Cryptography

(Back to Home)

Table of Contents

• Introduction
• Types of Cryptography
• Ciphers
  • Feistel
  • AES
  • DES, 2DES, 3DES
  • Blowfish
  • RC5
• Key Exchange
  • Diffie-Hellman
• Hashing
  • SHA
• Digital Signatures
• Digital Certificates and Certificate Revocation (OCSP and CRL)
• PGP
• Perfect Forward Secrecy
• Resources

Introduction

• Cryptology is the scientific study of Cryptography and Cryptanalysis.
• Cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries.
• Cryptanalysis is used to breach cryptographic security systems and gain access to the contents of encrypted messages, even if the cryptographic key is unknown.
• 7 Cryptography Concepts EVERY Developer Should Know
• Security Pitfalls in Cryptography
• Why Cryptography Is Harder Than It Looks

Types of Cryptography

Ciphers

Feistel

• Feistel Cipher
• Modes of Operation
• EXTRA BITS: Feistel Modes of Operation Code
• Securing Stream Ciphers (HMAC)

AES

• AES: Advanced Encryption Standard
• Block size: 128 bits
• Key size: 128, 192 or 256 bits
• No. of rounds: 10, 12 and 14 rounds for 128, 192 and 256 bits key size respectively)
• SP Networks
• Rinjdael algorithm (the base of AES)
• AES Explained
• 128 Bit or 256 Bit Encryption?
• In depth working of AES (Hindi)

DES, 2DES, 3DES

• DES: Data Encryption Standard
• Block size: 64 bits
• Key size: 56 bits (64 bits in reality)
  • The 64 bit key is made of eight chunks of eight bits each. The eighth bit in each chunk is a parity bit (and is thus discarded). So, the actual key length is 64 - 8 = 56.
• No. of rounds: 16
• Prerequisite
  • Feistel Cipher
• Hindi
  • DES
  • DES Key Generation
  • DES Avalanche and Completeness Effect
  • 2DES and Meet in the Middle attack
  • 3DES
  • DES Weaknesses
• English
  • http://wesecure.net/learn/index.html

Blowfish

• Block size: 64 bits (Twofish has a block size of 128 bits.)
• Key size: 32 to 448 bits (The default is 128 bits.)
• No. of rounds: 16
• Blowfish Explained

RC5

• RC: Rivest/Ron’s Cipher
• Block size: 32, 64 or 128 bits
• Key size: 0 to 2040 bits
• No. of rounds: 0 to 255

Key Exchange

Diffie-Hellman

• Key exchange algorithm
• End to End Encryption (E2EE)
  • Side note: End-to-End Encryption in the Browser Impossible?
• Secret Key Exchange (Diffie-Hellman)
• Diffie-Hellman - the Mathematics bit
• Key Exchange Problems (includes explanation on RSA)
• Elliptic Curves
• Elliptic Curve Back Door
• ‘Ephemeral’ means ‘something that is short lasting’.
• ECDH = Elliptic Curve Diffie-Hellman
• ECDH in SSH
• Perfect Forward Secrecy (FS or PFS)

Hashing

• Hashing Algorithms and Security

SHA

• Secure Hashing Algorithm
• SHA
• SHA1 Problems

Digital Signatures

• Help in establishing message integrity, i.e., proving that a particular person/origin sent the data.
• Message Authentication Codes (MACs) are symmetric key protocols, while Digital Signatures are asymmetric/public key protocols.
• What are Digital Signatures?
• Digital Signatures: What They Are & How They Work
• Digital Signatures

Digital Certificates and Certificate Revocation (OCSP and CRL)

• SSL/TLS Certificates
• Compressing Certificates in TLS
• Certificate Revocation Techniques (CRL, OCSP, OCSP Stapling)
• Shared vs Private SSL/TLS Certificates
• The SSL Certificate Issuer Field is a Lie (Credits)
• No More Extended Validation Certificate Overhead from Chrome 106
• Revocation checking and Google Chrome CRLSet
• Revocation Doesn’t Work
• The Impact of SSL Certificate Revocation on Web Performance
• A no-bull technical guide to EV HTTPS
• PKI information and X.509 certificate extensions

PGP

• PGP: Pretty Good Privacy
• OpenPGP
  • Standard for PGP software
• GPG/GnuPG: GNU Privacy Guard
  • Tool to use PGP
  • GNU: GNU’s Not Unix
• Provides
  • Authentication (using the Web of Trust - importing the receiver’s public key into the sender’s key ring)
  • Confidentiality (using a combo of symmetric/conventional and asymmetric key cryptography)
• Used for signing, encrypting and decrypting e-mails, files, directories, disks, etc.
• It uses the decentralized ‘Web of Trust’ to verify the identity of users. (Key rings and graphs)
• Intro to PGP
• PGP and GPG difference
• PGP and the Web of Trust
• A Pretty Good Introduction to Pretty Good Privacy
• End-to-End Encryption in the Browser Impossible?
• OpenPGP, PGP, and GPG: What is the Difference?
• Security basics with GPG, OpenSSH, OpenSSL and Keybase
• Creating the Perfect GPG Keypair
• Does OpenPGP key expiration add to security?
  • Very good answer for understanding expiry date shenanigans of subkeys and the secret (private) key, and about the revocation certificate.
• How To Use GPG to Encrypt and Sign Messages
• Digitally Signing and Encrypting Messages
• Guidelines for strong passwords
• Why should one not use the same asymmetric key for encryption as they do for signing?
• Exercise: Sending an Encrypted and Signed e-mail

Perfect Forward Secrecy

• PFS or FS: Perfect Forward Secrecy
• Wikipedia: Perfect Forward Secrecy
• Perfect Forward Secrecy (PFS) in TLS
  • The Heartbleed Bug
  • The Logjam TLS attack: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (weakdh.org)
  • More about TLS

Resources

• Computerphile
• Christof Paar
• Eddie Woo
• Abhishek Sharma (Hindi)
• Gideon Samid (http://wesecure.net)
• Crypto 101
• Cryptology, Cryptography, and Cryptanalysis – Get your Vocabulary Straight!
• Why Johnny Can’t Encrypt