Week 3 - Symmetric cryptography

mode of operation

A _______________ is used with a blockcipher to determine what to do with a message that is lager than the block size

electronic codebook

_________ mode is the weakest mode of operation. Blocks are processed independently so it can be done in parallel but patterns in the text are preserved.

cut and paste

_________ attacks are a weakness of ECB mode - attackers can tamper with data to find patterns in the cyphertext or manipulate data without the receiver knowing

cipher block chaining

___________ mode uses chaining: a plaintext block is XOR’d with the previous ciphertext block before being encrypted with the key.

To decrypt the block is decrypted with the key then XOR’d with the previous cyphertext (or IV for the first block)

initialization vector

A bit string the length of a block that is used as the first cyphertext to mask the first plaintext block

counter

_______ mode turns a block cipher into a stream cypher. An encrypted counter value is XOR’d with the plaintext

keystream

Used in CTR mode - it is made by encrypting the counter (which increments with each block) with a nonce. These can be encrypted in advance for speed purposes

nonce

Number used once - used with the counter to create a value to be encrypted (keystream) then XOR’d with the text in CTR mode

data origin authentication

verifying the source of data (authentication) and making sure it hasn’t been tampered with (integrity). Can also be used to ensure confidentiality during active attacks

message authentication code

provides authentication and integrity. This tag is created by computing a symmetric key with the message. The recipient checks the message with the shared key to check if the tag is the same

key separation

provides extra security by having the MAC and the encryption use a different key. This way one key can be kept safe if the other is compromised

galois counter

_______ mode provides confidentiality and data origin authentication. The encryption is the same as CTR mode but messages are sent with an authentication tag produced from encrypting a hash

hash function

takes an input of any length and outputs a fixed-length bitstring called a hash value. The same input always gives the same output. It provides ‘fingerprint’ for the data

collision resistance

a property of hash functions where if given the hash it is difficult to find different inputs that produce the same hash value

preimage resistance

when it is difficult to find the input message from the hash value. However it is still easy to compute the output from an input meaning it is a one-way-function

second preimage resistance

when given an input and the hash, it should be difficult to find a different input that hashes to the same output

secure hash algorithm

a family of hashing algorithms produced by NIST

digest length

the size of a hash value that a SHA produces, Longer means more security (more outputs, less collision)

MD5

was found to have many vulnerabilities and collisions can now be found in seconds (digest length 128)

SHA-0

this hash function was found to have a fatal flaw and was withdrawn shortly after publication (digest length 160)

SHA-1

this hash function is no longer safe and is in the process of being phased out. It has been cryptographically broken as collisions are cheap to compute on modern hardware (digest length 160)

SHA-256

the currently recommended hash function which is very widely used: the large digest gives it many outputs and it is resistant to known attacks (for now!)

file integrity check

one of the uses of SHA: by relying on second preimage resistance a downloaded file can be sent with its hash value to be verified by the receiver

dictionary attack

a more efficient way of brute-forcing passwords by going through common words, phrases or previously leaked passwords, hashing them then comparing to stolen hash values

salting

a method where a fixed value is concatenated with a password then hashed. When a user tries to log in the supplied password is concatenated and hashed then compared with the stored hash value.