DOCSLIB.ORG

RSA Security Inc

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
RSA Security Inc FAQ 5/23/00 11:21 AM Page 1 FAQ v e rsion 4.1 - May 2000 Frequently A s ked Questions about To d ay ’s Cry p t o g ra p h y L A B O R AT O R I E S ™ - 1 Copyright c 1992-2000 RSA Security Inc. All rights reserved. RSA BSAFE Crypto-C, RSA BSAFE Crypto-J, Keon Desktop, MD2, MD4, MD5, RC2, RC4, RC5, RC6, RSA, and SecurID are trademarks or registered trademarks of RSA Security Inc. Other products and names are trademarks or registered trademarks of their respective owners. For permission to reprint or redistribute in part or in whole, send e-mail to [email protected] or contact your RSA Security representative. How to cite this document: Author: RSA Laboratories Title: RSA Laboratories' Frequently Asked Questions About Today's Cryptography, Version 4.1 Year: 2000 Publisher: RSA Security Inc. Frequently Asked Questions About Today's Cryptography 2 Contents Foreword 8 1 Introduction 9 1.1 What is RSA Laboratories' Frequently Asked Questions About Today's Cryptography? 9 1.2 What is cryptography? . 10 1.3 What are some of the more popular techniques in cryptography? . 12 1.4 How is cryptography applied? . 13 1.5 What are cryptography standards? . 16 1.6 What is the role of the United States government in cryptography? . 17 1.7 Why is cryptography important? . 18 2 Cryptography 20 2.1 Cryptographic Tools . 20 2.1.1 What is public-key cryptography? . 20 2.1.2 What is secret-key cryptography? . 22 2.1.3 What are the advantages and disadvantages of public-key cryptography compared with secret-key cryptography? . 23 2.1.4 What is a block cipher? . 25 2.1.4.1 What is an iterated block cipher? . 26 2.1.4.2 What is Electronic Code Book Mode? . 27 2.1.4.3 What is Cipher Block Chaining Mode? . 28 2.1.4.4 What is Cipher Feedback Mode? . 30 2.1.4.5 What is Output Feedback Mode? . 31 2.1.5 What is a stream cipher? . 32 2.1.5.1 What is a Linear Feedback Shift Register? . 33 2.1.6 What is a hash function? . 34 2.1.7 What are Message Authentication Codes? . 36 2.1.8 What are interactive proofs and zero-knowledge proofs? . 37 2.1.9 What are secret sharing schemes? . 39 2.2 Simple Applications of Cryptography . 40 2.2.1 What is privacy? . 40 2.2.2 What is a digital signature and what is authentication? . 41 2.2.3 What is a key agreement protocol? . 43 2.2.4 What is a digital envelope? . 44 2.2.5 What is identification? . 45 - 3 2.3 Hard Problems . 46 2.3.1 What is a hard problem? . 46 2.3.2 What is a one-way function? . 47 2.3.3 What is the factoring problem? . 48 2.3.4 What are the best factoring methods in use today? . 49 2.3.5 What improvements are likely in factoring capability? . 50 2.3.6 What is the RSA Factoring Challenge? . 52 2.3.7 What is the discrete logarithm problem? . 54 2.3.8 What are the best discrete logarithm methods in use today? . 55 2.3.9 What are the prospects for a theoretical breakthrough in the discrete logarithm problem? . 56 2.3.10 What are elliptic curves? . 57 2.3.11 What are lattice-based cryptosystems? . 58 2.3.12 What are some other hard problems? . 59 2.4 Cryptanalysis . 60 2.4.1 What is cryptanalysis? . 60 2.4.2 What are some of the basic types of cryptanalytic attack? . 61 2.4.3 What is exhaustive key search? . 62 2.4.4 What is the RSA Secret Key Challenge? . 63 2.4.5 What are the most important attacks on symmetric block ciphers? . 64 2.4.6 What are some techniques against hash functions? . 66 2.4.7 What are the most important attacks on stream ciphers? . 67 2.4.8 What are the most important attacks on MACs? . 69 2.4.9 At what point does an attack become practical? . 70 2.5 Supporting Tools in Cryptography . 71 2.5.1 What is primality testing? . 71 2.5.2 What is random number generation? . 72 3 Techniques in Cryptography 73 3.1 RSA . 73 3.1.1 What is the RSA cryptosystem? . 73 3.1.2 How fast is the RSA algorithm? . 