Cryptography is the foundational technology for securing information in computer systems. Its scope spans four essential security objectives:
| Objective | Meaning |
|---|---|
| Confidentiality | Only the right people can read the information. Encryption ensures that unauthorized parties cannot understand the content. |
| Authentication | The ability to verify the sender's identity. The receiver can confirm who originated the message. |
| Integrity | Protecting information from being modified by unauthorized parties. Any tampering is detectable. |
| Anonymity | Ensuring the users' anonymity while communicating, so that even the fact of communication may be hidden. |
These four objectives are often summarized as the "CIA" triad plus anonymity. Confidentiality, Integrity, and Authentication are the classic triad; anonymity is an additional concern in modern systems.
Two fundamental operations underpin all cryptographic systems:
Schematically, the process is:
plaintext message -> [Encryption] -> ciphertext message -> [Decryption] -> plaintext message
The ciphertext can be transmitted or stored in the clear because without the key it is unintelligible.
A cipher is the algorithm used to encrypt and decrypt data. A key is a piece of information used by the cipher to determine the exact transformation. The same plaintext encrypted with two different keys produces two different ciphertexts.
plaintext + key -> [CIPHER] -> ciphertext ciphertext + key -> [CIPHER] -> plaintext
The security of a cryptosystem should depend only on the secrecy of the key, not on the secrecy of the algorithm. This is Kerckhoffs's principle (see Section 5).
The Caesar Cipher is one of the oldest known ciphers, used by Gaius Julius Caesar. It is a substitution cipher: each character in the message is replaced by another character a fixed number of positions away in the alphabet.
For example, with a shift of 3 (the secret key):
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z D E F G H I J K L M N O P Q R S T U V W X Y Z A B C
To encrypt, substitute each letter in the top row with the corresponding letter in the bottom row. To decrypt, reverse the process.
The Caesar Cipher is extremely weak. There are only 25 possible keys (shift values), so a brute-force attack is trivial. Furthermore, it preserves letter frequencies, making it vulnerable to cryptanalysis.
There are two fundamental approaches to breaking the Caesar Cipher:
The Caesar Cipher illustrates two universal attack concepts: brute force depends on key size, while cryptanalysis exploits algorithm weaknesses. These apply to all encryption schemes, not just historical ones.
Symmetric encryption (also called conventional encryption or single-key encryption) is the universal technique for providing confidentiality for transmitted or stored data. The sender and receiver share the same secret key.
"A cryptosystem should be secure even if everything about the system, except the key, is public knowledge." This is a cornerstone of modern cryptography: never rely on obscurity of the algorithm, only on secrecy of the key.
Requirement 2 creates a paradox: to establish a secure communication channel, you first need a secure channel to exchange the key. This is known as the key distribution problem, which public-key encryption solves.
There are two general approaches to attacking a symmetric encryption scheme:
Cryptanalysis exploits the nature of the algorithm plus some knowledge of the plaintext's general characteristics (or even sample plaintext-ciphertext pairs). If the attack succeeds in deducing the key, the effect is catastrophic: all future and past messages encrypted with that key are compromised. Historical examples include the cryptanalysis of the WW2 Enigma Machine.
The attacker tries every possible key on a piece of ciphertext until an intelligible plaintext is obtained. On average, half of all possible keys must be tried. The feasibility depends on:
Before trying all possible random keys, attackers will try all words in dictionaries. If the key is not a randomly generated string but a dictionary word, the search space shrinks dramatically. This is why passwords must not be dictionary words.
Adjust the decryption speed to see how long it takes to break each key size.
| Key size | Cipher | Keys | Time required |
|---|
Three algorithms dominate the history of symmetric block encryption. It is strongly recommended to use algorithms that are an international standard rather than proprietary designs.
| Feature | DES | Triple DES | AES |
|---|---|---|---|
| Plaintext block size | 64 bits | 64 bits | 128 bits |
| Ciphertext block size | 64 bits | 64 bits | 128 bits |
| Key size | 56 bits | 112 or 168 bits | 128, 192, or 256 bits |
| Status | Insecure (broken) | Slow but secure | Fast and secure (current standard) |
| Year | 1977 | 1985 (ANSI) / 1999 (FIPS) | 2002 |
DES was adopted in 1977 by NIST (then NBS) as FIPS PUB 46. It uses a 56-bit key and 64-bit blocks. Despite being the most-studied encryption algorithm in existence, with no fatal cryptanalytic weaknesses found, its key size is woefully inadequate. In 1998, the Electronic Frontier Foundation (EFF) broke DES in less than 3 days with specialized hardware costing $250,000. By 1999, the EFF and distributed.net broke DES in 22 hours and 15 minutes.
