Skip to content
Shadow Cipher

Pelcgbybtl(Cryptology)

Hashing

  • Hashing (or a hash function)
    A type of function or operation that takes in an arbitrary data input and maps it to an output of fixed, called a hash or digest

  • N-Data -> Hash Function -> Hash Value

  • You feed in any amount of data into a hash function and the resulting output wwill always be the same size, but the output should be unique to the input, such that two different inputs should never yield the same output.

  • hashing can also be used to identify duplicate data sets in databases or achives to speed up searching of tables or to remove duplicate data to save space.

  • Cryptographic hashing is distinctly different from encryption because cryptographic hash functions should be one directional.

  • The ideal cryptographic hash function shoould be deterministic, meaning that the same input value should always retun the same hash value.

  • Hash collisions
    Two different inputs mapping to the same output

Hashing Algorithms

  • MD5

  • SHA1
    SHA1 is part of the secure hash algorithm suite of functions, designed by the NSA, published in 1995.

  • TLS/SSl

  • PGP SSH

  • IPsec

  • Message integrity Check

Hashing Algorithms(Continued)

  • Authentication

  • a successful brute force attack, against even the most secure system imaginable, is a function of attacker time and resuorces.

  • Password salt
    Additional randomized data that’s added into the hashing function to generate a hash that’s unique to the password and salt combination

  • 340 undecillion

Public Key Infrastructure

  • Info On Public Key

  • Registered Owner

  • Digital signature

  • Certificate authority

  • Registration authority

  • A Central repository is needed to securily store and index keys, and a certificate management system of some sort makes managing accessing to stored certificates and issuance of certificate easier.

  • SSL/TLS server certificate

  • Self-signed certificate

  • SSL/TLS client certificate

  • As the name implies, these are certificates that are bound to clients and ate used to authenticate the client to the server, allowing access control to an SSL/TLS service.

  • This allows users to these signed applications to verify the signatures and ensure that the applications was not tempered with.

  • A certificate that has no authority as a CA is referred to an end-entity or leaf certificate.

  • The X.509 standards is what defines the format of digital certificates.

  • Version
    What version of the X.509 standard the certificate adheres to.

  • Serial Number
    A unique identifier for the certificate assigned by the CA which allows the CA to manage and identify individual certificates.

  • Certificate Signature Algorithm
    The field indicates what public key algorithm is used for the public key and what hashing algorithm is used to sign the certificate

  • Issuer name
    This field contains information about the authority that signed the certificate

  • Validity
    This contains two subfield - “Not Before” and “Not After” - which define the dates when the certificate is valid for

  • Subject
    This field contains identifying information about the entity the certificate was issued to.

  • Subject Public Key Info
    These two subfield define the algorithm of the public key, along with the public key itself

  • Certificate Signature Algorithm
    Same as the subject public key info field; These two fields must match

  • Certificate Signature Value
    The digital signature data itself

  • Web of trust

Cryptography in Action

  • HTTPS
    The secure version of HTTP, the HyperText Transfer Protocol

  • SSL 3.0

  • TLS 1.2

  1. A secure communication line, which means data being transmitted is protected from potential eavesdroppers

  2. The ability to authenticate both parties communicatinf, through typically only the server is authenticated by the client

  3. The integrity of communications, meaning there are checks to ensure that message aren’t lost or altered in transit

  • The session key is the shared symmatric encryption key used in TLS sessions to encrypt data being sent back and forth.

  • Secure Shell(SSH)
    A secure network protocol that uses encryption to allow to a network service over unsecured networks

  • pretty Good Privacy (PGP)
    An encryption application that allows authentication of data, along with privacy from third parties, relying upon asymmetric encryption to achieve this

Securing Network Traffic

  • Virtual private Network (VPN)
    A mechanism that allows you to remotely connect a host ot network to an internal, private network, passing the data over a public channel, like the internet

  • Branch Office -> VPN -> Tunnel -> Internet -> VPN -> Corporate Hub

  • IPsec

  • When transport mode is used, only the payload of the IP packet is encrypted, leaving the IP headers untouched

  • In tunnel mode, the entire IP packet, header payload and all, is encrypted and encapsulated inside a new IP packet with new headers.

  • Layer 2 Tunneling Protocol

  • Encapssulating Security payload

  • The tunnel is provided by L2TP which permits the passing of unmodified packets from one network to another. The secure channel, on other hand, is provided by IPsec, which prrovides confidentiality, integrity, and authentication of data being passed.

  • OpenVPN can operate over either TCP or UDP, typically over port 1194.

Cryptography Hardware

  • Trusted Platform Module

  • Secure generation of keys

  • Random number generation

  • Remote attestation

  • Data binding and sealing

  • Remote attestation

  • Data binding and sealing

  • Secure Element

  • Trusted Execution Environment (TEE)

  • Full disk encryption

  • PGP

  • Bitlocker

  • Filevault 2

  • dm-crypt

  • Random numbers

  • Psuedo-random

  • Entropy pool