75 3.1.3 What would it take to break the RSA cryptosystem? . 76 3.1.4 What are strong primes and are they necessary for the RSA system? . 78 3.1.5 How large a key should be used in the RSA cryptosystem? . 79 3.1.6 Could users of the RSA system run out of distinct primes? . 81 3.1.7 How is the RSA algorithm used for privacy in practice? . 82 3.1.8 How is the RSA algorithm used for authentication and digital signatures in practice? . 83 3.1.9 Is the RSA cryptosystem currently in use? . 84 3.1.10 Is the RSA system an official standard today? . 85 3.1.11 Is the RSA system a de facto standard? . 86 3.2 DES . 87 3.2.1 What is DES? . 87 3.2.2 Has DES been broken? . 88 Frequently Asked Questions About Today's Cryptography 4 3.2.3 How does one use DES securely? . 89 3.2.4 Should one test for weak keys in DES? . 90 3.2.5 Is DES a group? . 91 3.2.6 What is triple-DES? . 92 3.2.7 What is DESX? . 93 3.2.8 What are some other DES variants? . 94 3.3 AES . 95 3.3.1 What is the AES? . 95 3.3.2 What are some candidates for the AES? . 96 3.3.3 What is the schedule for the AES? . 98 3.4 DSA . 99 3.4.1 What are DSA and DSS? . 99 3.4.2 Is DSA secure? . 100 3.5 Elliptic Curve Cryptosystems . 101 3.5.1 What are elliptic curve cryptosystems? . 101 3.5.2 Are elliptic curve cryptosystems secure? . 102 3.5.3 Are elliptic curve cryptosystems widely used? . 103 3.5.4 How do elliptic curve cryptosystems compare with other cryptosystems? . 104 3.5.5 What is the Certicom ECC Challenge? . 105 3.6 Other Cryptographic Techniques . 106 3.6.1 What is Diffie-Hellman? . 106 3.6.2 What is RC2? . 108 3.6.3 What is RC4? . 109 3.6.4 What are RC5 and RC6? . 110 3.6.5 What are SHA and SHA-1? . 111 3.6.6 What are MD2, MD4, and MD5? . 112 3.6.7 What are some other block ciphers? . 113 3.6.8 What are some other public-key cryptosystems? . 116 3.6.9 What are some other signature schemes? . 118 3.6.10 What are some other stream ciphers? . 119 3.6.11 What other hash functions are there? . 120 3.6.12 What are some secret sharing schemes? . 121 4 Applications of Cryptography 123 4.1 Key Management . 123 4.1.1 What is key management? . 123 4.1.2 General . 124 4.1.2.1 What key size should be used? . ..
Load more

Recommended publications
  • Course 5 Lesson 2
    This material is based on work supported by the National Science Foundation under Grant No. 0802551 Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author (s) and do not necessarily reflect the views of the National Science Foundation C5L3S1 With the advent of the Internet, social networking, and open communication, a vast amount of information is readily available on the Internet for anyone to access. Despite this trend, computer users need to ensure private or personal communications remain confidential and are viewed only by the intended party. Private information such as a social security numbers, school transcripts, medical histories, tax records, banking, and legal documents should be secure when transmitted online or stored locally. One way to keep data confidential is to encrypt it. Militaries,U the governments, industries, and any organization having a desire to maintain privacy have used encryption techniques to secure information. Encryption helps to boost confidence in the security of online commerce and is necessary for secure transactions. In this lesson, you will review encryption and examine several tools used to encrypt data. You will also learn to encrypt and decrypt data. Anyone who desires to administer computer networks and work with private data must have some familiarity with basic encryption protocols and techniques. C5L3S2 You should know what will be expected of you when you complete this lesson. These expectations are presented as objectives. Objectives are short statements of expectations that tell you what you must be able to do, perform, learn, or adjust after reviewing the lesson.
