A great URL is at http:///www.cs.hut.fi/ssh/crypto/intro.html

Common Terms

Plaintext

Cyphertext

Key

Secret key cyphers

Public Key cyphers

public key

private key,

Attacks

Ciphertext-only attack

Known-plaintext attack: The attacker knows or can guess the plaintext for some parts of the ciphertext. The task is to decrypt the rest of the ciphertext blocks using this information. This may be done by determining the key used to encrypt the data, or via some shortcut.

Chosen-plaintext attack: The attacker is able to have any text he likes encrypted with the unknown key. The task is to determine the key used for encryption. Some encryption methods, particularly RSA, are extremely vulnerable to chosen-plaintext attacks. When such algorithms are used, extreme care must be taken to design the entire system so that an attacker can never have chosen plaintext encrypted.

Man-in-the-middle attack: This attack is relevant for cryptographic communication and key exchange protocols. The idea is that when two parties are exchanging keys for secure communications (e.g., using Diffie-Hellman), an adversary puts himhelf between the parties on the communication line. The adversary then performs a separate key exchange with each party. The parties will end up using a different key, each of which is known to the adversary. The adversary will then decrypt any communications with the proper key, and encrypt them with the other key for sending to the other party. The parties will think that they are communicating securely, but in fact the adversary is hearing everything.

One way to prevent man-in-the-middle attacks is that both sides compute a cryptographic hash function of the key exchange (or at least the encryption keys), sign it using a digital signature algorithm, and send the signature to the other side. The recipient then verifies that the signature came from the desired other party, and that the hash in the signature matches that computed locally. This method is used e.g. in Photuris.

Timing Attack: This very recent attack is based on repeatedly measuring the exact execution times of modular exponentiation operations. It is relevant to at least RSA, Diffie-Hellman, and Elliptic Curve methods. More information is available in the original paper and various followup articles.

Discover the Algorithm Attack: Some crypt systems keep the algorithm secret as well as the key (Clipper). These algorithms can be attacked in part by discovering the algorithm via disassembly or such.

Dumb Attacks: Guess key by disassembling netscapes code. Read data sent of SSL chanel via disk cache. be root and just search thru ram for ither the key or the data itself. Find someone logged in yet absent.

Brute Force Attacks: Break system by just trying every possible key, one by one. Takes 2**key_length time. Yech!!

Common Crypt Algorithms

RSA

Clipper is the chip that the U.S. government tried to get everybody to use. It had a secret algorithm and key escrow, which ment the governbment had a password that would crack every message, and would give these to police for the price of a warent.

DES is another government standard, widely used by banks and such. Government limited key length to 56 bits so they could crack it themselves. Often now used with longer keys in a thing called tripple-DES.

RC4 is the algorithm used by the secure socket layer. The algorithm used to be a trade secret until someone posted the code on the net. Has been broken! He used 120+ machines for 8 days.

Digest

Like a hash function
    Result should be much shorted than the message
    Should not be possible for me to change the message in some useful way and still have it hash to the same value.
    Should be cheap and easy to compute
    Digest functions are not secret functions -- anyone can compute a message to the same digest .
    Most famous digest algorithm is MD5.

Where should crypt fit in the network system?

    Can fit inside each application
        Requires each app to roll its own crypt
        Sometimes nice to have multiple crypt systems to avoid total failure
    Can fit just above TCP (SSL)
        Must be optional for reasons of speed. (encrypted NFS is too slow for binaries, works for user files)
        Gives crypt to all apps that trigger the option
        Gives total protection (or total vulnurability)

Private Key Crypt

    Works great
    Hard to break
    Quick and easy computationally
    Anyone who knows your key can pretend to be you
    Key distributions almost impossible for large nets
        cannot trust every host between us and them on the inet
        cannot even trust phone lines for high value transactions (ATM and all)
        cannot trust large groups at all.
    Possible to verify shared secret without putting secret on the net via challenge response
    Should not be possible to guess secret key -- netscape bug
    There are several algorithms, each with strengths and weaknesses.
        At least as easy as brute force to break.
        Sometimes much easier. RSA for instance needs 1024 bit keys!!!! and is vulnerable to chosen plaintext attack.

Public Key Crypt

    Way of encrypting and decrypting messages.
    Uses a PUBLIC KEY and a PRIVATE KEY
    Anything encrypted with one can only be decrypted with the other.
    As hard to break as modular factoring of large primes.
        Best way to do this is to use 10,000 computers from the Inet
        Possibly the CIA has special hardware (but how would I know either way).
    Public Key crypt is SLOW, normally not used for high speed communications.
    Patent issue.
        Is this an algorithm or a math theorm.
        In real life, everyone licenses the same algorithm from RSA
    Keys
        Public keys is product of two large primes
        Private key is the large primes
        Keys should be 100 digit numbers or so.
        At least as easy to break as factoring large numbers.

To Sign Something

    Useful for contract or just credit card transaction or cancelbots
    SLOW WAY
        Encrypt using your private key (that's it)
    OR BETTER WAY
        Compute a "digest", which is a hash function of the thing to be signed.
        Encrypt using your private key this digest
        Cannot be done without knowledge of your private key
        Cannot be revoked

To distribute keys

    Make very public your public key
    Normally done by a Certificate Authority
        Trusted host with a very very well known public key
        C.A. gives you a CERTIFICATE,
            which is a signed message containing Cert holders name, public key, and a time limit.
        Heirarchiess of C.A. are possible.
        Only top level need be well known.
        Anyone can prove the public key of someone by offering that certificate.
        Certificates are NOT PRIVATE
        Certificates are hard to revoke
        Sometimes don't want cert, but want anonymous secrets (IRC)
        Pick a new key, don't claim to be anybody, and throw key away at end
        Man in the middle attach can fool you easily

To send messages

    COMPUTATIONALLY EXPENSIVE WAY:
        Send encyrpted version using your private key
        Receiver decrypts using public key
    CHEAP WAY
        Send a secret random password encrypted with the private key
        send message encrypted with a known algorithm (MD5??) and the secret passwrd
        Receiver reverses to get original
    If you don't trust the net ...
        send an encrypted digest of the message with each message
        Like a CRC, but cannot be computed by a malicous net snoop
    Timestamp stuff
        Thatway, the malicious net owner cannot replay valid messages
        Keeps old ATM messages from handing out new money
    Proxies Web proxies that do not support SSL will not pass SSL
    Web proxies cannot cache SSL traffic
    Dumb attacks
        Netscape sometimes caches SSL data right onto the disk
        Root can look through your memory
        Anyone who finds you absent yet logged in can become YOU

Legal things

    Questionable legality
    U.S. export laws used to require 40 bit keys, but were widely broken.
    Other places have other laws (Russia and Saudi Arabia prohibits all encryption, for instance)