What is Cryptography?
- cryptography as a method to scramble data, making it unreadable to unauthorized individuals
- steganography, which hides data’s existence altogether.
Terms
- It explains the historical context (Caesar’s cipher) key terms like
- encryption (scrambling)
- decryption (unscrambling)
- cleartext (unencrypted data)
- plaintext (data to be encrypted)
- ciphertext (encrypted data)
- and the crucial role of the “key” in the cryptographic algorithm (the mathematical process).
Cryptography and Security
Cryptography can provide five basic protections
- Confidentiality
- Ensures only authorized parties can view it
- Integrity
- Ensures information is correct and unaltered
- Availability
- Ensures authorized users can access it
- Authentication
- Ensures sender can be verified through cryptography
- Non-repudiation
- Proves that a user performed an action
| Characteristic | Description | Protection |
|---|---|---|
| Confidentiality | Ensures that only authorized parties can view the information | Encrypted information can only be viewed by those who have been provided the key. |
| Integrity | Ensures that the information is correct and no unauthorized person or malicious software has altered that data | Encrypted information cannot be changed except by authorized users who have the key. |
| Availability | Ensures that data is accessible to authorized users | Authorized users are provided the decryption key to access the information. |
| Authentication | Provides proof of the genuineness of the user | Proof that the sender was legitimate and not an imposter can be obtained. |
| Non-repudiation | Proves that a user performed an action | Individuals are prevented from fraudulently denying that they were involved in a transaction. |
Cryptographic Algorithms
A fundamental difference in cryptographic algorithms is the amount of data processed at a time
- Stream cipher: takes one character and replaces it with another (encrypt one by one char)
- Block cipher : manipulates an entire block of plaintext at one time
- Sponge function: takes as input a string of any length and returns a string of any requested variable length
Categories of Cryptographic algorithms
- Hash algorithms
- Symmetric cryptographic algorithms
- Asymmetric cryptographic algorithms
Hash Algorithms
Hash algorithms generate fixed-size, unique “digital fingerprints” (digests) from input data. These digests are:
- Fixed-size: Always the same length, regardless of input size.
- Unique: Different inputs produce different digests. A tiny change in the input drastically alters the digest.
- Irreversible: The original data cannot be recovered from the digest.
Purpose: Hashing verifies data integrity. If a digest matches the expected value, it confirms the data hasn’t been altered.
HMAC (Hashed Message Authentication Code): Enhances security by incorporating a shared secret key into the hashing process. This prevents unauthorized modification and verification.
Popular Hash Algorithms:
- MD (Message Digest): Older algorithms (e.g., MD5) are now considered insecure due to collision vulnerabilities.
- SHA (Secure Hash Algorithm): A family of algorithms (e.g., SHA-256, SHA-512) offering varying levels of security. SHA-2 variants are currently widely used.
- Whirlpool: Designed for high security and considered robust.
- RIPEMD: Another family of algorithms (e.g., RIPEMD-160) offering strong collision resistance.
(Note: Specific strengths and weaknesses of each algorithm would require a more detailed explanation. For example, SHA-1 is deprecated due to collision vulnerabilities, while SHA-256 is currently considered secure.)
| Characteristic | Protection? |
|---|---|
| Confidentiality | No |
| Integrity | Yes |
| Availability | No |
| Authenticity | No |
| Nonrepudiation | No |
Comparing the popular hash algorithms mentioned is complex, as the “best” algorithm depends on the specific security requirements and application. However, we can compare them based on key characteristics:
| Feature | MD5 | SHA-1 | SHA-256 | SHA-512 | Whirlpool | RIPEMD-160 |
|---|---|---|---|---|---|---|
| Digest Size | 128 bits | 160 bits | 256 bits | 512 bits | 512 bits | 160 bits |
| Collision Resistance | Very Weak (broken) | Weak (broken) | Strong | Strong | Strong | Strong |
| Speed | Fast | Relatively Fast | Moderate | Slower | Moderate | Moderate |
| Security Level | Insecure | Insecure | Secure | Secure | Secure | Secure |
| Status | Deprecated | Deprecated | Widely Used | Widely Used | Used, but less common | Used, but less common |
Explanation of Columns:
-
Digest Size: The length of the hash output. Larger digest sizes generally offer better collision resistance.
-
Collision Resistance: This refers to the difficulty of finding two different inputs that produce the same hash. A “broken” algorithm means collisions have been practically demonstrated, rendering it insecure for cryptographic purposes.
-
Speed: The speed at which the algorithm computes the hash. Faster algorithms are generally preferable, provided they maintain sufficient security.
-
Security Level: A summary assessment based on collision resistance and known vulnerabilities.
-
Status: Indicates current usage and recommendation. MD5 and SHA-1 are deprecated and should not be used for security-sensitive applications.
Summary:
SHA-256 and SHA-512 are the current industry standards and are widely considered secure. Whirlpool and RIPEMD-160 also offer strong security, although they are less commonly used than SHA-2 variants. MD5 and SHA-1 are completely insecure and should be avoided. The choice between SHA-256 and SHA-512 often comes down to a balance between speed and security; SHA-512 offers slightly better security but is slower.
Symmetric Cryptographic Algorithms
Definition: Symmetric cryptography uses the same secret key for both encryption and decryption. This is also known as private key cryptography because the key must be securely shared between communicating parties.
Key Characteristics:
- Single Key: One key is used for both encryption and decryption.
- Speed: Generally faster than asymmetric cryptography.
- Key Distribution: Secure key exchange is crucial; a compromised key compromises the entire system.
- Scalability: Key management becomes complex with a large number of participants. Each pair needs a unique secret key.
Popular Algorithms:
-
DES (Data Encryption Standard): An older algorithm now considered insecure due to its relatively short key size (56 bits). It’s largely deprecated.
-
3DES (Triple DES): Applies DES three times for enhanced security. While more secure than single DES, it’s slower and also being phased out in favor of AES.
-
AES (Advanced Encryption Standard): The current industry standard. Offers strong security with various key sizes (128, 192, and 256 bits). Widely used and considered secure for most applications.
-
Other Algorithms: RC4 (now considered insecure), IDEA, Blowfish.
-
One-Time Pad (OTP): Theoretically unbreakable if used correctly (a truly random key as long as the message, used only once). However, key distribution and management make it impractical for most real-world scenarios.
Strengths:
- High Speed: Efficient encryption and decryption.
- Simplicity: Relatively straightforward to implement.
Weaknesses:
- Key Distribution: Secure key exchange is a major challenge.
- Scalability: Managing keys becomes complex with many participants.
- Vulnerability to Key Compromise: If the key is compromised, all encrypted data is vulnerable.
Security Considerations: Choosing a strong algorithm (like AES with a sufficient key size) and implementing secure key management protocols are paramount for successful symmetric cryptography.
| Characteristic | Protection? |
|---|---|
| Confidentiality | Yes |
| Integrity | Yes |
| Availability | Yes |
| Authenticity | No |
| Nonrepudiation | No |
Classical Encryption Techniques
Substitution Cipher
Definition: A substitution cipher replaces each character (or group of characters) in the plaintext with a corresponding character (or group) from a substitution alphabet. The core principle is to systematically map each element of the plaintext to a different element in the ciphertext.
Mono-alphabetic Cipher
More About Mono-alphabetic Cipher >>> Monoalphabetic Substitution Cipher - A Detailed Explanation
Transposition Cipher
The cipher text is obtained by changing the column of the plaintext according to the alphabetic order of the letters of a key word.