In this chapter, we will learn about cryptography, various types of cryptography, ciphers,
cryptography tools, Public Key Infrastructure (PKI), and digital signature. We will discuss about
SSL (Secure Sockets Layer), disk encryption, and disk encryption tools. This chapter focuses on
AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA.
18.1 Understand cryptography, learn various types of cryptography, and understand ciphers
Exam Focus: Understand cryptography, learn various types of cryptography, and understand
ciphers. Objective includes:



Understand cryptography.
Learn various types of cryptography.
Understand ciphers.
Cryptography
Cryptography is a technique of encrypting and decrypting messages. When the text is encrypted,
it is unreadable by humans but when it is decrypted, it is readable. Cryptography is necessary to
protect email messages, credit card information, and corporate data. The terms used in
cryptography are as follows:






Plaintext: Plaintext can be read by a user.
Ciphertext: Ciphertext can be converted to a non-readable format.
Encryption: Encryption is the process of creating ciphertext from plaintext.
Decryption: Decryption is the process of converting ciphertext to plaintext.
Cipher: Cipher is an algorithm that is used to encrypt and decrypt text.
Key: Key is an element used in the technology of encrypting and decrypting text.
Goals of cryptography
The following are the goals of cryptography:
1. Confidentiality: It makes sure that the message remains private and cannot be accessed
by any unauthorized user when transmitted between two or more parties. There are two
types of cryptosystems that ensure message confidentiality. They are as follows:
o Symmetric key cryptosystem: It uses the shared key that is available to all the
users of the cryptosystem.
o Public key cryptosystem: It makes use of a combination of public and private
keys for each user of the cryptosystem.
2. Integrity: It makes sure that the message remains unaltered when transmitted between
two or more parties. If the goal of integrity is attained, the recipient is ensured that the
received message is identical to the message that was sent.
3. Authentication: It verifies the user's identity.
4. Non-repudiation: It assures the recipient that the message was really sent by the sender
and someone is not masquerading as the sender.
Types of cryptography
The following are the types of cryptography:



Symmetric encryption: It is a type of encryption that uses a single key to encrypt and
decrypt data. Symmetric encryption algorithms are faster than public key encryption.
Therefore, it is commonly used when a message sender needs to encrypt a large amount
of data. Data Encryption Standard (DES) uses the symmetric encryption key algorithm to
encrypt data.
Asymmetric encryption: It is a type of encryption that uses two keys, i.e., a public key
and a private key pair for data encryption. The public key is available to everyone, while
the private or secret key is available only to the recipient of the message. For example,
when a user sends a message or data to another user, the sender uses the public key to
encrypt the data. The receiver uses his private key to decrypt the data.
Hash function: It does not use any key for encryption and decryption. A cryptographic
hash function is a deterministic procedure that takes an arbitrary block of data and returns
a fixed-size bit string, the (cryptographic) hash value, such that an accidental or
intentional change to the data will change the hash value. Cryptographic hash functions
have many information security applications, notably in digital signatures, message
authentication codes (MACs), and other forms of authentication. They can also be used
as ordinary hash functions, to index data in hash tables, for fingerprinting, to detect
duplicate data or uniquely identify files, and as checksums to detect accidental data
corruption.
Public Key Encryption
The Public Key Encryption, also called asymmetric encryption, was first publicly proposed by
Diffie and Hellman in 1976. Public Key Encryption is more secure than non-public key
encryption. It is based on the mathematical functionality rather than on the simple operations on
bit patterns. It uses two separate keys. It has five stages as follows:





Plain Text: It is the original message.
Encryption Algorithm: It performs different transformations on plain text.
Public and Private Key: It is the input to the encryption algorithm.
Cipher Text: It is the scrambled message as an output.
Decryption Algorithm: It performs on cipher text and gives the original message as an
output.
Government Access to Keys (GAK)
Government Access to Keys (GAK) implies that software companies will give copies of all keys
or at least some keys using which the remaining keys can be cracked to the government. The
government promises that they will securely keep the keys and will only use them when a
warrant will be issued by a court to do so.
Ciphers
Ciphers are algorithms that are used for encrypting or decrypting the data. The following are
classical ciphers:


