Section 10: Public Key Infrastructure

Users dont need to share their private keys and should share their public keys freely in

asymmetric cryptography

Trust Models

• personal knowledge

• Web of Trust (WoT): relies on indirect relationships

• PKI

Web of Trust Issues

• decentralized approach makes it difficult to manage

• high barrier to entry

• requires technical knowledge

Public Key Infrastructure (PKI)

builds upon the web of trust and depends highly upon trusted certificate authorities (CA)

Certificate Authority (CA)

trusted third-party organizations that verify the identity of individuals or organizations and then issue digital certificates containing both identity information and a copy of the subject’s public key.

Digital certificates are the identity cards of the digital world

True

Anyone receiving your digital certificate can verify its authenticity by

checking the digital signature of the issuing CA

Hash Functions

one-way functions that transform a variable length input into a unique, fixed length output

Hash Function Characteristics

• one-way functions that cant be reversed

• the output of a hash function will always be the same length regardless of the input size

• no two inputs to a hash function should produce the same output

Hash Function

Message Digest 5 (MD5)

produces 128 bit hashes and is no longer secure

Message Digest is another term for hash

True

NIST created the Secure Hash Algorithm (SHA) family as a government standard

True

SHA-1

produces a 160 bit hash value; contains security flaws that make it insecure

SHA-2

consists a family of six hash functions; produces outputs of 224,256,384 & 512 bits; has some attacks against but still widely used

SHA-3

designed to replace SHA-2; uses a completely different hash generation approach than SHA-2; produces hashes of user-selected fixed length

RIPEMD

created as an alternative to government-sponsored hash functions; produces 128,160,256, and 320 bit hashes

RIPEMD contains flaws in

the 128 bit version

RIPEMD 160 bit

is widely used especially in bitcoin transactions

HMAC (Hash-based Message Authentication Code)

combines symmetric cryptography and hashing; provides authentication and integrity

Create and verify message authentication code by

using a secret key in conjunction with a hash function

Hash functions are used with asymmetric cryptography for

digital signatures and digital certificates

Digital signatures

use asymmetric cryptography to achieve integrity, authentication, and non repudiation

Signed Message Recipients Know

• the owner of the public key is the person who signed the message (authentication)

• the message was not altered after being signed (integrity)

• the recipient can prove these facts to a third party (non-repudiation)