Cryptography

Cryptography is an art of writing text or data in secret code
It encrypts the plain text data into unreadable format, which is
called as cipher text
It is based on mathematical algorithms
These algorithms use a secret key for the secure
transformation
In cryptography, each person receives a pair of keys, called the public-key, and the
private-key
Each person’s public-key is published while the private-key is kept secret
Anyone can send a confidential message using public information, but it can only be
decrypted with a private-key that is in the sole possession of the intended recipient
Classical ciphers comprise of two basic components:
• Substitution Cipher
• Transposition Cipher
• Monoalphabetic
• Polyalphabetic
Several of these ciphers are grouped together to form a ‘product
cipher'

Encryption

Encryption is the process of converting data into a secret code
It is the most effective way to achieve data security

To read an encrypted file, you must have access to a secret key or password that enables
you to decrypt it
Unencrypted data is called plain text

Encrypted data is referred to as cipher text

DATA
(‘Morpheus’)
Encrypted DATA
(‘3*.,~’@!w9”)

Decryption
Decryption is the process of decoding data that has been encrypted into a secret
format
It requires a secret key or password
Public Key Cryptography encryption
Decryption is performed with public
and private keys

Cryptographic Algorithms

Secret key Cryptography:
• It uses a single key for both encryption and decryption processes
• Since single key is used for both encryption and decryption , it is also called as Symmetric Encryption

Public key Cryptography:
• It uses one key for encryption and another for decryption
• One key is designated as a public key which is open to public and the other key is designated as a private key which is kept secret

Hash Functions:
• It uses a mathematical transformation to irreversibly "encrypt" information
• It is also called ‘Message Digest’ and One-way Encryption, are algorithms that, in
some sense, use no key
• Instead, a fixed-length hash value is computed based upon the plaintext
• Hash algorithms are typically used to provide a digital fingerprint of a file's contents

# RSA (Rivest Shamir Adleman)

RSA is a public-key cryptosystem

It uses modular arithmetic, and
elementary number theories to
perform computations using two
large prime numbers

RSA encryption is widely used and is
the de-facto encryption standard

Data Encryption Standard (DES)

DES is an algorithm for encrypting and
decrypting unclassified data
It is a block cipher that takes a plaintext
string as input and creates a ciphertext string
of the same length

It uses a symmetric key, which means that
the same key is used to convert ciphertext
back into plaintext

The DES’s block size is 64 bits
The key size is also 64 bits, although 8 bits of
the key are used for parity (error detection)
which makes the effective DES’s key size 56 bits


Rc4 Is a variable key size stream cipher with byte-oriented
operations, and is based on the use of a random
permutation

Rc5 Is a parameterized algorithm with a variable block size,
key size, and a variable number of rounds
RC6 adds two features to RC5: the inclusion of integer
multiplication, and the use of four 4-bit working
registers instead of RC5’s two 2-bit registers

Blowfish Is a 64-bit block cipher that uses a key length that can
vary between 32 and 448 bits

SSL (Secure Sockets Layer)
SSL stands for Secure Sockets Layer
It is a protocol developed by Netscape
for transmitting private documents via
the Internet

It works by using a private-key to
encrypt data which is transferred over
the SSL connection

SSL Protocol is an independent
application protocol

Algorithms and Security
40-bit key algorithms are of no use

56-bit key algorithms offer privacy, but are
vulnerable

64-bit key algorithms are safe today but will be
soon threatened as the technology evolves

128-bit and over algorithms are almost unbreakable

256-bit and above are impossible

Digital Signature

Digital Signature is a type of asymmetric cryptography used
to simulate the security properties of a signature in digital,
rather than written form
Digital signature schemes normally give two algorithms;
one for signing which involves the user's secret or private
key, and one for verifying signatures which involves the
user's public key
The output of the signature process is called the "digital signature'

Components of a Digital Signature
Components of Digital Signature:
Public key
Name and E-mail of sender
Key expiry date
Company name that sends the
information
Serial number of Digital Signature
Digital signature of certification authority

Digital Signature Applications
Digital Signatures are used to check:
Identity of the sender

Dependability of the message

Whether message sent is genuine

For risk of frauds

Whether message is illegally reproduced

Fulfillment of lawful requirements

For security of open systems
Digital Certificates

Digital Certificates verify the uniqueness of the principles and entities over
networks as electronic documents
Unique identity to the owner of the digital certificate is defined by both public key
and private keys
Widely accepted format for digital certificates is defined by the ITU-T X.509
international standard
Digital certificate includes a variety of information such as:
• Name of the subject
• Subject's public key
• Certification authority’s name
• Serial number
• Lifetime period of the digital certificate right from the start date

PGP (Pretty Good Privacy)

Pretty Good Privacy (PGP) is a software package originally developed by Philip R.
Zimmermann, which provides cryptographic routines for email, and file storage applications

Zimmermann took existing cryptosystems and cryptographic protocols, and developed a program that can run on multiple platforms
It provides message encryption, digital signatures, data compression, and email compatibility

Hacking Tool: PGP Crack

PGP crack is a program designed to brute force a conventionally
encrypted file with a PGP, or a PGP secret key

The file pgpfile cannot be ascii-armored
The file phraselist should be a file containing all of the passphrases that
will be used to crack the encrypted file

CypherCalc
CypherCalc is a full-featured, programmable calculator designed for
multi-precision integer arithmetic

It is intended for use in the design,
testing, and analysis of cryptographic
algorithms involving key exchanges,
modular exponentiation, modular
inverses, and Montgomery Math

It has built-in GCD and SHA 1 tools, and
a CRC tool that can generate CRC tables
for your applications
Advanced File Encryptor
Advanced File Encryptor is a tool to encrypt and
secure most important files like banking
information, e-mail documents, and any other file
with special personal value
This program uses unbreakable 256-bit AES
encryption and provides a peace of mind that data is
safe
It can also create self-decrypting archive files that
require a password when opened and will extract the
protected documents
It allows to encrypt typed text or clipboard content
using AES, Twofish, or RSA encryption, which
allows you to protect email or chat conversations as
well

Encrypt PDF
Encrypt PDF software allows to encrypt (using standard 40-bit or
8 128-bit supported by Acrobat Reader 7.0 and up) existing PDFs, set
permissions, add user, and owner password
Button to print the file will be disabled in Acrobat Reader application,
it can encrypt a PDF allowing the user to read it only if he knows the
correct password
Two passwords can be applied to the PDF: they are owner and user
password

Code Breaking: Methodologies
The various methodologies used for code breaking are:
• Using brute-force
• Frequency analysis
• Trickery and deceit
• One-time pad

Posted in: cryptography