|
|
|
Cryptography This blog covers cryptography, a topic and body of knowledge that you will encounter over and over again during your career as a pen tester, IT person, or security manager. Having a firm grip of the technology and science is indispensable because cryptography is critical in so many areas. This blog covers the following aspects of cryptography: ■ ■ ■ ■ ■ ■ Applications of cryptography Symmetric and asymmetric cryptography Working with hashing Purposes of keys Types of algorithms Key management issues Cryptography is the body of knowledge that relates to the protection of information in all its forms. Through the application of cryptography, you can safeguard the confidentiality and integrity of information. Cryptography provides you with a means of keeping information away from prying eyes and gives you a way to keep the same information intact. This chapter focuses on cryptography and its application in the modern world, but first it delves into some of the rich history of the science to give you a firm foundation on which you can build your knowledge. The science of cryptography provides a unique set of abilities that have been around as long as humans have wanted to share information with some but not with others. Although technology, science, and computers have improved on the older methods, what has remained a constant is the underlying goal of protecting information. You may have opened this book with little or no knowledge of the technology, or maybe you have a basic understanding. In either case, this chapter will get you where you need to be for the CEH exam and will move cryptography out of the realm of secret agents, spies, and puzzles and into the realm of practical applications and usage. You’ll learn about something that is woven into the fabric of your everyday life—from the phone in your pocket, to the computer on your lap, and even to that card you stick in the ATM or use to charge dinner. 
Cryptography: Early Applications and Examples So what is cryptography? Why should you even care? Well, let’s see if I can answer these questions by looking at the body of knowledge and exploring its depths. Cryptography deals with protection and preservation of information in all its forms. This science has evolved dramatically over time, but its underlying goal has never changed, though the tools have. As information has changed and human beings have gotten smarter, the technology has become substantially more advanced to keep up with changing issues and threats. If you look back in time and trace the evolution of the science up to the current day, you’ll see that technology in the form of increasingly powerful computers has made the process more complex and innovative as well as stronger. In the field of cryptography, the topic of encryption gets by far the most attention and can probably be said to be the “sexy” form of the art. Other techniques such as steganography also belong in this field, but encryption is the one that attracts the most attention for manipulating and protecting information. Also within the field of cryptography is something known as cryptanalysis, which deals with unlocking or uncovering the secrets that others try so hard to hide or obscure. Cryptanalysis is an old science that has been around as long as people have been trying to keep things secret.
As with the ancient Egyptians and Romans, who used secret writing methods to obscure trade or battle information and hunting routes, one of the most widely used applications of cryptography is in the safeguarding of communications between two parties wanting to share information. Guaranteeing that information is kept secret is one thing, but in the modern world it is only part of the equation. In today’s world, information must not only be kept secret, but provisions to detect unwelcome or unwanted modifications are just as important. In the days of Julius Caesar and the Spartans, keeping a message secret could be as simple as writing it in a language the general public didn’t, or wasn’t likely to, understand. Later forms of encryption require that elaborate systems of management and security be implemented in order to safeguard information. Is the body of knowledge relating to cryptography only concerned with protecting information? Well, in the first few generations of its existence the answer is yes, but that has changed. The knowledge is now used in systems to authenticate individuals and to validate that someone who sent a message or initiated an action is the right party. Cryptography has even made some of the everyday technologies that you use possible. One area that owes its existence to cryptography is e-commerce. E-commerce demands the secure exchange and authentication of financial information. The case could be made that e-commerce would not exist in anything resembling its current form without the science of cryptography. Another area that has benefited tremendously from the science of cryptography is mobile technologies. The careful and thoughtful application of the science has led to a number of threats such as identity theft being thwarted. Mobile technologies implement cryptographic measures to prevent someone from duplicating a device and running up thousands in fraudulent charges or eavesdropping on another party. So what does the field focus on? Each of the following is a topic you need to understand to put the tools and techniques in their proper context: 😃😃 Confidentiality Confidentiality is the primary goal that cryptography seeks to achieve. Encryption information is done to keep that information secret or away from prying eyes. Under the right conditions, encryption should be impossible to break or reverse unless an individual possesses the correct key. Confidentiality is the more widely sought aspect of encryption. Integrity Cryptography can help you detect changes in information and thus determine its integrity. You’ll learn more about this in the section “Understanding Hashing,” later in this chapter. 