    [Show full text]
  • Cryptography
    56 Protecting Information With Cryptography Chapter by Peter Reiher (UCLA) 56.1 Introduction In previous chapters, we’ve discussed clarifying your security goals, determining your security policies, using authentication mechanisms to identify principals, and using access control mechanisms to enforce poli- cies concerning which principals can access which computer resources in which ways. While we identified a number of shortcomings and prob- lems inherent in all of these elements of securing your system, if we re- gard those topics as covered, what’s left for the operating system to worry about, from a security perspective? Why isn’t that everything? There are a number of reasons why we need more. Of particular im- portance: not everything is controlled by the operating system. But per- haps you respond, you told me the operating system is all-powerful! Not really. It has substantial control over a limited domain – the hardware on which it runs, using the interfaces of which it is given control. It has no real control over what happens on other machines, nor what happens if one of its pieces of hardware is accessed via some mechanism outside the operating system’s control. But how can we expect the operating system to protect something when the system does not itself control access to that resource? The an- swer is to prepare the resource for trouble in advance. In essence, we assume that we are going to lose the data, or that an opponent will try to alter it improperly. And we take steps to ensure that such actions don’t cause us problems.
    [Show full text]
  • Chapter 12 Pretty Good Privacy (PGP)
    Chapter 12 Pretty Good Privacy (PGP) With the explosively growing reliance on electronic mail for every conceivable pur- pose, there grows a demand for authentication and confidentiality services. Two schemes stand out as approaches that enjoy widespread use: Pretty Good Privacy (PGP) and Secure/Multipurpose Internet Mail Extension (S/MIME). The latter is a security en- hancement to the MIME Internet e-mail format standard, based on technology from RSA Data Security. Although both PGP and S/MIME are on an IETF standards track, it appears likely that S/MIME will emerge as the industry standard for commercial and organisational use, while PGP will remain the choice for personal e-mail security for many users. In this course we will only be looking at PGP. S/MIME is discussed in detail in the recommended text. 12.1 Background PGP is a remarkable phenomenon. Largely the effort of a single person, Phil Zimmer- mann, PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications. In essence what Zimmermann has done is the following: 1. Selected the best cryptographic mechanisms (algorithms) as building blocks. 2. Integrated these algorithms into a general purpose application that is independent of operating system and processor and that is based on a small set of easy to use commands. 3. Made the package and its source code freely available via the Internet, bulletin boards, and commercial networks such as America On Line (AOL). 4. Entered into an agreement with a company (Viacrypt, now Network Associates) to provide a fully compatible low cost commercial version of PGP.
    [Show full text]
  • Anonymity in a Time of Surveillance
    LESSONS LEARNED TOO WELL: ANONYMITY IN A TIME OF SURVEILLANCE A. Michael Froomkin* It is no longer reasonable to assume that electronic communications can be kept private from governments or private-sector actors. In theory, encryption can protect the content of such communications, and anonymity can protect the communicator’s identity. But online anonymity—one of the two most important tools that protect online communicative freedom—is under practical and legal attack all over the world. Choke-point regulation, online identification requirements, and data-retention regulations combine to make anonymity very difficult as a practical matter and, in many countries, illegal. Moreover, key internet intermediaries further stifle anonymity by requiring users to disclose their real names. This Article traces the global development of technologies and regulations hostile to online anonymity, beginning with the early days of the Internet. Offering normative and pragmatic arguments for why communicative anonymity is important, this Article argues that anonymity is the bedrock of online freedom, and it must be preserved. U.S. anti-anonymity policies not only enable repressive policies abroad but also place at risk the safety of anonymous communications that Americans may someday need. This Article, in addition to providing suggestions on how to save electronic anonymity, calls for proponents of anti- anonymity policies to provide stronger justifications for such policies and to consider alternatives less likely to destroy individual liberties. In
    [Show full text]
  • Making Sense of Snowden, Part II: What's Significant in the NSA
    web extra Making Sense of Snowden, Part II: What’s Significant in the NSA Revelations Susan Landau, Google hen The Guardian began publishing a widely used cryptographic standard has vastly wider impact, leaked documents from the National especially because industry relies so heavily on secure Inter- Security Agency (NSA) on 6 June 2013, net commerce. Then The Guardian and Der Spiegel revealed each day brought startling news. From extensive, directed US eavesdropping on European leaders7 as the NSA’s collection of metadata re- well as broad surveillance by its fellow members of the “Five cords of all calls made within the US1 Eyes”: Australia, Canada, New Zealand, and the UK. Finally, to programs that collected and stored data of “non-US” per- there were documents showing the NSA targeting Google and W2 8,9 sons to the UK Government Communications Headquarters’ Yahoo’s inter-datacenter communications. (GCHQs’) interception of 200 transatlantic fiberoptic cables I summarized the initial revelations in the July/August is- at the point where they reached Britain3 to the NSA’s pene- sue of IEEE Security & Privacy.10 This installment, written in tration of communications by leaders at the G20 summit, the late December, examines the more recent ones; as a Web ex- pot was boiling over. But by late June, things had slowed to a tra, it offers more details on the teaser I wrote for the January/ simmer. The summer carried news that the NSA was partially February 2014 issue of IEEE Security & Privacy magazine funding the GCHQ’s surveillance efforts,4 and The Guardian (www.computer.org/security).
