Cryptography

Presented by Blances Sanchez

INTE 30073 Information Assurance and Security 2
Table of Contents
1. What is Hashing?
2. Cryptographic Algorithms
3. Conventional Encryption
Three options
• Plaintext
• Very easy to gather information from
• No security, can be reused with other websites
• Website owner can also read personal data
• Encrypted
• More secure than plaintext
• Decryption key is stored on servers, so it’s still vulnerable
• Once decryption key is hacked, all the encrypted passwords are broken
• Hashed
• Hashing will not reveal passwords in a data breach
• No encryption key needed
• Website owners can’t read your data either
1. What is Hashing?
 is a mathematical algorithm
Hashing that maps data of any size to
a bit string of a fixed size
 is the process of converting an
input of any length into a
Hashing
fixed size string of text using a
mathematical function
 is the process of scrambling a piece
of information or data beyond
recognition. They are designed to be
Hashing irreversible. We pass the input
through a hash function to calculate
the Hash Value or Digest
Properties of Hash Function
 this means no matter how
many times you input the
1. Deterministic
same data, you will always get
the same result
 the hash function should be
2. Quick
able to return the hash of an
Computation input quickly
 states that it is infeasible to
3. Pre-Image
determine the input data
Resistance based on the output hash
4. Small Changes even the smallest change in input
In Input Changes must have huge ramifications on
the Whole Output the output
 means that each input will
have its own unique hash
5. Collision having two different inputs
Resistant that result in the same hash is
known as a collision. Salting
can help prevent collisions.
6. Puzzle Friendly H(k|x) = Y
Real-world Implementation
 cleartext refers to "readable data
transmitted or stored in the clear“

Password
plaintext refers to “data that will serve as
storage the input to a cryptographic algorithm”

plain text refers to “unformatted text,

such as the content of a plain text file
or “.txt””
Integrity it is to ensure the data isn’t corrupted.
The hash value/digest will always be
checks the same for similar input.
Ways to Strengthen Hashes
Salting
• Salting is the process of adding a random keyword to the end of the input.
• The random keyword added is called the salt/salt value.
• The salt is unique for each user in the database and is helpful to battle hash collision.
Peppering
• It is the process of adding the same random value at the end of a plaintext.
• Since it doesn’t change per user, the random value need not be stored on server.
• In the case of data breach, pepper value is safe from further exploitation.
Common Hash Functions
MD5
• The MD5 hash function produces a 128-bit hash value.
• It was designed for use in cryptography, but vulnerabilities were discovered over the
course of time, so it is no longer recommended for that purpose.
• However, it is still used for database partitioning and computing checksums to validate
files transfers.
SHA-1
• SHA stands for Secure Hash Algorithm.
• The first version of the algorithm was SHA-1, and was later followed by SHA-2.
• Whereas MD5 produces a 128-bit hash, SHA1 generates 160-bit hash (20 bytes).
• In hexadecimal format, it is an integer 40 digits long.
SHA-2
• The second version of SHA, called SHA-2, has many variants.
• Probably the one most commonly used is SHA-256, which the National Institute of
Standards and Technology (NIST) recommends using instead of MD5 or SHA-1.
• The SHA-256 algorithm returns hash value of 256-bits, or 64 hexadecimal digits. While not
quite perfect, current research indicates it is considerably more secure than either MD5 or
SHA-1.
• Performance-wise, a SHA-256 hash is about 20-30% slower to calculate than either MD5 or
SHA-1 hashes.
SHA-3
• This hash method was developed in late 2015, and has not seen widespread use yet. Its
algorithm is unrelated to the one used by its predecessor, SHA-2.
• The SHA3-256 algorithm is a variant with equivalent applicability to that of the earlier SHA-
256, with the former taking slightly longer to calculate than the latter.
 Secure Hash Standard (SHS) A standard issued by the National Institute
of Standards and Technology (NIST) that specifies secure algorithms,
such as SHA-1, for computing a condensed representation of a message
or data file.

Comparison Table Between SHA and MD5

Parameters of SHA MD5
Comparison
Full Form SHA stands for Secure Hash Algorithm. MD5 stands for Message
Digest.
Definition SHA is a cryptographic hash function algorithm MD5 was created by Ron
created by National Institute of Standards and Rivest and is used to convert
Technology (NIST) to facilitate the creation of messages of indiscriminate
message digests. SHA signifies a conglomerate length into 128-bit message
of secured cryptographic hash functions that digests.
have been specified under the Secure Hash
Standard (SHS).
Maximum SHA can convert a message of 264 – to – 2128 bits MD5 can convert messages
Message Length to form a 160- 512 bit message digest. of any length into a 128-bit
Comparison Table Between SHA and MD5
Parameters of SHA MD5
Comparison
Speed The original version of the algorithm MD5 is faster than the original SHA
is slower than MD5. However, its version.
subsequent installments like SHA-1
offer much more enhanced speeds.
Vulnerability Less vulnerable to cyber threats and More vulnerable to cyber threats and
hacker attacks. hacker attacks.
Number of Fewer attacks have been able to MD5’s usage is mostly limited to
Attacks breach the algorithm. verifying the integrity of files due to its
poor security protocols.
Uses Today Used in applications like SSH, SSL, etc. MD5’s usage is mostly limited to
verifying the integrity of files due to its
2021 Most Common Passwords
• 123456 – Less than one second to crack, 103M+ uses counted
• 123456789 – Less than one second to crack, 46M+ uses counted
• 12345 – Less than one second to crack, 32M+ uses counted
• qwerty – Less than one second to crack, 22M+ uses counted
• password – Less than one second to crack, 20M+ uses counted
• 12345678 – Less than one second to crack, 14M+ uses counted
• 111111 – Less than one second to crack, 13M+ uses counted
• 123123 – Less than one second to crack, 10M+ uses counted
• 1234567890 – Less than one second to crack, 9.6M+ uses counted
• 1234567 – Less than one second to crack, 9.3M uses counted
"We must guard user accounts from both internal and external
unauthorized access. Cleartext storage must never be an option for
passwords. Hashing and salting should always be part of a password
management strategy."
2. Cryptographic Algorithms
Conventional Encryption
• Conventional Encryption : Classical Techniques
• Conventional encryption, also referred to as symmetric encryption or single-key
encryption, was the only types of encryption in use prior to the development of
public key encryption
• Conventional Encryption Model
• The following figure illustrates the conventional encryption process.
• The original intelligible message, referred to as plaintext, is converted into apparently
random nonsense, referred to as ciphertext, the encryption process consists of an
algorithm and a key
Conventional Encryption Model
The security of conventional encryption depends on
several factors:
• The Encryption Algorithm - It must be powerful enough that it is impractical to decrypt a
message based on the ciphertext alone.
• Secrecy of the key - It was shown that the security of conventional encryption depends on the
secrecy of the key, not the secrecy of the algorithm.
A symmetric encryption scheme has five ingredients:
• Plain text: This is the Original intelligible message or data that is fed in to the algorithm as input.
• Encryption Algorithm: The encryption algorithm performs various substitutions and
transformation on the plain text to convert it into ciphertext.
• Secret Key: The secret key is also input to the encryption algorithm. The key is a value
independent of the plain text. The algorithm will produce a different output depending on the
specific key being used at the time. The exact substitutions and transformations performed by
the algorithm depend on the key.
• Ciphertext: This is the scrambled message produced as output. It depends on the plain text and
the secret key. For a given message, two different keys will produce different ciphertexts. The
ciphertext is an apparently random stream of data and, as it stands, is unintelligible.
• Decryption Algorithm: This is essentially the encryption algorithm run in reverse. It takes the
ciphertext and the secret key as the input and produces the original plain text.
Conventional Encryption Model
• Conventional Encryption Model
• With the message X and the encryption key K as input, the encryption algorithm forms the
ciphertext Y.
• We can write this as
Y = EK(X)
• This notation indicates that Y is produced by using encryption algorithm E as a function of
the plaintext X, with the specific function determined by the value of the key K.
• The intended receiver, in possession of the key, is able to invert the transformation :
X = DK(Y)
• An opponent, observing Y but not having access to K or X, may attempt to recover X or K or
both X and K. It is assumed that the opponent knows the encryption (E) and decryption (D)
algorithm.
Confusion and Diffusion
• Cipher needs to completely obscure statistical properties of the original message
• Diffusion
• Makes relationship between plaintext and ciphertext as complex as possible
• Is obtained by substitution and a following function
• Confusion
• Makes relationship between ciphertext and key as complex as possible
Data Encryption Standard (DES)
• Data Encryption Standard (DES) is a symmetric-key block cipher published by the National
Institute of Standards and Technology (NIST)
Data Encryption Standard: Brief History
• 1960 - IBM initiated a Lucifer research project, led by Horst Feistel, for computer cryptography.
This project ended in 1971 and LUCIFER was first known as a block cipher that operated on
blocks of 64 bits, using a key size of 128 bits. Soon after this IBM embarked on another effort to
develop a commercial encryption scheme, which was later called DES. This research effort was
led by Walter Tuchman. The outcome of this effort was a refined version of Lucifer that was
more resistant to cryptanalysis.
• 1973 – NIST published a request for proposals for a national symmetric-key cryptosystem. A
proposal from IBM, a modification of a project called Lucifer, was accepted as DES.
• 1975 – DES was published in the Federal Register in March 1975 as a draft of the Federal
Information Processing Standard (FIPS).
• January 1977 - DES was finally published as FIPS 46 in the Federal Register.
Data Encryption Standard (DES)
• Most widely used block cipher in world
• Adopted in 1977 by National Bureau of Standard (now the National Institute of Standards and
Technology)
• as Federal Information Processing Standard 46 (FIPS PUB 46)
• Developed from LUCIFER by Walter Tachman and Car Meyer, they were with IBM
• Encrypts 64-bit data using 56-bit key
• Considerable controversy over its security
• Small key size
• Classified design criteria
• Proved that the design was appropriate
• But, nowadays DES is not secure any more
General Depiction of DES
Encryption Algorithm
GENERAL DES STRUCTURE
 INITIAL & FINAL PERMUTATION

<- General structure

 DES FUNCTION

<- General structure

 EXPANSION D-BOX

<- DES Function

 KEY GENERATION

<- DES Function

 PARITY DROP

<- Key Generation

 PARITY DROP

• To remove the parity bits and create a 56-bit cipher key, a parity
drop permutation is needed. Not only does the parity-drop
permutation drop the parity bits, it also permutes the rest of the
bits. 
• One bit in each 8-bit byte of the KEY may be utilized for error
detection in key generation, distribution, and storage. Bits 8, 16,...,
64 are for use in ensuring that each byte is of odd parity.

<- Key Generation

 SHIFT LEFT

<- Key Generation

 COMPRESSION D-BOX

<- Key Generation

 XOR

<- DES Function

 S-BOX (Substitution Box)

<- DES Function

 S-BOX (Substitution Box)

<- DES Function

 S-BOX (Substitution Box)

<- DES Function

 S-BOX (Substitution Box)

<- DES Function

 STRAIGHT D-BOX

<- DES Function

Assignment
• What are cryptography and cryptanalysis?
• What was the earliest reason for the use of cryptography?
• What is a cryptographic key, and what is it used for? What is a more formal name for a
cryptographic key?
• What are the three basic operations in cryptography?
• What is a hash function, and what can it be used for?
• DES – GRATEFUL (1 Round); Key - afbd8feafa521d3
References
• https://www.schneiderdowns.com/our-thoughts-on/most-common-passwords-of-20
21
• https://nordpass.com/most-common-passwords-list/
• https://www.howtogeek.com/67241/htg-explains-what-are-md5-sha-1-hashes-and-h
ow-do-i-check-them/
• https://www.electronicsmedia.info/2017/12/22/what-is-the-conventional-encryption-
model/
• https://wongmichael.wordpress.com/2013/04/12/model-of-conventional-cryptosyste
m/
Thank you!