Using Cryptography: Methods and techniques
When the concept of cryptography comes into place, we should immediately think of the diverse methods and techniques that can be used. It is quite important that we are familiar with most of the techniques since they normally differ from each other in terms of their security levels and areas of implementation. It is therefore important that we have basic knowledge about them.
WEP vs. WPA/WPA2 and preshared key
Encryption of a wireless network and technology becomes very important due to the fact that wireless technology is radio waves and it is very easy for anyone to listen in on the right frequency and see what is happening inside one's network. With respect to this it is important that data being sent back and forth via these air waves is encrypted properly. This will make sure that everyone has the right access information to be able to unlock and decrypt so as to see what is happening in the data streams. The idea behind this is that only people with the password will be in a position to make sense of what is going on in the data streams. WEP and WPA are the two encryption technologies that are used in the encryption of wireless networks.
The WEP stands for Wired Equivalent Privacy and it gives two levels of encryption key strengths depending on one's location in the world where one can either have a 64-bit key or a 128-bit key. WEP is a type of encryption format that has been detected to have very much vulnerability which have let to the use of WEP being highly discouraged.
With the identification of WEP as a very weak and poor encryption method, the WPA was discovered. This stands for Wi-Fi Protected Access. This is a kind of encryption that included the RC4 which is a cipher that was used with WEP and then an additional Temporary Key Integrity Protocol mechanism. This therefore means that every packet that goes through a particular network gets a unique encryption key.
The AES stands for Advanced Encryption Standard which is a component of the WPA2 certification. It is among the most modern symmetric key ciphers out there. This is a technology that replaced the RC4 component in WPA. This is a 128-bit block symmetric cipher and there are different key sizes that one can use from a 128-bit key size up to a 256-bit key size on both sides of the symmetric cipher.
This is a symmetric encryption cipher standing for Data Encrypted standard which was developed between 1972 and 1977 by the IBM. The DES was a 64-bit block cipher that used a 56-bit key. This makes DES a very small key to use this.
The 3DES is an abbreviation that stands for Triple Data Encryption Standard. The 3DES takes the same idea of the does but does the encryption three times where in each case one could be using three different keys to encrypt one's information. This makes harder to do the break force and also takes longer to figure out what the original key could be.
The RC4 is an example of a symmetric encryption cypher which stands for Reversed Cipher 4. The RC4 is also a part of the ill-fated WEP standard which is no longer used due to the numerous vulnerabilities that were associated with it. The RC4 has what is termed as a biased output. This can be explained that if the third byte of the original state is zero and the second byte is not equal to two, then the second output byte is always zero. This makes this cipher not as secure as we would like it to be. It is for this reason that the RC4 is not common these days.
The one-time pad is a cipher that was created in the early 1900 and it was built when the early teletype machines were becoming popular as a way to encrypt the information on teletypes. This was the first automated on-line encryption system. This is a system that worked on the concept of the pad which had a very simple encryption and decryption process. This is a system that was not complicated and it was very secure in that it is one of the unbreakable systems if used correctly. For the one-time pad to be very effective, there are some very important aspects that had to be kept in mind.
One aspect is that the key had to be of the same size as the plain text that we need to encrypt. The number of letters in the key and the number of letters in the message should be the same.
Another aspect is that the key should be really random and should only be used once after which it should be destroyed. This makes the entire communication very difficult to decrypt. When one decrypt the key one time, one might never be able to decrypt it again.
Another rule of this system is that there are only going to have two copies of the key, the sender and the receiver. This means that if anyone gets the information in the middle, he or she cannot decrypt it.
The NTLM which stands for NT LAN Manager was developed so as to make the LM more secure. It was used in early versions of Windows NT. The password was Unicode which means that there was a lot of flexibility on the types of characters. It can be up to 127 characters long and it is stored as a 128-bit MD4 hash which was more secure than the smaller DES that were used in the LAN Manager configuration.
The NTLM was not completely secure and therefore there was the development of the NTLMv2 for better security which came out with the Windows NT service pack 4. It added some additional security since there was a new password response, an MD4 password hash similar to NTLM version 1 and there was the hash of the user name and server name combined hence there was more information in it making it more encrypted in the network. There was also some variable-length challenge with a specific time-span, some random data and some domain name information increasing the amount of details in there so as to make the conversation more secure during the authentication process.
Blowfish is an example of a symmetric encryption algorithm which is a 64-bit block cipher and its key length can range from 1 bit to 448 bits. Blowfish is a very secure encryption cipher and there are no known ways of breaking the 16 rounds of encryption in it and there are no patents associated with it.
