Cryptography is the study of encryption and encryption algorithms. In common terms, encryption is the process of converting a plain-text into an unreadable piece of data which can’t be converted back without knowing the decryption secret.
Cryptography & Encryption
Data encryption is used to transform data that is either sent through a network or is stored on a drive into unreadable / unusable information for anyone eavesdropping or having unauthorized access to a computer.
Encryption is always done by using mathematical algorithms which scramble the data in different ways, usually using a variable value called a cypher which allows the decryption of the data. Decryption cannot take place without knowing the algorithm and the cypher used to encrypt the data.
Encryption example using Blowfish ECB cyphered encryption:
Clear text: Secret Text
Encrypted text: ìÀ¿o½ª##¡M²ýÚ#
The CIA Triad
Data security is mainly split into three base elements: Confidentiality, Integrity and Authentication.
Confidentiality is provided by encryption, meaning that only authorized users can read the data. Hashing provides integrity by assuring the communication parts that the data which is sent is the same as the data being received, thus making sure that no tampering took place in the delivery process. Digital signatures which ensure that the users are who they say they are provide authentication and integrity at the same time. Combining message encryption with digital signatures
brings forward the complete CIA Triad.
Some encryption methods can use substitution as a way of encrypting a message which involves replacing characters and also transposition which involves changing the order of the characters in a message.
Some of these early types of algorithms include:
- Caesar’s Cipher
- Atbash Cipher
- Vigenere Cipher
- Vernam Cipher
- Concealment Cipher
Symmetric key encryption means both sender and receiver use the same secret key to encrypt and decrypt the data. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. While both the sender and receiver know the secret key, they can decrypt all messages transferred between them.
- Can’t share the secret key remotely
- The fact that it does not provide nonrepudiation, meaning the sender’s identity can be proven
- Limited security (confidentiality only)
Asymmetric key cryptography(aka public key cryptography) came forward to address the issues with symmetric key distribution and management. One big question which needed to be answered was how can a key be exchanged securely over an inherently insecure network such as the Internet? The answer came in using a key pair. One public key which is available to all who need to send encrypted messages. The second key is a private key which is kept secret so that only you know it.
Messages which are encrypted using the public key can be decrypted only by using the paired private key. Similarly, messages encrypted using the private key can only be decrypted using the matching public key. This answers the question by simply removing the need to hide the key because the public key is by nature always public to anyone.
A way of creating key pairs is by using factorization of prime numbers. One other way is by creating discrete logarithms. Asymmetric encryption is based on one-way functions which act as a secret button. Essentially the encryption is one- way in that the same key cannot decrypt messages it encrypted. The associated private key provides information to make decryption feasible. The information about the function is included in the public key, whereas information about the secret button is in the private key. Anyone who has the private key knows the secret button function and can compute the public key.
To use asymmetric encryption, there needs to be a method for transferring public keys. The typical technique is to use X.509 digital certificates (also known simply as certificates). A certificate is a file of information that identifies a user or a server, and contains the organization name, the organization that issued the certificate, and the user’s email address, country, and public key. When a server and a client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other party’s public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.
Asymmetric encryption can be used for:
- Data encryption
- Digital signatures
Asymmetric encryption can provide:
Strengths of asymmetric key encryption include:
- Key distribution
- Confidentiality, authentication, and nonrepudiation
The weakness of asymmetric key encryption is that the process is slow and typically requires a significantly longer key. It’s only suitable for small amounts of data due to its slow operation.
Stream Ciphers vs. Block Ciphers
Block ciphers and stream ciphers are the two types of encryption ciphers. Block ciphers are encryption ciphers that operate by encrypting a fixed amount, or “block,” of data. The most common block size is 64 bits of data. This chunk or block of data is encrypted as one unit of cleartext. When a block cipher is used for encryption and decryption, the message is divided into blocks of bits. Blocks are then put through one or more of the following scrambling methods:
A stream cipher encrypts single bits of data as a continuous stream of data bits. Stream ciphers typically execute at a higher speed than block ciphers and are suited for hardware usage. The stream cipher then combines a plain text bit with a pseudorandom cipher bit stream by means of an XOR (exclusive OR) operation. The XOR process is to compare the plain text and key one bit at a time and, based on the XOR logic, create cipher text. If the plain text and secret key are the same bit, the result is a 0; if they are different, such as 1 and 0, then the resulting encrypted bit is a 1.
Algorithms vary in key length from 40 bits to 448 bits. The longer the key length, the stronger the encryption algorithm. Using brute force to crack a key of 40 bits takes from 1.4 minutes to 0.2 seconds, depending on the strength of the processing computer. In comparison, a 64-bit key requires between 50 years and 37 days to break, again depending on the speed of the processor. Currently, any key with a length over 256 bits is considered uncrackable.
As an ethical hacker you will need to be familiar with the following algorithms:
- MD5 – MD5 is a hashing algorithm that uses a random-length input to generate a 128-bit digest. It is popular to create a digital signature to accompany documents and emails to prove the integrity of the source. The digital signature process involves the creation of an MD5 message digest of the document, which is then encrypted by the sender’s private key. MD5 message digests are encrypted by a private key in the digital signature process.
- SHA – SHA is also a message digest, which generates a 160-bit digest of encrypted data. SHA takes slightly longer than MD5 and is considered a stronger encryption. It is the preferred algorithm for use by the government.
- RC4 and RC5 – RC4 is a symmetric key algorithm and is a stream cipher, meaning one bit is encrypted at a time. It uses random mathematical permutations and a variable key size. RC5 is the next-generation algorithm: it uses a variable block size and variable key size. RC5 has been broken with key sizes smaller than 256.
- Blowfish – Blowfish is a 64-bit block cipher, which means that it encrypts data in chunks or blocks. It is stronger than a stream cipher and has a variable key length between 32 and 448 bits.
- MAC (Message Authentication Code) – MACs require the sender and receiver to share a secret key.
- HMAC (Hashed Message Authentication Code) – HMAC was designed to be immune to the multicollision attack. HMAC functions by using a hashing algorithm, such as MD5 or SHA-1, and altering the initial state by use of a symmetric key.
Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in the cipher, protocol, or key management. These are some cryptographic attacks which can be put forward by attackers:
- Cipher Text–Only Attack – This attack requires the attacker to obtain several messages encrypted using the same encryption algorithm.
- Known–Plain Text Attack – This attack requires the attacker to have the plain text and cipher text of one or more messages. The goal is to discover the key. This attack can be used if you know a portion of the plain text of a message.
- Chosen–Plain Text Attack – This type of attack is carried out when an attacker has the plain text messages of their choosing encrypted. An attacker can analyze the cipher text output of the encryption.
- Chosen–Cipher Text Attack – This type of attack is carried out when the attacker can decrypt portions of the cipher text message of their choosing. The attacker can use the decrypted portion of the message to discover the key.
- A replay attack occurs when the attacker can intercept cryptographic keys and reuse them at a later date to either encrypt or decrypt messages to which they may not have access.
- A brute-force attack involves trying all possible combinations until the correct solution is identified. Brute-force attacks are usually successful but require time and are usually costly.