Cryptography basics - Encryption and Hashing

on
Cryptography:
Cryptography is the science and practice of safeguarding information through the use of special tools, techniques, and other methods.
One area that owes its existence to cryptography is e-commerce. The practice has heavily benefitted from the field, allowing for the secure exchange of financial information as well as preventing exposure of and authenticating access to that information. 
In fact, it can be easily argued that e-commerce would not exist in without cryptography.
Some additional protections and usage are:
  1. A prominent role of authentication can be found within the actual authentication process used to log in to most systems and services. Authentication has become commonplace in many of our normal, daily activities. 

    Eg: Consider the information used to authenticate and validate a credential such as an ATM card or a computer login at work. Our PINs and passwords must be kept absolutely secret and protected to prevent inadvertent disclosure to unauthorized parties. Another fundamental example of cryptography’s role in authentication is in the hashing of passwords, which allows a method of authenticating a party without the need to transmit the password itself over a network (the hashes themselves are instead).

  2. Non-repudiation is another area that the science of cryptography provides to the modern world. Non-repudiation, simply stated, is the ability to have positive proof that a particular party or entity is the one who originated an action. For example, in many corporate environments the application of a digital signature to e-mail is used as a potent means of asserting that a certain party transmitted the message. The possibility of the specific party not being the one who transmitted the message or carried out the action raises other legitimate security concerns, such as the compromise of the sender’s system access (for example, did they lose control of their credentials and not say anything?). With this mechanism in place, it is possible now to have strong accountability for every action within an organization, allowing for the tracing of actions back to whomever initiated them. Non-repudiation should also, in theory, eliminate or substantially cut down on what is known as spoofing (impersonating) another party if the system is kept secure.

  3. Finally, one other critical aspect of any effective cryptosystem is key distribution. Arguably one of the most valuable components of a cryptosystem is the key, which represents the specific combination or code used to encrypt or decrypt data. This “combination” must be kept absolutely secret and accessible only to authorized parties; failure to do so severely weakens and many times compromises the entire system. Consider this example: If an individual is required in their work environment to set a 12-character complex password, but then writes that password on a sticky note and places it on the lid of their laptop, the system is compromised no matter how strong the password may be otherwise. Another example would be the soon to be covered Caesar’s system: If a message encrypted with this system is considered secure, that security is severely compromised if the key is sent along with the message, kind of like locking the front door to a house and then taping the key to the it.

Encryption
Encryption, as you now know, takes information and converts it to an unreadable format that can be reversed. This process can only be reversed under a very specific set of conditions that will allow the encrypted information to be decrypted. If the information cannot be readily reversed when you are given the correct instructions and combination, then it isn’t very useful.
Symmetric Algorithms
Symmetric algorithms do some things really well and other things not so well, just like their asymmetric cousin. Modern symmetric algorithms are great at all of the following:
  • Preserving confidentiality
  • Speed
  • Simplicity (relatively speaking, of course)
  • Authenticity
So what do symmetric algorithms poorly? 
  • Key management
  • Non-repudiation
Common Symmetric Algorithms
  • Data Encryption Standard (DES)   Originally adopted by the U.S. government in 1977, the DES algorithm is still in use today. DES is a 56-bit key algorithm, but the key is too short to be used today for any serious security applications.
  • Triple DES (3DES)   This algorithm is an extension of the DES algorithm and is, in essence, three times more powerful than the DES algorithm. If you can do the math, you will note that the algorithm uses a 168-bit key.
  • Blowfish   Blowfish is an algorithm that was designed to be strong, fast, and simple. The algorithm uses a 448-bit key and is designed and optimized for use in today’s 32- and 64-bit processors (which its predecessor DES was not). The algorithm was designed by encryption expert Bruce Schneier.
  • Rijndael or Advanced Encryption Standard (AES)   The successor to DES and chosen by the National Institute of Standards and Technology (NIST) to be the new U.S. encryption standard. The algorithm is very compact and fast, and can use keys that are 128, 192, or 256 bits long
Asymmetric/Public-Key Cryptography
These systems change the paradigm introduced by symmetric systems by using two keys (or a key pair) instead of the one key used in a symmetric system. The keys in these types of systems are typically referred to as private and public keys.
So what are the common asymmetric algorithms?
  1. RSA   One of the more common and best known algorithms. It’s one of the few algorithms designed to do both key generation and encryption. Most asymmetric algorithms only perform key generation. The few that do both either are in marginal use or are in disuse altogether.
  2. Diffie-Hellman   An algorithm that performs a form of key management and does not actually perform encryption itself. It allows two parties that have no prior relationship to exchange keys that may be used to encrypt data safely and securely.
  3. Elliptical Curve Cryptography (ECC)   This algorithm functions by computing intersections of curved lines and intersecting lines on a graph. It has the advantage of using little in the way of processing power and other resources on a system. It has seen widespread use in data storage systems and mobile devices.
  4. Digital Signature Algorithm (DSA)   This algorithm is similar to the one used by the Elgamal signature algorithm.
  5. Elgamal   This is an asymmetric key encryption algorithm for public-key cryptography.
Hashing and Message Digest
Hashing should not be confused with the previous forms of encryption we discussed. It definitely shares similarities, but also has many differences. Remember that encryption is designed to scramble data so that it is not readable by anyone who does not have the proper key to reverse the process. Hashing produces a digest of the plaintext information while leaving the plaintext intact and readable. This is a big difference that you will need to remember to properly understand hashing.
There are a great number of places that the technique is used. Here are few of the places hashing and message digests are used:
1.Digital signatures   These are an essential part of the creation of digital signatures, as you will see in a later chapter.
2. Digital certificates   Digital certificates are dependent on the existence of hashing as a core feature. We will explore this subject later in the book.
3. Verifying downloaded software   Hashing allows you to download a piece of software (such as an ISO file for Linux), device driver, or software update and have confidence that it is in the same state that the author intended it to be in.  


Difference between Encryption and Hashing 

Encryption is a confidentiality function, and hashing is an integrity function.