Study Notes on Cryptography and Encryption

Introduction to Cryptography

  • Chris introduces the topic of cryptography and recalls previous discussions in class about encryption.

  • Encourages further exploration into cryptography, indicating that the session will cover more than previously known.

Encryption

  • Definition of Encryption:

    • The process of converting readable data (plaintext) into an unreadable format using an encryption cipher to secure data.

    • Eventually, this data can be decrypted back to its original form so it can be used again.

  • Keys in Encryption:

    • Uses keys to encrypt and decrypt data.

    • Encrypt Key: Used for encryption.

    • Decrypt Key: Used for decryption.

  • Plaintext vs. Ciphertext:

    • Plaintext: Readable data that is not encrypted.

    • Ciphertext: Data that can no longer be read without decryption (i.e., the output of the encryption process).

Cryptanalysis

  • Definition:

    • The field concerned with breaking cryptographic systems or algorithms to determine whether they are vulnerable.

Types of Encryption

  • Symmetric Encryption:

    • Same key is used for both encryption and decryption.

    • Fast in encrypting and decrypting; ideal for bulk data and data at rest (stored data).

    • Examples include:

    • AES (Advanced Encryption Standard): Widely used and secure as of now.

    • DES (Data Encryption Standard): Older, less secure, and rarely used today. Can be broken in minutes.

    • Triple DES (3DES): An evolution of DES that encrypts data three times.

    • Blowfish and Twofish: Fast algorithms
      designed for symmetric encryption.

    • RC4: A legacy cipher, now considered insecure but still widely used due to speed.

  • Asymmetric Encryption:

    • Different keys are used for encryption and decryption.

    • Private Key: Kept secret and never shared.

    • Public Key: Can be shared with anyone who wants to communicate securely with the key holder.

    • This type of encryption is needed for secure communications over the Internet.

    • Common algorithms include RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography).

Key Management

  • Securing Keys:

    • Protecting encryption keys is just as important as the encryption method used itself. Leaving keys unsecured undermines encryption.

    • Analogies used:

    • Having a secure lock system but hiding the key under the doormat.

Diffusion of Keys

  • Key Space:

    • Refers to the total number of possible keys that could be used in a cryptographic algorithm.

    • Length of key impacts security level; longer keys provide a stronger encryption.

    • Example lengths discussed: 256-bit and 512-bit keys in AES encryption. The more bits, the higher the security.

Hashing

  • Definition of Hashing:

    • A one-way encryption process where data is transformed into a fixed-size string of characters, which is typically a hash value.

    • Unlike encryption, it cannot be reversed back to its original form.

  • Hash Collisions:

    • Occurs when two different inputs produce the same hash output, making the hash function unreliable for unique representation.

    • Example of birthday problem offers an analogy for understanding hash collisions.

  • Common Hash Functions:

    • MD5: Insecure for passwords but can be used for file integrity checking.

    • SHA (Secure Hash Algorithm): SHA-256 and SHA-512 are examples of secure hashing functions. SHA-1 is considered insecure.

Digital Signatures

  • Use of Digital Signatures:

    • Verifies the authenticity of a message or document and ensures it has not been altered in transit.

    • A digital signature uses the private key of a sender to generate a signature and is verified by the receiver using the sender's public key.

  • Analogy for Understanding:

    • Similar to how a wax seal verifies the sender of a letter. It proves that the message comes from a specific individual and hasn't been tampered with during transmission.

Certificate Authority (CA)

  • Role of CA:

    • Issues digital certificates to verify the legitimacy of entities requesting certificates.

    • Validates the authenticity of a domain or organization.

  • Types of Certificates:

    • Root CA and Intermediate CA.

    • Root CA is the top of the hierarchy.

    • Intermediate CAs issue certificates on behalf of Root CAs.

Certificate Signing Request (CSR)

  • CSR Process:

    • To obtain a certificate, organizations must generate a CSR that includes information about the organization, their public key, and proof of domain ownership.

  • This request is typically validated by the CA before issuing the certificate.

    • Private keys must never be shared in the CSR process for security reasons.

Key Management Systems

  • Centralized vs. Decentralized Key Management:

    • Centralized: All keys are stored in a single location/system, making management easier.

    • Decentralized: Keys are spread across multiple locations, increasing complexity but potentially enhancing security.

Troubleshooting and Security Protocols

  • Revocation and Suspension of Certificates:

    • Revocation is permanent and signifies a certificate is no longer trustworthy.

    • Suspension is temporary and may occur if there is doubt about security.

  • Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP):

    • CRL: A comprehensive list of revoked certificates.

    • OCSP: A real-time check for the status of a specific certificate.

Conclusion

  • The discussion pointed out the importance of cryptography in securing communications and emphasized the need for proper management and protection of keys, encryption methods, and digital signatures to ensure data integrity and authenticity.