The NSA worked closely with IBM to strengthen DES against all except brute-force attacks and to strengthen the S-boxes. However, NSA also tried to convince IBM to reduce the key from 64 to 48 bits. They ultimately compromised on 56 bits — a key length that is not a power of 2 and is now trivially breakable.
3DES repeats the basic DES algorithm three times using either two or three unique keys (112 or 168 bits). It overcomes the brute-force vulnerability of DES and, because it uses the same underlying algorithm, benefits from decades of cryptanalytic scrutiny. However, it is sluggish in software: the algorithm was designed for 1970s hardware, and 3DES requires three times as many calculations as DES. Additionally, the 64-bit block size is too small for modern security requirements.
AES was selected by NIST through a public competition from 15 proposals, narrowed to 5 finalists. The winning algorithm, Rijndael (by Joan Daemen and Vincent Rijmen), is a symmetric block cipher with 128-bit blocks and key sizes of 128, 192, or 256 bits. AES is very fast in both software and hardware, with modern CPUs providing dedicated AES instruction sets. It is considered secure and is the current international standard.
Be prepared to compare DES, 3DES, and AES: block sizes, key sizes, performance, and security status. Know why DES failed (56-bit key is too small), why 3DES is slow (three passes, old design), and why AES is the modern choice (larger blocks, efficient, thoroughly vetted).
Typically, data units (messages, files, network packets) are larger than a single 64-bit or 128-bit block. The simplest approach to encrypting multiple blocks is Electronic CodeBook (ECB) mode.
ECB has a fundamental weakness: lack of diffusion. Identical plaintext blocks produce identical ciphertext blocks. This means that regularities in the plaintext (e.g., repeating patterns in images, predictable message headers) are preserved in the ciphertext and can be exploited for cryptanalysis. An attacker can also reorder blocks to alter the meaning of the decrypted message.
To overcome ECB's weaknesses, more advanced modes of operation have been developed (e.g., CBC, CFB, OFB, CTR), each with particular advantages. These are explored in detail in Chapter 20 of the textbook.
The detailed operation of CBC and other modes is covered in later chapters. For this exam, focus on understanding why ECB is weak, not on the technical details of alternative modes.
| Property | Block Ciphers | Stream Ciphers |
|---|---|---|
| Processing | Process input one block at a time (e.g., 64 or 128 bits) | Process input elements continuously, one byte at a time |
| Key reuse | Can reuse keys (and usually do) | Same key produces same keystream — never reuse a key |
| Padding | May need padding for the last block | No padding needed |
| Speed | Slower (especially in software for older algorithms) | Almost always faster, uses far less code |
| Common use | File transfer, e-mail, databases | Data communications channels, browser links |
In stream encryption, a key is input to a pseudorandom bit generator that produces a keystream. The keystream is combined with the plaintext using XOR. The same key always generates the same keystream sequence. Decryption uses the same keystream XORed with the ciphertext.
A stream cipher can be as secure as a block cipher of comparable key length, provided the pseudorandom generator is properly designed. The textbook notes that either type can be used in virtually any application, but each is more natural for different contexts.
A secure hash function (or one-way hash function) takes a variable-size input message and produces a fixed-size output called a hash value, message digest, or fingerprint.
For collision resistance, the security level is only 2n/2 (not 2n) due to the birthday paradox. A 128-bit hash provides only 64-bit security against collision attacks. Van Oorschot and Wiener showed that a $10 million machine could find MD5 collisions in 24 days. Modern recommendations mandate at least 256-bit hashes.
| Algorithm | Hash length | Status |
|---|---|---|
| SHA-0 | 160 bits | Retired (weakness found) |
| SHA-1 | 160 bits | Retired (cryptanalytic weaknesses) |
| SHA-2 (SHA-256, SHA-384, SHA-512) | 256 / 384 / 512 bits | Current standard, widely used |
| SHA-3 | Variable | Standardized 2015, alternative to SHA-2 |
Beyond message authentication and digital signatures, hash functions have several critical applications:
Operating systems and online services store only hashes of passwords, never the plaintext passwords. When a user logs in, the entered password is hashed and compared to the stored hash. This way, even if the password file is breached, the actual passwords are not directly revealed. This application requires preimage resistance (and ideally second preimage resistance).
