CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

4.5.10.1  Multiple Key Pairs (Single, Dual) 1 2 3 4 5 6 4.7  Success Questions

Cryptographic Algorithms

You explored three types of cryptographic algorithms including:

• Hashing
  
  
• Symmetric encryption
  
  
• Asymmetric encryption

You discovered that hashing is the process of creating a long alphanumeric string or number, called a “hash value” or “message digest”, which functions as a relatively unique identifier of the message or file that, was hashed. The most popular hashing algorithm is MD5 (Message Digest 5, developed by Rivest) which creates a 128-bit message digest. A stronger algorithm is SHA-1 (Secure Hash Algorithm rev. 1, developed by NIST), which creates a longer 160-bit message digest. It is possible but not likely for different documents to compute to the same hash value; a potential attacker can take advantage of this to try to find a duplicate document that has the same hash value, but it is unlikely he’d find another with the same value that is not gibberish. It is not possible to derive the full original document contents from the hash value alone, much like it is impossible to derive the original bitmap from a compressed JPG file, due to information loss.

Next, you looked at symmetric cryptography, which is the oldest type. It uses a shared secret key known by the sending and receiving parties, and (usually) a non-secret encryption algorithm, in which the same key is used for encrypting and decrypting the message. Because anyone possessing the key can decrypt the message, you need to make sure only authorized individuals have access to it. DES, Triple DES, IDEA, RC2 and AES are examples of symmetric algorithms; DES is well-known but considered insecure today because of its short 56-bit key length. You discovered that symmetric ciphers come in several types:

• Block ciphers (encrypting an entire block of data at a time, generally independent from other blocks; well-suited for large sets of data)
  
  
• Stream ciphers (encrypting data bit by bit; well-suited for bit-oriented traffic like streaming media)
  
  
• Cipher-block chaining (a combination of the two in which the encryption of any block of data is dependent on the results of encrypting the prior block)

A primary security issue with symmetric crypto is that if the message sender and receiver are in different places, you need a secure way to transmit the key from one person to another. Also, since crypto algorithms depend on being computationally expensive to break (reducing success of brute force attacks), they become weaker as computers become faster, and, like DES, eventually need to be replaced by more complex algorithms.

You also learned about asymmetric cryptography, a newer technique which uses a pair of keys – one to encrypt the data and one to decrypt it. It is sometimes known as public/private key encryption, or just public key encryption, because it involves a public key distributed to others and a private key known only to the owner of the key pair. The earliest use of asymmetric crypto was in a 1977 paper on the Diffie-Hellman Key Exchange Protocol, describing how symmetric keys could be securely transmitted to users who needed them. One of the most widely used asymmetric crypto algorithms today is RSA (developed by Rivest, Shamir and Adleman in 1977); another is DSA, used primarily by the government. Applications using asymmetric cryptography include the PGP mail facility which uses Diffie-Hellman and RSA algorithms, the S/MIME mail facility, SSH (Secure Shell) and SSL.

Messages can be encrypted with either the public or private key, and are decrypted by whichever key was NOT used for the original encryption. Encrypt with the receiver’s public key if you want to create a confidential, private message readable only to that receiver, who’ll decrypt with his private key. Encrypt with the sender’s (your) private key if you want to create a message decryptable by everyone with the sender’s public key, that allows each recipient to verify that it was definitely you who sent the message and that that message was not altered during transmission. Per Diffie-Hellman, asymmetric crypto can also be used to encrypt a conventional symmetric crypto “secret key” which will be used to decrypt a file being transferred across the Internet; you might do this to minimize encryption/decryption time for a large file, since symmetric encryption takes less time than asymmetric encryption.

4.5.10.1  Multiple Key Pairs (Single, Dual) 1 2 3 4 5 6 4.7  Success Questions