Diffie-Hellman is mainly used as key management protocol. For example, it is used for exchange keys in IPsec VPN.
It allows 2 parties, A and B, to exchange a secret key over an insecure communication channel without previous knowledge of the secret key.
Reference: Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
Saturday, 16 October 2010
Advanced Encryption Standard (AES)
Advanced Encryption Standard (AES) is a symmetric key cryptography algorithm.
- Key size is either 128, 192 or 256 bits
- Block size is either 128, 192 or 256 bits
As increasing the key length and block size adds a little extra compensation, i.e. increasing the number of iteration of the algorithm, it is recommended to pick 256 bits instead of 128 bits.
Reference: Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
- Key size is either 128, 192 or 256 bits
- Block size is either 128, 192 or 256 bits
As increasing the key length and block size adds a little extra compensation, i.e. increasing the number of iteration of the algorithm, it is recommended to pick 256 bits instead of 128 bits.
Reference: Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
Thursday, 14 October 2010
Data Encryption Standard (DES)
The Data Encryption Standard (DES) is a symmetric key cryptography algorithm.
- Key size is 56bits + parity check is 8bits
- Block size is 64bits
DES modes
- Stream ciphers (implemented in hardware)
* Cipher Feedback (CFB)
Errors in this mode of DES will propagate
* Output Feedback (OFB)
Susceptible to block replay attacks
- Block ciphers (implemented in software)
* Electronic Code Block (ECB)
A given plaintext will always generate the same ciphertext
* Cipher Block Chaining (CBC)
A given plaintext will always result in different ciphertext
Double-DES and Tripe-DES
- Doubling the key from 56bits to 112bits, the strength will increase from 2^56 to 2^112
- 2DES is susceptible under Man-in-the-middle attack which its strength is as same as DES
2DES -> -> -> DES
- 3DES can use 2 or 3 separate keys.
* DES EEE2 (2 keys)
Encryption with key1 >>> Encryption with key2 >>> Encryption with key3
* DES EDE2 (2 keys)
Encryption with key1 >>> Decryption with key2 >>> Encryption with key3
* DES EEE3 (3 keys)
Encryption with key1 >>> Encryption with key2 >>> Encryption with key3
* DES EDE3 (3 keys)
Encryption with key1 >>> Decryption with key2 >>> Encryption with key3
Reference: Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
- Key size is 56bits + parity check is 8bits
- Block size is 64bits
DES modes
- Stream ciphers (implemented in hardware)
* Cipher Feedback (CFB)
Errors in this mode of DES will propagate
* Output Feedback (OFB)
Susceptible to block replay attacks
- Block ciphers (implemented in software)
* Electronic Code Block (ECB)
A given plaintext will always generate the same ciphertext
* Cipher Block Chaining (CBC)
A given plaintext will always result in different ciphertext
Double-DES and Tripe-DES
- Doubling the key from 56bits to 112bits, the strength will increase from 2^56 to 2^112
- 2DES is susceptible under Man-in-the-middle attack which its strength is as same as DES
2DES -> -> -> DES
- 3DES can use 2 or 3 separate keys.
* DES EEE2 (2 keys)
Encryption with key1 >>> Encryption with key2 >>> Encryption with key3
* DES EDE2 (2 keys)
Encryption with key1 >>> Decryption with key2 >>> Encryption with key3
* DES EEE3 (3 keys)
Encryption with key1 >>> Encryption with key2 >>> Encryption with key3
* DES EDE3 (3 keys)
Encryption with key1 >>> Decryption with key2 >>> Encryption with key3
Reference: Official (ISC)2 Guide to the CISSP CBK, Second Edition ((ISC)2 Press)
Subscribe to:
Comments (Atom)