😃😃 Authentication Cryptography allows a person, object, or party to be identified with a high degree of confidence. Authentication is an essential component of a secure system because it allows software and other things to be positively identified. A common scenario for authentication nowadays is in the area of device drivers, where it provides a means of having a driver signed and verified as coming from the actual vendor and not from some other unknown (and untrusted) source. Authentication in the context of electronic messaging provides the ability to validate that a particular message originated from a source that is a known entity which, by extension, can be trusted. 😃😃 Nonrepudiation The ability to provide positive identification of the source or originator of an event is an important part of security. One of the most common applications of nonrepudiation and cryptography is that of digital signatures, which provides positive identification of where the message came from and from whom. Key Distribution Arguably one of the most valuable components of a cryptosystem is the key, which represents the specific combination or code used to encrypt or decrypt data Cryptography in Action You will encounter cryptography in many forms throughout this book. It is applied to many different technologies and situations and, as such, is something you need to have a f irm grasp of. Some examples of applied cryptography are: ■ ■ ■ ■ ■ ■ Public key infrastructure (PKI 😃😃 Digital certificates Authentication 😃😃 E-commerce RSA MD-5 😃😃 Secure Hash Algorithm (SHA) 😃😃 Secure Sockets Layer (SSL) 😃😃 Pretty Good Privacy (PGP) 😃😃 Secure Shell (SSH) 😃😃 So How Does It Work? Cryptography has many different ways of functioning. Before you can understand the basic process, you must first become familiar with some terminology. With this in mind, let’s look at a few of the main terms used in the field of cryptography. Plaintext/Cleartext Plaintext is the original message. It has not been altered; it is the usable information. Remember that even though Caesar’s cipher operates on text, it is but one form of plaintext. Plaintext can literally be anything. Ciphertext Ciphertext is the opposite of plaintext; it is a message or other data that has been transformed into a different format using a mechanism known as an algorithm. It is also something that can be reversed using an algorithm and a key. Algorithms Ciphers, the algorithms for transforming cleartext into ciphertext, are the trickiest and most mysterious part of the encryption process. This component sounds complex, but the algorithm or cipher is nothing more than a formula that includes discrete steps that describe how the encryption and decryption process is to be performed in a given instance. Keys Keys are an important, and frequently complicated, item. A key is a discrete piece of information that is used to determine the result or output of a given cryptographic operation. A key in the cryptographic sense can be thought of in the same way a key in the physical world is: as a special item used to open or unlock something—in this case, a piece of information. In the encryption world, the key is used to produce a meaningful result and without it a result would not be possible.
|
|
|
|
Cryptography
This blog covers cryptography, a topic and body of knowledge that you will encounter over and over again during your career as a pen tester, IT person, or security manager. Having a firm grip of the technology and science is indispensable because cryptography is critical in so many areas. This blog covers the following aspects of cryptography: ■ ■ ■ ■ ■ ■ Applications of cryptography Symmetric and asymmetric cryptography Working with hashing Purposes of keys Types of algorithms Key management issues Cryptography is the body of knowledge that relates to the protection of information in all its forms. Through the application of cryptography, you can safeguard the confidentiality and integrity of information. Cryptography provides you with a means of keeping information away from prying eyes and gives you a way to keep the same information intact. This chapter focuses on cryptography and its application in the modern world, but first it delves into some of the rich history of the science to give you a firm foundation on which you can build your knowledge. The science of cryptography provides a unique set of abilities that have been around as long as humans have wanted to share information with some but not with others. Although technology, science, and computers have improved on the older methods, what has remained a constant is the underlying goal of protecting information. You may have opened this book with little or no knowledge of the technology, or maybe you have a basic understanding. In either case, this chapter will get you where you need to be for the CEH exam and will move cryptography out of the realm of secret agents, spies, and puzzles and into the realm of practical applications and usage. You’ll learn about something that is woven into the fabric of your everyday life—from the phone in your pocket, to the computer on your lap, and even to that card you stick in the ATM or use to charge dinner.
Cryptography: Early Applications and Examples
So what is cryptography? Why should you even care? Well, let’s see if I can answer these questions by looking at the body of knowledge and exploring its depths. Cryptography deals with protection and preservation of information in all its forms. This science has evolved dramatically over time, but its underlying goal has never changed, though the tools have. As information has changed and human beings have gotten smarter, the technology has become substantially more advanced to keep up with changing issues and threats. If you look back in time and trace the evolution of the science up to the current day, you’ll see that technology in the form of increasingly powerful computers has made the process more complex and innovative as well as stronger. In the field of cryptography, the topic of encryption gets by far the most attention and can probably be said to be the “sexy” form of the art. Other techniques such as steganography also belong in this field, but encryption is the one that attracts the most attention for manipulating and protecting information. Also within the field of cryptography is something known as cryptanalysis, which deals with unlocking or uncovering the secrets that others try so hard to hide or obscure. Cryptanalysis is an old science that has been around as long as people have been trying to keep things secret.