Substitution cipher: In cryptography, a substitution cipher is a method of encryption in
which units of plaintext are replaced with ciphertext according to a regular system. The
units may be single letter, pairs of letters, triplets of letters, mixtures of the all, and so
forth. The receiver deciphers the text by performing an inverse substitution.
Transposition cipher: In cryptography, a transposition cipher is a method of encryption
in which the positions held by units of plaintext are shifted according to a regular system,
so that the ciphertext constitutes a permutation of the plaintext. The units are commonly
characters or groups of characters. In the transposition cipher, the order of the units is
changed.
Modern ciphers are classified based on the type of key used and on the type of input data.
The following are classifications of modern ciphers based on the type of key used:


Private key: It involves the use of same key for encryption and decryption.
Public key: It involves the use of two different keys for encryption and decryption.
The following are classifications of modern ciphers based on the type of input data:


Block cipher: It is a symmetric key cipher that operates on blocks of messages. It
encrypts an entire message block at the same time. Transposition ciphers are examples of
block ciphers. Each block cipher has a mode of operation that functions as a stream
cipher. The more complicated columnar transposition cipher operates on an entire
message, and uses the transposition algorithm and a secret keyword to encrypt the entire
message.
Stream cipher: It is a symmetric key cipher that operates on each character, or bit of a
message. It encrypts one character per bit at a time. Caesar cipher and one-time pad are
the examples of a stream cipher. One-time pad is a stream cipher since it independently
operates on each letter of the plaintext message. Significant computational resources are
required by the stream ciphers.
Twofish
Twofish is a symmetric key block cipher. It operates on 128-bits block size and uses key sizes up
to 256 bits. It uses pre-computed key-dependent S-boxes and a relatively complex key schedule.
One half of an n-bit key is used as the actual encryption key, and the other half of the key is used
to modify the encryption algorithm. It borrows some elements from the pseudo-Hadamard
transform (PHT) from the SAFER family of ciphers.
Blowfish
Blowfish is a symmetric 64-bit block cipher that can support key lengths up to 448 bits. It is
included in a large number of cipher suites and encryption products. It was designed in 1993 by
Bruce Schneier and is freely available for anyone to use. This has contributed to its popularity in
cryptographic software.
Boomerang attack
A boomerang attack is a method for the cryptanalysis of block ciphers. The attack is based on
differential cryptanalysis. In differential cryptanalysis, an attacker exploits how differences in the
input to a cipher (the plaintext) can affect the resultant difference at the output (the ciphertext). A
high-probability "differential" (that is, an input difference that will produce a likely output
difference) is needed that covers all, or nearly all, of the cipher. The boomerang attack allows
differentials to be used which cover only part of the cipher.
18.2 Understand AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and
SHA
Exam Focus: Understand AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function:
MD5, and SHA. Objective includes:





Gain insights on Advanced Encryption Standard (AES).
Understand RC4, RC5, RC6 Algorithms.
Examine RSA (Rivest Shamir Adleman).
Explain Message Digest Function: MD5.
Understand Secure Hashing Algorithm (SHA).
Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is an encryption standard that comprises three block
ciphers, AES-128, AES-192, and AES-256, adopted from a larger collection originally published
as Rijndael. Each AES cipher has a 128-bit block size, with key sizes of 128, 192, and 256 bits,
respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as
was the case with its predecessor, the Data Encryption Standard (DES). AES is one of the most
popular algorithms used in symmetric key cryptography. It is available in many different
encryption packages. AES is the first publicly accessible and open cipher approved by the NSA
for top secret information. It is an iterated block cipher. It involves the repetition of the same
defined steps multiple times.
Data Encryption Standard
Data Encryption Standard (DES) is the name of the Federal Information Processing Standard
(FIPS) 46-3. It is a 64 bit block cipher. It includes four modes of operation: Electronic Codebook
mode, Cipher Block Chaining mode, Cipher Feedback mode, and Output Feedback mode. All
the DES modes function on 64 bits of plaintext at a time in order to generate 64-bit blocks of
ciphertext. DES uses the 56 bit long key.
The various modes of Data Encryption Standards are as follows:

Electronic Codebook (ECB) mode: It is the least secure mode. In this mode, DES uses
secret keys to encrypt the 64-bit block. It produces the same encrypted block if the
algorithm encounters the same block multiple times.



