(Page 2 of 6)
You explored three types of cryptographic algorithms including:
You discovered that hashing is the process of creating a long alphanumeric string or number, called a hash value or message digest, which functions as a relatively unique identifier of the message or file that, was hashed. The most popular hashing algorithm is MD5 (Message Digest 5, developed by Rivest) which creates a 128-bit message digest. A stronger algorithm is SHA-1 (Secure Hash Algorithm rev. 1, developed by NIST), which creates a longer 160-bit message digest. It is possible but not likely for different documents to compute to the same hash value; a potential attacker can take advantage of this to try to find a duplicate document that has the same hash value, but it is unlikely hed find another with the same value that is not gibberish. It is not possible to derive the full original document contents from the hash value alone, much like it is impossible to derive the original bitmap from a compressed JPG file, due to information loss.
Next, you looked at symmetric cryptography, which is the oldest type. It uses a shared secret key known by the sending and receiving parties, and (usually) a non-secret encryption algorithm, in which the same key is used for encrypting and decrypting the message. Because anyone possessing the key can decrypt the message, you need to make sure only authorized individuals have access to it. DES, Triple DES, IDEA, RC2 and AES are examples of symmetric algorithms; DES is well-known but considered insecure today because of its short 56-bit key length. You discovered that symmetric ciphers come in several types:
A primary security issue with symmetric crypto is that if the message sender and receiver are in different places, you need a secure way to transmit the key from one person to another. Also, since crypto algorithms depend on being computationally expensive to break (reducing success of brute force attacks), they become weaker as computers become faster, and, like DES, eventually need to be replaced by more complex algorithms.
You also learned about asymmetric cryptography, a newer technique which uses a pair of keys one to encrypt the data and one to decrypt it. It is sometimes known as public/private key encryption, or just public key encryption, because it involves a public key distributed to others and a private key known only to the owner of the key pair. The earliest use of asymmetric crypto was in a 1977 paper on the Diffie-Hellman Key Exchange Protocol, describing how symmetric keys could be securely transmitted to users who needed them. One of the most widely used asymmetric crypto algorithms today is RSA (developed by Rivest, Shamir and Adleman in 1977); another is DSA, used primarily by the government. Applications using asymmetric cryptography include the PGP mail facility which uses Diffie-Hellman and RSA algorithms, the S/MIME mail facility, SSH (Secure Shell) and SSL.
Messages can be encrypted with either the public or private key, and are decrypted by whichever key was NOT used for the original encryption. Encrypt with the receivers public key if you want to create a confidential, private message readable only to that receiver, wholl decrypt with his private key. Encrypt with the senders (your) private key if you want to create a message decryptable by everyone with the senders public key, that allows each recipient to verify that it was definitely you who sent the message and that that message was not altered during transmission. Per Diffie-Hellman, asymmetric crypto can also be used to encrypt a conventional symmetric crypto secret key which will be used to decrypt a file being transferred across the Internet; you might do this to minimize encryption/decryption time for a large file, since symmetric encryption takes less time than asymmetric encryption.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.