View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”.
Block ciphers work a on block / word at a time, which is some number of bits. All of these bits have to be available before the block can be processed. Stream ciphers work on a bit or byte of the message at a time, hence process it as a “stream”.
Public key schemes are no more or less secure than private key schemes - in both cases the size of the key determines the security. Note also that you can't compare key sizes - a 64-bit private key scheme has very roughly similar security to a 512-bit RSA - both could be broken given sufficient resources. But with public key schemes at least there's usually a firmer theoretical basis for determining the security since its based on well-known and well studied number theory problems.
Both the prime generation and the derivation of a suitable pair of inverse exponents may involve trying a number of alternatives, but theory shows the number is not large.
RSA is the best known, and by far the most widely used general public key encryption algorithm.
These are the specifications for good hash functions. Essentially it must be extremely difficult to find 2 messages with the same hash, and the hash should not be related to the message in any obvious way (ie it should be a complex non-linear function of the message). There are quite a few similarities in the evolution of hash functions & block ciphers, and in the evolution of the design requirements on both.
The Birthday Attack exploits the birthday paradox – the chance that in a group of people two will share the same birthday – only 23 people are needed for a Pr>0.5 of this. Can generalize the problem to one wanting a matching pair from any two sets, and show need 2 m / 2 in each to get a matching m-bit hash. Note that creating many message variants is relatively easy, either by rewording or just varying the amount of white-space in the message.
MD5 is the current, and very widely used, member of Rivest’s family of hash functions.
The padded message is broken into 512-bit blocks, processed along with the buffer value using 4 rounds, and the result added to the input buffer to make the new buffer value. Repeat till run out of message, and use final buffer value as hash. nb. due to padding always have a full final block (with length in it).
Stallings Fig 12.1
MD4 is the precursor to MD5, and was widely used. It uses 3 instead of 4 rounds, and the round functions are a little simpler. In creating MD5 Rivest aimed to strengthen the algorithms by introducing the extra round, and varying the constants used.
Some progress has been made analysing MD5, which along with the hash size of 128-bits means its starting to look too small. Hence interest in hash functions that create larger hashes.
SHA is one of the newer generation of hash functions, more resistant to cryptanalysis, and now probably preferred for new applications.
Note that the SHA-1 Overview is very similar to that of MD5.
Compare using the design goals listed earlier. SHA-1 is probbaly the preferred hash function for new applications. Currently no problems are known with it.
See Stallings Tables 12.3 and 12.4 for details.
See Stallings Tables 12.3 and 12.4 for details.
Transcript
1.
Lecture 1: Cryptography for Network Security Anish Arora CIS694K Introduction to Network Security
To overcome ECB weakness, add (i.e. XOR) a random number to each 64-bit block being encrypted, and additionally communicate the random number in the clear
This is inefficient
Approximation: only communicate the initial random number, and derive the successive random numbers from the previously encrypted message
Initial random number is called the initialization vector
Default IV s, such as All Zeroes, can be used, but is insecure for repeated transmissions of the same message sequence
Views
Actions
Embeds 0
Report content