As with the ancient Egyptians and Romans, who used secret writing methods to obscure trade or battle information and hunting routes, one of the most widely used applications of cryptography is in the safeguarding of communications between two parties wanting to share information. Guaranteeing that information is kept secret is one thing, but in the modern world it is only part of the equation. In today’s world, information must not only be kept secret, but provisions to detect unwelcome or unwanted modifications are just as important. In the days of Julius Caesar and the Spartans, keeping a message secret could be as simple as writing it in a language the general public didn’t, or wasn’t likely to, understand. Later forms of encryption require that elaborate systems of management and security be implemented in order to safeguard information. Is the body of knowledge relating to cryptography only concerned with protecting information? Well, in the first few generations of its existence the answer is yes, but that has changed. The knowledge is now used in systems to authenticate individuals and to validate that someone who sent a message or initiated an action is the right party. Cryptography has even made some of the everyday technologies that you use possible. One area that owes its existence to cryptography is e-commerce. E-commerce demands the secure exchange and authentication of financial information. The case could be made that e-commerce would not exist in anything resembling its current form without the science of cryptography. Another area that has benefited tremendously from the science of cryptography is mobile technologies. The careful and thoughtful application of the science has led to a number of threats such as identity theft being thwarted. Mobile technologies implement cryptographic measures to prevent someone from duplicating a device and running up thousands in fraudulent charges or eavesdropping on another party.
So what does the field focus on? Each of the following is a topic you need to understand to put the tools and techniques in their proper context:
😃😃
Confidentiality Confidentiality is the primary goal that cryptography seeks to achieve. Encryption information is done to keep that information secret or away from prying eyes. Under the right conditions, encryption should be impossible to break or reverse unless an individual possesses the correct key. Confidentiality is the more widely sought aspect of encryption. Integrity Cryptography can help you detect changes in information and thus determine its integrity. You’ll learn more about this in the section “Understanding Hashing,” later in this chapter.
😃😃
Authentication Cryptography allows a person, object, or party to be identified with a high degree of confidence. Authentication is an essential component of a secure system because it allows software and other things to be positively identified. A common scenario for authentication nowadays is in the area of device drivers, where it provides a means of having a driver signed and verified as coming from the actual vendor and not from some other unknown (and untrusted) source. Authentication in the context of electronic messaging provides the ability to validate that a particular message originated from a source that is a known entity which, by extension, can be trusted.
😃😃
Nonrepudiation The ability to provide positive identification of the source or originator of an event is an important part of security. One of the most common applications of nonrepudiation and cryptography is that of digital signatures, which provides positive identification of where the message came from and from whom. Key Distribution Arguably one of the most valuable components of a cryptosystem is the key, which represents the specific combination or code used to encrypt or decrypt data
Cryptography in Action You will encounter cryptography in many forms throughout this book. It is applied to many different technologies and situations and, as such, is something you need to have a f irm grasp of.
Some examples of applied cryptography are: ■ ■ ■ ■ ■ ■
Public key infrastructure (PKI
😃😃
Digital certificates Authentication
😃😃
E-commerce RSA MD-5
😃😃
Secure Hash Algorithm (SHA)
😃😃
Secure Sockets Layer (SSL)
😃😃
Pretty Good Privacy (PGP)
😃😃
Secure Shell (SSH)
😃😃
So How Does It Work? Cryptography has many different ways of functioning. Before you can understand the basic process, you must first become familiar with some terminology. With this in mind, let’s look at a few of the main terms used in the field of cryptography. Plaintext/Cleartext Plaintext is the original message. It has not been altered; it is the usable information. Remember that even though Caesar’s cipher operates on text, it is but one form of plaintext. Plaintext can literally be anything. Ciphertext Ciphertext is the opposite of plaintext; it is a message or other data that has been transformed into a different format using a mechanism known as an algorithm. It is also something that can be reversed using an algorithm and a key. Algorithms Ciphers, the algorithms for transforming cleartext into ciphertext, are the trickiest and most mysterious part of the encryption process. This component sounds complex, but the algorithm or cipher is nothing more than a formula that includes discrete steps that describe how the encryption and decryption process is to be performed in a given instance. Keys Keys are an important, and frequently complicated, item. A key is a discrete piece of information that is used to determine the result or output of a given cryptographic operation. A key in the cryptographic sense can be thought of in the same way a key in the physical world is: as a special item used to open or unlock something—in this case, a piece of information. In the encryption world, the key is used to produce a meaningful result and without it a result would not be possible.
Posts
0 Comments:
Post a Comment