Key terms in cryptography.Cryptography is populated with new terms See suggestions for new terms. and acronyms largely unfamiliar to anyone working outside this concentration of security. This section lists the most valuable cryptographic terms and their definitions. Symmetric key. A symmetric key is a single cryptographic key that represents a shared secret
In cryptography, a shared secret is a piece of data only known to the parties involved in a secure communication. between the sender and recipient. The sender encrypts the message using the symmetric key, and the recipient decrypts the message with the same key. The difficulty is safely sharing the symmetric key, which may require transmitting the key over an insecure channel. Ultimately, the sender and recipient must both acquire the symmetric key before initiating a conversation. Symmetric algorithms are quicker than asymmetric routines and are more convenient for encrypting large amounts of data. Symmetric keys are also used by an individual to encrypt and decrypt To convert secretly coded data (encrypted data) back into its original form. Contrast with encrypt. See plaintext and cryptography. data which will not be shared with anyone. Symmetric keys are also used by an individual to encrypt and decrypt data that will not be shared with anyone. This introduces the problem of key management, how do users safely store keys used to encrypt? Symmetric keys are used with symmetric encryption Same as secret key cryptography. for confidentiality. They are also known as session keys. .NET supports the following symmetric algorithms (which are also called block ciphers): * DES (Data Encryption Standard See DES. Data Encryption Standard - (DES) The NBS's popular, standard encryption algorithm. It is a product cipher that operates on 64-bit blocks of data, using a 56-bit key. It is defined in FIPS 46-1 (1988) (which supersedes FIPS 46 (1977)). algorithm) m RC2 (Rivest's Cipher cipher: see cryptography. (1) The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. algorithm) * Rijndael (Rijndael Cryptographic algorithm) * TripleDES (Triple Data Encryption Standard algorithm) Asymmetric keys. Asymmetric keys are two keys, a public and private key sometimes referred to as a public/private key pair. Data encrypted with the public key can be decrypted using the private key, and with some algorithms, vice versa VICE VERSA. On the contrary; on opposite sides. . Asymmetric algorithms are based on mathematically related, but different keys. Typically, the recipient publishes a public key in a known repository, where senders can acquire the key. The recipient also keeps the private key private and doesn't share it with anyone. Since the public key is meaningless without the matching private key, insecure channels can be used to transmit the public key. Asymmetric keys are preferred when establishing client server connections through an insecure medium, such as the Internet. However, there are drawbacks. First, asymmetric algorithms are slower than symmetric algorithms. Second, asymmetric algorithms cannot be applied to variable-length streams of data. An alternative is using asymmetric keys as a secure channel for transmitting a symmetric key, then using that key to establish secure communication. The sender would encrypt the symmetric key using the public key of an asymmetric public/private key pair, then transmit the cipher text to the recipient. The recipient would decrypt the incoming cipher text using the related private key and obtain the symmetric key. Now, the sender and recipient both have the symmetric key and a secure conversation can begin. Figure 1 documents the steps. [FIGURE 1 OMITTED] Asymmetric keys are also called a key-exchange pair. .NET supports the following asymmetric algorithms: * DSA (1) (Directory Server Agent) An X.500 program that looks up the address of a recipient in a Directory Information Base (DIB), also known as white pages. It accepts requests from the Directory User Agent (DUA) counterpart in the workstation. (Digital Signature algorithm The Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology (NIST) in August 1991 for use in their Digital Signature Standard (DSS) ) * RSA (1) (Rural Service Area) See MSA. (2) (Rivest-Shamir-Adleman) A highly secure cryptography method by RSA Security, Inc., Bedford, MA (www.rsa.com), a division of EMC Corporation since 2006. It uses a two-part key. (Rivest, Shamir, Adleman) This algorithm is composed of the intials of the last names of the inventors of the algorithm Initialization vector A continuously changing number used in combination with a secret key to encrypt data. Initialization vectors (IVs) are used to prevent a sequence of text that is identical to a previous sequence from producing the same exact ciphertext when encrypted. . When using block encryption, each block in a stream is read and then encrypted with the symmetric key. Optionally, block n can be encrypted with the symmetric key and the contents of block n-1. This technique removes patterns that malicious code can exploit, because