    [Show full text]
  • Public Key Cryptography And
    PublicPublic KeyKey CryptographyCryptography andand RSARSA Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 [email protected] Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/ Washington University in St. Louis CSE571S ©2011 Raj Jain 9-1 OverviewOverview 1. Public Key Encryption 2. Symmetric vs. Public-Key 3. RSA Public Key Encryption 4. RSA Key Construction 5. Optimizing Private Key Operations 6. RSA Security These slides are based partly on Lawrie Brown’s slides supplied with William Stallings’s book “Cryptography and Network Security: Principles and Practice,” 5th Ed, 2011. Washington University in St. Louis CSE571S ©2011 Raj Jain 9-2 PublicPublic KeyKey EncryptionEncryption Invented in 1975 by Diffie and Hellman at Stanford Encrypted_Message = Encrypt(Key1, Message) Message = Decrypt(Key2, Encrypted_Message) Key1 Key2 Text Ciphertext Text Keys are interchangeable: Key2 Key1 Text Ciphertext Text One key is made public while the other is kept private Sender knows only public key of the receiver Asymmetric Washington University in St. Louis CSE571S ©2011 Raj Jain 9-3 PublicPublic KeyKey EncryptionEncryption ExampleExample Rivest, Shamir, and Adleman at MIT RSA: Encrypted_Message = m3 mod 187 Message = Encrypted_Message107 mod 187 Key1 = <3,187>, Key2 = <107,187> Message = 5 Encrypted Message = 53 = 125 Message = 125107 mod 187 = 5 = 125(64+32+8+2+1) mod 187 = {(12564 mod 187)(12532 mod 187)... (1252 mod 187)(125 mod 187)} mod 187 Washington University in
    [Show full text]
  • Fast Hashing and Stream Encryption with Panama
    Fast Hashing and Stream Encryption with Panama Joan Daemen1 and Craig Clapp2 1 Banksys, Haachtesteenweg 1442, B-1130 Brussel, Belgium [email protected] 2 PictureTel Corporation, 100 Minuteman Rd., Andover, MA 01810, USA [email protected] Abstract. We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low work-factor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the stream cipher mode are demonstrated on a com- mercially available VLIW micro-processor. 1 Introduction Panama is a cryptographic module that can be used both as a cryptographic hash function and a stream cipher. It is designed to be very efficient in software implementations on 32-bit architectures. Its basic operations are on 32-bit words. The hashing state is updated by a parallel nonlinear transformation, the buffer operates as a linear feedback shift register, similar to that applied in the compression function of SHA [6]. Panama is largely based on the StepRightUp stream/hash module that was described in [4]. Panama has a low per-byte work factor while still claiming very high security. The price paid for this is a relatively high fixed computational overhead for every execution of the hash function. This makes the Panama hash function less suited for the hashing of messages shorter than the equivalent of a typewritten page. For the stream cipher it results in a relatively long initialization procedure. Hence, in applications where speed is critical, too frequent resynchronization should be avoided.