The PGP (Pretty Good Privacy) and GPG (Good Privacy Guard) are common asymmetric encryption methods that are used all over the world. PGP is commercial software. In addition, it is an open standard by itself. PGP is available for Windows, Linux and UNIX.
The twofish is the successor of blowfish and uses a larger block size of 128-bits and key sizes of up to 256 bits. There are no patents associated with it making it available to everyone who wants to use it.
CHAP is a more secure authentication than PAP. It stands for Challenge-Handshake Authentication Protocol. This is an encrypted message that is sent across a network. The operation of this is in the form of a three way handshake where one first send information to the server one are trying to authenticate to and it responds with a challenge message prompting one to prove who one say one are. After that, the client responds with a hash of the password which is send again to the server and it compares is to what it has stored as one's password.
Even after that, the challenge is not over since one will always send some challenges during the connection. Since one's username and password is hashed in one's machine, one might not see this message.
When we log in to a server or a network, we need a way to authenticate ourselves and therefore there is a series of protocols behind the scene that ensure that our names and passwords or any other information we are using to authenticate is received properly so that we are able to gain proper access. The Password Authentication Protocol was one method of doing this. PAP is a very simple encryption protocol and in fact everything that is communicated through the PAP is in the clear. This involved sending of passwords across the network in form of clear text which is concept not quite encouraged in the modern day.
Use of algorithms/protocols with transport encryptionSSL
SSL stands for Secure Sockets Layer which was among the very first encryption mechanisms that we had in our browsers. It was developed by Netscape and build in the early browsers that were being used in the year 1996.
The TLS which stands for Transport Layer Security was derived from the SSL. This was an improved version of SSL that was more public, more standard and was not specific to Netscape. It was derived from the SSL but is now a worldwide standard that one can find in RFC 2246.
The IPsec encryption mechanism is a type of mechanism that we can use in instances where we are carrying out other encryptions outside the browser, encryptions not in a terminal screen or even other types of encryptions. This is a mechanism that one can use if one needed to encrypt any type of data not necessarily in a browser or on terminal scree. This is an encryption mechanism that was designed to work at the TCP/IP and it operates on Layer # of the OSI where it can work with IP packets.
The IPsec mechanism allows us to have confidentiality and integrity in the communication that we have between devices or hosts on both sides. In this mechanism, there is the ability to sign every packet so that when we receive a packet, we can determine that it is the same packet that was sent from the other side.
The IPsec is an extremely standardized mechanism of transportation since one will see it or routers and firewalls. One will see this mechanism in RFC 4301 all the way to RFC 4309.
The SSH stands for Secure Shell and it's a very common method of communicating to an encrypted server through a terminal screen either the command line or a terminal screen where one will see it often communicating through the tcp/22. Secure Shell mechanism can also be applied more than just typing things at a screen. We can use it to use remote administration, file transfer using the Secure File Transfer Protocol (SFTP) and Secure File Copy Protocol (SFCP) so as to send information back and forth. The secure Shell can be used when we need to have access to a computer but not really going to the browser or when we are not using the HTTPS, TSL and SSL types of configurations to ensure that all of one's communications are correctly encrypted.
The combination of TLS and SSL encryption mechanisms inside of a browser or inside the protocols that go back and forth inside one's browser and web server would then result into HTTPS which means that it is a HTTP protocol that is secured. This is an encryption mechanism that uses the SSL and TLS mechanisms so as to encrypt all the communication that is going between one's browser and the web communication server. This is a protocol that would run in the port of tcp/443 by default. It is also a protocol that is built into most of the browsers currently so that we can have these encrypted methods of sending information back and forth and be assured that nobody can look into the data and know what is contained in it.
Cipher suitesStrong vs. weak ciphers
Cipher suites are broadly categorized in terms of the strength associated with them. By measure of strength, a cipher is classified based on how it is easy to break or decrypt. Strong ciphers are strong encryption mechanism and algorithms that that cannot be broken while weak ciphers are encryption mechanisms that have a lot of vulnerabilities thus making them easy to break and highly unsecure.
Key stretching can be basically identified as the method of increasing one's key security by making some additional computations to a small length key so as to make it longer. This is basically making a weak key stronger.
The PBKDF2 key stretching is one that is not highly reliable owing to the fact that it is one that cannot be fully relied on. It has some vulnerability all by itself.
The Bcrypt method of key stretching is one that is considered to be much more secure since it requires much more hardware thus making it difficult for the cracker to get into it. The disadvantage with it is that it becomes very difficult to configure the length of the output key.
It is very important that one is conversant with all the cryptographic algorithms and techniques since it is with their knowledge that we are able to secure our data and information properly. By reading this all, one can ensure that he can get some good insights about the methods used in this field and hence he can benefit from it by using them for the betterment of the company.