Cryptosystem Functions
- Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
- Authentication: The process of proving one's identity.
- Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
- Non-repudiation: A mechanism to prove that the sender really sent this message.
- Key exchange: The method by which crypto keys are shared between sender and receiver.
Cryptosystem Algorithms
Each cryptosystem defines three algorithms:
- key(s) generation
- key size (length)
- expiration date
- encryption
- decryption
Cryptosystem types
- Symmetric Encryption (Secret Key Cryptography)
- Uses a single key for both encryption and decryption
- Sender uses the key to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key to decrypt the message and recover the plaintext.
- Key must be known to both the sender and the receiver; that, in fact, is the secret
- The biggest difficulty with this approach, of course, is the distribution of the key
- Used for:
- privacy/confidentiality
- Types:
- stream ciphers
- block ciphers
- Algorithms:
- AES (Rijndael)
- ...
- Asymmetric Encryption (Public Key Cryptography)
- Uses one key for encryption and another for decryption
- Used for:
- authentication
- non-repudiation
- key exchange
- Algorithms:
- RSA (Rivest, Shamir and Adleman) (PKCS#1)
- Diffie–Hellman key exchange protocol
- PGP
- GPG (GnuPG)
- SSL/TLS
- SSH
- ...
- Hash Functions (Message Digests, One-way Encryption)
- Use a mathematical transformation to irreversibly "encrypt" information, providing a digital fingerprint
- Use no key
- Fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered
- Used for:
- message integrity. Examples:
- ensure the integrity of a file; provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus
- encrypt passwords
- Algorithms:
- Message Digest (MD) algorithms
- byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message
- Algorithms:
- MD2
- MD4
- MD5
- weaknesses in the algorithm were demonstrated
- Secure Hash Algorithm (SHA)
- SHA-1
- produces a 160-bit hash value
- deprecated by NIST
- SHA-2
- SHA-1 plus
- SHA-224
- SHA-256
- produces a 256-bit (32-byte) hash value, typically rendered as a hexadecimal number, 64 digits long
- SHA-384
- SHA-512
- SHA-3
- Keccak
Resources:
http://www.keylength.com/