MODULE 8
Cryptographic Methods
In Module 7, we introduced you to the world of cryptography. In this module and the following modules, we’ll go more in-depth on topics we only lightly introduced earlier. In this module we are going to focus on cryptographic methods, primarily on algorithms. We’ll cover these algorithms in detail, highlighting their features, characteristics, and common use. You’ll definitely be expected to understand how various cryptographic algorithms work for the exam, and, more importantly, in your daily life as a Security+ certified professional.
Cryptographic Algorithms
In the previous module, we described the basics of algorithms and keys, the two components necessary to make the encryption and decryption processes work. The focus of this module is primarily on algorithms—the mathematical constructs and methods used to manipulate and transform plaintext into ciphertext. Algorithms provide the means to convert plaintext to ciphertext and back again, in the case of encryption and decryption. In the case of hashing, algorithms enable you to obtain a mathematical representation, in the form of a message digest or hash, of a variable-length piece of data. In the upcoming sections, we’ll take a detailed look at various symmetric, asymmetric, and hashing algorithms.
Symmetric Algorithms
Remember from our discussions in Module 7 that symmetric algorithms use only one key. Both the sender and receiver must possess that same key to encrypt and decrypt messages sent between them using symmetric key cryptography. Symmetric key cryptography primarily ensures that secure communications are kept confidential by encrypting the traffic during those sessions. Symmetric key cryptography can also be used to protect data at rest. Remember that there are two types of symmetric algorithms: block and streaming. A block algorithm operates on chunks, or blocks, of text. Normally the block sizes (measured in bits) are unique to each algorithm. Algorithms sometimes use variable or several different block sizes, depending upon how they are implemented. Streaming algorithms operate on only 1 bit at a time of plaintext and are much faster than block algorithms. Several algorithms are popularly used in symmetric key cryptography; we will discuss several of them in this module. You’ll find that this section is as much a history lesson as it is a lesson on cryptography; many of the algorithms you will learn about have been deprecated and are no longer used; however, having knowledge of them is useful both from a practical and an exam perspective. Note that there are literally dozens of symmetric algorithms in use today; we’ll discuss only a few of the more popular ones here, particularly those you are expected to know for the exam.
DES
The Data Encryption Standard, or DES, is the older, now obsolete standard for commercial grade encryption within the United States. The algorithm used for DES is called Lucifer, and it was developed by IBM. Lucifer originally had a 128-bit key size, but when it was implemented as DES, this was reduced to 64 bits. Eight of those bits are used for computational overhead, so the true key size is only 56 bits. DES is a symmetric block algorithm and uses 64-bit block sizes. Blocks that are less than 64 bits in size are padded.
DES uses five different modes. A mode is a defined method that determines how a plaintext block is input and changed to produce ciphertext. Each of these modes works a bit differently, processing input blocks of text in different ways and using keys to encrypt the data. Modes also use certain mathematical functions to transform the data, which provide for stronger encryption. Each of these modes may be used in several rounds. In fact, DES uses 16 rounds for each mode. So, for whichever mode is used, that process is repeated 16 times on a block of plaintext, to produce the output ciphertext.
The simplest mode is the Electronic Codebook (ECB) mode. In this mode, plaintext blocks of 64 bits are manipulated to produce ciphertext. With ECB mode, a given piece of plaintext will always produce the same corresponding piece of ciphertext. Unfortunately, this makes ECB mode very predictable, and it can easily be broken if an attacker has specific pieces of plaintext and ciphertext to compare.
The next mode is the Cipher Block Chaining (CBC) mode, which produces much stronger encryption because it introduces an initialization vector (IV) into the process, which, along with the eXclusive OR (XOR) function, ensures that every block of plaintext input into the process produces a uniquely different piece of ciphertext. So even when the same block of plaintext is input repeatedly, the resultant ciphertext will not be identical to any previous outputs.
The third mode is called Cipher Feedback (CFB) mode, and in this mode, plaintext is divided up into different bit-size segments. This mode works similarly to CBC mode, except that the resulting ciphertext is actually fed back into the process and used as the initialization vectors for subsequent plaintext.
Output Feedback (OFB) mode is very similar to CFB mode, but it uses 64-bit initialization vectors that are fed back into the process for each subsequent block of plaintext. The last and fastest mode that DES can use is called Counter (CTR) mode. In this mode, a random 64-bit block of data is used as the first initialization vector and then incremented by a specified number or counter for every subsequent block of plaintext.
Figure 8-1 illustrates how complex even the simple ECB mode is in DES; this screenshot was taken from the freely available open-source CrypTool cryptography learning program (www.crypttool.org).
Figure 8-1 Illustration of how DES ECB mode works (screenshot from the CrypTool cryptography learning program)
Remember the different characteristics of DES for the exam: 16 rounds of encryption, 64-bit blocks, 56-bit keys, and five modes of operation.
3DES
Triple DES (3DES or TDEA) is a later iteration of DES designed to fix some of the problems found in DES. It basically puts plaintext blocks through the same type of DES encryption process, but it does so three distinct times. Where DES uses single 56-bit keys, 3DES could be considered to use 168-bit keys; in actuality, however, it uses three 56-bit key “bundles.” For its three iterations, it uses various combinations of encrypting, decrypting, or re-encrypting the resultant ciphertext from each previous iteration. For instance, in the 3DES Encrypt-Decrypt-Encrypt (EDE) method, 3DES uses its three separate keys to encrypt the resultant ciphertext again, then decrypts (it actually encrypts, despite the middle term in the name) it, and then encrypts it once more. It also uses the same modes that DES uses; except for key size and iterations of encryption, there are no major differences between the two algorithms. Because it still suffers from some of the same weaknesses as DES, however, it has largely been replaced by more modern algorithms, particularly the Advanced Encryption Standard (AES), which we’ll discuss next.
3DES was meant to make up for some of DES’s weaknesses, but it did not significantly change the algorithm itself. It puts plaintext through more iterations than DES, but it still suffers from some of the same weaknesses.
AES
The Advanced Encryption Standard (AES) was established as the official encryption standard for the U.S. government in 2001, after a National Institute of Standards and Technology (NIST) competition between five competing algorithms. The five competitors were Rijndael, Twofish, Serpent, RC6, and MARS. The Rijndael algorithm (pronounced rain-doll) won the competition and became AES. AES is a symmetric block cipher that can use block sizes of 128 bits, with key sizes of 128, 192, and 256 bits. It uses 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. Like DES, it can use different modes to encrypt and decrypt data. Most attacks on AES are theoretical in nature—referred to as side-channel attacks, which take advantage of ineffective implementations of the AES algorithm in the cryptosystem, versus the algorithm itself.
AES is the de-facto encryption standard for both the U.S. government as well as private and commercial organizations. It is a block cipher that uses 128-bit block sizes, with 128-bit, 192-bit, and 256-bit keys. It uses 10, 12, and 14 rounds, respectively, for these keys.
Blowfish
Blowfish is a block cipher invented by famed cryptographer Bruce Schneier in 1993. It was originally designed as a more secure choice for encryption than the older DES algorithm. Blowfish accepts 64-bit blocks and has a wide range of variable key links, from 32 bits, all the way up to 448 bits. It uses 16 rounds of encryption, just as DES does. It is widely implemented in different software encryption solutions and is considered a good choice for a strong encryption algorithm, since there have been no more effective complete cryptanalysis solutions published to date.
Twofish
Twofish, as mentioned, was one of the five finalists in NIST’s competition to become the AES. It is a symmetric block algorithm that uses 128-bit block size. It can use 128-bit, 192-bit, or 256-bit keys. Like DES, it uses 16 rounds of encryption. It is viewed as a successor to Blowfish and was also invented by Schneier, as well as others. Although there have been some published partial theoretical attacks against Twofish, there are currently no publicly known attacks against it. Like Blowfish, Twofish has been placed in the public domain, making it freely available for anyone to use.
Although AES is the official U.S. standard, both Blowfish and Twofish are exceptionally good encryption algorithms. Both were invented by Schneier, both use 64-bit blocks, and both perform 16 rounds of encryption. Blowfish can use key sizes from 32 to 448 bits, and Twofish uses key sizes of 128 bits, 192 bits, and 256 bits.
RC4
Recall from our discussion in Module 7 that there are two basic types of algorithms, block and stream. The main streaming symmetric algorithm that you will study for the Security+ exam is the RC4 streaming cipher. It was invented by Ron Rivest, with the RC4 abbreviation standing for Rivest Cipher 4. Because it is a streaming cipher, it uses only one round of encryption. It can use key sizes from 40 to 2,048 bits in length. It’s a very fast protocol, as all streaming ciphers are. RC4 uses a key stream (stream of pseudorandom bits injected into the encryption process), which are then combined with plaintext using the XOR function to encrypt them into ciphertext. RC4 is most popularly used in wireless encryption with the older, now obsolete and cryptographically broken Wired Equivalent Privacy (WEP) protocol. It can also be found in versions of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. RC4 has some documented weaknesses, which makes it unsuitable for future implementations; current software vendors are advising against its use, and even the Internet Engineering Task Force’s (IETF) RFC 7465 eliminated its use in TLS.
RC4 is likely the only example of a streaming cipher you will see on the exam. All of the other symmetric algorithms we discuss throughout this book are block ciphers.
Summary of Symmetric Algorithm Characteristics
Table 8-1 summarizes the characteristics of the different symmetric algorithms.
Table 8-1 Summary of Symmetric Algorithms
Asymmetric Algorithms
We discussed the differences between symmetric and asymmetric cryptography already; as an introduction to our discussion here we’ll briefly recap these. While symmetric cryptography uses a single key for both encryption and decryption, asymmetric key cryptography uses two keys—a public and a private key that are issued and used together in a key pair. The public key is given to anyone, and the private key is kept confidential by its owner. Although the keys are not identical, they are mathematically related. Asymmetric algorithms are typically based upon difficult-to-solve mathematical problems, such as large prime-number factorization, discrete logarithms, and elliptic curves. Because these mathematical problems are extremely difficult to solve under even the best of circumstances, the asymmetric keys would be extremely difficult for someone to discover, unless he or she had access to inputs of the mathematical problem used (such as the large prime numbers used in the RSA algorithm) or had an efficient way to solve the mathematical problems. Security in public key cryptography really depends upon how well the private key is protected, since its disclosure or compromise would render the key pair unusable.
Over the next few sections, we’ll discuss some of the more commonly used asymmetric algorithms that are used for a variety of purposes, including generating keys, exchanging keys to create a secure session, and creating digital signatures. We will go more in depth on some of these topics in Module 10, where we discuss public key infrastructure (PKI) in detail.
RSA
RSA is one of the oldest public key algorithms in existence and is still widely used today. Its name comes from the names of its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman, who first published the details of it in 1977. Unbeknownst to them, and everyone else at the time, British mathematician Clifford Cocks, while working for British intelligence, had developed a similar process much earlier, but due to its tightly controlled classification, it could not be disclosed to the public until 1997.
RSA is used to create and use a public-private key pair. It generates its keys based upon the mathematical problem of the difficulty of factoring two very large prime numbers (each generally up to several hundred digits in length). It uses one round of encryption, and its typical key sizes range from 1,024 to 4,096 bits. Although RSA is still considered very secure, keys of smaller sizes have been broken in various published attacks. Still, these attacks are largely based upon faulty implementations of the protocol, rather than the protocol itself. RSA is pretty much the de facto asymmetric algorithm used in most public key cryptography implementations today. Figure 8-2 demonstrates how RSA works, using very simple prime numbers in this instance, and the CrypTool learning program.
Figure 8-2 Simple demonstration of the RSA algorithm (screenshot from the CrypTool cryptography learning program)
RSA is the de facto asymmetric protocol used for generating public-private key pairs.
Diffie-Hellman
Diffie-Hellman (often abbreviated as D-H or DHE) is a series of key exchange protocols and variants invented by Whitfield Diffie and Martin Hellman and published in 1976. D-H provides for secure key exchange to establish a secure communications session over an insecure channel, even when two parties have no previous relationship with each other. The Elliptic Curve Diffie-Hellman Exchange (ECDHE) is a variant of DHE based upon elliptic curve cryptography, which is discussed later on in the module.
PGP/GPG
PGP stands for Pretty Good Privacy, and it is not necessarily an algorithm; rather, it is a cryptography application and protocol suite that is used in asymmetric cryptography. It was invented by Phil Zimmermann in 1991. Since it is a protocol suite, it can use both asymmetric and symmetric keys for a wide variety of operations, including bulk encryption, data-at-rest encryption (including both file and full disk encryption), key-pair generation, and key exchange. Unlike other public key cryptography schemes, PGP uses what is referred to as a “web of trust,” rather than a public key infrastructure, both of which are described in detail in Module 10. Although PGP is now considered a commercialized, proprietary version, it has an open source equivalent, GPG, which stands for Gnu Privacy Guard. Although PGP is proprietary, the different versions comply with the OpenPGP standard, an IETF standard published as RFC 4880. GPG also complies with the standard.
ECC
Elliptic Curve Cryptography (ECC) is an asymmetric method of cryptography based upon problems involving the algebraic structure of elliptic curves over finite fields. ECC has many uses, including variations that apply both to encryption and digital signatures. ECC actually has special uses involving mobile devices; since it requires low computational power and memory usage it’s been widely implemented in smart phones and other low-power mobile devices. ECC typically uses much smaller key sizes than other asymmetric algorithms, but these key sizes are also harder to break in ECC. The largest known ECC key broken to date is only a 112-bit key, compared to a 768-bit key size that has been broken with RSA.
ElGamal
ElGamal is an asymmetric algorithm that can be used for both digital signatures and general encryption. It was designed by Taher ElGamal in 1985 and is based partially on Diffie-Hellman key exchange algorithms. It’s widely used in open standards and cryptosystems, including PGP and GPG. The U.S. government’s Digital Signature Algorithm (DSA), covered in Module 10, is based upon the ElGamal signature scheme. ElGamal uses mathematical problems related to computing discrete logarithms.
Hashing Algorithms
We discussed hashing in Module 7, but because we are going to discuss particular hashing algorithms here, it’s well worth a recap of that explanation to help you understand how it works. As we explained earlier, hashing is not the same thing as encryption and decryption. It is a cryptographic process, of course, but the intended use and results of hashing are different.
Encryption necessarily implies, and goes hand-in-hand with, decryption; the idea being that plaintext that is transformed through encryption into an unreadable state can be decrypted and returned to a plaintext state. Hashing does not encrypt text; it only generates a representation of that text, which is the hash or message digest. It’s not the plaintext itself, but a unique identifier for the text, like a fingerprint. Note that hashing does not use keys at all, only algorithms, also making it less like encryption and decryption. Theoretically, the same identical piece of plaintext (identical down to the binary digit level) will always produce the same hash value, given that the same hashing algorithm is used. Likewise, no two different pieces of plaintext should ever produce the same hash, given the same algorithm. Of course, this part has been proven as false; there have been theoretical attacks on several hashing algorithms that produce collisions, when two different pieces of plaintext produce the same identical hash value. Figure 8-3 illustrates the collision process a bit more clearly.
Figure 8-3 The hashing process and collisions
Several hashing algorithms, including MD5—one of the most popular algorithms we discuss coming up—theoretically produce collisions. Because of this, it has been deprecated from further development and use; in practical terms, however, there are still a wide variety of applications and operating systems that use and include MD5, and it is still sufficient for most personal use and low-security requirements.
Remember that hashing is not the same thing as encryption and decryption. Hashes cannot be reversed or decrypted; they can only be compared to see if they match.
If the purpose of hashing isn’t to encrypt a piece of text that can be decrypted, then what do we use it for? Hashing is used to provide confidentiality (in the case of hashing passwords, for instance) and integrity. For confidentiality, a password can be “hashed” and the resulting hash sent over an untrusted network, if needed, for authentication, so the actual password is not transmitted. When the authenticating server receives the hash, it’s not decrypted to reveal the password (hashes can’t be decrypted, remember), but the server does take the password hash it has stored in the credentials database and compares it to the hash it received. If they match, the server knows that the user also knew the correct password, and it allows authentication. If the hashes don’t match, the server refuses authentication, because the user obviously did not know the correct password, which in turn did not generate the correct hash. So hashes aren’t ever decrypted; they are compared with each other to see if they match. Comparing matching hashes ensures that both the sender and receiver had the correct identical piece of plaintext in the first place and used the same algorithm to generate a hash for each.
To muddy the discussion further, even password hashes are sometimes encrypted during transmission using symmetric key cryptography, and then decrypted on the receiving end so that the hash itself is protected during transmission. This is because attackers can actually intercept a password hash as it travels over the network. They don’t have the actual password at that point, of course, and can’t reverse the hash to get it, but they can use various methods (discussed in Module 15) to perform the same type of hash comparisons against a list of potential passwords and generate an identical hash, letting them know what the original password was.
Because identical pieces of plaintext always produce the same hash value, if the same hashing algorithm is used on both, it’s very easy to tell if a piece of text has changed, even by one binary digit (bit). If even a single 1 or 0 bit changes in the text, the hash produced will be different from the original piece of text. In this way, comparing hashes of two supposedly identical pieces of plaintext can verify the integrity of the original. If the hashes match when compared, the samples of text are identical and have not been altered. However, if the hashes are different when compared, then one can assume there has been a change (no matter how slight) between the original text and what was received, violating integrity.
Hashing can be used to assure both confidentiality and integrity.
MD5
The Message Digest version 5 (MD5) hashing algorithm was developed by famed cryptographer Ron Rivest in 1991. It generates a 128-bit hash, 32 hexadecimal characters long, and it replaced an earlier version of the MD series, MD4. As mentioned earlier, it was found to have weaknesses in it that showed the potential for collisions and has been proven again and again as unsuitable for further implementation—as early as 1996, and again most recently in 2007. It is still in fairly widespread use, however, for low security situations, but it should not be used in applications requiring serious security. MD5 is also used as part of other cryptographic methods, including the Extensible Authentication Protocol (EAP), as part of its EAP-MD5 implementation.
MD5 produces a 128-bit message digest, consisting of 32 hexadecimal characters, regardless of the length of the input text.
SHA
The Secure Hash Algorithm, or SHA, is a series of hashing functions sponsored by NIST as a U.S. government standard. The SHA family of hashing algorithms was developed with the assistance and influence of the National Security Agency (NSA). There have been several iterations of SHA, including SHA-0, SHA-1, SHA-2, and, most recently, SHA-3. The most common have been SHA-1 and SHA-2, with SHA-0 only a short-lived original version of the algorithm that was considered very non-secure. SHA-1 is a 160-bit algorithm, originally designed to be used as the standardized Digital Signature Algorithm for the United States. It produces 40 character hashes. It was a contemporary of MD5 and was found to have similar cryptographic flaws. SHA-2 is made up of two separate algorithms, SHA-256 and SHA-512, but each has minor versions that include SHA-224 and SHA-384. SHA-3, which was not developed by the NSA, is based upon a hash function called Keccak, and it was chosen by NIST in 2012, with implementation scheduled for 2014. It also has the same hash lengths as the SHA-2 versions.
SHA-1 and SHA-2 have been replaced by the latest iteration of SHA, known as SHA-3, which is an implementation of the Keccak hashing function, as of 2012.
RIPEMD
RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a hashing algorithm not often seen in practical implementation. It was developed in an open-standard type of environment, as opposed to SHA. RIPEMD comes in 128-, 160-, 256-, and 320-bit versions. Again, it is not in widespread use, despite the relatively stable and secure implementation of the RIPEMD-160 iteration, which is the most common.
HMAC
HMAC, Hash Message Authentication Code, is used in conjunction with a symmetric key both to authenticate and verify the integrity of the message. HMAC can use either MD5 or SHA series of hashing algorithms (and noted as HMAC-MD5 or HMAC-SHA1/2/3, respectively). The HMAC process produces a hash value, the Message Authentication Code (MAC), whose length and strength corresponds to whichever hashing algorithm was used to create it. HMAC works like this: You already know that a given piece of plaintext or message produces the same hash every time, as long as you use the same hashing algorithm. This can be used to verify integrity; however, anyone can send a message that can be verified in terms of integrity, as long as the hashes match. But you cannot verify the authenticity of the message—that is, who actually sent it—and you cannot verify who will be able to receive it. HMAC is a process that uses a secret (symmetric) key with the hashing process, so that a given message produces a unique hash using that particular symmetric key. If someone does not have the key, she cannot reproduce the hash of the message, so that neither integrity nor authenticity can be verified. Only someone who has the secret key can successfully produce the same hash. This verifies not only integrity, but also authenticity, since only the person having the secret key could have produced that unique hash and sent the message.
HMAC can use hashing functions and symmetric keys to produce a Message Authentication Code (MAC), which ensures both integrity and authenticity of a message.
Module 8 Questions and Answers
Questions
1. How many rounds does DES use in its encryption process?
A. 48
B. 32
C. 1
D. 16
2. Which of the following algorithms won the competition to become the Advanced Encryption Standard?
A. Rijndael
B. MARS
C. RC6
D. Twofish
3. Which of the following is a symmetric streaming algorithm?
A. 3DES
B. RC4
C. AES
D. Blowfish
4. Which of the following can be used to assure both authenticity and integrity of a message?
A. RIPEMD
B. HMAC-SHA2
C. AES
D. Twofish
5. Which of the following asymmetric algorithms uses a maximum key size of 4,096 bits?
A. AES
B. Diffie-Hellman
C. RSA
D. ECC
6. Which of the following asymmetric algorithms is widely used on mobile devices because of its low computational power requirements?
A. ECC
B. ElGamal
C. Diffie-Hellman
D. GPG
7. Which of the following algorithms is based upon computing discrete logarithms?
A. Diffie-Hellman
B. RSA
C. ECC
D. ElGamal
8. All of these are characteristics of the hashing process, except:
A. Cannot be decrypted
B. Used to assure integrity
C. Uses AES as a hashing algorithm
D. Produces fixed-length digests representing variable-length text
9. All of the following are valid iterations of the RIPEMD hashing algorithm, except:
A. RIPEMD-384
B. RIPEMD-320
C. RIPEMD-160
D. RIPEMD-256
10. Which of the following algorithms produces a 40-character message digest?
A. MD5
B. SHA-1
C. RIPEMD-128
D. Blowfish
Answers
1. D. DES uses 16 rounds of encryption.
2. A. Rijndael won the NIST-sponsored competition to become the Advanced Encryption Standard.
3. B. RC4 is a symmetric streaming algorithm.
4. B. HMAC-SHA2 is a method that would use the SHA-2 hashing algorithm, as well as a symmetric key, to produce a Message Authentication Code, ensuring both authenticity and integrity of the message.
5. C. RSA uses key sizes between 1,024 and 4,096 bits.
6. A. Elliptic Curve Cryptography (ECC) is an asymmetric algorithm widely found in use on mobile devices because it requires low amounts of computational power.
7. D. The ElGamal asymmetric algorithm is based upon mathematical problems involving computing discrete logarithms.
8. C. AES is not a hashing algorithm.
9. A. There is no RIPEMD-384 version.
10. B. SHA-1 is a 160-bit hashing algorithm that produces a 40-character hexadecimal message digest, or hash.