Basic Cryptography

Get Started. It's Free
or sign up with your email address
Rocket clouds
Basic Cryptography by Mind Map: Basic Cryptography

1. Asymmetric Algorithms

1.1. Characteristics

1.1.1. Key Pairs

1.1.1.1. Public Key

1.1.1.2. Private Key

1.1.2. Both Directions

1.1.2.1. Public can decrypt Private key

1.1.2.2. Private can decrypt Public Key

1.2. Information Protection

1.2.1. Confidentiality

1.2.2. Integrity

1.2.3. Availability

1.2.4. Authenticity

1.2.5. Nonrepudiation

1.3. Common

1.3.1. RSA

1.3.1.1. Most common.

1.3.1.2. Developed by MIT

1.3.1.3. Uses Prime Numbers

1.3.1.4. Slower than other algorithms.

1.3.2. Elliptic Curve Crytography (ECC)

1.3.2.1. Uses points on sloping curved lines.

1.3.2.2. Considered an alternative to prime numbers for mobile and wireless devices.

1.3.2.3. Uses smaller key sizes.

1.3.3. Quantum Crytography

1.3.3.1. Uses the properties of microscopic objects such as photons.

1.3.3.2. Share keys as well as to detect eavesdropping.

1.3.4. NTRUEncrypt

1.3.4.1. Lattice-based that relies on sets of points in space.

1.3.4.2. Used at gasoline service stations to transmit credit card information through satellites.

1.4. Digital Signatures

1.4.1. Verify the Sender

1.4.2. Prevents the sender from disowning the message.

1.4.3. Proves the integrity of the message.

2. Symmetric Algorithms

2.1. Description

2.1.1. Original cryptographic algorithms for encrypting and decrypting documents.

2.1.2. AKA: "Private Key Cryptography"

2.2. Characteristics

2.2.1. Same "shared single key" to encrypt and decrypt a document.

2.3. Information Protection

2.3.1. Confidentiality

2.3.2. Integrity

2.3.3. Availability

2.4. Common

2.4.1. Data Encryption Standard (DES)

2.4.1.1. One of the first widely used.

2.4.1.2. Block cipher that divides plaintext into 64bit blocks and the executes the algorithm 16 times.

2.4.1.3. Its 56bit key is considered to not be secure anymore and has been broken many times.

2.4.2. Triple Data Encryption Standard (3DES)

2.4.2.1. Block cipher designed to replace DES

2.4.2.2. Uses 3 rounds of encryption instead of 1.

2.4.2.3. 3 iterations times 16 rounds equals 48 iterations total.

2.4.2.4. Performs better in hardware than software.

2.4.2.5. To be more secure use a different key for each round. Some implementations only use 2 keys and the first key is also used for the 3rd round.

2.4.3. Advanced Encryption Standard (AES)

2.4.3.1. Approved by NIST in late 2000 and is a replacement for DES.

2.4.3.2. Algorithm know as Rinjdael

2.4.3.3. Performs 3 steps on every block (128bits) of plaintext

2.4.3.3.1. Step 2 multiple rounds are performed based on number of biits

2.4.3.3.2. Each round bytes are substituted and rearranged, and then special multiplication is performed based on the new arrangement.