In practice, simple hashing is insufficient: attackers use rainbow tables (precomputed hash dictionaries) and dictionary attacks. Modern systems use salting (adding a random value before hashing) and key stretching (multiple iterations). These topics are covered in the authentication chapter.
Compute and securely store the hash codes of critical system files. Periodically recompute the hashes and compare. If a file has been modified (e.g., by malware), the hash will differ. This works only if the verification tool itself is not compromised — a non-trivial requirement.
Hashing all files in a system would be expensive, which is why intrusion detection typically focuses on specific critical files (binaries, configuration files, system libraries) rather than every file on disk.
Public-key encryption (also called asymmetric encryption) was first publicly proposed by Diffie and Hellman in 1976, though the theoretical basis was discovered earlier by James Ellis at GCHQ (classified until 1997). It solves the key distribution problem inherent in symmetric encryption.
Every user has two keys:
The two keys are generated together and linked by mathematical properties, but it is computationally infeasible to derive the private key from the public key.
Bob encrypts a message using Alice's public key. Only Alice can decrypt it using her private key. This provides confidentiality: no one else can read the message.
Bob: ciphertext = E(Alice's public key, plaintext) Alice: plaintext = D(Alice's private key, ciphertext)
Bob encrypts a message using his own private key. Anyone with Bob's public key can verify that the message came from Bob. This provides authentication (and data integrity) but not confidentiality, since anyone can decrypt using Bob's public key.
Bob: ciphertext = E(Bob's private key, plaintext) Alice: plaintext = D(Bob's public key, ciphertext)
| Algorithm | Digital Signature | Key Distribution | Encryption |
|---|---|---|---|
| RSA | Yes | Yes | Yes |
| Diffie-Hellman | No | Yes | No |
| DSS | Yes | No | No |
| Elliptic Curve (ECC) | Yes | Yes | Yes |
How can Alice be sure that a public key claiming to be Bob's is really Bob's? An impostor could publish a fake "Bob's public key" and intercept messages intended for Bob. This is the public-key authentication problem, solved by public-key certificates (Section 14).
A digital signature is used for authenticating both the source and the data integrity of a message. It is created by encrypting the hash code of the message with the sender's private key.
A digital signature guarantees: (1) source authentication — the message is from the claimed sender, (2) data integrity — the message has not been altered, (3) non-repudiation — the sender cannot deny sending it. It does not provide confidentiality: the message itself can still be read by anyone. If an observer has the sender's public key, they can decrypt the signature and read the hash, and the message might be in the clear.
A public-key certificate binds a public key to the identity of its owner, with the whole block signed by a trusted third party called a Certificate Authority (CA).
Since the CA's private key is secret, only the CA could have signed the certificate. Forging a certificate would require either the CA's private key or breaking the hash function — both computationally infeasible.
The X.509 standard is universally accepted for formatting public-key certificates, used in IPsec, TLS, SSH, and S/MIME. All modern web browsers include a list of trusted Certificate Authorities whose public keys are pre-installed to verify the certificates presented by websites (Amazon, Google, etc.).
An attacker who compromises DNS can redirect a user to a fake website. With HTTPS, the browser will check the certificate: if the certificate's domain does not match the requested domain, or if the certificate is self-signed (not issued by a recognized CA), the browser will display a warning. This is how certificates protect against pharming.
A digital envelope protects a message without requiring the sender and receiver to have arranged a shared secret key beforehand. It combines the speed of symmetric encryption with the convenience of public-key encryption.
Public-key encryption is computationally expensive. By using it only to encrypt a small symmetric key (typically 128-256 bits), and using fast symmetric encryption for the (potentially large) message, digital envelopes achieve both security and efficiency.
