Professional Documents
Culture Documents
4: Cryptography (Symmetric,
(Symmetric, Asymmetric...
Asymmetric, Saved Comment 0 Export as PNG Share
Cryptography - Science
One way function - math's output value #ECB - block, same encrypted block
but can't get input value
CBC - block, IV, chain (error propagate),
Initialization Vector (IV) - is a random bit string (a nonce) that is unencrypted text XORed
XORed with the message, reducing predictability and repeatability.
CFB - stream, IV, chain (error
Work function/work factor - measure strength of propagate)
Symmetric - a
cryptography, effort to decrypt msg #DES - 64B, 56 key
shared secret key
OFB - stream, IV, NO ERROR, XOR
Strength factor: algorithm, secrecy of plaintext with a seed value
key, key length, IV, random key
CTR - stream, IV, NO ERROR, use
Dual control - 2 separate increment counter instead of seed
function/process for key recovery
Galois counter mode - adds authentication
Split knowledge - 2 separate pieces of knowledge
Key management 3DES - 64B, 112 (more effective security), 168 key
Key escrow - third party hold the key Domain 3.4:
and release with condition Modern
Cryptography IDEA - PGP, 64B, 128 key
crypto (at
(Symmetric,
least 128
Rules: key length, store secure, key random, key lifetime Asymmetric, Blowfish - alternative to DES, IDEA but faster, variable
bits long)
on sensitivity of data, backup key, destroy key Quantum) lengh keys up to 448 bit
Substituition (Caesar) - RREPLACE letter #RC4,5,6 - RC4 is stream cipher 40-2048 bit, WEP,
WPA, SSL (no longer secure)
Vigenere - polyalphabetic substitution
Old crypto Pros - easy key distribution, integrity,
One time pad - authentication, nonrepudiation
Requirement - random, pad protected, unbreakable
used only once, key as long as msg (vernam) Cons: Slow, small data
security: asymmetric like RSA, DH could be broken. Stream Diffie-Hellman (discrete)- key exchange, middle man
cipher least vulnerable. Lattice offer some resistance attack. Use in SSL, TLS, SSH, IPSec, PKI
not for encrypt, solves key distribution problem Quantum - replace binary
#Knapsack - obsolete
with multidimensional
quantum bits (qubits)
Grover's algo - computer speeds up to attack with halve the key length
Shor's algo - easily break all public key algo based on factoring and discrete logorithm problem
Domain 3.5 Cryptography (HASH,
(HASH, HMAC,
HMAC, digital
digital sig...
signa Saved Comment 0 Export as PNG Share
5 requirement: input any length-->fix length output. key exchange - RSA, DH, ECDH
Easy to compute, one way, collision free
authentication - RSA, DSA, ECDSA
Attack: collision (2 different doc produce same
hash)--> birthday attack
Applied Web TLS/SSL encryption - AES, 3DES
Hash (MD)
#SHA1- 160 bit,224,256,512,384 message digest
hash - SHA
#MD5 - 512 block
TLS_DH_RSA_WITH_AES_256_CBC_SHA384
HAVAL - faster than MD5 with 3 rounds used
link encryption - secure tunnel btw 2
points (nodes)
RIPEMD, RIPEMD-128, RIPEMD-160 (remain secure)
Network Circuit encryption, IPSec
end-to-end encryption - btw client and
Integrity, authentication, server. Data is encrypted at origin
non-repudiation (NO CONFIDENTIALITY) and decrypt at destination
Digital Signature (Digests)
To sign/create - sender's private key encrypt hash brute force - try all possible key
4. client use server's public key to encrypt the replay attack - replay a valid session
symmetric key and sends it to server
pass the hash - windows active directory where attacker
5. server uses its private key to decrypt the symmetry key resubmit cached authentication token. Use mimikatz tool