Professional Documents
Culture Documents
88 Cryptography+Concepts
88 Cryptography+Concepts
Cryptography Terminologies:
Below are some important terminologies to understand Cryptography.
Plaintext:
o The information in its original form or readable data also known as cleartext.
o Plaintext is a text, in natural readable form; it is the data before it is encrypted.
o In simple words, Plaintext or cleartext is the original message or data.
Ciphertext:
o An encrypted message is called cipher text, Ciphertext is encrypted text.
o Ciphertext is unreadable until it has been converted into plain text.
o Sometimes it has the same size as plaintext, or can be larger than plaintext.
o Cipher text is unreadable by anyone except the intended recipients only.
o Cipher text is the scrambled message or data produced as output.
Decryption:
o The process of changing the ciphertext into the plaintext is called decryption.
o The process of converting cipher text back to the original plaintext is decryption.
Encryption Algorithm:
o Algorithm defines how data is transformed when plaintext data scrambled to ciphertext.
o Both data sender & the recipient must know the algorithm used for data transformation.
o Recipient should use same algorithm to decrypt ciphertext back into original plaintext data.
SHA Hashing:
o SHA, stands for Secure Hash Algorithm, is cryptographic hashing algorithm.
o SHA used to determine the integrity of a particular piece of data.
o The Secure Hashing Algorithm comes in several flavors.
o SHA-1 and SHA-2 are two different versions of that algorithm.
o SHA1 produces a 160-bit (20-byte) hash value.
o SHA2 has option to vary digest between 224 bits to 512 bits.
o SHA224 produces a 224-bit (28-byte) hash value.
o SHA256 produces a 256-bit (32-byte) hash value.
o SHA384 produces a 384-bit (48-byte) hash value.
o SHA512 produces a 512-bit (64-byte) hash value.
For MD5 and SHA Hashing Demo, use HashCalc and WinMD5 free application.
Symmetric Encryption:
o Symmetric encryption algorithms use the same key for encryption and decryption.
o Symmetric encryption means you use the same key to encrypt and decrypt the data.
o Symmetric key cryptography is called secret key cryptography or private key cryptography.
o Key must be exchanged so that both data sender & recipient can access plaintext data.
o Encryption that involves only one secret key to cipher and decipher information.
o The Symmetrical encryption is an old and best-known technique for encryption.
o It uses a secret key that can be either a number, a word or a string of random letters.
o DES, 3DES, AES, IDEA, RC2, RC4, RC5, RC6 & Blowfish are examples of symmetric encryption.
o The most widely used Symmetric Algorithm is AES-128, AES-192, and AES-256.
o The advantage of symmetric encryption is that it is extremely efficient and fast.
IKE Version:
o IKE has two versions, old version IKEv1 & new version is IKEv2.
o There are a number of differences between IKEv1 and IKEv2.
o IKEv1 was introduced around 1998 & superseded by IKEv2 in 2005.
o IKEv2 does not consume as much bandwidth as IKEv1.
o IKEv2 has a built-in Keepalive mechanism for tunnels.
o IKEv2 can detect whether tunnel is still alive while IKEv1 cannot.
o IKEv2 supports EAP authentication while IKEv1 does not.
o IKEv2 has built-in NAT traversal while IKEv1 does not.
o IKEv2 to be used in mobile platforms like phones.
o IKEv2 supports MOBIKE while IKEv1 does not.
IKEv2 Phase 2:
o IKE phase 2 tunnel (IPsec tunnel) will be actually used to protect user data.
o IKEv2 Phase 2 negotiation is done in only one mode that is Quick Mode.
o IKEv1 Phase 2 (Quick Mode) consists of three 3-message exchanges.
o Message exchanges in Phase 2 are protected by encryption & authentication.
o IKEv1 Phase 2 Quick Mode using the keys derived in the IKEv1 Phase 1.
o When IKEv1 phase1 is successfully completed, then Phase 2 is started.
o If IKEv1 phase 1 is not successfully, completed IKEv1 Phase 2 will not start.
o Just like in IKE phase 1, the peers will negotiate about a number of items.
o Encryption Algorithm (DES, 3DES or AES)
o Authentication or Hashing Algorithm (MD5, SHA-1 or SHA-2)
o IPSec Protocol Encapsulation Protocol (AH or ESP)
o SA lifetime (Time in seconds or data transfer in kilobytes)
o Encapsulation Mode (Tunnel Mode or Transport Mode )