Sabtu, 19 Agustus 2017

Cryptography

Cryptography

Cryptography is a method of using advanced mathematical principles in storing and transmitting data in a particular form so that only those whom it is intended can read and process it. Encryption is a key concept in cryptography – It is a process whereby a message is encoded in a format that cannot be read or understood by an eavesdropper. The technique is old and was first used by Caesar to encrypt his messages using Caesar cipher. A plain text from a user can be encrypted to a ciphertext, then send through a communication channel and no eavesdropper can interfere with the plain text. When it reaches the receiver end, the ciphertext is decrypted to the original plain text.

Cryptography Terms

  • Encryption: It is the process of locking up information using cryptography. Information that has been locked this way is encrypted.
  • Decryption: The process of unlocking the encrypted information using cryptographic techniques.
  • Key: A secret like a password used to encrypt and decrypt information. There are a few different types of keys used in cryptography.
  • Steganography: It is actually the science of hiding information from people who would snoop on you. The difference between steganography and encryption is that the would-be snoopers may not be able to tell there’s any hidden information in the first place.

 

Symmetrical Encryption

This is the simplest kind of encryption that involves only one secret key to cipher and decipher information. Symmetrical encryption is an old and best-known technique. It uses a secret key that can either be a number, a word or a string of random letters. It is a blended with the plain text of a message to change the content in a particular way. The sender and the recipient should know the secret key that is used to encrypt and decrypt all the messages. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256.

The main disadvantage of the symmetric key encryption is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it.

Symmetric key algorithms are what you use for encryption. F0r example: encryption of traffic between a server and client, as well as encryption of data on a disk.
  • DES – Data Encryption Standard – designed at IBM
    • DES is a standard. The actual algorithm used is also called DES or sometimes DEA (Digital Encryption Algorithm). 
    • DES is now considered insecure (mainly due to a small key size of 56-bits). 
    • Triple DES (3DES) applies the DES algorithm thrice and thus has better practical security. It has 3 keys of 56-bits each (applied to each pass of DES/ DEA). 
    • DES-X is another variant. 
    • DES is a block cipher.
  • IDEA – International Data Encryption Algorithm
    • Considered to be a good and secure algorithm. 
    • Patented but free for non-commercial use. 
    • IDEA is a block cipher.
  • AES – Advanced Encryption Standard – is the successor to DES
    • AES is based on the Rijndael cipher. There was a competition to choose the cipher that will become the AES. The Rijndael cipher won the competition. However, there are some differences between Rijndael and its implementation in AES. 
    • Most CPUs now include hardware AES support making it very fast.
    • Supported by TrueCrypt, SSH. 
    • AES and Rjindael are block ciphers
    • AES can operate in many modes.
      • AES-GCM (AES operating in Galois/Counter Mode (GCM)) is preferred (check this blog post too). It is fast and secure and works similar to stream ciphers. Can achieve high speeds on low hardware too. Only supported on TLS 1.2 and above. 
      • AES-CBC is what older clients commonly use. AES-CBC mode is susceptible to attacks such as Lucky13 and BEAST.
      • See this answer for an excellent overview of the various modes. 
  • Blowfish – designed by Bruce Schneier as an alternative to DES; no issues so far, but can be attacked if the key is weak, better to use Twofish or Threefish.
    • Patent free. In public domain. 
    • Supported by SSH.
    • Much faster than DES and IDEA but not as fast as RC4.
    • Uses variable size keys of 32 to 448 bits. Considered secure. Designed for fast CPUs, now slower / old er CPUs.
    • Blowfish is a block cipher.
  • Twofish – designed by Bruce Schneier and others as a successor to Blowfish
    • Was one of the finalists in the AES competition
    • Most CPUs now include hardware AES support making it very fast than Twofish.
    • Patent free. In public domain.
    • Uses keys of size 128, 192, or 256 bits. Designed to be more flexible than Blowfish (in terms of hardware requirements). 
    • Supported by TrueCrypt, SSH. 
    • Twofish is a block cipher.
  • Threefish – designed by Bruce Schneier and others
  • Serpent – designed by Ross Anderson, Eli Biham, and Lars Knudsen
    • Was one of the finalists in the AES competition
    • Patent free. In public domain.
    • Has a more conservative approach to security than other AES competition finalists. 
    • Supported by TrueCrypt. 
    • Serpent is a block cipher.
  • MARS – designed by Don Coppersmith (who was involved in DES) and others at IBM
    • Was one of the finalists in the AES competition
  • RC6 – Rivest Cipher 6 or Ron’s Code 6 – designed by Ron Rivest and others
    • Was one of the finalists in the AES competition
    • Proprietary algorithm. Patented by RSA Security. 
    • RC5 is a predecessor of RC6. Other siblings include RC2 and RC4. 
    • More on RC5 and RC6 at this RSA link
    • RC5 and RC6 are block ciphers.
  • RC4 – Rivest Cipher 4, or Ron’s Code 4 – also known as ARC4 or ARCFOUR (Alleged RC4).