Cipher Block Chaining (CBC) mode: In this mode, before encryption, each block of
unencrypted text is XORed with the block of ciphertext immediately preceding it.
Cipher Feedback (CFB) mode: In this mode, the preceding block of ciphertext is
encrypted using the DES algorithm. This block is then XORed with the next block of
plaintext in order to achieve the next block of ciphertext. Errors propagating in this mode
corrupt the next transmitted block.
Output Feedback (OFB) mode: In this mode, DES functions in almost the same manner
as it does in the CFB mode. The plaintext with the seed value is XORed by DES, instead
of XORing an encrypted version of the previous preceding block of ciphertext.
3DES
3DES, also referred to as triple DES, is a mode of the Data Encryption Standard (DES)
encryption algorithm. 3DES uses three 64-bit keys to encrypt data thrice. Primarily, it encrypts
data with a 64-bit key. Then, the output data is again encrypted with the second 64-bit key.
Finally, the third 64-bit key is used for encryption. DES uses the block cipher method to break a
data file into 64-bit blocks, which are then encrypted.
Triple Data Encryption Algorithm (TDEA)
The Triple Data Encryption Algorithm (TDEA) was proposed by Tuchman and first came into
existence in functional applications in 1985. The Triple DEA algorithm uses three keys and
executes the DES algorithm three times. It follows an encrypt-decrypt-encrypt (EDE) sequence
as follows:
C = E<;sub>k3 [ Dk2 [ Ek1 [P] ] ]
where
C = Cipher Text
P = Plain Text
Ek [X] = encryption of X using key K
Dk [Y] = decryption of Y using key K
RC2
RC2 is a block cipher designed by Ron Rivest in 1987, and the other ciphers designed by Rivest
include RC4, RC5, and RC6. RC2 is a 64-bit block cipher with a variable size key. Its 18 rounds
are arranged as a source-heavy Feistel network with 16 rounds of one type punctuated by two
rounds of another type.
RC4
RC4 is a stream cipher designed by Ron Rivest. It is used in many applications including
Transport Layer Security (TLS), Wired Equivalent Privacy (WEP), Wi-Fi Protected Access
(WPA), etc. RC4 is fast and simple. However, it has weaknesses that argue against its use in new
systems. It is especially vulnerable when the beginning of the output keystream is not discarded,
nonrandom or related keys are used, or a single keystream is used twice. Some ways of using
RC4 can lead to very insecure cryptosystems such as WEP.
RC5
RC5 is a block cipher algorithm with a variable block size (32, 64, or 128 bits), key size (0 to
2040 bits), and number of rounds (0 to 255). 12-round RC5 (with 64-bit blocks) can be easily
cracked by using a differential attack of 244 chosen plaintexts. Hence, 18-20 rounds of RC5 are
suggested as sufficient protection.
RC6
RC6 is a cryptographic symmetric key algorithm, which is derived from the RC5 algorithm. RC6
proper has a block size of 128 bits. It also supports key sizes of 128, 192, and 256 bits. Unlike
RC5, RC6 does use an extra multiplication operation in order to make the rotation dependent on
every bit in a word.
Digital Signature Algorithm
Digital Signature Algorithm (DSA) is a United States Federal Government standard or FIPS for
digital signatures. DSA is a public key algorithm. The secret key operates on the message hash
generated by SHA-1. To verify a signature, one recomputes the hash of the message, uses the
public key to decrypt the signature, and then compares the results. The key size is variable from
512 to 1024 bits; it is adequate for the current computing capabilities as long as a user uses more
than 768 bits.
RSA Algorithm
RSA is an Internet encryption and authentication system. It uses an algorithm developed by Ron,
Rivest, Adi Shamir, and Leonard Adleman. It uses modular arithmetic and elementary number
theories in order to perform computations using two large prime numbers. The RSA algorithm is
an example of the public key algorithm in which the public key is generated from the private
key. In the RSA algorithm, the public and private keys are generated as follows:
1.
2.
3.
4.
5.
Choose two large prime numbers p and q of equal lengths, and compute n=p*q.
Choose a random public key e such that e and (p-1)*(q-1) are relatively prime.
Calculate e*d=1*mod[(p-1)*(q-1)]. Here, d is a private key.
Calculate d=e^(-1)*mod[(p-1)*(q-1)].
Now (e,n) and (d,n) are the public and private keys respectively.
Message digest
A message digest is a number, which is created algorithmically from a file and represents that
file uniquely. Message digest functions calculate a unique fixed-size bit string representation
known as a hash value of any arbitrary block of information. If the file changes, the message
digest also changes. Message digest is a compact digital signature for an arbitrarily long stream
of binary data. It is used to determine whether the file has been modified. Additionally, message
digests also help to identify duplicate files. As message digests produce values that are difficult
to invert, they are also known as one-way functions.
MD5
The MD5 Message-Digest Algorithm is a cryptographic hash function that produces a 128-bit
(16-byte) hash value. The following types of attacks can be performed on the MD5 algorithm:
1. Collision Attack: A collision attack can be used to find collisions within seconds on a
computer with a 2.6Ghz Pentium 4 processor. An attacker can use the chosen-prefix
collision attack to produce a collision for two chosen arbitrarily different inputs within
hours, using off-the-shelf computing hardware.
2. Rainbow Attack: Various MD5 rainbow tables are published online, which can be used
to reverse many MD5 hashes into strings that collide with the original input, usually for
the purposes of password cracking.
EAP-MD5
EAP-MD5 is the only IETF Standards Track-based EAP method. It does not provide server
authentication. It offers minimal security; the MD5 hash function is vulnerable to dictionary
attacks, and does not support key generation, which makes it unsuitable for use with dynamic
WEP, or WPA/WPA2 enterprise. EAP-MD5 differs from other EAP methods in that it only
provides authentication of the EAP peer to the EAP server but not mutual authentication. By not
providing EAP server authentication, this EAP method is vulnerable to man-in-the-middle
attacks. EAP-MD5 support was first included in Windows 2000 and deprecated in Windows
Vista.
Secure Hash Algorithm (SHA)
The Secure Hash Algorithm (SHA) is a cryptographic hash algorithm that generates a fixedlength digital representation (message digest) of an input data sequence of any length. The SHA
algorithm is very secure, as it is computationally very difficult to find a message that corresponds
to a given message digest. In this algorithm, any change to a message will result in a completely
different message digest. There are five SHA algorithms: SHA-1, SHA-224, SHA-256, SHA384, and SHA-512.
SHA1 hash function
The SHA-1 hash function differs from SHA-0 only by a single bitwise rotation in the message
schedule of its compression function; this was done, according to NSA, to correct a flaw in the
original algorithm which reduced its cryptographic security. However, NSA did not provide any
further explanation or identify the flaw that was corrected. Weaknesses have subsequently been
reported in both SHA-0 and SHA-1. SHA-1 appears to provide greater resistance to attacks,
supporting the NSA's assertion that the change increased the security. SHA-1 (as well as SHA-0)
produces a 160-bit digest from a message with a maximum length of (264 - 1) bits. SHA-1 is
based on principles similar to those used by Ronald L. Rivest of MIT in the design of the MD4
and MD5 message digest algorithms, but has a more conservative design.
The above image exhibits one iteration within the SHA-1 compression function. A, B, C, D, and
E are 32-bit words of the state; F is a nonlinear function that varies;
denotes a left bit
rotation by n places; n varies for each operation. Wt is the expanded message word of round t, Kt
is the round constant of round t.
denotes addition modulo
.
SSH
Secure Shell (SSH) is a protocol that provides strong authentication and secure communications
over insecure channels. It is a secure replacement for telnet and the Berkeley r-utilities. It uses
public key encryption as the main method for user authentication. SSH secures connections over
the Internet by encrypting passwords and other data. It provides an encrypted channel for the
following:



Remote logging
Command execution
File transfer
SSH delivers strong host-to-host and user authentication, and a secure communication over the
Internet. It also protects networks against IP spoofing, packet spoofing, password sniffing, and
eavesdropping. SSH uses TCP port 22 as the default port and operates at the Application layer.
The SSH protocol has the following three components:
1. Transport layer protocol
2. User authentication protocol
3. Connection protocol
Diffie-Hellman Encryption
Diffie-Hellman encryption was developed by Diffie and Hellman in 1976 and published in the
paper "New Directions in Cryptography." It is a key agreement protocol (also called exponential
key agreement) that allows two users to exchange a secret key over an insecure medium (such as
the Internet) without any prior secrets. The original protocol had two system parameters, i.e., p
and g. They are both public and may be used by all users in a system. The Diffie-Hellman key
exchange was vulnerable to a man-in-the-middle attack, as the Diffie-Hellman key exchange
does not authenticate the participants. The current form of the Diffie-Hellman protocol (also
known as the authenticated Diffie-Hellman key agreement protocol, or the Station-to-Station
(STS) protocol), was developed by Diffie, Van Oorschot, and Wiener in 1992 to overcome the
man-in-the-middle attack. This is achieved by allowing the two parties to authenticate
themselves to each other by the use of digital signatures and public-key certificates. The DiffieHellman protocol is an example of a much more general cryptographic technique, the common
element being the derivation of a shared secret value (that is, key) from one party's public key
and another party's private key. The parties' key pairs may be generated as new at each run of the
protocol as in the original Diffie-Hellman protocol. The public keys may be certified so that the
parties can be authenticated and there may be a combination of these attributes.
18.3 Identify cryptography tools, and understand Public Key Infrastructure (PKI), and digital
signature
Exam Focus: Identify cryptography tools, and understand Public Key Infrastructure (PKI), and
digital signature. Objective includes:



Identify cryptography tools.
Understand Public Key Infrastructure (PKI).
Identify digital signature.
Cryptographic tools
The following are cryptographic tools:






CommuniCrypt File: It is a file encryption/decryption tool with the strongest AES
algorithm. It can generate the hash of the source file as a password for symmetric
encryption.
CryptoForge: It is easy-to-use file encryption software for personal and professional
security. It permits a user to protect the privacy of sensitive files, folders, or messages by
encrypting them with up to four strong encryption algorithms.
Steganos LockNote: It encrypts everything that is important to a user on laptops, PCs,
USB sticks, CDs, and DVDs.
NCrypt XL: It is a tool used to encrypt every cell inside a MS Excel spreadsheet. It uses
standard algorithms such as AES and DES. The encryption is text based, and any display
format is retained. Encryption and decryption is performed by inserting a proper
password or pass phrase. Every single worksheet may be encrypted completely or by
selecting one or more of its columns.
AxCrypt: It is the leading open source file encryption software for Windows. It
integrates seamlessly with Windows in order to compress, encrypt, decrypt, store, send,
and work with individual files.
ccrypt: It is a utility used to encrypt and decrypt files and streams. It is based on the
Rijndael cipher.


AutoKrypt: It is data encryption software. It is designed for automation. It automatically
encrypts or decrypts files and folders on a schedule. Encryption methods include
password-based secret key, password-based public key, password-based private key,
OpenPGP password, and Open PGP public and private key.
Cypherix: It is a comprehensive solution used to protect sensitive data on any Windows
PC, desktop, laptop, hard disk or removable drive such as USB flash drive, memory stick,
etc.
Public key infrastructure
A public key infrastructure enables users of a basically unsecured public network such as the
Internet to securely and privately exchange data and money through the use of a public and a
private cryptographic key pair that is obtained and shared through a trusted authority. The public
key infrastructure assumes the use of public key cryptography, which is the most common
method on the Internet for authenticating a message sender or encrypting a message.
The user authentication using PKI involves the following:
1.
2.
3.
4.
5.
A user applies for a certificate.
The registration authority requests for issuing the certificate.
The certificate authority gives the public key certificate to the user.
The certificate authority updates information to the validation authority.
The user sends a message in the public key certificate signed with the digital signature to
the party with which he wants to communicate. The party validates the electronic
signature and enquires about the validity of the public key certificate from the validation
authority.
6. The party sends the public key certificate to the validation authority.
7. The validation authority sends the determined result to the party.
Components of PKI
The following are the components of PKI:




A certificate management system to generate, distribute, store and verify certificates
A certificate authority that is responsible for issuing and verifying digital certificates
One or more directories where certificates with their public keys are held
A registration authority that verifies the certificate authority
PGP
Pretty Good Privacy (PGP) is an encryption method that uses public-key encryption to encrypt
and digitally sign e-mail messages during communication between e-mail clients. PGP is
effective, easy to use, and free. Therefore, it is one of the most common ways to protect
messages on the Internet.
Digital Signature
A digital signature is a personal authentication method based on encryption and authorization
codes. It is used for signing electronic documents. A digital signature not only validates the
sender's identity, but also ensures that the document's content has not been altered. Digital
signature schemes involve the following algorithms:


A private key for signing the message
A public key for verifying signatures
Secure Electronic Transaction (SET)
Secure Electronic Transaction (SET) is a standard protocol for secure electronic transactions,
such as credit card payments, over the Internet. SET uses 56-bit Data Encryption Standard (DES)
encryption and requires digital signatures to verify the identities of all parties involved in a
transaction. This form of business is effective over the Internet because individuals or
organizations receive only relevant information. For example, a vendor does not receive the
actual credit card number during a transaction but is simply informed that the bank has approved
the transaction.
18.4 Understand SSL, disk encryption, and cryptography attacks
Exam Focus: Understand SSL, disk encryption, and cryptography attacks. Objective includes:



Describe SSL (Secure Sockets Layer).
Examine disk encryption.
Identify disk encryption tools.
Secure Sockets Layer (SSL)
Secure Sockets Layer (SSL) is an application layer protocol. It was developed by Netscape to
manage the security of a message transmission on the Internet. It is used to transmit private
documents via the Internet. SSL uses a combination of public key and symmetric encryption to
provide communication privacy, authentication, and message integrity. Using the SSL protocol,
clients and servers can communicate in a way that prevents eavesdropping and tampering of data
on the Internet. Many Web sites use the SSL protocol to obtain confidential user information,
such as credit card numbers. By convention, URLs that require an SSL connection start with
https: instead of http:. By default, SSL uses port 443 for secured communication.
TLS
Transport Layer Security (TLS) is an Application layer protocol that uses a combination of
public and symmetric key processing to encrypt data. It sets up a secure connection between a
client and a server. It ensures privacy and integrity of information during transmission. It makes
use of the RSA algorithm having 1024 and 2048 bit strengths. The following are the layers of
TLS:

TLS Record Protocol: It is used to provide a secured connection using an encryption
method.

TLS Handshake Protocol: It allows the authentication between the client and server and
permits the client and server to transfer an encryption algorithm and cryptographic keys
before data exchange.
Protected Extensible Authentication Protocol (PEAP)
Protected Extensible Authentication Protocol, Protected EAP, is a method to securely transmit
authentication information, including passwords, over wired or wireless networks. PEAP uses
server-side public key certificates to authenticate the server. It then creates an encrypted
SSL/TLS tunnel between the client and the authentication server. In most configurations, the
keys for this encryption are transported using the server's public key. The ensuing exchange of
authentication information inside the tunnel to authenticate the client is then encrypted and user
credentials are safe from eavesdropping.
Disk encryption
Disk encryption protects confidentiality of the data that is stored on a computer disk. It works
like text message encryption. Even when the OS is not active, disk encryption protects data. You
can safeguard any information to burn onto the disk and prevent it from being used by
unauthorized person by using an encryption program for your disk. DriveCrypt, BitLocker,
ShareCrypt, DriveCrypt Plus Pack, PocketCrypt, Master Voyager, FreeOTFE / FreeOTFE4PDA,
and FreeOTFE Explorer are disk encryption tools.
TrueCrypt
TrueCrypt is an open source disk encryption tool. It provides disk or USB flash drive encryption
for Linux and Windows operating systems. It has the following features:




It creates a virtual encrypted disk within a file and mounts it as a real disk.
It provides the following encryption algorithms:
o AES-256
o Serpent
o Twofish
It can also encrypt a partition or drive in which the operating system is installed.
It provides two levels of plausible deniability in case an enemy forces it to reveal the
password:
o Hidden volume and hidden operating system
o 2nd layer of encryption for sensitive contents
CryptoHeaven
CryptoHeaven is a tool that supports 2048 to 4096 bit asymmetric and 256-bit symmetric key
encryption with no third party key holder. It provides secure Internet connections, secure instant
messaging, secure mail, secure file sharing, secure online storage, etc. CryptoHeaven claims that
it does not store any personal information, such as names, addresses, credit card numbers, etc. It
enables the user's computer to be free from any type of snooping and interference by any
government agency or other authority.
WinMagic SecureDoc
WinMagic SecureDoc is disk encryption software that is applicable to hard disks, USB drives,
CDs, and DVDs on Windows operating systems. It has the following types of access
mechanisms:




