Security+ SY0-601: 2.8: Cryptography

Chapter 16: Cryptography Concepts

Obfuscation / Encoding

XOR

ROT13

Substitution ciphers

Base64

hex

https://gchq.github.io/CyberChef/

Digital Signatures

RSA

DSA

About RSA

RSA = Rivest, Shamir, Adelman
= RSA Corp.
= Cyphers, like RC4
= RSA Signatures

 

RSA Signature Process

1. Create document.
2. Take a hash (message digest) of the doc.
3. Encrypt the hash with my PRIVATE key.
4. Email, attach the doc (there is no encryption here!!!!)
5. Paste the signature “hash” string into the email.
6. Recipient gets my PUBLIC key from PKI (key servers).
7. Rec. decrypts the signature –> gets a hash
8. Rec. takes a hash of the Doc.
9.The two hashes should match.
–> This provides Authenticity

Key length

Key stretching

Typically, running a hashing or block encryption operation multiple times.

Salting

Adding extra characters to a string to be hashed, for example.

Hashing

MD5

SHA-1, SHA-2, SHA-3

HMAC

RIPEMD

Key Exchange

Diffie-Hellman

KEA, IKEA, etc.

Example:
Given: I am a client (a browser), you are a server (web service)
1. HTTPS servers have a certificate (X.509) –> Asymmetric!!!!!!!
2. I get the Asymm. key (the public key)
3. I encrypt a value of my choice with that Asym. key and send it to the server.
4. Server decrypts that message, and now we can use that value as a Session Key.
5. Now we switch to Symmetric Enc., which is FAST.

Elliptic-curve cryptography

https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/

Perfect forward secrecy

Put simply, this means that if the private key of a server is compromised in the future, your session key for a past (perhaps recorded) session still cannot be compromised. This cluster of ideas is probably best understood by reading some highly informed discussion.

https://crypto.stackexchange.com/questions/66202/what-is-perfect-forward-secrecy

Quantum

Communications

Computing

Info
What’s the point? Quantum calculations allow computers to examine several possible answers at once, vastly reducing the time it takes to derive an encryption key, for instance.

https://en.wikipedia.org/wiki/Quantum_computing

https://www.element14.com/community/groups/embedded/blog/2021/06/01/for-the-first-time-engineers-demonstrate-two-qubit-quantum-computing-capabilities

Post-quantum

Encryption in a post-quantum-computing era will have to use creative math that isn’t susceptible to parallel (multiple simultaneous) cracking attempts.

Ephemeral Keys

Used once, for one session, and then (in theory) never used again.

Modes of operation

Authenticated

Unauthenticated

Counter

Blockchain

Public ledgers

Cipher suites

Stream

Block

Symmetric

DES, 3DES (block)

AES (block)

Blowfish, Twofish (block)

RC2, RC4 (stream), RC5 (block), RC6 (block)

Asymmetric

RSA

DSA

Elliptic Curve (ECC – requires less power, good for mobile)

PGP / GPG

Lightweight cryptography

Steganography

Audio

Video

Image

Homomorphic encryption

HE technology allows computations to be performed directly on encrypted data. – https://www.microsoft.com/en-us/ai/ai-lab-he

Common use cases

Low power devices

Low latency

High resiliency

Supporting confidentiality

Supporting integrity

Supporting obfuscation

Supporting authentication

Supporting non-repudiation

Limitations

Speed

Size

Weak keys

Time

Longevity

Predictability

Reuse

Entropy

Computational overheads

Resource vs. security constraints