EP021

Crypto Continued

Music provided by: Denis Kreynin https://soundcloud.com/denis-kreynin

 

We keep talking about encryption as a thing that keeps our data safe but what does it mean and how does it work? This episode is a little introduction on the topic of cryptology, and we’ll cover things like encryption and hashing.

 

Taxonomy time:

confidentiality is the ability to keep information private (even if communicating publicly)

non-repudiation means knowing for sure that the information hasn’t been modified by anyone else

cipher or algorithm is the mathematical formula cryptographers make up and we use

plain text is just what it sounds like and ciphertext is information after it’s been enciphered

cryptanalysis is the science of cracking / breaking cryptography

keys are like the passwords of cryptography

encryption and decryption

one way hash

 

substitution algorithms like ceasar cipher is the most basic – every time results in the same

Anything more complex uses XOR like described in episode 2. Need to describe again to understand the rest

if you have a want to encrypt the name bob (01100010 01101111 01100010) and you have a shared secret key for a 3 character word (for example purposes only) of 11111111 00000000 10101010 and the only algorithm is XOR, then the ciphertext is 10011101 01101111 11001000. Run the ciphertext through XOR with the same key gives you the plain text.

 

When you do a single bit or byte at a time you are using what is called a stream cipher. Whereas we manually created a key for demonstrative purposes, stream ciphers create a “keystream” automatically that’s used to encrypt the data on the fly. Computers do this super fast and it’s a good type of encryption for streaming type data like video and audio

 

block ciphers are next in still resulting in same ciphertext every time, but works on blocks instead of individual characters

 

Then there’s cipher block chaining which only uses the block sized key the first time, and then uses the resulting ciphertext block to as the key for the next .

 

Symmetric encryption is where the same key is used to encrypt and decrypt the message

 

DES and 3DES are common types of Block ciphers. you’ll see them as defaults of unix based systems to store passwords. AES is king and has both block modes and stream modes.

Hashing algorithms don’t use keys, but rely on the algorithm to produce a fixed length value used to prove integrity. Fixed length means that whatever input goes through the algorithm to produce ciphertext (or digest) of a specific size. MD5 makes the digest exactly 128 bits every time, SHA 1 digest is always 160 bits, and SHA-2 has different variants that has a digest size within the name of it (SHA-224, 256, 512, etc…). The results of a hash is always the same. Hash collisions are really really bad.

 

Asymmetric key encryption is very cool and uses a private key and a public key pair to do multiple things. First the most important thing to note is that it relies on prime numbers to do it’s magic. The next import thing is that it uses a “mathematical trapdoor function” where it’s easy to go one way but tough to go the other way. Super simple example for you to understand is something like multiplying and factoring. Computers are good at factoring so in reality they do more complex and time consuming math (see the RSA reference for an example).

 

One of the things that asymmetric encryption does is encrypt a message by using the recipient’s public key to encrypt the message, and they encrypt by using their private key (see? Symmetry!). The other thing it does is allows you to sign something with the private key and others can use your public key to validate it really came from you (a.k.a. non-repudiation).

 

Asymmetric key encryption is a lot more resource intensive than symmetric key encryption to compute (like 1000 times more), so it’s typically used for things like key exchange for symmetric encryption or full messages.

 

Diffie-Hellman is a predominant key exchange algorithm

 

Hybrid Cryptosystems combine many of the different ciphers to accomplish their goals. examples are PGP, SSL/TLS and Kerberos, and each are de facto standards in their own rights

 

PGP commonly used for content encryption (most of the time email), relies on a web of trust model.

SSL / TLS used for session level encryption and built into browsers and email clients / servers.

Kerberos used for authentication.

 

Kerberos is a “mother may I” type of protocol: Authenticate to the KDC (Key Distribution Centre), key exchange to get back tgt, goes back to KDC using tgt for permission to speak with resource, KDC grants session key to you encrypted in service ticket and gives service heads up of session key using TGT with that resource, you present session key to resource and it knows you’ve authenticated with KDC as user xyz. up to server to authorize you.

 

Don’t use old and weak algorithms, but also don’t rush to an untested one.

 

Reference:

Stream ciphers: https://en.wikipedia.org/wiki/Stream_cipher

Block ciphers: https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

SHA-2 one way hashing algorithm: https://en.wikipedia.org/wiki/SHA-2

Mathematical trapdoor functions: https://en.wikipedia.org/wiki/Trapdoor_function

How Diffie-Hellman works: https://www.youtube.com/watch?v=40i9ujVJ040

How the RSA asymmetric cipher works (good luck): https://en.wikipedia.org/wiki/RSA_(algorithm)

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.