Security + Computer System Security

DCOM 258 E31

Name: Shaamim Ahmed
Chapter 13: Encryption & Hashing Concepts
Part # 1

Define the following Key Terms (12 points)

1. Cryptography
The practice and study of hiding information
2. Encryption
The process of changing information using an algorithm (or cipher) into
another form that is unreadable by others
3. Cipher
An algorithm that can perform encryption or decryption
4. Key
The essential piece of information that determines the output of a
cipher
5. Private Key
Only known to a specific user or users who keep the key a secret
6. Public key
Known to all parties involved in encrypted transactions within a given
group
7. Symmetric key algorithms
A class of cipher that uses identical or closely related keys for
encryption and decryption
Requires the secure initial exchange of one or more secret keys
Examples include DES, 3DES, RC, and AES
There are two types of symmetric keys:
A stream cipher is a type of algorithm that encrypts each byte in
a message one at a time.
A block cipher is a type of algorithm that encrypts a group of bits
collectively as individual units known as blocks.
8. Asymmetric key algorithms
Use a pair of different keys to encrypt and decrypt data.
The keys are related mathematically.
Examples include RSA, Diffie-Hellman, and ECC.
9. Public Key Cryptography
Uses asymmetric keys alone or in addition to symmetric keys.
Doesnt require the secure exchange of secret keys.
The public key is well known, and anyone can use it to encrypt
messages.

Security + Computer System Security

DCOM 258 E31

Only the owner(s) of the paired or corresponding private key can

decrypt the message.
Private keys can be used to sign messages.
Digital signatures authenticate a document through math, letting
the recipient know that the document was created and sent by
the actual sender and not someone else.
SSL and PGP are examples of technologies that use public key
cryptography.
10.
Steganography
Steganography is the science (and art) of writing hidden
messages; it is a form of security through obscurity.
Its goal is that no one aside from the sender and receiver should
even suspect that the hidden message exists.
It might be used by network security administrators or by
hackers.
A common example of steganography is when using graphic files
to send hidden messages. In this scenario, the least-significant
bit of each byte is replaced
11.
One-time pad
A one-time pad (also known as the Vernam cipher, named after the
engineer Gilbert Vernam) is a stream cipher that encrypts plaintext
with a secret random key that is the same length as the plaintext. It
uses a string of bits that is generated at random (known as a
keystream). Encryption is accomplished by combining the keystream
with the plaintext message using the bitwise XOR operator to produce
the ciphertext. Because the keystream is randomized, even an attacker
with a plethora of computational resources on hand can only guess the
plaintext if the attacker sees the cipher text.
12.
Pretty Good Privacy (PGP)
"Pretty Good Privacy (PGP) encryption uses a symmetric key scheme
for the session key data, and asymmetric RSA for the sending of the
session key, plus a combination of hashing and data compression. Key
distribution systems are part of an entire encryption scheme, which
typically includes a technology such as Kerberos (key distribution
center) or quantum cryptography.
13.
Hash
A summary of a file or message
Used in digital signatures, and file and message authentication

Security + Computer System Security

DCOM 258 E31

Generated through the use of a hash function to verify the

integrity of the file or message, most commonly after transit over
a network
Falls into the category of a one-way function
14.
Hash function
A mathematical procedure that converts a variable-sized amount
of data into a smaller block of data
Designed to take an arbitrary data block from the file or
message, use that as an input, and from that block, produce a
fixed-length hash value
15.
Cryptographic hash functions
Cryptographic hash functions
o Hash functions based on block ciphers
Message-Digest algorithm 5 (MD5)
o Latest in a series of algorithms designed by Ron Rivest.
o Uses a 128-bit key.
o Widely used hashing algorithm; at some point you have
probably seen MD5 hashes when downloading files.
Secure Hash Algorithm (SHA)
o One of a number of hash functions designed by the NSA
and published by the NIST.
o Widely used in the United States government.
o SHA-1 is the most commonly used version that employs a
160 bit hash, which is reasonably secure, but uses a lot of
resources.
o SHA-2 is more secure; uses 256-bit and 512-bit block sizes.
RIPEMD and HMAC
o RACE Integrity Primitives Evaluation Message Digest 160bit
o Hash-based Message Authentication Code uses MD5 or
SHA-1
16.
Message-Digest algorithm 5 (MD5)
Message-Digest Algorithm 5 (MD5) is a 128-bit key hash used to
provide integrity of files and messages.
17.
Secure Hash Algorithm (SHA)
"The Secure Hash Algorithm (SHA) is one of a number of hash functions
designed by the U.S. National Security Agency (NSA) and published by
the NIST. They are used widely in the United States government. SHA-1
is the most commonly used version, which employs a 160-bit hash,

