18.2 Encryption Algorithms
Ciphers (?)
- Ciphers are algorithms used to encrypt or decrypt the data.
- Block ciphers: Deterministic algorithm operating on block (group of bits) of fixed size with an unvarying transformation specified by a symmetric key. Most modern ciphers are block ciphers. These are widely used to encrypt bulk data. Examples includes DES, AES, IDEA, etc.
- Stream ciphers: Symmetric key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). Here, the user applies the key to each bit, one at a time. Examples includes RC4, SEAL, etc.
Data Encryption Standard (DES)
- The algorithm is designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56-bit key.
- DES is the archetypal block cipher - an algorithm that takes a fixed-length string of plaintext bits and transforms it into a ciphertext bitstring of the same length.
- Due to the inherent weakness of DES with today's technologies, some organizations repeat the process three times (3DES) for added strength, until they can afford to update their equipment to AES capabilities.
Advanced Encryption Standard (AES)
RSA (Rivest Shamir Adleman)
- RSA is an Internet encryption and authentication system that uses an algorithm developed by Ron Rivest, Adi Shamir, and Leonard Adleman.
- RSA encryption is widely used and is one of the de-facto encryption standard.
- It uses modular arithmetic and elementary number theories to perform computations using two large prime numbers.
The RSA Signature Scheme
Example of RSA Algorithm
Message Digest (One-way Hash) Functions
- Hash functions calculate a unique fixed-size bit string representation called a message digest of any arbitrary block of information.
- If any given bit of the function's input is changed, every output bit has a 50 percent chance of changing.
- It is computationally infeasible to have two files with the same message digest value.
- Note: Message digests are also called one-way hash functions because they cannot be reversed.
- Message digest functions distill the information contained in a file (small or large) into a single fixed-length number, typically between 128 and 256 bits.
- If any given bit of the function's input is changed, every output bit has a 50% chance of changing.
Message Digest Function: MD5
- MD5 algorithm takes a message of arbitrary length as input and outputs a 128-bit fingerprint or message digest of the input.
- MD5 hash is a 32-digit hexadecimal number.
- MD5 is not collision resistant, use of latest algorithms such as SHA-2 and SHA-3 is recommended.
- It is still deployed for digital signature applications, file integrity checking and storing passwords.
echo "There is CHF1500 in the blue bo" | md5sum
e41a323bdf20eadafd3f0e4f72055d36
Secure Hashing Algorithm (SHA)
- It is an algorithm for generating cryptographically secure one-way hash, published by the National Institute of Standards and Technology as a U.S. Federal Information Processing Standard.
- SHA1: It produces a 160-bit digest from a message with a maximum length of (2^64-1) bits, and resembles the MD5 algorithm.
- SHA2: It is a family of two similar hash functions, with different block sizes, namely SHA-256 that uses 32-bit words and SHA-512 that uses 64-bit words.
- SHA3: SHA-3 uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly permuted.