e-Liberty Playpen

Cryptography

1. What is cryptology?

Cryptology is an art and science that provides security methods that administrators utilize to maintain integrity, confidentiality, and validity of the information transmitted throughout their network. For example it can be used to encrypt passwords.

2. What is the difference between plaintext and ciphertext.

Plaintext is the exact original message in a format that is read without the use of decryption. Ciphertext is a an encrypted message that cannot be read without the key to the algorithm that encrypted the text.

3. What is a block cipher?

This is a symmetric encryption algorithm that encrypts and decrypts data in chunks (bit data blocks).

4. What is a CAST?

CAST stands for Carlisle Adams and Stafford Tavares. These idividuals invented CAST, which is a 64bit block cipher.

5. What is a cipher?

A cipher is a mathematical function used to encrypt or decrypt. This mathematical function serves as a cryptographic algorithm.

6. Is it possible to break an encryption?

Of course. Security is a preventative process, and therefore no code is unbreakable. The idea of cryptography is to make it unreasonable to break an algorithm. Most encryptions can be broken, however, most modern "secure" encryption techniques would take millions of computers hundreds of years to break. So is anything totally secure? No. However, modern cryptographic algorithms make it very difficult.

7. What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key is used to encrypt and decrypt the original message. Asymmetric encryption means that two different keys are used to encrypt and then decrypt the message. Asymmetric encryption lowers the cost because it allows users to keep track of their own keys. This is used by things like PGP. Symmetric encryption can get way out of hand because a seperate key is needed for ever single conversation for it to be secure.

8. What is Public/Private Key encryption?

Public Key and Private Key encryption is a variation of asymmetric encryption that makes exchanging data more secure. A user may generate a public key and a private key pair. As with asymmetric encryption the public key can decrypt messages encrypted by the private key. Likewise, the private key can decrypt messages encrypted by the public key. The private key is sometimes referred to as the secret key because the user will never share that key with anyone. However, he will give the public key to anyone that he would like to communicate with. Oftentimes a user will encrypt their public key with the public key of another user with which they are wanting to communicate. This will securely distribute public keys to each party and will develop non-repudiation, which is very important when it comes to sercurely communicating. Ultimately Public/Private Key methods are based on trust relationships and it is necessary to have some way of determining that the public keys provided are from the correct source. PGP is one method that tries to develop interlinked relationships to verify that people are who they say they are. Public/Private Key was developed by Whitfield Diffie and Martin Hellman in 1976.

9. What is a Certificate Authority?

A Certificate Authority is any trusted third party that helps in validating credentials. It is effective in limiting the scope of a Man-in-the-Middle attack. Corporations like VeriSign offer their services in validating credentials so that customers who need to pass sensitive information have some validation that they are not giving out sensitive information to an unsecure site, or a phishing site.

10. What is steganography?

This is the art or science of creating hidden messages in a form that only the recepient knows of its existence. These hidden messages usually appear as something normal to outsiders such as a shopping list or a picture.

11. What is a digital signature?

This is a method of adding authenticity to digital information and can be related to a physical signature on a document. Digital signatures make use of Public Key Cryptography.

12. What is Exclusive Or (XOR)?

It is a very simple symmetric encryption where plaintext (represented by bits) is XORed with a Key (Password in bits) to result in ciphertext. The XOR operation is computed with the following process:
0 XOR 0 = 0, 0 XOR 1 = 1, 1 XOR 0 = 1, 1 XOR 1 = 0
*Note:
0 XOR 1 XOR 1 = 0, or P XOR K = C and C XOR K = P
In which P is the Plaintext, K is the Key and C is the Ciphertext. Thus, the same Key can be used to Encrypt and Decrypt. It is not considered a secure form of encryption, but it is used as a part of many secure cryptographic methods.

13. What is the Avalanche Effect?

The avalanche effect was coined by Horst Feistel (known for Feistel Functions) and it simply means that for every input bit that is changed the output changes significantly. Ideally half of the output will be changed for every input bit that is changed because it makes it much harder to predict the output result (50/50). If a block cipher does not have a strong avalanche effect then it is considered to have poor randomization and would be easily cryptanalyzed. The avalanche effect also makes encryption work more quickly because more randomness per encryption round means less rounds will be needed to make the cipher secure.

14. What is Linear Cryptanalysis?

Linear Cryptanalysis is the use of linear approximations (guesses) that can be used against any algorithm that has less than or greater than 50% probability of being guessed. If the probability is less than 50% then the bias in the cryptographic result can be exploited if enough plaintexts and ciphertexts are obtained (i.e. the more data you have the easier it will be to make more correct guesses). Linear Cryptanalysis helps eliminate the number of possible keys in an algorithm (because it figures out some of the bits that MUST be in the correct Key), this will then make a brute force attack easier because there are less keys to try. Linear Cryptanalysis is done against non-linear functions like Substitution Boxes. If a linear bias is found between the input of the S-Box and the output of the S-Box then a linear expression can be developed to help crack the Key(s) involved.

15. What is Differential Cryptanalysis?

Differential Cryptanalysis is the study of the non-randomness of a block or stream cipher. This non-randomness is detected by evaluating how much ciphertext (the output) changes when a bit of plaintext (the input) is changed. If the randomness is higher than 50% then there is what as known as a differential. This can be exploited with a chosen-plaintext attack.

16. What is a Chosen-Plaintext Attack

A chosen-plaintext attack is when the cryptanalyst (attacker) has access to some plaintext and its associated ciphertext for a number of messages (the more messages, the more successful the attack will be), and the attacker can choose what plaintext gets encrypted. This attack can be applicable to symmetric encryption methods, but it is more feasible against asymmetric encryption methods where the attacker can more easily obtain the public key.