two blocks with identical content would render different ciphers. The problem is block 0, which has no preceding data. The initialization vector is a randomly generated block used to encode block 0 and ensure its secrecy. All of the encryption ciphers that ship with the .NET framework are block ciphers. Block ciphers use initialization vectors (IVs) to ward off what is called block replay. Block ciphers work by taking plain text in blocks (usually 8 or 16 bytes) and encrypting the blocks. Each encrypted block is XORed with the previous block of cipher text. However, for the first block, there is no previous block. This is where the initialization vector is used; it is this block with which the first encrypted block is XORed. Cipher. Also known as an algorithm. Cipher text. Encrypted data is called cipher text, while decrypted data is referred to as plaintext. Hash and hash-based functions. Hash functions This is a list of hash functions, including cyclic redundancy checks, checksum functions, and cryptographic hash functions. Cyclic redundancy checks
Name Length Type Adler-32 32 bits sum are used for integrity. Using a hash function An algorithm that turns a variable-sized amount of text into a fixed-sized output (hash value). Hash functions are used in creating digital signatures, hash tables and short condensations of text for analysis purposes (see hash buster). over some data can prove that the original data hash not been tampered with. If the original data is run through the same hash algorithm as the hash, the resulting hash should be the same. A hash is a fixed length blob derived from variable length data using a hashing algorithm. Hashing is one-way-a hash cannot be reverse-engineered-and collision resistant. Good hashing algorithms make it statistically trivial that any two variable-length inputs result in the same hash. A hash function consumes variable-length data, applies a mathematical formula to the data, and renders a fixed-length representation of the data. .NET supports the following hashing algorithms. * HMACSHA1 (Hash-based Message Authentication Code A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag). using SHA SHA - Secure Hash Algorithm 1) * M-ACTripleDES (Message Authentication Code using TripleDES) * MD5 (Message Digest algorithm) * SHA1 (Secure Hash Algorithm (algorithm, cryptography) Secure Hash Algorithm - (SHA) A one-way hash function developped by NIST and defined in standard FIPS 180. SHA-1 is a revision published in 1994; it is also described in ANSI standard X9.30 (part 2). 1) * SHA256 (Secure Hash Algorithm 256) * SHA384 (Secure Hash Algorithm 384) * SHA512 (Secure Hash Algorithm 512) Digest. A digest is the output from a hash function that was created from variable length input. Digital signature. Digital signatures are created from asymmetric and hashing algorithms and used to authenticate the sender and prove the data hasn't been tampered with in transit. The recipient creates the digital signature by generating a hash from signature data (plaintext), which is then encrypted with the recipient's private key. The resulting digest is considered the digital signature, which is then appended to the message. The recipient uses the public key to decrypt the digital signature to obtain the hash. The recipient independently calculates the hash of the message, which is compared to the sent hash. If the hashes match, the sender is authenticated and the integrity of the data is proven. The steps are shown is Figure 2. If the sender is not the owner of the mathematically related private key or the message has been altered, the comparison fails. [FIGURE 2 OMITTED] Key length. Longer keys are more secure than shorter instances. Symmetric keys of the Base Provider are always 40-bit keys, while the Enhanced Provider uses 128-bit keys. Salt value. Salts are random data combined with plain text and the session key used to create cipher text. Commonly, salt values are used in password based encryption (PBE PBE Password Based Encryption (cryptography) PBE Programming By Example PBE Protective Breathing Equipment PBE Prompt By Example PBE Place-Based Education PBE Paint Body Equipment PBE Pool Boiling Experiment PBE Plain Both Ends ) to ward off what is called a dictionary attack. Users typically use weak passwords (such as password or password1). Some systems run users' passwords through a hash function and store the digest. If attackers gain access to the passwords, they can run each word of a dictionary through the same hash algorithm and compare each result with the hashed password. If they match, the password is found. A salt value wards off this attack by hashing the password and the salt together. This makes the attackers' job much more difficult, if not impossible. From a new book published by Wiley .Net Security Programming, Author Donis Marshall, ISBN ISBN abbr. International Standard Book Number ISBN International Standard Book Number ISBN n abbr (= International Standard Book Number) → ISBN m 0-471-22285-2 |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion