My First Time: Introduction to Cryptography

In my attempt to learn how to use the .NET's cryptography class, I come across an article that suggests to have a firm grasp of the cryptographic theory to be able to have a better understanding of the .NET's cryptography class. Here's what I got so far...

3 Fundamental Concepts of Cryptography (Types of Cryptographic Algorithm)

Hash Functions
Symmetric (Secret Key) Encryption
Assymetric (Public Key) Encryption

HASH (MESSAGE DIGESTS or ONE-WAY ENCRYPTION)

sort of "signature" for a stream of data that represents the contents
can be associated to a "tamper-proof seel in a package", once its opened, its obvious
reads a stream of data
outputs a 128-/160-bit number which contains the summary of the stream of data
each hashing method have their own advantages and disadvantages depending on their performance, variations of collision resistance, how well security has been tested, etc.
uses no key, instead, uses a fixed-length hash value that is computed based on the cleartext that makes it impossible to recover either the contents nor the length of the cleartext
used to provide a digital fingerprint of a file's contents
used to ensure that the file has not been altered by a virus, an intruder, nor thru data transfer
used for encrypting passwords in a password store

SOME HASH FUNCTIONS COMMONLY USED

designed for systems with limited memory (i.e., smartcards)

md4 (128 bits, obsolete)

designed for fast processing in software

md5 (128 bits)

similar to md4 but slower due to manipulations made to the original data

Secure Hash Algorithm (SHA)

produces a 160-bit hash value which can produce 224-, 256-, 384-, 512-bit length hash values

ripemd-160 (160 bits)

based on a 128-bit hash functions optimized for 32-bit processors

SYMMETRIC ENCRYPTION (Secret Key Cryptography - SKC)

uses a single key for encrypting and decrypting data
advantage:

relatively fast

disadvantage:

to be able to share encrypted data, you have to share your key

schemes:

Stream Ciphers

Block Ciphers

STREAM CIPHERS

operate on a single bit (byte or word) at a time to implement some form of feedback mechanism so the key is constantly changing
same cleartext will produce different ciphertext

Self-Synchronizing Stream Ciphers

calculate each bit in the keystream as a function of the previous n bits in the keystream
advantage:

decryption process can stay in sync with the encryption process by just knowing how far into the n-bit keystream it is

disadvantage:

error propagation, a lost or destroyed bit during transmission will cause n destroyed bits at the receiving side

Synchronous Stream Ciphers

generates the keystream in a fashion independent of the message stream, however the same keystream generation function is used by both sender and receiver

BLOCK CIPHERS

operates on one block of data at a time using the same key on each block
same cleartext block will always produce the same ciphertext

Electronic Codebook (ECB) Mode

simplest and most obvious application
the secret key will be used for encryption, thus, 2 identical cleartext blocks will produce the same ciphertext block

Cipher Block Chaining (CFB) Mode

adds a feedback mechanism to the encryption scheme
cleartext is XORed with the previous ciphertext block prior to encryption
advantage:

two identical plaintext blocks will never encrypt to the same ciphertext

Cipher Feedback (CFB) Mode

block cipher implementation of the self-synchronizing stream cipher

allows data to be encrypted in units smaller than the block size

Output Feedback (OFB) Mode

block cipher implementation similar to a synchronous stream cipher

prevents the same cleartext block from generating the same ciphertext block by using internal feedback mechanism which is independent of both cleartext and ciphertext bitstream

SOME SKC ALGORITHMS USED

Data Encryption Standard (DES)

most common
designed by IBM in the 70s
adopted by the National Institute for Standards and Technology (NIST) in 1977 for commercial and unclassified government applications
a block cipher employing a 56-bit key that operates on 64-bit blocks
composed of a complex set of rules and transformations designed specifically for fast hardware implementation but slow software implementations. However, since speed of computers today have dramatically increased, slow software implementations is not an issue.
defined in American National Standard X3.92 and 3 Federal Information Processing Standards (FIPS)

FIPS 46-3: DES
FIPS 74: Guidelines for Implementing and Using the NBS Data Encryption Standard
FIPS 81: DES Modes of Operation

Variants that strengthen DES:

Triple-DES (3DES) : uses up to 3 56-bit keys and makes 3 encryption/decryption passes over the block

DESX : devised by Ron Rivest, combines 64 additional key bits to the cleartext prior to encryption, effectively increases keylength to 120 bits

Advanced Encryption Standard (AES)

initiated by NIST in 1997, to develop a new secure cryptosystem for US government applications

official successor of DES in 2001
adopted an SKC scheme called "Rijndael" (block ciphers designed by Belgian cryptographers)

the algorithm can use a variable block length and key length
allowed any combination of key lengths of 128, 192, or 256 bits and block lenghts of 128, 192, or 256 bits

AES Standard describes a 128-bit block cipher employing a 128-, 192-, or 256-bit key

CAST-128

a DES-like substitution-permutation crypto algorithm, using a 128-bit key operating on 64-bit block

CAST-256

extension of CAST-128 using 128-bit block and a variable length key. Key length may be 128, 160, 192, 224, or 256 bits)

International Data Encryption Algorithm (IDEA)

patented by Ascom in 1992
a 64-bit SKC block cipher using a 128-bit key

Rivest Ciphers (Ron's Code)

a series of SKC algorithms

Blowfish

symmetric 64-bit block cipher optimized for 32-bit processors with large data caches
significantly faster than DES on Pentium machines
key lengths may vary from 32-448 bits
available freely and intended as a substitute for DES or IDEA

ASSYMETRIC ENCRYPTION (Public Key Cryptography - PKC)

uses 2 different keys:

public key - for encryption
private key - for decryption

advantage:

you don't have to share your key to share your encrypted data

disadvantage

very slow, not recommended for data more than 1kb in size

uses mathematical functions that are easy to compute but very difficult to reverse

i.e., Multiplication vs. Factorization, Exponentiation vs. Logarithms

mathematical trick: find a "trap door" in the one-way function such that the inverse calculation becomes easy given a few items of information

SOME PKC ALGORITHMS USED

1. RSA

widely used for key exchange and digital signatures
uses variable size encryption block and variable size key
key pair is derived from a very large number "n", where n = product of 2 prime numbers chosen accdg to special rules

primes may be 100 or more digits in length each

public key information includes "n" and a derivative of one of the factors of "n"

such that an attacker cannot determine the prime factors of "n"

advantage:

hard to crack due to the difficulty of factoring large prime numbers (wherein, in fact, prime factors have only 2 factors)

disadvantage:

modern computers now have the ability to find prime factors with more than 200 digits

however, if a large number is derived from 2 prime factors with roughly the same size, there is yet no known factorization algorithm that can solve the problem in a reasonable amount of time

a presumed protection of RSA is to increase the key size to always stay ahead of the computer processing curve

Digital Signature Algorithm (DSA)

specified in NIST's Digital Signature Standards

Elliptical Curve Cryptography (ECC)

algo is based on elliptic curves
offers levels of security with smaller keys comparable to RSA
designed for devices with limited computer power and memory (i.e., smartcards, PDAs)