2.4.3.4. To date no attacks have been successful.

2.4.4. Other

2.4.4.1. Rivest Cipher (RC)

2.4.4.1.1. RC1 and RC3 were never released.

2.4.4.1.2. RC2

2.4.4.1.3. RC4

2.4.4.1.4. RC5

2.4.4.1.5. RC6

2.4.4.1.6. by Ron Rivest

2.4.4.2. International Data Encryption Algorithm (IDEA)

2.4.4.2.1. Dates back to early 1990's and is used by the European nations.

2.4.4.2.2. Block cipher the process 64bits with a 128bit key with 8 rounds.

2.4.4.2.3. Considered secure, a weak key of all zeros has been identified.

2.4.4.3. Blowfish

2.4.4.3.1. Block cipher that operates on 64bit blocks and can have a key length from 32 to 448bits.

2.4.4.3.2. Designed to run efficiently on 32bit systems.

2.4.4.3.3. Twofish

2.5. Ciphers

2.5.1. Stream

2.5.1.1. Takes one character and replaces with another.

2.5.1.2. Wired Equivalent Privacy (WEP) is a stream cipher.

2.5.1.3. Type

2.5.1.3.1. Substitution

2.5.1.3.2. Homoalphabetic Substitution

2.5.1.3.3. Transposition

2.5.2. Block

2.5.2.1. Manipulates and entire block of plaintext at one time.

2.5.2.2. More secure because output is more random and is slower the larger the amount of plaintext that needs to be encrypted.

3. Hash Algorithms

3.1. Characteristics

3.1.1. 1. Fixed Size

3.1.2. 2. Unique (no collision)

3.1.3. 3. Original

3.1.4. 4. Secure (can not be reversed)

3.2. Information Protection

3.2.1. Integrity

3.3. Improved Security Algorithm

3.3.1. Hashed Message Authentication Code (HMAC)

3.3.1.1. Begins with shard secret key the sender and receiver both have.

3.3.1.2. Widely used by internet protocols to verify the secure transmission of data.

3.3.1.3. Hash values are posted on websites.

3.4. Common

3.4.1. Message Digest (MD)

3.4.1.1. MD2

3.4.1.1.1. Length is 16bits and is padded as needed.

3.4.1.2. MD4

3.4.1.2.1. Length is 512bits and is padded as needed.

3.4.1.3. MD5

3.4.1.3.1. Length is 512bits and is padded as needed.

3.4.2. Secure Hash Algorithm (SHA)

3.4.2.1. SHA-2 Secure hash, to date no vulnerabilities have been found.

3.4.3. Whirlpool

3.4.4. RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

3.4.4.1. 2 different and independent parallel chains of computation, the results of which are then combined at the end of the process.

3.5. Passwords

3.5.1. Microsoft Windows

3.5.1.1. LAN Manager (LM)

3.5.1.2. New Technology LAN Manager (NTLM)

3.5.1.3. New Technology LAN Manager 2 (NTLMv2)

3.5.2. Linux & MAC OS X

3.5.2.1. Strengthen Passwords

3.5.2.1.1. Add random bits know as "salt"

3.5.2.1.2. Salt along with the number of "rounds" (iterations) used with salt, is stored along with the "salted" password hash.

3.5.2.2. Linux uses MD5

3.5.2.3. MAC OS x uses SHA-1

4. Software Encryption

4.1. File and File System

4.2. Whole Disk

4.3. Pretty Good Privacy (PGP)

4.3.1. Most widely used asymmetric system for files and email messages on Windows systems and is a commercial product.

4.4. GNU Privacy Guard (GPG)

4.4.1. Runs on Windows, UNIX and Linux operating systems.

4.5. Microsoft Windows Encrypting File System (EFS)

4.5.1. Uses NTFS

4.5.2. Transparent to the user.

5. Hardware Encryption

5.1. USB Device

5.2. Hard Disk

5.3. Trusted Platform Module (TPM)

5.3.1. Chip on the motherboard

5.3.2. True random number generator instead of PRGN.

5.4. Hardware Security Module (HSM)

5.4.1. LAN based appliances that can provide services to multiple devices

5.4.2. Secure cryptographic processor with key storage, accelerated symmetric and asymmetric encryption and can even backup sensitive data.

6. Information Protection

6.1. Confidentiality

6.1.1. Ensures only authorized users view the data by encypting it.

6.2. Integrity

6.2.1. Ensures the information is correct, because encypted data can not be changed.

6.3. Availability

6.3.1. Ensures the data is available to authorized users who have the proper key.

6.4. Authenticity

6.4.1. Provides proof that the sender was legitimate.

6.5. Nonrepudiation

6.5.1. Proves that a user performed the action or sent the information.