Random numbers are required for many cryptographic tasks: key generation (RSA, symmetric ciphers), stream cipher keystreams, session keys, digital envelopes, and handshaking to prevent replay attacks.
| Feature | TRNG (True Random) | PRNG (Pseudorandom) |
|---|---|---|
| Source | Nondeterministic physical processes (thermal noise, radiation, leaky capacitors) | Deterministic algorithm |
| Output | Truly unpredictable | Statistically random but predictable if the seed is known |
| Hardware | Often requires special hardware (e.g., Intel DRNG on modern CPUs) | Pure software |
| Used for | Seed generation, high-security key generation | Most cryptographic applications |
Trusting random number generators (especially hardware ones) involves considering your threat model. Do you trust your CPU vendor? The Dual_EC_DRBG case (a NIST standard later found to have a potential NSA backdoor) shows that backdoors in RNGs are a real concern. Carefully consider your threat model when choosing random number sources.
The detailed Linux kernel random number generation and the Dual_EC_DRBG controversy are not mandatory for the exam but are interesting security topics for further reading.
Quantum computers leverage quantum parallelism to speed up specific computations. The expected effect on encryption is significant:
A new generation of post-quantum cryptography algorithms is being developed, standardized, and adopted in software (including browsers). These algorithms are based on mathematical problems believed to be resistant to quantum attacks (e.g., lattice-based, code-based, multivariate cryptography).
Remember the key asymmetry: symmetric crypto survives quantum computing by increasing key sizes; public-key crypto (RSA, ECC, DH) is fundamentally broken and needs entirely new algorithms.
The course tutorials provide concrete experience with the cryptographic concepts covered in this lesson. Below are annotated walkthroughs of key commands.
OpenSSL provides command-line access to DES, 3DES, and AES encryption. These commands illustrate the practical use of symmetric ciphers:
The textbook assumes that modern hardware can perform ~106 decryptions per microsecond. OpenSSL's built-in benchmark allows checking this assumption on real hardware:
GnuPG (GPG) implements the OpenPGP standard for secure communication. Key operations include:
The T3 tutorial demonstrates a practical dictionary attack against AES-256-CBC encryption where the password is a dictionary word. The key insight: OpenSSL's error reporting does not distinguish between "wrong key" and "successful decryption with garbage" — it only fails on alignment issues. This means brute-force scripts must include a heuristic (e.g., checking for printable ASCII, known plaintext patterns) to filter false positives. The search is embarrassingly parallel and can be accelerated with GNU parallel, multiple CPU cores, and GPU offloading.
In the command openssl enc -e -aes-256-cbc -iter 1 -md sha512 ..., the -iter 1 parameter sets the number of iterations for key derivation to just 1. This makes dictionary attacks extremely fast! Increasing iterations (e.g., -iter 100000) slows down each key derivation attempt, dramatically increasing the attacker's cost. This is key stretching.
Symmetric cryptography uses the same secret key for both encryption and decryption. The sender encrypts the plaintext with a secret key and a cipher algorithm; the receiver decrypts the ciphertext using the same key and the inverse algorithm. Security depends on: (1) a strong algorithm, and (2) secure key distribution between sender and receiver. The key must be kept secret by both parties.
Two main approaches: (1) Cryptanalysis — exploits logical weaknesses in the algorithm itself, using knowledge of plaintext characteristics or known plaintext-ciphertext pairs. (2) Brute-force attack — tries every possible key. Feasibility depends on key size and computational speed. If an attack succeeds, all past and future messages encrypted with that key are compromised.
Cryptanalysis is the study of attacking cryptographic systems by exploiting the characteristics of the algorithm rather than trying all keys. It uses knowledge of the algorithm's structure, statistical properties of the plaintext, and sometimes known plaintext-ciphertext pairs to deduce the key or plaintext without brute-forcing the entire key space.
A brute-force attack tries every possible key until the ciphertext decrypts to intelligible plaintext. On average, half of all possible keys must be tried to achieve success. If there are x distinct keys, the expected number of attempts to find the correct key is x/2.
DES (1977): 56-bit key, 64-bit block — now insecure due to small key size. 3DES: repeats DES three times with 112 or 168-bit key — slow but secure, uses 64-bit blocks. AES (2002): 128-bit blocks, key sizes 128/192/256 — fast, secure, the current standard. DES was broken by EFF in 1998. 3DES is slow due to three passes of a 1970s design. AES is efficient, thoroughly vetted, and has hardware acceleration in modern CPUs.
