Still working to recover. Please don't edit quite yet.
Difference between revisions of "cryptography"
m (Cryptography moved to cryptography: not a proper noun) |
(→Other Software, Cryptographic Libraries) |
||
(9 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
− | + | '''Cryptography''' is a way to encode the information, so that it can be decoded only by the intended person. | |
− | [[ | + | The science of allowing a user to radically change [[information]] in order to conceal the content from third parties. Like any system of security, this science includes the process of searching for its own weaknesses. It is the substitution of [[Character Set|characters or symbols]] to create an [[Modify|altered]] message that can be reversed to its original form later. Information which has been cryptographically processed is "encrypted". Encryption is now very common, allowing [[user|users]] to [[trust]] their [[computer]] [[communication|communications]] that are, on the [[Internet]], very exposed. There are [http://www.goingware.com/encryption/ many reasons] to use encryption. |
− | + | Origin: The Ancient Greek ''kryptein'', meaning "to hide", and ''graphein'', meaning "to write" ([http://www.perseus.tufts.edu/cgi-bin/ptext?doc=Perseus%3Atext%3A1999.04.0057%3Aentry%3D%2360247 source] [http://www.perseus.tufts.edu/cgi-bin/ptext?doc=Perseus%3Atext%3A1999.04.0057%3Aentry%3D%2322826 source]). | |
− | |||
− | |||
− | + | == Properties == | |
− | + | * Encrypted signals may be detected but not understood. Concealing the very existence of the cryptography is [[obscurity]]. | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
+ | * Any attempt to discern the encrypted information is considered an attack (discussed below). | ||
− | + | * The word, phrase, characters, or other authentication method that reverses the encryption is called the "[[key]]." There can be multiple types of keys involved in this process. | |
− | + | * {{ll|Digital signatures}} are not the same as cryptography but have similar applications (discussed below). | |
− | + | * Encryption is often combined with [[compression]]. Attacks on encryption often center upon searching for patterns in an encrypted documents and compression helps limit these. Compression tries to make sure there is only one instance of a given type of data, thus reducing recognizable patterns. Thus, finding possible clues about the key becomes much harder. | |
+ | * Cryptographers are individuals who are very good at [[mathematics]] and this type of science of [[secret]] [[text|writing]]. They are also often software [[developers]]. | ||
+ | |||
+ | Strong cryptography often has legal restraints because of its history in military use. For example, some places (like the USA) considered the export of cryptographic materials to be the same as the export of military weaponry (munitions), and laid heavy restriction on such activity. In recent years, this has been relaxed due to foreign commercial competition. | ||
+ | |||
+ | == Attacks == | ||
+ | |||
+ | * '''[[cryptography attacks|Available methods to reveal encrypted information]]''' | ||
=== Computer methods to foil attacks === | === Computer methods to foil attacks === | ||
+ | Here are three major computer-based methods used to foil attacks. All have advantages and disadvantages. | ||
− | + | * [[symmetric-key cryptosystem|Symmetric-Key Cryptosystem]] | |
− | + | * [[public-key cryptosystem|Public-Key Cryptosystem]] | |
− | + | * [[one-time pad cryptosystem|One-Time Pad Cryptosystem]] | |
− | + | ||
− | + | ||
=== Libraries === | === Libraries === | ||
+ | For most cryptography, some type of [[Mathematics|math]] is involved. Libraries contain mathematical systems, or [[cipher|ciphers]], that mathematically change information to appear as random garbage. | ||
− | + | Of [[Symmetric-Key Cryptosystem|symmetrical]] [[algorithm|algorithms]], there are many including: | |
− | |||
: '''Very strong''' | : '''Very strong''' | ||
− | + | ** [[Twofish]] - a losing [[AES]] competition candidate | |
− | + | ** [[AES]] - the winner of AES competition, formerly knwon as Rijndael | |
− | + | ** [[3DES]] - used in [[SSL]], very slow in software | |
− | + | ** [[RC6]] - another losing AES candidate | |
− | + | ||
− | + | ||
: '''Strong''' | : '''Strong''' | ||
− | + | ** [[Blowfish]] | |
− | + | ** [[RC4]] - used in [[SSL]]. Contrary to most others on this page a [[stream cipher]] | |
− | + | ||
− | + | ||
− | + | ||
: '''Weak''' | : '''Weak''' | ||
− | + | ** [[DES]] - used in most older security programs, strong algorithm but keysize two small. Usually slow in software, very fast in hardware. | |
− | + | ** [[A5]] - as used in GSM cell phones | |
− | + | ||
− | + | ||
− | + | ||
One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software. | One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software. | ||
− | + | Public-key [[algorithm|algorithms]] include: | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
+ | * [[RSA]] Used for encryption and signature | ||
+ | * [[DSA]] Used for signature only | ||
+ | * [[Diffie-Hellman]] Used for key-exchange | ||
+ | * [[ECC]] | ||
− | + | {{ll|Digital signatures}} are used to prove [[authentication|authenticity]] (you get a strong certitude that the one who generated the message also have the secret key) and [[integrity]] (that nothing has been changed in transmission). | |
=== Key size === | === Key size === | ||
+ | Different libraries allow for varying levels of [[complexity]], affecting speed and security. A small bit size can make an algorithm faster but more easily broken. A large [[bit]] size can make it slow but much more difficult to break. Also, the higher the bit size, the larger the processed file size will be so a balance is often chosen between strength and convenience. | ||
− | + | Note that [[key (computing)|keys]] that are twice as large in number are not merely twice as difficult to crack. 128-bit keys, for instance, are literally one trillion, trillion (1^10^10) times harder to [[crack]] with [[Brute Force]] than 40-bit keys. | |
− | + | ==== Symmetric-Key Cryptosystem key size ==== | |
− | + | : 128-bit keys are usually sufficient for RC4 and 3DES and are commonly used in Web transactions. Despite 128 bit being very adequate, many Symmetric-Key Cryptosystems now use 256-bit keys by default, regardless of algorithm. | |
− | + | : Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated [[Brute Force]] [[attack]] over the course of a few weeks with a desktop computer. | |
− | : Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated [[ | + | |
− | + | ==== Public-Key Cryptosystem key size ==== | |
− | ==== | + | |
: 1024-bit [[RSA]] keys approximately as difficult to crack as a symmetric 128-bit key. [[ECC]] keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large. | : 1024-bit [[RSA]] keys approximately as difficult to crack as a symmetric 128-bit key. [[ECC]] keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large. | ||
− | + | Key sizes are often chosen as power of two numbers (e.g. <!-- 64 (<math>Insert formula here</math>), 128 (<math>2^7</math>), 256 (<math>2^8</math>) needs some additional software on the server to work --> 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently. | |
− | Key sizes are often chosen as power of two numbers (e.g. 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently. | + | |
==== Non-math Weaknesses ==== | ==== Non-math Weaknesses ==== | ||
− | |||
Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by: | Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by: | ||
− | |||
− | |||
− | |||
− | |||
+ | * Encouraging the use of difficult-to-guess, lengthy passwords | ||
+ | * Preventing the caching of secure information in an operating system's swap file where it is vulnerable and then using a [[File Wipe]] for files that have been encrypted to prevent them from being retrieved after deletion | ||
+ | * Testing and careful review to ensure software has no failures | ||
+ | * Protecting against [[Key-Logging Attack]] software | ||
==== Openness and Cryptography ==== | ==== Openness and Cryptography ==== | ||
+ | Many systems of cryptography and its software development are fully available to the public. [[Trust]] is established in these systems because a [[Closed-Source|closed]] system created by someone else often calls the system into immediate doubt. Questions such as: does this person had my security needs in mind? Do they have other motives? | ||
− | + | This process of making the details of a system public is called [[open-source]] and is preferable to many security experts because its methods are available to [[peer]]-review and research. For instance, almost all of the encryption library algorithms up for review were open-source at the selection of the Advanced Encryption Standard ([[AES]]) by the National Institute of Standards and Technology ([http://www.nist.gov/ NIST]). | |
− | + | ||
− | This process of making the details of a system public is called [[ | + | |
=== Legal Methods to foil attacks === | === Legal Methods to foil attacks === | ||
+ | Circumventing encryption is illegal under the US [[DMCA]] law. It is assumed, however, that most methods of attack are both covert and remote, and cannot actually be enforced. Still, it is an important method to discourage public revelation of encrypted documents, often making evidence gained through decryption inadmissible in court. | ||
− | + | A law protecting your encrypted material would seem like a good thing but it really is not, stifling security research and creating ridiculous content-protection laws ala the continuous extension of the [[Mickey Mouse Release Day]]. Most academic and consumer advocates are very against the [[DMCA]]. | |
− | + | === Deniable cryptography === | |
+ | |||
+ | Resisting also unpredictable attacks is possible, even when you will be enforced (by legal or physical coercion) to provide a valid password.<ref>[http://embeddedsw.net/doc/legal_coercion.html Greg S. Sergienko - Legal Coercion]</ref><ref>[http://embeddedsw.net/doc/physical_coercion.txt Julian Assange - Physical Coercion]</ref> Deniable cryptography (a decoy based technique) allows to convincingly deny the fact that sensible data is being hidden. You only have to provide some expendable decoy data, that you would [[Plausible deniability|plausibly]] want to keep confidential, and reveal it to the attacker, claiming that this is all there is. | ||
==== Cryptography and [[DRM]] ==== | ==== Cryptography and [[DRM]] ==== | ||
− | + | * Digital Rights Management ([[DRM]]) uses cryptography to make it difficult to copy and [[Digital Signatures]] to verify its authenticity. | |
− | + | ||
− | + | == Other Software, Cryptographic Libraries == | |
− | + | * [http://embeddedsw.net/libObfuscate_Cryptography_Home.html libObfuscate] Modern 256bit cryptography / scrambling / multi-layered obfuscation | |
− | + | * [[OpenSSL]] | ([http://www.openssl.org homepage]) | very widespread library implementing [[SSL]]/[[TLS]] but it's libcrypto component is also used by many projects like [[OpenSSH]] and [[mixmaster]]. | |
− | + | * [http://botan.randombit.net/ Botan] | [http://www.gnu.org/directory/all/botan.html GNU Homepage] - ''Botan (formerly OpenCL) is a library of cryptographic algorithms. It includes a wide selection of block and stream ciphers, public key algorithms, hash functions, and message authentication codes, plus a high level filter-based interface. The home page has a list of supported algorithms.'' | |
− | + | * [http://embeddedsw.net/MultiObfuscator_Cryptography_Home.html multiobfuscator] is a utility for encrypting and decrypting files and texts. It was designed to fully implement the deniability in a free software user-friendly. | |
+ | * [http://ccrypt.sourceforge.net/ ccrypt] | [http://sourceforge.net/projects/ccrypt/ Sourceforge Page] | [http://www.gnu.org/directory/all/ccrypt.html GNU Page] - '''ccrypt''' is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix 'crypt' utility, which is notorious for using a very weak encryption algorithm. use the [[AES]] algorithm. | ||
+ | * [http://kremlinencrypt.com/crypto/algorithms.html Cryptographic Algorithms] - Listing of types | ||
+ | == Types == | ||
− | + | * [[Pretty Good Privacy|PGP]] and [[GPG]] | |
+ | * [[OpenSSH]] | [[SSH]] | ||
+ | * [[SSL]] | [[S/MIME]] | ||
+ | * [[VPN]] | ||
− | + | == Related == | |
− | + | ||
− | + | ||
− | + | ||
+ | * [[privacy]] | [[identity]] | ||
+ | * [[key pair]] | [[public key]] | [[private key]] | [[certificate]] | ||
+ | * [[signature (computing)]] | [[fingerprint (computing)]] | ||
+ | * [[password]] | ||
− | + | * [[obscurity]] | [[steganography]] | |
+ | * [[file wipe]] | ||
− | + | * [[cypherpunk]] | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | == News == | |
− | + | * [http://www.computerworld.com ComputerWorld] - [http://www.computerworld.com/securitytopics/security/encryption/news/ Crypto News] | |
+ | ==Article References== | ||
+ | {{Reflist}} | ||
− | == | + | ==See also== |
+ | * [[security]] | ||
+ | * encryption your: [[encrypting e-mail|mail]], [[encrypting files|files]], [[encrypting network links|network links]], [[encrypting chat|chat]], [[encrypting file sharing|file sharing]] | ||
− | + | == Links == | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
+ | * [http://www.securityfocus.com/ SecurityFocus] - [http://online.securityfocus.com/infocus/1181 Introduction to Encryption] | ||
+ | * [http://www.goingware.com/encryption/ Why You Should Use Encryption] | ||
+ | * [http://www.offshore.com.ai/security/ Vince Cate's Cryptorebel/Cypherpunk Page] | ||
+ | * Bruce Sterling's [http://www.counterpane.com/applied.html Applied Cryptography] | ||
+ | * [http://random.mat.sbg.ac.at/links/crypto.html Cryptography and Random Numbers] | ||
+ | * [http://www.itmanagersjournal.com/software/04/06/21/196233.shtml How to use cryptography in computer security] - Basics and myths. | ||
− | {{ | + | {{infoanarchy|Cryptography}} |
+ | [[Category:Encryption]] |
Latest revision as of 15:47, 26 October 2012
Cryptography is a way to encode the information, so that it can be decoded only by the intended person.
The science of allowing a user to radically change information in order to conceal the content from third parties. Like any system of security, this science includes the process of searching for its own weaknesses. It is the substitution of characters or symbols to create an altered message that can be reversed to its original form later. Information which has been cryptographically processed is "encrypted". Encryption is now very common, allowing users to trust their computer communications that are, on the Internet, very exposed. There are many reasons to use encryption.
Origin: The Ancient Greek kryptein, meaning "to hide", and graphein, meaning "to write" (source source).
Contents
Properties[edit]
- Encrypted signals may be detected but not understood. Concealing the very existence of the cryptography is obscurity.
- Any attempt to discern the encrypted information is considered an attack (discussed below).
- The word, phrase, characters, or other authentication method that reverses the encryption is called the "key." There can be multiple types of keys involved in this process.
- Digital signatures are not the same as cryptography but have similar applications (discussed below).
- Encryption is often combined with compression. Attacks on encryption often center upon searching for patterns in an encrypted documents and compression helps limit these. Compression tries to make sure there is only one instance of a given type of data, thus reducing recognizable patterns. Thus, finding possible clues about the key becomes much harder.
- Cryptographers are individuals who are very good at mathematics and this type of science of secret writing. They are also often software developers.
Strong cryptography often has legal restraints because of its history in military use. For example, some places (like the USA) considered the export of cryptographic materials to be the same as the export of military weaponry (munitions), and laid heavy restriction on such activity. In recent years, this has been relaxed due to foreign commercial competition.
Attacks[edit]
Computer methods to foil attacks[edit]
Here are three major computer-based methods used to foil attacks. All have advantages and disadvantages.
Libraries[edit]
For most cryptography, some type of math is involved. Libraries contain mathematical systems, or ciphers, that mathematically change information to appear as random garbage.
Of symmetrical algorithms, there are many including:
- Very strong
- Strong
- Blowfish
- RC4 - used in SSL. Contrary to most others on this page a stream cipher
- Weak
One must weight his choice of algorithm based on his performance need and likely attack, however the strongest choices like AES have very fast implementations both in hardware and software.
Public-key algorithms include:
- RSA Used for encryption and signature
- DSA Used for signature only
- Diffie-Hellman Used for key-exchange
- ECC
Digital signatures are used to prove authenticity (you get a strong certitude that the one who generated the message also have the secret key) and integrity (that nothing has been changed in transmission).
Key size[edit]
Different libraries allow for varying levels of complexity, affecting speed and security. A small bit size can make an algorithm faster but more easily broken. A large bit size can make it slow but much more difficult to break. Also, the higher the bit size, the larger the processed file size will be so a balance is often chosen between strength and convenience.
Note that keys that are twice as large in number are not merely twice as difficult to crack. 128-bit keys, for instance, are literally one trillion, trillion (1^10^10) times harder to crack with Brute Force than 40-bit keys.
Symmetric-Key Cryptosystem key size[edit]
- 128-bit keys are usually sufficient for RC4 and 3DES and are commonly used in Web transactions. Despite 128 bit being very adequate, many Symmetric-Key Cryptosystems now use 256-bit keys by default, regardless of algorithm.
- Many 40-bit RC4 and 3DES keys must be avoided as they are not secure. They can be broken by a dedicated Brute Force attack over the course of a few weeks with a desktop computer.
Public-Key Cryptosystem key size[edit]
- 1024-bit RSA keys approximately as difficult to crack as a symmetric 128-bit key. ECC keys can be as secure and considerably shorter than RSA keys. Some public-key programs are available that use exceedingly large key sizes as high as 8192 or 16384 but are, as mentioned above, inconvenient, making the encrypted transmission unnecessarily large.
Key sizes are often chosen as power of two numbers (e.g. 64 (2^6), 128 (2^7), 256 (2^8)) as they can be implemented more efficiently.
Non-math Weaknesses[edit]
Good cryptography is not necessarily the use of smart people or great math. Good cryptography is made up of a program that provides end-to-end security by:
- Encouraging the use of difficult-to-guess, lengthy passwords
- Preventing the caching of secure information in an operating system's swap file where it is vulnerable and then using a File Wipe for files that have been encrypted to prevent them from being retrieved after deletion
- Testing and careful review to ensure software has no failures
- Protecting against Key-Logging Attack software
Openness and Cryptography[edit]
Many systems of cryptography and its software development are fully available to the public. Trust is established in these systems because a closed system created by someone else often calls the system into immediate doubt. Questions such as: does this person had my security needs in mind? Do they have other motives?
This process of making the details of a system public is called open-source and is preferable to many security experts because its methods are available to peer-review and research. For instance, almost all of the encryption library algorithms up for review were open-source at the selection of the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST).
Legal Methods to foil attacks[edit]
Circumventing encryption is illegal under the US DMCA law. It is assumed, however, that most methods of attack are both covert and remote, and cannot actually be enforced. Still, it is an important method to discourage public revelation of encrypted documents, often making evidence gained through decryption inadmissible in court.
A law protecting your encrypted material would seem like a good thing but it really is not, stifling security research and creating ridiculous content-protection laws ala the continuous extension of the Mickey Mouse Release Day. Most academic and consumer advocates are very against the DMCA.
Deniable cryptography[edit]
Resisting also unpredictable attacks is possible, even when you will be enforced (by legal or physical coercion) to provide a valid password.[1][2] Deniable cryptography (a decoy based technique) allows to convincingly deny the fact that sensible data is being hidden. You only have to provide some expendable decoy data, that you would plausibly want to keep confidential, and reveal it to the attacker, claiming that this is all there is.
Cryptography and DRM[edit]
- Digital Rights Management (DRM) uses cryptography to make it difficult to copy and Digital Signatures to verify its authenticity.
Other Software, Cryptographic Libraries[edit]
- libObfuscate Modern 256bit cryptography / scrambling / multi-layered obfuscation
- OpenSSL | (homepage) | very widespread library implementing SSL/TLS but it's libcrypto component is also used by many projects like OpenSSH and mixmaster.
- Botan | GNU Homepage - Botan (formerly OpenCL) is a library of cryptographic algorithms. It includes a wide selection of block and stream ciphers, public key algorithms, hash functions, and message authentication codes, plus a high level filter-based interface. The home page has a list of supported algorithms.
- multiobfuscator is a utility for encrypting and decrypting files and texts. It was designed to fully implement the deniability in a free software user-friendly.
- ccrypt | Sourceforge Page | GNU Page - ccrypt is a utility for encrypting and decrypting files and streams. It was designed to replace the standard Unix 'crypt' utility, which is notorious for using a very weak encryption algorithm. use the AES algorithm.
- Cryptographic Algorithms - Listing of types
Types[edit]
Related[edit]
- privacy | identity
- key pair | public key | private key | certificate
- signature (computing) | fingerprint (computing)
- password
News[edit]
Article References[edit]
See also[edit]
- security
- encryption your: mail, files, network links, chat, file sharing
Links[edit]
- SecurityFocus - Introduction to Encryption
- Why You Should Use Encryption
- Vince Cate's Cryptorebel/Cypherpunk Page
- Bruce Sterling's Applied Cryptography
- Cryptography and Random Numbers
- How to use cryptography in computer security - Basics and myths.
This article is based on a public domain infoAnarchy article: Cryptography | iA |