Hardware tokens
Passwords
Smart cards
Biometrics
Cryptanalysis tools
The following are cryptanalysis tools:





Cryptanalysis: It is used to breach cryptographic security systems and gain access to the
contents of encrypted messages, even if the cryptographic key is unknown.
Ganzua: It is a cryptanalysis tool used for monoalphabetic and polyalphabetic ciphers
that can work with almost any set of characters.
CryptoBench: It provides a source of strong cryptographic transformations to help in the
cryptanalysis process of common cryptographic schemes.
JCrypTool: It allows students, teachers, developers, and anyone else interested in
cryptography to apply and analyze cryptographic algorithms in a modern, easy-to-use
application.
AlphaPeeler: It is a crypto educational tool that includes frequency analysis, monoalphabetic substitution, Caesar, transposition, Vigenere, and Playfair cipher. The
following are professional features of AlphaPeeler: DES, Gzip, MD5, SHA1, SHA256,
RIPEMD-16, RSA, and secret share files.
Cryptographic attacks
Cryptographic attacks are methods of evading the security of a cryptographic system by finding
weaknesses in such areas as the code, cipher, cryptographic protocol, or key management
scheme in the cryptographic algorithm. In cryptography attacks, an assumption is made that the
cryptanalyst has knowledge of the encrypted information. The following are the cryptographic
attacks usually performed by an attacker:



Known plaintext attack: In a known plaintext attack, the attacker should have both the
plaintext and ciphertext of one or more messages. These two items are used to extract the
cryptographic key and recover the encrypted text.
Ciphertext only attack: In this attack, the attacker obtains encrypted messages that have
been encrypted using the same encryption algorithm. For example, the original version of
WEP used RC4, and if sniffed long enough, the repetitions would allow a hacker to
extract the WEP key. Such types of attacks do not require the attacker to have the
plaintext because the statistical analysis of the sniffed log is enough.
Man-in-the-middle attack: In this form of attack, the attacker places himself in the
middle of the communications flow between two parties. Once an attacker enters the






communications flow, he is able to perform a ciphertext only attack, exchange bogus
keys, etc.
Replay attack: In this type of attack, the attacker tries to repeat or delay a cryptographic
transmission. A replay attack can be prevented using session tokens.
Chosen plaintext attack: In a chosen plaintext attack, the attacker somehow picks up the
information to be encrypted and takes a copy of it with the encrypted data. This is used to
find patterns in the cryptographic output that might uncover vulnerability or reveal a
cryptographic key.
Chosen ciphertext attack: In this type of attack, the attacker can choose the ciphertext
to be decrypted and can then analyze the plaintext output of the event. The early versions
of RSA used in SSL were actually vulnerable to this attack.
Adaptive chosen plaintext attack: It is used by an attacker when he has free use of a
piece of decryption hardware, but cannot extract the decryption key from it.
Rubber hose attack: It involves extraction of cryptographic secrets by torturing a
person.
Timing attack: A timing attack is a side channel attack in which the attacker attempts to
compromise a cryptosystem by analyzing the time taken to execute cryptographic
algorithms. It is based on repeatedly measuring the exact execution times of modular
exponentiation operations. Every logical operation in a computer takes time to execute,
and the time can differ based on the input; with precise measurements of the time for
each operation, an attacker can work backwards to the input.
Information can leak from a system through measurement of the time it takes to respond
to certain queries. How much such information can help an attacker depends on many
variables: crypto system design, the CPU running the system, the algorithms used,
assorted implementation details, timing attack countermeasures, the accuracy of the
timing measurements, etc.
Code breaking methodologies
The following are code breaking methodologies:



Trickery and deceit: Social engineering techniques are used to extract cryptography
keys.
Brute-force: Cryptography keys are found by trying every possible combination.
One-time pad: The one-time pad algorithm has an unbreakable encryption scheme. It
does not use the repeated pattern of alphabetic substitution. This prevents the
cryptanalysts from breaking the codes. The following conditions are required to ensure
the integrity of the one-time pad algorithm:
o The encryption key must be generated randomly.
o The one-time pad must be physically shielded against disclosures because the
enciphered messages can be easily decrypted if the enemy gets access to a copy of
the pad.
o The one-time pad must not be reused. If the pads are reused, the cryptanalysts can
determine the key values of the message.
o

