Cryptography is one of the most important thing and you must know that but it seems quite boring and hard for beginners.
So lets get started on your mission of understanding basics of Cryptography.
In cryptography, Encryption
is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption does not of itself prevent interception, but denies the message content to the interceptor. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. It is in principle possible to decrypt the message without possessing the key, but, for a well-designed encryption scheme, large computational resources and skill are required. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.
The purpose of encryption is to ensure that only somebody who is authorized to access data (e.g. a text message or a file), will be able to read it, using the decryption key . Somebody who is not authorized can be excluded, because he or she does not have the required key, without which it is impossible to read the encrypted information.
How can my data be encrypted?
Lets start with these four :
1. Symmetric Encryption
2. Public Key
3. Asymmetric Encryption
Symmetric cryptography is where we have the same key at the sender and receiver. It is probably the most common form of cryptography. You have a password or key that encrypts a message and I have the same password to decrypt the message. Anyone else can’t read our message or data.
Symmetric cryptography is very fast, so it is well-suited for bulk storage or streaming applications. The drawback to symmetric cryptography is what is called the key exchange. If both ends need the same key, they need to use a third channel to exchange the key and therein lies the weakness. If there are two people who want to encrypt their communication and they are thousands miles apart, how do they exchange the key? This key exchange then is fraught with the all the problems of the confidentiality of the medium they choose, whether it be telephone, mail, email, face-to-face, etc. The key exchange can be intercepted and render the confidentiality of the encryption moot.
Some of the common symmetric algorithms that you should be familiar with are:
1. DES – This was one of the original and oldest encryption schemes developed by IBM. It was found to be flawed and breakable and was used in the original hashing system of LANMAN hashes in early (pre-2000) Windows systems.
2. 3DES – This encryption algorithm was developed in response to the flaws in DES. 3DES applies the DES algorithm three times (hence the name “triple DES”) making it slightly more secure than DES.
3. AES – Advanced Encryption Standard is not a encryption algorithm but rather a standard developed by NIST. Presently, it is considered the strongest encryption, uses a 128-, 196-, or 256-bit key and is occupied by the Rijndael algorithm since 2001. Used in WPA2, SSL/TLS, and many other protocols where confidentiality and speed is important.
4. RC4 – This is a streaming (it encrypts each bit or byte rather than a block of information) cipher and developed by Ronald Rivest of RSA fame. Used in VoIP and WEP.
5. Blowfish – The first of Bruce Schneier’s encryption algorithms. It uses a variable key length and is very secure. It is not patented, so anyone can use it without license.
6. Twofish – A stronger version of Blowfish using a 128- or 256-bit key and was strong contender for AES. Used in Cryptcat and OpenPGP, among other places. It also is in the public domain without a patent.
In public-key encryption schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read.
A publicly available public key encryption application called Pretty Good Privacy (PGP) was written in 1991 by Phil Zimmermann , and distributed free of charge with source code; it was purchased by Symantec in 2010 and is regularly updated.
Asymmetric cryptography uses different keys on both end of the communication channel. Asymmetric cryptography is very slow, about 1,000 times slower than symmetric cryptography, so we don’t want to use it for bulk encryption or streaming communication. It does, however, solve the key exchange problem. Since we don’t need to have the same key on both ends of a communication, we don’t have the issue of key exchange.
Asymmetric cryptography is used primarily when we have two entities unknown to each other that want to exchange a small bit of information, such as a key or other identifying information, such as a certificate. It is not used for bulk or streaming encryption due to its speed limitations.
Some of common asymmetric encryption schemes you should be familiar with are :
1. Diffie-Hellman – Many people in the field of cryptography regard the Diffie-Hellman key exchange to be the greatest development in cryptography (I would have to agree). Without going deep into the mathematics, Diffie and Hellman developed a way to generate keys without having to exchange the keys, thereby solving the key exchange problem that plagues symmetric key encryption.
2. RSA – Rivest, Shamir, and Adleman is a scheme of asymmetric encryption that uses factorization of very large prime numbers as the relationship between the two keys.
3. PKI – Public key infrastructure is the widely used asymmetric system for exchanging confidential information using a private key and a public key.
4. ECC – Elliptical curve cryptography is becoming increasing popular in mobile computing as it efficient, requiring less computing power and energy consumption for the same level of security. ECC relies upon the shared relationship of two functions being on the same elliptical curve.
Hashes are one-way encryption. A message or password is encrypted in a way that it cannot be reversed or unencrypted.
When the message is encrypted it creates a “hash” that becomes a unique, but indecipherable signature for the underlying message. Each and every message is encrypted in a way that it creates a unique hash. Usually, these hashes are a fixed length (an MD5 hash is always 32 characters). In that way, the attacker can not decipher any information about the underlying message from the length of the hash. Due to this, we don’t need to know the original message, we simply need to see whether some text creates the same hash to check its integrity.
This is why hashes can be used to store passwords. The passwords are stored as hashes and then when someone tries to log in, the system hashes the password and checks to see whether the hash generated matches the hash that has been stored. In addition, hashes are useful for integrity checking, for instance with file downloads or system files.
These are the hashes you should be familiar with.
1. MD4 – This was an early hash by Ron Rivest and has largely been discontinued in use due to collisions.
2. MD5 – The most widely used hashing system. It’s 128-bit and produces a 32-character message digest.
3. SHA1– Developed by the NSA, it is more secure than MD5, but not as widely used. It has 160-bit digest which is usually rendered in 40-character hexadecimal. Often used for certificate exchanges in SSL, but because of recently discovered flaws, is being deprecated for that purpose.
As you might guess, wireless cryptography is symmetric (for speed), and as with all symmetric cryptography, key exchange is critical.
1. WEP – This was the original encryption scheme for wireless and was quickly discovered to be flawed. It used RC4, but because of the small key size (24-bit), it repeated the IV about every 5,000 packets enabling easy cracking on a busy network.
2. WPA – This was a quick fix for the flaws of WEP, adding a larger key and TKIP to make it slightly more difficult to crack.
3. WPA2-PSK – This was the first of the more secure wireless encryption schemes. It uses a pre-shared key and AES. It then salts the hashes with the AP name or SSID. The hash is exchanged at authentication in a four-way handshake between the client and AP.
4. WPA2-Enterprise – This wireless encryption is the most secure. It uses a 128-bit key, AES, and a remote authentication server.