User talk:Sandy Harris/Saved

From Citizendium
< User talk:Sandy Harris
Revision as of 05:17, 16 December 2008 by imported>Sandy Harris (text from Cryptogrpahy which I plan to replace with a massive rewrite)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Principles of cryptosystems

In encryption and decryption, a key is one or more unique values used by an encryption or decryption algorithm. Encryption algorithms take as input a key and plaintext, producing ciphertext output. For decryption, the process is reversed to turn ciphertext into plaintext, but decryption need not use the same key(s) or algorithms for decryption as was used for encryption.

The ciphertext produced by an encryption algorithm should bear no resemblance to the original message. Ideally, it should be indistinguishable from a random string of symbols.

One-way encryption

There are a substantial number of applications where it is not necessary to be able to reconstruct the plaintext from the ciphertext, but merely to be able to prove that some piece of information could be generated only from the original plaintext. See one-way encryption for the techniques; some applications are presented here.

Protection against record modification

Protection against file modification

Protecting stored passwords

When passwords are stored on a computer, it is essential that they be kept secret. Thus it is recommended practice to encrypt the passwords before writing them to disk, and furthermore to prevent anyone who might find them from decrypting them. One-way encryption involves storing an encrypted string which cannot be decrypted. When a user later enters their password, the newly enter password is first encrypted, and then is compared to the encrypted stored string.

The password is usually encrypted as a hash digest (a large number generated by scrambling and condensing plain text letters). An example of a hash digest is SHA-1, which dates from 1994. The SHA-1 algorithm takes a string as input. The algorithm is a digest because the result is a fixed-size number. The SHA-1 algorithm always outputs a 160-bit number (20 bytes of storage). 48 decimal digits would be required to express this number, and it is usually displayed to humans as a 28-character, base-64 encoded string. Here are some examples:

Hello World   z7R8yBtZz0+eqead7UEYzPvVFjw=
VB            L1SHP0uzuGbMUpT4z0zlAdEzfPE=
vb            eOcnhoZRmuoC/Ed5iRrW7IxlCDw=
Vb            e3PaiF6tMmhPGUfGg1nrfdV3I+I=
vB            gzt6my3YIrzJiTiucvqBTgM6LtM=

Two-way encryption

Some approaches are said to be two-way because text messages are both encrypted and decrypted. One approach is called secret key or symmetric key cryptography, in which the sender encrypts with a secret key and the receiver must have an identical copy of that key to decrypt. The second method is called public key or asymmetric key cryptography; in this, keys are created in pairs, such that when one is used to encrypt, the other must be used to decrypt. One key is the private key; this is kept secret from everyone. The other is the public key; this can be published anywhere; on the net, in the phonebook, on business cards.

Practical use of asymmetric cryptography, on any sizable basis, requires a public key infrastructure (PKI). A public key will normally be embedded in a digital certificate that is issued by a certification authority. In the event of compromise of the private key, the certification authority can revoke the key by adding it to a certificate revocation list. Digital certificates, like passports or other identification documents, usually have expiration dates, and a means of verifying both the validity of the certificate and of the certificate issuer.

Public key exchanges are used to open up secure secret key channels between strangers across the internet.

Units on which encryption operates

Character ciphers
Block ciphers

These break the data up into fixed-size blocks and encrypt each block under control of the key. Since the message will rarely have the same length of an integer number of blocks, there will usually need to be some form of "paddding" to make the final block be long enough. The padding, if not pseudorandom, may provide a probable plaintext attack point, and certainly adds overhead to the encryption process.

Stream ciphers

These encrypt a stream of input data by combining it with a pseudo-random stream of data; the pseudo-random stream is generated under control of the encryption key. They are statistically stronger as there is no block size to use as one controlled variable in cryptanalysis.

Paradigms of encryption

Symmetric key encryption

Symmetric key cryptography requires only one key. That key can be used either to encrypt or decrypt a message. Both the sender and receiver must have the key, and third parties (potential intruders) must be prevented from obtaining the key. Symmetric key encryption may also be called traditional, shared-secret, secret-key, or conventional encryption. This was the only kind of two-way encryption publicly known until 1976.[1] With this kind of encryption alone, it would not be possible to open up a new secure connection on the internet, because there would be no safe way initially to transmit the shared key to the other end of the connection without intruders being able to intercept it.

One example of a secret-key algorithm is the Data Encryption Standard (DES). DES uses a 56-bit key which is used to derive 16 48-bit round keys. Neither DES nor the variant, triple DES, are secure against modern attacks (see cryptographic strength for the reasons).

