For many new hackers, all the concepts and terminology of cryptography can be a bit overwhelming. So let’s learn what is Cryptography. Simply understanding it is the science and art of hiding messages so that they are confidential, then “unhiding” them so that only the intended recipient can read them. The prefix “crypt” means “hidden” or “vault” and the suffix “graphy” stands for “writing”. We can say that cryptography is the science of secret messaging.
EXAMPLE:
Let’s illustrate this with the aid of an example. Suppose you want to send the message “I LOVE APPLES”, you can replace every letter in the phrase with the third successive letter in the alphabet. The encrypted message will be “K NQXG CRRNGV”. To decrypt our message, we will have to go back three letters in the alphabet using the letter that we want to decrypt. The image below shows how the transformation is done.
Modern cryptography concerns itself with the following four objectives:
1. Confidentiality
2. Integrity
3. Non-repudiation
4. Authentication
Types of Cryptography
Types of Cryptography
There are several ways to categorize encryption, but for our purposes here, I have broken them down into four main areas.
- Symmetric Encryption
- Asymmetric Encryption
- Hashes
- Wireless
Symmetric Cryptography
Symmetric cryptography is where we have the same key at the sender and receiver. It is probably the most common form of cryptography. You have a password or key that encrypts a message and I have the same password to decrypt the message. Anyone else can’t read our message or data.
Some of the common symmetric algorithms that you should be familiar with are:
· DES –
This was one of the original and oldest encryption schemes developed by IBM. It was found to be flawed and breakable and was used in the original hashing system of LANMAN hashes in early (pre-2000) Windows systems.
· 3DES –
This encryption algorithm was developed in response to the flaws in DES. 3DES applies the DES algorithm three times (hence the name “triple DES”) making it slightly more secure than DES.
· AES –
This is the acronym for Secure Hash Algorithm. SHA algorithms are used to generate condensed representations of a message (message digest). It has various versions such as;
· SHA-0:
produces 120-bit hash values. It was withdrawn from use due to significant flaws and replaced by SHA-1.
· SHA-1:
produces 160-bit hash values. It is similar to earlier versions of MD5. It has cryptographic weakness and is not recommended for use since the year 2010.
· SHA-2:
It has two hash functions namely SHA-256 and SHA-512. SHA-256 uses 32-bit words while SHA-512 uses 64-bit words.
· SHA-3:
This algorithm was formally known as Keccak.
· RC4 –
This is streaming (it encrypts each bit or byte rather than a block of information) cipher and developed by Ronald Rivest of RSA fame. Used in VoIP and WEP.
Blowfish –
The first of Bruce Schneier‘s encryption algorithms. It uses a variable key length and is very secure. It is not patented, so anyone can use it without a license.
Asymmetric Cryptography
Asymmetric cryptography uses different keys on both ends of the communication channel. This cryptography is very slow, about 1,000 times slower than symmetric cryptography, so we don’t want to use it for bulk encryption or streaming communication. It does, however, solve the key exchange problem. Since we don’t need to have the same key on both ends of a communication, we don’t have the issue of key exchange.
Some of the common asymmetric encryption schemes you should be
familiar with are:
Diffie-Hellman — Many people in the field of cryptography regard the
Diffie-Hellman key exchange is the greatest development in cryptography Without going deep into the mathematics, Diffie and
Hellman developed a way to generate keys without having to exchange the keys,
thereby solving the key exchange problem that plagues symmetric key encryption.
RSA — Rivest, Shamir, and Adleman is a scheme of asymmetric encryption that uses factorization of very large prime numbers as the relationship between the two keys.
PKI — Public key infrastructure is the widely used asymmetric system for exchanging confidential information using a private key and a public key.
ECC — Elliptical curve cryptography is becoming
increasing popularity in mobile computing as it is efficient, requiring less
computing power and energy consumption for the same level of security. ECC
relies upon the shared relationship of two functions being on the same
elliptical curve.
PGP — Pretty Good Privacy uses asymmetric encryption to assure the privacy and integrity of
email messages.
Hashes
Hashes are one-way encryption. A message or password is encrypted in a way that it cannot be reversed or unencrypted. You might wonder, “What good would it do us to have something encrypted and then not be able to decrypt it?” Good question!
Some of the very popular
hashes are:
MD4
This was an early hash by Ron Rivest and haslargely been discontinued in use due to collisions.
MD5
The most widely used hashing system. It’s 128-bit
and produces a 32-character message digest.
SHA1
Developed by the NSA, it is more secure than MD5, but
not as widely used. It has 160-bit digest which is usually rendered in
40-character hexadecimal. Often used for certificate exchanges in SSL, but
because of recently discovered flaws, is being deprecated for that purpose.
Wireless Cryptography
Wireless cryptography has been a favorite of Hackers as so many here are
trying to crack wireless access points. As you might guess, wireless cryptography is symmetric (for speed), and as with all symmetric cryptography,
key exchange is critical.
· WEP
This was the original encryption scheme for wireless and was quickly discovered to be flawed. It used RC4, but because of the small key size (24-bit), it repeated the IV about every 5,000 packets enabling easy cracking on a busy network.
· WPA
This was a quick fix for the flaws of WEP, adding a larger key and TKIP to make it
slightly more difficult to crack.
· WPA2-PSK
This was the first of the more secure wireless encryption schemes. It uses a pre-shared
key and AES. It then salts the hashes with the AP name or SSID. The hash is exchanged at authentication in a four-way handshake between the client and AP.
· WPA2-Enterprise
This wireless encryption is the most secure. It uses a 128-bit key, AES, and a remote authentication server (RADIUS).
I hope you keep coming back, as we continue to explore
the wonderful world of information security and hacking!