Summary of Exam Objectives

This chapter examined the foundations of cryptography, its goals, many of the common cryptography algorithms and methods used today, and their applications.

Three different classes of algorithms were examined: symmetric (also known as secret key), asymmetric (also known as public key), and hashing algorithms. Symmetric algorithms studied included DES, 3DES, AES (Rijndael), and IDEA. Remember that symmetric algorithms use a single key for both encryption and decryption, are generally fast, and are vulnerable to brute force attacks. Asymmetric algorithms studied were RSA, DSA, and Diffie-Hellman. Asymmetric algorithms use different keys for encryption and decryption. They are slower than symmetric algorithms, use large key sizes (greater than 512 bits), and are difficult to crack due to the need to use slow factoring-based attacks. Hashing algorithms examined included MD2, MD4, MD5, and SHA-1. Hashing algorithms are often used to verify data integrity and to encrypt system passwords.

Various implementations of algorithms were discussed, including various block and stream cipher modes. DES and other related implementations can operate with modes including CBC, CFB, ECB, or OFB. These modes have various strengths and performance differences.

Discussion of the driving goals of cryptography included the concepts of confidentiality, integrity, authentication, and non-repudiation. Confidentiality is the idea that information should only be accessible by those with a "need to know." Authentication is the act of verifying that a person or process is whom they claim to be. Integrity in the context of cryptography means assuring that a message has remained unmodified since the author sent it. Non-repudiation is a corollary of integrity that prevents an author from denying authorship of a message.

Digital signatures apply public key cryptography to create a trusted messaging system. Attacks against encryption methods were discussed, including brute force attacks, chosen plaintext attacks, known plaintext attacks, and other variations such as the MITM attacks. MITM attacks allow a third party to view unencrypted data, manipulate messages, or exert other control on the communications by presenting themselves as the sender and recipient to the respective parties. Strong authentication and a sound PKI system can reduce or eliminate danger of MITM attacks.

Issues and problems involving key selection and key management are important in any discussion of cryptography. We discussed key storage, key escrow, hardware solutions, key length, and the need for effective random number generation.