|
Attacks against one-way hash functions
Collision - If the algorithm does produce the same value for two distinctly different messages.
Birthday attack - Is an attack on hashing functions through brute force. The attacker tries to find two messages with the same hashing value
One-time pad
Is unbreakable and each pad is used exactly once
Uses a truly nonrepeating set of random bits that are combined bit-wise XOR with the message to produce ciphertext.
The random key is the same size as the message and is only used once.
Difficult to distribute the pads of random numbers to all the necessary parties.
Key Management
Kerberos - A key distribution center (KDC) is used to store, distribute and maintain cryptographic session keys.
Diffie-Hellman - Uses a key exchange algorithm (KEA)
Key Management principles:
Should not be in cleartext outside the cryptographic device.
Backup copies should be available and easily accessible when required.
A company can choose to have multiparty control for emergency key recovery. This means that if a key needs to be recovered, more than one person is required to be involved with this process.
Rules for key and key management:
- The key length should be long enough to provide the necessary level of protection.
- Keys should be stored and transmitted by secure means.
- Keys should be extremely random and use the full spectrum of the keyspace.
- The key's lifetime should correspond with the sensitivity of the data it is protecting.
- The more the key is used, the shorter its lifetime should be.
- Keys should be backed up or escrowed in case of emergencies.
- Keys should be properly destroyed when their lifetime comes to an end.
Link versus end-to-end encryption
Link encryption
Encrypts all the data along a specific communication path like a satellite link, T3 line or telephone circuit.
User information, header, trailers, addresses and routing data that are part of the packets are encrypted.
Provides protection against packet sniffers and eavesdroppers.
Packets have to be decrypted at each hop and encrypted again.
Is at the physical level.
End-to-end encryption
Only information is encrypted.
Is usually initiated at the application layer of the originating computer.
Stays encrypted from one end of its journey to the other.
Higher granularity of encryption is available because each application or user can use a different key.
|
|
