Sunday, July 18, 2010

CISSP - Cryptography



Cryptograhpy - secret message between two parties

Crytanalysis - breaking cryptography - think - analysis - which is to remove complexity

Cryptology - cryptography and crytptanalysis

Block Ciphers:

ECB - Electronic Code Book - Does not involve chaining - so input will always yield the same output. This makes it only good for small, short sensitivity-life data.

CBC - Cipher Block Chaining - Solves the problem with ECB about always producing the same output by introducing an IV (initialization vector).

CFB - Cipher Feedback Mode - Similiar to CBC but for streaming instead of block. It uses the ciphertext from the last block to XOR with this block - hiding the plain text.

OFB - Output Feedback Mode - Improvement of CFB

CTR - Counter Mode - Improvement of OFB

XOR - 1(true) if bits are different

Running Key - when the key is not as long as the message (which is usual), the key is repeated until it is

One time pad -> Vernam Cipher - key must be protected, >= message, resulting pad cannot be reused, random key gen

Stream ciphers do not alter the length of the message - block ciphers do as they pad the message to conform to block sizes

Clipper Chip: used the skipjack cipher. Was meant to give the government the ability to wiretap phones but didn't take.

Morris worm of 1988: While going to Cornell, Morris deployed the worm from MIT. He only meant to 'measure' the internet, but the worm reinfected computers over and over again, causing a DOS attack. He is now a professor at MIT.

Symmetric - Skytale (Spartans)-> Ceasar's Cipher -> Enigma (Germans WWI) -> Purple Machine (Japanese WWII) -> DES (32 rounds) -> IDEA(64 bit blocks, 128 bit key, used in PGP) -> MARS (IBM entrance for AES)-> Blowfish(64 bit blocks, 448bit key entrance for AES) -> AES (Rinjdael 128, 10 rounds)

Assymetric - LUC (Lucas Functions, discrete logarithms) -> RSA -> ElGamal (used in PGP)-> ECC

Diffie-Hellman is just for key exchange -> used by ElGamal

Collision - when two files produce the same hash.

Clustering - different keys yield the same result

Transposition -> Diffusion - moving things around

Substitution -> Confusion


4 Components - certificate and registration authorities, repository and archive

Revoked -> Revocation List, and online certification status protocol

SET - Secure Electronic Transaction - x.509 derivative that didn't gain traction

Integrity (Hasing)

HAVAL (variable bit), RIPEMD (europe version of MD4), MD Series(MD5 = 128 bit), SHA (>160 bit), TIGER (designed for 64 bit systems)

MD4 is for high-speed computations, MD5 is standard

DSS - Digital Signature Standard - 160 bits

Securing Email


UUencode - encoding for email - to add support for binaries (attachments)

X.400 - standard for email (exchange)

Securing Wireless

WEP - RC4 - stream cipher - used because it was fast and exportable


Side Channel - attack the encryption device itself

No comments:

Post a Comment