This site is 100% ad supported. Please add an exception to adblock for this site.

Cryptography Algorithms

Terms

undefined, object
copy deck
Rijndael = the new Advanced Encryption Standard (AES), replacing DES
Symmetric; block cipher = 128, 192, or 256 bits (AES standardized on 128 bits); key length = variable; rounds = 4-step, parallel series, key size of 128 bits = 9 rounds, 192 bits = 11 rounds, 256 bits = 13 rounds; suited for smart cards, various processors, ISDN, ATM, satellite regulated under NIST as the US government FIPS algorithm; secures Sensitive but Unclassified material
Data Encryption Standard (DES)
Symmetric; block cipher = 64 bits; key length = 56 bits (weak); rounds = 16; each chunk is permutated
Triple DES
Symmetric; like DES applied 3 times; key length = 168 bits; 3 methods: a) keys 1, 2, and 3 are unique, b) keys 1 and 2 are unique but key 3 is just key 1 repeated again, c) keys 1, 2, and 3 are copies of one another (the method backward compatible with DES).
Blowfish
Symmetric; block cipher = 64 bits; key length = variable, 32 to 448 bits; rounds = 16; a drop in substitute for the time consuming algoriths IDEA and DES; unpatented, royalty-free, requires no license to use
Twofish
Symmetric; block cipher = 128-bit; key length = 128, 192, or 256 bits; rounds = 16; efficient for use on smart cards; much faster than Blowfish; unpatented, free to use
Serpent
Symmetric; block cipher = 128 bits; key length = 128, 192, or 256 bits; rounds = 32
Skipjack
Symmetric; data chunks = 64 bits; key length = 80 bits; rounds = 32; developed by the NSA; classified as Secret with details not released to the public for scrutiny; implementation is limited to government-authorized hardware manufacturers and is not used in software; used in the Clipper chip
International Data Encryption Algorithm (IDEA)
Symmetric; block cipher = 64 bits; key length = 128 bits (which is used to generate 52, 16-bit keys); rounds = 8; concatenation; susceptible to a weak key (a key made of all zeros), which is easy to check for and mitigate; used in PGP
MARS (Multiplication, Addition, Rotation, Substitution)
Symmetric; shared-key block cipher = 128 bits; key length = variable, 128 to over 400 bits; small footprint, making it ideal for smart cards
CAST
Symmetric; Feistel cipher; block size = 64 bits for key length = 64 and 128 bits, block size = 128 for key length = 256 bits; rounds = 8 for key length = 64 bits, rounds = 16 for key length = 128, rounds = 48 for key length = 256; used in PGP
RC6
Symmetric; block cipher = 128 bit; key length = 128, 192, and 256 bits; rounds = 20; works well for hash functions; runs well on 32-bit computers
RC5
Symmetric; block cipher = variable; key length = variable; rounds = variable
RC2
Symmetric; block cipher = 64 bits; key length = 8 to 1024 bits; rounds = 18 in one or two operations; operations are mix and mash; drop-in substitute for slower DES; the ability to accept variable key lengths is one of the larger vulnerabilities; any key length below 64 bits can be easily retrieved; source code was illegally posted on the internet
RC4
Symmetric; stream cipher; key length = 8 to 2048 bits (with 128 bits being the most common, unless subject to old export restrictions, in which case 40 bits is common); key is used to initialize a 256-byte state table, which is used to generate the pseudo-random stream that is XORed with the plaintext to generate the ciphertext; most vulnerable point is the possibility of weak keys, with 1 key in 256 closely correlating with key bytes; faster than a block cipher because stream ciphers encrypt on the fly; works well in conjunction with SSL to encrypt data transferred between secure web sites and their customers; remained a trade secret of RSA until it was posted on the internet
GOST
Symmetric; 64-bit cipher; key length = 256 bits; from the former Soviet Union; can be used in software and hardware implementations
Tiny Encryption Algorithm (TEA)
Symmetric; 128-bit cipher; uses a large number of rounds as opposed to a complex program; uses a minimal amount of code to implement
RSA
Asymmetric; recommended key length for corporate environments = 1024 bits, recommended key length for sensitive transfers = 2048 bits; takes two large primes exceeding 100 digits and multiplies them together forming a product called the modulus, which is the basis for what what the public and private keys end up being comprised of; included in many popular software applications, such as Microsoft Internet Explorer and Netscape Navigator; provides a means of encryption and the use of Digital Signatures to provide authentication and integrity verification; a defacto standard for many years, now patented
Diffie-Hellman (DH), or key agreement protocol
Asymmetric; offers security by way of the discrete logarithm problem; also uses large prime numbers to work; plays a role in the electronic key exchange method of the Secure Sockets Layer (SSL) protocol, the SSH protocol, and the IPsec protocol; used in PGP; the second most widely used asymmetric algorithm next to RSA; provides a way to exchange private keys across an open connections such as the Internet without first exchanging any secret data; it remains effective because of the nature of what it is protecting, which is just a temporary automatically generated secret key that is only good for a single communication session; once patented, now released into the public domain
