltarea i utilizarea codurilor

Criptanaliza - ruperea acestor coduri

Criptanalizarea este adesea folosit de guverne n supravegherea militar i diplomatic, de ctre

The Secret is in the Keys

Secretul se afl n chei

n lumea comunicaiilor i a reelelor, autentificarea, integritatea i confidenialitatea datelor sunt

The cryptographic hash function is applied in many different situations:

To provide authentication by generating one-time and one-way responses to challenges in

Funcia de criptare Hash

Funcia hash criptografic este aplicat n multe situaii diferite:

.Net, in namespace-ul System.Security.Cryptography contine o serie de clase care implementeaza divesi

public enum HashAlgoritm

Functia care face criptarea este urmatoarea:

public static string ComputeHash(string textToHash, HashAlgoritm hashAlgorithm)

// Initialize the hashing algorithm class.

// Compute hash value for the text

// Convert the result into a base64-encoded string.