Page 558 - StudyBook.pdf
P. 558

542    Chapter 9 • Basis of Cryptography

             rithms) or private key (when using asymmetric algorithms) completely secret. If a
             secret or private key is compromised, the message essentially loses all confidentiality.



              EXAM WARNING
                  Do not confuse confidentiality with authentication. Whether or not a
                  person is allowed access to something is part of the authentication and
                  authorization processes. An analogy: You are throwing a party. Because
                  your house got trashed the last time, you want to ensure that only
                  people who are invited attend. That is confidentiality, because you
                  decided up front who would be invited. When the people come, they
                  have to present an invitation to the doorman. That is authentication,
                  because each guest had to show proof that they are who they claim to
                  be. In general, confidentiality is planned in advance while authentica-
                  tion happens as a user attempts to access a system.





             Integrity

             Guaranteeing message integrity is another important aspect of cryptography.With
             cryptography, most asymmetric algorithms have built-in ways to validate that all the
             outputs are equivalent to the inputs. Usually, this validation is referred to as a mes-
             sage digest, and, on occasion, can be vulnerable to man-in-the-middle (MTM) attacks.
             (For more information on MTM attacks, please refer to the section later in this
             chapter and to Chapter 2.)


           Damage & Defense…  Cryptosystems are considered either weak or strong with the main dif-
                Principles of Cryptography

                ference being the length of the keys used by the system. In January 2000,
                U.S. export controls were relaxed. Now, strong (not military grade) cryp-
                tography can be exported, as long as the end user or customer does not
                belong to a terrorist organization or an embargoed country (e.g., Cuba,
                Iran, Iraq, Libya, North Korea, Serbia, Sudan, and Syria). DES was origi-
                nally designed so that the supercomputers owned by the NSA could be
                used for cracking purposes, working under the premise that no other
                supercomputers of their sort are in the public hands or control.
                     Strong cryptography always produces ciphertext that appears
                random to standard statistical tests. Because keys are generated for
                uniqueness using robust random number generators, the likelihood of
                                                                                    Continued

          www.syngress.com
   553   554   555   556   557   558   559   560   561   562   563