Two main problems: (1) Key size is too small — 56 bits provides only ~7.2*1016 possible keys, which can be searched in hours with modern hardware. (2) The 64-bit block size is too small for modern security requirements. Additionally, the algorithm is sluggish in software since it was designed for 1970s hardware.
3DES can use either two (112-bit key) or three (168-bit key) unique keys. The algorithm repeats DES three times: encrypt-decrypt-encrypt (EDE) when using two keys, or encrypt-encrypt-encrypt with three distinct keys.
(1) Sluggish performance — requires three times the computation of DES, and DES itself was designed for hardware, not efficient software. (2) 64-bit block size is too small and limits security for large data volumes. (3) Despite being secure, it is not suitable for long-term use due to efficiency concerns.
AES offers: (1) Larger block size — 128 bits vs 64 bits. (2) Better performance — designed for efficient software and hardware implementation; modern CPUs have dedicated AES instructions. (3) Multiple key sizes — 128, 192, or 256 bits. (4) Thorough public vetting — selected through an open NIST competition from 15 proposals.
ECB (Electronic CodeBook) divides the plaintext into fixed-size blocks and encrypts each block independently with the same key. Disadvantages: (1) No diffusion — identical plaintext blocks produce identical ciphertext blocks, revealing patterns. (2) Vulnerable to block reordering — an attacker can reorder ciphertext blocks to alter the meaning of the decrypted message. These weaknesses make ECB unsuitable for encrypting large or structured data.
Stream ciphers encrypt data one byte at a time, continuously, using a keystream generated from the key XORed with the plaintext. They are faster and use less code but keys cannot be reused. Block ciphers encrypt data in fixed-size blocks, can reuse keys, and may require padding. Stream ciphers are preferred for data communications channels and browser links; block ciphers are more common for file transfer, email, and databases, though either can be used in most applications.
Authenticity means verifying that a message is genuine and came from its alleged source. Cryptography provides authenticity through: (1) Digital signatures — the sender encrypts a hash with their private key. (2) MAC (Message Authentication Code) — a secret key is used to generate an authentication tag. (3) Hash functions combined with encryption — the hash is encrypted and attached to the message.
Symmetric encryption alone is insufficient because: (1) Block reordering — in ECB mode, an attacker can reorder ciphertext blocks and each still decrypts successfully, altering the message's meaning. (2) It does not prevent replay attacks. (3) It provides no non-repudiation — both parties share the same key, so neither can prove which party sent a given message.
A MAC is a small block of data generated using a secret key and a message as input. It is appended to the message for transmission. The receiver recomputes the MAC using the same key and compares it to the received MAC. If they match, the receiver is assured that: (1) the message has not been altered, (2) the message is from the alleged sender (who shares the secret key), and (3) if sequence numbers are used, the proper sequence is maintained.
A one-way hash function takes a variable-size input message and produces a fixed-size output called a hash value or message digest. It is "one-way" because it is computationally infeasible to reverse: given a hash value h, finding x such that H(x) = h is infeasible (preimage resistance). Unlike MAC, a hash function does NOT use a secret key as input.
A MAC incorporates a secret key directly into the algorithm; only parties sharing that key can generate or verify the tag. A one-way hash function alone does not use a key — to provide authenticity, the hash must be encrypted (symmetric or asymmetric) or combined with a secret value (keyed hash MAC). Without this step, anyone can compute the hash of a message, so it provides integrity but not source authentication.
A message digest is the fixed-size output of a hash function. When public-key encryption is used to encrypt the digest, it provides non-repudiation in addition to authenticity: because only the sender has their private key, they cannot later deny having signed the message. This is the basis of digital signatures.
Keyed Hash MAC combines a secret key with a hash function. Both sender and receiver share a secret key K. The sender computes H(K || M || K) (hash of key || message || key) and sends the message plus this hash. The receiver, knowing K, recomputes and verifies. Using the key as both prefix and suffix is more secure than using it as only one or the other.
(1) Applies to data of any size. (2) Produces fixed-length output. (3) Easy to compute. (4) One-way (preimage resistant): given h, infeasible to find x with H(x)=h. (5) Second preimage resistant: given x, infeasible to find y!=x with H(y)=H(x). (6) Strong collision resistant: infeasible to find any pair (x,y) with H(x)=H(y). Properties 1-3 are practical requirements; 4-6 are security requirements.