ElGamal
Asymmetric; based upon the difficulty of calculating discrete logarithms in a finite field; for encryption, 3 numbers are needed to generate a key pair; for digital signatures, a different function is used utilizing a prime number and concatenation; is primarily used for digital signatures, but is also used for encryption; used as the US standard for digital signatures; never patented and free for use
Elliptic curve cryptography (ECC)
Asymmetric; works on the basis of elliptic curves, which are simple functions drawn as gently sloping curves on the X,Y plane; by adding two points on the curve together, one can get a third point on the curve; users agree on an elliptic curve and a fixed curve point--info that is not a shared secret and can be made public without compromise; users then choose a secret random number each; security of this system is questioned because of lack of analysis
Secure Hash Algorithm (SHA), the latest being SHA-1
Hashing; message digest = 160 bits; rounds = 5; a process called message padding forces the size of the pre-hashed text string to be a multiple of 512, which is the block size; if the data that is input is not a multiple of 512, the message is padded with zeros and an integer describing the original length of the message; although it is possible, SHA-1 does not typically use any shared secrets or keys to accomplish its fingerprinting; works as all hashing functions work by applying a compression function to the data input; security is assumed based on the fact that it is computationally infeasible for 2 different strings of text to hash to the same message digest (a collision); message created can be used by the Digital Signature Algorithm (DSA), which can then compute the signature of the message; was developed by NIST and the NSA as the algorithm to be used for secure hashing in the US Digital Signature Standard (DSS)
MD2
Hashing; takes a data input of any length and produces a hash output of 128 bits; optimized for 8-bit machines; input data is padded to become a multiple of 16 bytes; after padding, a 16-byte checksum is added to the message; a compression function is invoked; the output result is a 128-bit digest; the only successful known attack is dependent upon the checksum not being appended to the message before the hash function is run, making the algorithm vulnerable to a collision attack
MD4
Hashing; optimized for 32-bit computers; takes a data input of any length and produces a digest of 128 bits; message is padded to become a multiple of 512, which is then concatenated with the representation of the message's original length; an extended version of MD4 computes the message in parallel and produces two 128-bit outputs, effectively a 256-bit hash; the vulnerability to collisions applies equally to both versions, as security is not improved because of basic flaws in the algorithm
MD5
Hashing; rounds = 4; optimized for 32-bit computers; takes a data input of any length and outputs a message digest of 128 bits; the original message is padded and a representation of the original length of the message is added to the padded value to bring the entire message up to a 512-bit multiple; concatenation is performed; there has been cryptanalysis displaying weaknesses in the compression function, but this weakness does not lend itself to an attach on MD5, itself; a combination of problems has pushed people to adopt SHA for security reasons; MD5 is faster but less secure than SHA; source code for MD5 is freely available on the Internet; can be used in a variety of software and hardware implementations
transposition cipher
The same letters are used, but the order is changed, as when the Spartans used a ribbon wrapped around a specific gauge cylinder and then wrote on the cylinder; the message could only be read when someone wrapped the ribbon back around the same gauge cylinder; a common modern-day example of this is the ROT13 cipher, where every letter is rotated 13 positions in the alphabet
shift cipher
An example is Caesar's cipher, which uses an algorithm and a key, the algorithm specifying that you offset the alphabet either to the right (forwards) or to the left (backwards), and the key specifying how many letters the offset should be
substitution cipher
Is far more complex than a shift cipher; popular in Elizabethan England; works on the principle of substituting a different letter for every letter, permitting 26 possible values for every letter in the message; the Vigenere cipher works as a polyalphabetic substitution cipher that depends on a password; a substitution table is set up; the password is matched up to the text it is meant to encipher; if the password is not long enough, the password is repeated until one character of the password is matched up with each character of the plaintext; the cipher letter is determined by use of the previous grid, matching the plaintext character's row with the password character's column, resulting in a single ciphertext character from where the two meet; if someone knows what the table is, they can determine how the encryption was performed, but they still will not know the key to decrypt the message
one-time pad (OTP) cipher
Key length is equal to the length of the message and completely random data must be used for the key; this allows the keyspace to be unlimited, therefore making a brute-force attack impossible

Deck Info

28

permalink