This is the quick-hit version of the second of three parts of Introduction to Cryptography training I gave.  As with all of the formal training, you can use the below for a quick reference, or view the full presentation here.

The XOR Proof

Given three values related by an XOR operation:

• Input Value:
0110 1010 0010  1011  1010  1010  0110
• XOR Key Value:
1111 1010 1011  1101  0101  1110  1000
• Result Value:
1001 0000 1001  0110  1111  0100  1110

XOR(Input,Key) = Result
XOR(Input,Result) = Key
XOR(Key,Result) = Input

This relationship is called involution, or when f(f(x)) = x.

Initialization Vectors

Think of them as nonces.  Can have a substantial impact on the cryptographic strength of a system.

Block Cipher: DES

• Data Encryption Standard
• Symmetric algorithm
• 64 bit block, 64 bit key size… well, 56 bit. Has 8 parity bits
• Broken… do not use

Block Cipher: 3DES

• Triple Data Encryption Standard
• 64 bit block, and 56-bit, 112-bit, or 168-bit key sizes (those 8 parity bits add up)
• Still considered secure enough for most applications
• Still used by PCI, Microsoft OneNote, SCCM, etc.

Block Cipher: AES

• Approved by NSA for Top Secret information
• Symmetric algorithm
• 128 bit block, 128-bit, 192-bit, and 256-bit key sizes

Block Cipher: RC5

• Rivest Cipher 5 (also “Ron’s Code 5”)
• Symmetric algorithm
• Variable blocks (32/64/128 bit), key sizes (0-2040-bit), and rounds (0-255)
• Uses the key with multiple NUMS numbers to generate unique words used by parts of the algorithm.
• Still considered secure

Stream Cipher: RC4

• Rivest Cipher 4 (also “Ron’s Code 4”)
• DO NOT USE THIS. It’s considered broken.
• Gets even worse when bad IVs are used.
• Assumed to be breakable in near real time by nation states within TLS.

Stream Cipher: A5/1 and A5/2

• The security used by GSM cell phones.
• A5/1 was “strong” crypto, and A5/2 was “weak” export crypto.
• Both are now acknowledged as weak, but still used in some parts of the world.
• Part of the original crypto wars, although not often recognized for it.
• Rainbow tables available.

Public Key Cryptography

• Asymmetric algorithms using a “public” and “private” key
• Uses two algorithms (one for confidentiality, one for integrity)
• RSA or ECC for confidentiality
• SHA-2 is only good option for integrity at this point
• Properties of key pair lead to interesting functionality
• Encrypt(data, public key) can only be decrypted by Decrypt(cipher, private key)
• Encrypt(data, private key) can only be decrypted by Decrypt(cipher, public key)
• You can demonstrate ownership of a private key by encrypting with it.
• Multiple formats
• PKCS1 – Specifies how to use RSA keys.
• PKCS3 – Specifies how to do Diffie-Hellman Key Exchanges (DHKE)
• PKCS7 – Specifies how to sign/encrypt messages within PKI.
• PKCS12 – A container for multiple cryptographic objects

Diffie-Hellman-Merkle (Conceptual) Example

• Client randomly chooses ”258” as a value, and server randomly chooses “314” as a value
• Each sends the factor of their choices to the other
• Client sends 5 * 258 = “1290”, server sends 5 * 314 = ”1570”
• Each adds their factor to the transmitted value
• Client takes 1570 * 258 = “405060”, server takes 1290 * 314 = “405060”
• A new key is made! (405060)

Signing With PKI

• Alice wants to communicate with Bob
• First, she and Bob exchange public keys
• Eve gets those too, but since she’s not part of this we won’t mention her again
• Alice writes her message
• Alice calculates the hash of her message
• Alice encrypts the hash with her private key
• Alice encrypts the message, the hash algorithm, and the hash with Bob’s public key
• Bob decrypts the message and gets the text, hash algorithm, and hash
• Bob calculates the hash of the message using the specified algorithm
• Bob decrypts Alice’s hash using her public key
• If the calculated and decrypted hashes match, Bob knows that Alice sent the message and it hasn’t been modified