The length of the key must be the same as the message to be encrypted, as each
key element encodes only one character of the message.
Frequency analysis: It is considered as the study of the frequency of letters or group of
letters in a ciphertext.
Brute force attack
A brute force attack tries to defeat a cryptographic scheme by trying a large number of possible
keys until the correct encryption key is found. It is a high resource and time intensive process. A
brute force attack becomes successful depending on the length of the key, time constraint, and
system security mechanisms.
Meet-in-the-middle attack
The meet-in-the-middle attack is a cryptographic attack. This attack can be used against
cryptographic algorithms that use multiple keys for encryption. The meet-in-the-middle attack
attempts to find a value in each of the ranges and domains of the composition of two functions
such that the forward mapping of one through the first function is the same as the inverse image
of the other through the second function.
The meet-in-the-middle attack takes less time than an exhaustive attack. It can be used for
forging signatures on mixed-type digital signature schemes.
Online MD5 decryption tools
The following are online MD5 decryption tools:






md5
md5crack
MD5 Decryptor
Hash Cracking Tool
Hash Cracker
Passcracking
Chapter Summary
In this chapter, we learned about cryptography, various types of cryptography, ciphers,
cryptography tools, Public Key Infrastructure (PKI), and digital signature. We also discussed
SSL (Secure Sockets Layer), disk encryption, and disk encryption tools. This chapter focused on
AES, RC4, RC5, RC6 algorithms, RSA, Message Digest Function: MD5, and SHA.
Glossary
Asymmetric encryption
Asymmetric encryption is a type of encryption that uses two keys, i.e., a public key and a private
key pair for data encryption.
Block cipher
A block cipher is a symmetric key cipher that operates on blocks of messages. It encrypts an
entire message block at the same time.
Brute force attack
A brute force attack tries to defeat a cryptographic scheme by trying a large number of possible
keys until the correct encryption key is found.
Ciphers
Ciphers are algorithms that are used for encrypting or decrypting the data.
Cryptographic attacks
Cryptographic attacks are methods of evading the security of a cryptographic system by finding
weaknesses in such areas as the code, cipher, cryptographic protocol, or key management
scheme in the cryptographic algorithm.
Cryptography
Cryptography is a technique of encrypting and decrypting messages.
DES
Data Encryption Standard
Digital signature
Digital signature is a personal authentication method based on encryption and authorization
codes. It is used for signing electronic documents.
Disk encryption
Disk encryption protects confidentiality of the data that is stored on a computer disk.
Message digest
A message digest is a number, which is created algorithmically from a file and represents that
file uniquely.
Public key infrastructure
A public key infrastructure enables users of a basically unsecured public network such as the
Internet to securely and privately exchange data and money through the use of a public and a
private cryptographic key pair that is obtained and shared through a trusted authority.
Secure Hash Algorithm
The Secure Hash Algorithm (SHA) is a cryptographic hash algorithm that generates a fixedlength digital representation (message digest) of an input data sequence of any length.
Secure Shell
Secure Shell (SSH) is a protocol that provides strong authentication and secure communications
over insecure channels.
SET
Secure Electronic Transaction
Snow.exe
Snow.exe is a Steganography tool that is used to hide secret data within text file
Stream cipher
Stream cipher is a symmetric key cipher that operates on each character, or a bit of a message.
Symmetric encryption
Symmetric encryption is a type of encryption that uses a single key to encrypt and decrypt data.
Transport Layer Security
Transport Layer Security (TLS) is an Application layer protocol that uses a combination of
public and symmetric key processing to encrypt data.
TrueCrypt
TrueCrypt is an open source disk encryption tool. It provides disk or USB flash drive encryption
for Linux and Windows operating systems.
Twofish
Twofish is a symmetric key block cipher which operates on 128-bits block size and uses key
sizes up to 256 bits.
Twofish
A symmetric key block cipher which operates on 128-bits block size and uses key sizes up to
256 bits.
Twofish-128
A symmetric key block cipher which operates on 128-bits