Two approaches: (1) Cryptanalysis — exploits logical weaknesses in the algorithm. (2) Brute-force — depends on the length n of the hash code. For preimage resistance: effort is ~2n. For collision resistance: effort is ~2n/2 (due to the birthday paradox). A 128-bit hash provides only 64-bit security against collision attacks.
The SHA (Secure Hash Algorithm) family is the most widely used. SHA-1 (160-bit) is now considered weak. SHA-2 (SHA-256, SHA-384, SHA-512) is the current standard. SHA-3 (standardized 2015) provides a structurally different alternative.
Two important applications: (1) Password storage — systems store only the hash of passwords, not the plaintext. (2) Intrusion detection — securely stored hash codes of critical files can be periodically recomputed and compared to detect unauthorized modifications.
Asymmetric (public-key) cryptography uses two different keys: one public and one private, linked mathematically but such that the private key cannot be derived from the public key. The public key is published widely; the private key is kept secret. Encryption with the public key can only be decrypted with the corresponding private key, and vice versa. This solves the key distribution problem of symmetric encryption.
To guarantee confidentiality, the sender encrypts the message using the receiver's public key. Only the receiver, possessing the corresponding private key, can decrypt it. Even the sender cannot decrypt the message afterwards (they don't have the receiver's private key). This ensures that only the intended recipient can read the message.
(1) Easy to generate key pairs. (2) Easy to encrypt (knowing public key). (3) Easy to decrypt (knowing private key). (4) Infeasible to determine private key from public key. (5) Infeasible to recover plaintext from ciphertext + public key. (6) Optionally, either key can be used for encryption with the other for decryption (as in RSA).
RSA (Rivest-Shamir-Adleman) — the most widely adopted. Diffie-Hellman — key exchange only. DSA/DSS — digital signatures only. Elliptic Curve Cryptography (ECC) — offers equivalent security with smaller key sizes, increasingly used in modern systems.
A digital signature is created by encrypting a message's hash code with the sender's private key. Guarantees: (1) Source authentication — confirms the sender's identity. (2) Data integrity — detects any modification. (3) Non-repudiation — the sender cannot deny sending it. Does NOT guarantee: confidentiality — the message itself is not encrypted and can be read by anyone.
The public-key authentication problem: how can one be sure that a public key belongs to the person it claims to? An attacker can publish a fake public key in someone else's name. This is solved by public-key certificates issued by trusted Certificate Authorities (CAs).
A CA (Certificate Authority) is a trusted third party that issues digital certificates. The CA verifies the identity of the certificate requester and then digitally signs the certificate binding the requester's identity to their public key. Browsers and operating systems come with a pre-installed list of trusted CAs whose public keys are used to verify certificates.
A public-key certificate is a data structure that binds a public key to the identity of its owner. It contains: the user's identity and public key, information about the CA, a validity period, and a digital signature from the CA. The signature ensures the certificate cannot be forged. X.509 is the universally accepted standard format.
The CA: (1) takes the unsigned certificate (containing user ID + public key), (2) computes a hash code of it, (3) encrypts the hash using the CA's private key to create a digital signature, and (4) attaches the signature to the certificate. The resulting signed certificate can be verified by anyone using the CA's public key.
A digital envelope combines symmetric and asymmetric encryption: the message is encrypted with a random symmetric key (fast), and that symmetric key is encrypted with the recipient's public key (secure). Both are sent together. It is used when the sender and receiver do not have a pre-arranged shared secret key, for example in email encryption or secure messaging between parties who have never communicated before.
Random numbers = truly unpredictable, statistically independent values. Pseudorandom numbers = generated by deterministic algorithms, statistically random but predictable if the seed is known. True Random Number Generators (TRNG) exist and use physical processes: thermal noise (Intel DRNG), radioactive decay, atmospheric noise. Most cryptographic applications use PRNGs seeded by TRNG outputs.
GPG (Gnu Privacy Guard) is a complete implementation of the OpenPGP standard for secure communication. It uses public-key encryption for secure email, file encryption, and digital signatures. GPG implements both symmetric and asymmetric ciphers and uses a "web of trust" model for public-key authentication (instead of centralized CAs).
The Caesar cipher is a substitution cipher used by Julius Caesar. Each letter in the plaintext is shifted a fixed number of positions in the alphabet. The shift value is the secret key. With a shift of 3, A->D, B->E, etc. It has only 25 possible keys, making it trivially breakable by brute force.