Asymmetrical Encryption

Asymmetrical encryption is also known as public key cryptography, which is a relatively new method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious persons do not misuse the keys. It is important to note that anyone with a secret key can decrypt the message and this is why asymmetrical encryption uses two related keys to boosting security. A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know.

A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key. Security of the public key is not required because it is publicly available and can be passed over the internet. Asymmetric key has a far better power in ensuring the security of information transmitted during communication.

Asymmetric encryption is mostly used in day-to-day communication channels, especially over the Internet. Popular asymmetric key encryption algorithm includes EIGamal, RSA, DSA, Elliptic curve techniques, PKCS.
 
Encoding,  encryption,  and hashing are all methods in which to transform data.  These methods  offer various levels of security to data that has been  transformed.

Encryption and Encoding are often confused to be the  same method; as  such they both transform data, although the process in  which they  transform and recover data differs.
 

Encoding

Encoding  is the process of converting data into various formats in  which to be  used on a different device or system. The encoding process  uses  publicly available methods in which to transform data. An encoding   method could be used to convert Base 10 (binary) data into Base 16   (hex).

Example: Changing data type from ASCII to UTF.
 

Encryption

Encryption  is the process of scrambling data to make it decipherable  only by the  intended recipients. Typically, the recipients who are  authorized to  view the data are provided a matching key string in which  the data was  encrypted with, they then apply the secret key to the  scrambled data  and convert it back into clear text.

Example: Sending sensitive information over public medium.


Hashing

Hashing  is a method that scrambles data by applying a one way  transformation.  As such, any data that has been applied to a hashing  algorithm cannot  be reversed. In other words, any data that has been  hashed cannot be  un-hashed by reversing the algorithm.

When hashing data, the same  data input always scrambles into the same  hash output (message digest)  and the hash output is also always the  same fixed-size, no matter the  size of input data length.

Example: Storing passwords within a database.


MD5
The MD5 algorithm is a widely used hash function producing a 128-bit hash value. Although MD5 was initially designed to be used as a cryptographic hash function, it has been found to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption.

SHA-1
In cryptography, SHA-1 (Secure Hash Algorithm 1) is a cryptographic hash function designed by the United States National Security Agency and is a U.S. Federal Information Processing Standard published by the United States NIST.[3] SHA-1 produces a 160-bit (20-byte) hash value known as a message digest. A SHA-1 hash value is typically rendered as a hexadecimal number, 40 digits long.

Hash-based message authentication code

In cryptography, a keyed-hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. It may be used to simultaneously verify both the data integrity and the authentication of a message, as with any MAC. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.

An iterative hash function breaks up a message into blocks of a fixed size and iterates over them with a compression function. For example, MD5 and SHA-1 operate on 512-bit blocks. The size of the output of HMAC is the same as that of the underlying hash function (128 or 160 bits in the case of MD5 or SHA-1, respectively), although it can be truncated if desired.

HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the HMAC hash. Parties with the secret key will hash the message again themselves, and if it is authentic, the received and computed hashes will match.

The definition and analysis of the HMAC construction was first published in 1996 by Mihir Bellare, Ran Canetti, and Hugo Krawczyk, who also wrote RFC 2104. This paper also defined a variant called NMAC that is rarely, if ever, used. FIPS PUB 198 generalizes and standardizes the use of HMACs. HMAC-SHA1 and HMAC-MD5 are used within the IPsec and TLS protocols.
 

Tidak ada komentar:

Posting Komentar