Security + Computer System Security

DCOM 258 E31
which is reasonably secure but uses a lot of resources on the computer
generating the hash. SHA-2 is more secure; it has 256-bit and 512-bit
block sizes but uses even more resources and is less widely accepted.
Keccak was selected from a group of algorithms in 2012 as the SHA-3
winner, but is not meant as a replacement for SHA-2, because no
compromise of SHA-2 has yet been demonstrated."
18.
RIPEMD
RIPEMD stands for the RACE Integrity Primitives Evaluation Message
Digest. The original RIPEMD (128-bit) had a collision reported, and
therefore it is recommended to use RIPEMD-160 (160-bit), RIPEMD-256,
or RIPEMD-320. The commonly used RIPEMD-160 is a 160-bit message
digest algorithm used in cryptographic hashing. It is used less
commonly than SHA-1 and was designed as an open source hashing
algorithm.
19.
HMAC
HMAC stands for Hash-based Message Authentication Code. Lets step
back for a moment: Message Authentication Code (MAC) is a short
piece of information used to authenticate a mes- sage and to provide
integrity and authenticity assurances on the message. Building on this
con- cept, HMAC is a calculation of a MAC through the use of a
cryptographic hash function such as MD5 or SHA-1. If for example SHA1 is used, the corresponding MAC would be known as HMAC-SHA1.

Part #2: Short Answers (8 points)

1. Discuss the following concepts: (3)
A. Key stretching
A key stretching technique will take a weak key, process it, and
output an enhanced and more powerful key. Often, this process
will increase the size of the key to 128 bits, making attacks such
as brute-force attacks much more difficult, if not impossible.
Examples of key stretching software include PBKDF2 and bcrypt.
B. Salting
Salting is the randomization of the hashing process to defend
against cryptanalysis password attacks and rainbow tables.
C.
Complexity and length of the password
Password policies can be implemented to enforce the usage of
complex passwords and regulate how long passwords last. They
can be configured on local computers, such as Windows
operating systems, by navigating to

Security + Computer System Security

DCOM 258 E31
Administrative Tools > Local Security Policy. When in the Local
Security Settings window, continue to Security Settings >
Account Policies > Password Policy.
More important, policies can be configured for an entire network,
for example, on a Microsoft domain. The policy can affect the
entire domain or individual organizational units. This would be
known as a Group Policy and would be configured on a domain
controller. For example, a Windows Server domain controller can
be configured by completing the following steps:
Step 1. Step 2. Step 3 and Step 4.
Access the domain controller. Create an MMC.
Add the Default Domain Policy to the MMC. (Done by adding a
Group Policy Object Editor snap-in.)
In the Default Domain Policy, navigate to Computer Configuration
> Policies > Windows Settings > Security Settings > Account
Policies > Password Policy."
2. List three concepts of Asymmetric Encryption Algorithms. (3)
a. RSA (Rivest, Shamir, Adleman)
i. A public key cryptography algorithm
ii. Secure if large enough keys are used
iii. Works by first multiplying two distinct prime numbers that
cannot be factored, then moving on to some more
advanced math, and finally creates a private and public
key pair
iv. Vulnerable to MITM attacks
b. Diffie-Hellman
i. The first practical method for establishing a shared secret
key over an unprotected communications channel
ii. Establishes a shared secret key that can be used for secret
communications, but over a public network
iii. Secure against eavesdroppers
c. Elliptic Curve Cryptography (ECC)
i. A type of public key cryptography based on the structure of
an elliptic curve.
ii. Keys are created by graphing specific points on the curve,
which was generated mathematically.
3. List five concepts of Symmetric Key Algorithms (5)
a. Data Encryption Standard (DES)
i. An older type of block cipher selected by the United States
federal government in the 1970s as its encryption
standard. Uses a weak key and is deprecated.

Security + Computer System Security

DCOM 258 E31
b. Triple DES (3DES)
i. Similar to DES but applies the cipher algorithm three times
to each cipher block. Also deprecated.
c. Advanced Encryption Standard (AES)
i. Successor to DES/3DES
ii. Composed of three different versions of block ciphers: AES128, AES-192, and AES-256
iii. Based on the substitution-permutation network
d. Rivest Cipher (RC)
i. There are multiple RC versions, most of which are not
related aside from the fact that they are all encryption
algorithms.
e. RC4
i. Widely used stream cipher in such protocols such as SSL
and WEP, known for speed and simplicity, but considered
hackable.
f. RC6
i. A block cipher that was entered into the AES competition
and was one of the five finalists.
ii. Though it was not selected, it is a patented algorithm that
is offered by RSA Security as an alternative to AES.
g. Blowfish and Twofish
i. Block ciphers designed by Bruce Schneier, based on the
Feistel algorithm