One practical consideration for using secret key encryption is where, and how, to safely store the key on the computer so that intruders will not be able to obtain it, if they should gain access to the machine. Simply storing the key unencrypted in a file or database is a poor strategy. Hard coding it inside a program is also risky because it could be fished out using a decompiler or debugger. A preferable strategy would be to encrypt the private key and store it in a file that is protected by the file system; this way, only authorized users of the system should be able to read the file. But then, where should one store the key used to encrypt the private key? It becomes a recursive problem.

Asymmetric key encryption

In contrast with symmetric encryption, asymmetric encryption, a user has their computer produce two different keys, related mathematically so that data encrypted with one can only be decrypted with the other. One key is the public key and can be published. The other is the private key and is kept secret, never leaving the user's computer. It was first proposed, in public, in 1976 by Whitfield Diffie and Martin Hellman.[2].

A public key cryptography system is constructed so that calculation of the private key is computationally infeasible from knowledge of the public key, even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair[3]. The historian David Kahn described public-key cryptography as "the most revolutionary new concept in the field since polyalphabetic substitution emerged in the Renaissance".[4]

When used for content confidentiality, the public key is typically used for encryption, while the private or secret key is used for decryption. There needs to be a separate public-private pair in each direction of communication. The early asymmetric techniques were vulnerable to some forms of cryptanalysis, until Diffie and Hellman showed that public-key cryptography was practucak by presenting the Diffie-Hellman key exchange protocol[1]. In 1978, Ronald Rivest, Adi Shamir, and Len Adleman invented Rivest-Shamir-Adleman (RSA), another public-key system[5] [6] Previously released as an MIT "Technical Memo" in April 1977, and published in Martin Gardner's Scientific American "Mathematical Recreations" column</ref>. In 1997, it finally became publicly known that asymmetric cryptography had been invented by James H. Ellis at GCHQ, a British intelligence organization, in the early 1970s, and that both the Diffie-Hellman and RSA algorithms had been previously developed (by Malcolm J. Williamson and Clifford Cocks, respectively)[7].

Generating session keys

The primary usage of public-key encryption is in hybrid systems where a symmetric algorithm does the bulk data encryption while the public key algorithm provides other services. Public-key encryption is slower than conventional symmetric encryption.For example, in Pretty Good Privacy (PGP) email encryption the sender generates a random key for the symmetric bulk encryption and uses public key techniques to securely deliver it to the receiver. In the Diffie-Hellman key agreement protocol, used in IPsec and other systems, public key techniques provide authentication.

An advantage of asymmetric over symmetric cryptosystems is that all symmetric system keys must be kept secret, and the logistics of key management become complex. Each distinct pair of communicating parties must share a different key. The number of keys required increases as the square of the number of network members, which requires very complex key management schemes in large networks. The difficulty of establishing a secret key between two communicating parties when a secure channel doesn't already exist between them also presents a chicken-and-egg problem which is a considerably practical obstacle for cryptography users in the real world.

Digital signatures

In addition to encryption, public-key cryptography can be used to implement digital signature schemes. A digital signature is somewhat like an ordinary signature; they have the characteristic that they are easy for a user to produce, but difficult for anyone else to forge. Digital signatures can also be permanently tied to the content of the message being signed; they cannot be 'moved' from one document to another, for any attempt will be detectable. In digital signature schemes, there are two algorithms: one for signing, in which a secret key is used to process the message (or a hash of the message or both), and one for verification, in which the matching public key is used with the message to check the validity of the signature. RSA and DSA are two of the most popular digital signature schemes. Digital signatures are central to the operation of public key infrastructures and to many network security schemes (Transport Layer Security (TLS),[8] also Secure Sockets Layer (SSL), many VPNs, etc).[9]

  1. 1.0 1.1 Diffie, Whitfield & Martin Hellman (Nov. 1976), "pdf New Directions in Cryptography", IEEE Transactions on Information Theory IT-22 pages = 644-654
  2. Diffie, Whitfield (June 8, 1976), "Multi-user cryptographic techniques", AFIPS Proceedings 4 5: 109-112
  3. Ralph Merkle was working on similar ideas at the time, and Hellman has suggested that the term used should be Diffie-Hellman-Merkle asymmetric key cryptography.
  4. David Kahn, "Cryptology Goes Public", 58 Foreign Affairs] 141, 151 (fall 1979), p. 153.
  5. Rivest, Ronald L.; Adi Shamir & Len Adleman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems
  6. Communications of the ACM, Vol. 21 (2), pp.120–126. 1978
  7. Clifford Cocks. A Note on 'Non-Secret Encryption', CESG Research Report, 20 November 1973.
  8. T. Dierks, E. Rescorla (August 2008), The Transport Layer Security (TLS) Protocol Version 1.2., RFC5246
  9. Schneier, Bruce (2nd edition, 1996,), Applied Cryptography, John Wiley & Sons, ISBN 0-471-11709-9