A cipher is an algorithm used to encrypt and decrypt data. Examples include: Caesar cipher (historical substitution cipher), DES (56-bit symmetric block cipher, now broken), AES (modern symmetric block cipher, current standard), RSA (public-key algorithm), and SHA (hash function family).
The sender: (1) composes the message, (2) generates a random symmetric key, (3) encrypts the message with the symmetric key (for confidentiality), (4) encrypts the symmetric key with the recipient's public key (digital envelope), (5) computes a hash of the message, (6) encrypts the hash with the sender's private key (digital signature). The recipient: uses their private key to decrypt the symmetric key, then the symmetric key to decrypt the message; uses the sender's public key to verify the signature. This provides confidentiality, authentication, integrity, and non-repudiation.
(1) Compose the message. (2) Compute a hash of the message. (3) Encrypt the hash with the sender's private key — this is the digital signature. (4) Send the message (in plaintext) plus the signature. The recipient: (1) computes the hash of the received message, (2) decrypts the signature using the sender's public key, (3) compares the two hashes. If they match: the message is authentic and unmodified. Note: the message is not encrypted, so confidentiality is not provided.
Atomicity in asymmetric cryptography refers to the fact that the key generation operation — which creates the mathematically linked public-private key pair — must be atomic. Both keys must be generated together in a single operation; they cannot be generated independently and then linked. The public and private keys are inherently tied by the underlying mathematical structure (e.g., RSA's prime factorization).
No, DES is not secure. Its 56-bit key is too small by modern standards: a brute-force attack can break it in hours using modern hardware (EFF broke DES in less than 3 days in 1998; current hardware is far faster). While the algorithm itself has no fatal cryptanalytic weaknesses, the key space of ~7.2*1016 keys is searchable.
Two ways: (1) Brute force — try all 25 possible shifts; the correct one will produce readable text. (2) Frequency analysis — in human languages, letters have different frequencies. By analyzing letter frequencies in the ciphertext and comparing to known language distributions, the shift can be deduced without trying all keys.
The diagram shows a sender encrypting with the receiver's public key and the receiver decrypting with their private key. This provides confidentiality. Applications: secure email (PGP/GPG), HTTPS/TLS (web browsing), encrypted messaging, and digital envelopes. In all these cases, the sender obtains the recipient's public key (from a certificate or key server), encrypts the message, and only the intended recipient can decrypt it.
OpenSSL is an open-source software library providing cryptographic functions and command-line tools. It implements symmetric ciphers (DES, 3DES, AES), hash functions (SHA family), public-key algorithms (RSA, DSA, ECC), and protocols (TLS/SSL). The openssl enc command can encrypt/decrypt files, openssl speed benchmarks cipher performance, and it is widely used to test cryptographic assumptions (e.g., brute-force feasibility).
Symmetric encryption uses a single shared secret key for both encryption and decryption. Asymmetric (public-key) encryption uses two keys: a public key (for encryption) and a private key (for decryption), where the private key cannot be derived from the public key.
This provides authentication (and data integrity), because only the sender possesses their private key. However, confidentiality is NOT provided — anyone with the sender's public key can decrypt the message.
3DES was created to extend the life of DES by increasing the key size to 112 or 168 bits, overcoming DES's vulnerability to brute-force attacks. It reuses the well-studied DES algorithm, providing confidence in its resistance to cryptanalysis, while the larger key makes brute-force infeasible.
The birthday paradox shows that for collision resistance, the security level is only 2n/2, not 2n. This means a 128-bit hash (like MD5) provides only 64-bit security against collision attacks — feasible to break with sufficient resources. This is why modern hashes need at least 256-bit outputs.
Public-key encryption is computationally expensive. By using it only to encrypt a small symmetric key (typically 128-256 bits) and using fast symmetric encryption for the (potentially large) message, digital envelopes achieve both security and performance. This is called hybrid encryption.
key. The algorithm, the system design, and the implementation can all be public. Only the cryptographic key must remain secret.
Symmetric algorithms remain secure with larger key sizes (effectively doubling needed length). Public-key algorithms (RSA, ECC, Diffie-Hellman) are fundamentally broken by Shor's algorithm and require entirely new post-quantum cryptographic algorithms.