    [Show full text]
  • Crypto Wars of the 1990S
    Danielle Kehl, Andi Wilson, and Kevin Bankston DOOMED TO REPEAT HISTORY? LESSONS FROM THE CRYPTO WARS OF THE 1990S CYBERSECURITY June 2015 | INITIATIVE © 2015 NEW AMERICA This report carries a Creative Commons license, which permits non-commercial re-use of New America content when proper attribution is provided. This means you are free to copy, display and distribute New America’s work, or in- clude our content in derivative works, under the following conditions: ATTRIBUTION. NONCOMMERCIAL. SHARE ALIKE. You must clearly attribute the work You may not use this work for If you alter, transform, or build to New America, and provide a link commercial purposes without upon this work, you may distribute back to www.newamerica.org. explicit prior permission from the resulting work only under a New America. license identical to this one. For the full legal code of this Creative Commons license, please visit creativecommons.org. If you have any questions about citing or reusing New America content, please contact us. AUTHORS Danielle Kehl, Senior Policy Analyst, Open Technology Institute Andi Wilson, Program Associate, Open Technology Institute Kevin Bankston, Director, Open Technology Institute ABOUT THE OPEN TECHNOLOGY INSTITUTE ACKNOWLEDGEMENTS The Open Technology Institute at New America is committed to freedom The authors would like to thank and social justice in the digital age. To achieve these goals, it intervenes Hal Abelson, Steven Bellovin, Jerry in traditional policy debates, builds technology, and deploys tools with Berman, Matt Blaze, Alan David- communities. OTI brings together a unique mix of technologists, policy son, Joseph Hall, Lance Hoffman, experts, lawyers, community organizers, and urban planners to examine the Seth Schoen, and Danny Weitzner impacts of technology and policy on people, commerce, and communities.
    [Show full text]
  • Modern Password Security for System Designers What to Consider When Building a Password-Based Authentication System
    Modern password security for system designers What to consider when building a password-based authentication system By Ian Maddox and Kyle Moschetto, Google Cloud Solutions Architects This whitepaper describes and models modern password guidance and recommendations for the designers and engineers who create secure online applications. A related whitepaper, Password security ​ for users, offers guidance for end users. This whitepaper covers the wide range of options to consider ​ when building a password-based authentication system. It also establishes a set of user-focused recommendations for password policies and storage, including the balance of password strength and usability. The technology world has been trying to improve on the password since the early days of computing. Shared-knowledge authentication is problematic because information can fall into the wrong hands or be forgotten. The problem is magnified by systems that don't support real-world secure use cases and by the frequent decision of users to take shortcuts. According to a 2019 Yubico/Ponemon study, 69 percent of respondents admit to sharing passwords with ​ ​ their colleagues to access accounts. More than half of respondents (51 percent) reuse an average of five passwords across their business and personal accounts. Furthermore, two-factor authentication is not widely used, even though it adds protection beyond a username and password. Of the respondents, 67 percent don’t use any form of two-factor authentication in their personal life, and 55 percent don’t use it at work. Password systems often allow, or even encourage, users to use insecure passwords. Systems that allow only single-factor credentials and that implement ineffective security policies add to the problem.
    [Show full text]
  • PCI Assessment Evidence of PCI Policy Compliance
    PCI Assessment Evidence of PCI Policy Compliance CONFIDENTIALITY NOTE: The information contained in this report document is for the Prepared for: exclusive use of the client specified above and may contain confidential, privileged and non-disclosable information. If the recipient of this report is not the client or Prospect or Customer addressee, such recipient is strictly prohibited from reading, photocopying, distributing or otherwise using this report or its contents in any way. Prepared by: Your Company Name Evidence of PCI Policy Compliance PCI ASSESSMENT Table of Contents 1 - Overview 1.1 - Security Officer 1.2 - Overall Risk 2 - PCI DSS Evidence of Compliance 2.1 - Install and maintain firewall to protect cardholder data 2.1.1.1 - Requirements for firewall at each Internet connections and between DMZ and internal network zone 2.1.1.2 - Business justification for use of all services, protocols and ports allowed 2.1.2 - Build firewall and router configurations that restrict connections between untrusted networks and the cardholder data environment 2.1.2.1 - Restrict inbound and outbound to that which is necessary for the cardholder data environment 2.1.2.3 - Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet 2.1.2.4 - Implement stateful inspection (also known as dynamic packet filtering) 2.1.2.5 - Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet 2.2 - Prohibition of vendor-supplied default password for systems and security parameters 2.2.1
    [Show full text]
  • BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes
    Sebastian Roschke, Feng Cheng, Christoph Meinel: "BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes" in Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011), IEEE Press, Dublin, Ireland, pp. 399-406, 5, 2011. ISBN: 978-1-4244-9219-0. BALG: Bypassing Application Layer Gateways Using Multi-Staged Encrypted Shellcodes Sebastian Roschke Feng Cheng Christoph Meinel Hasso Plattner Institute (HPI) Hasso Plattner Institute (HPI) Hasso Plattner Institute (HPI) University of Potsdam University of Potsdam University of Potsdam 14482, Potsdam, Germany 14482, Potsdam, Germany 14482, Potsdam, Germany Email: [email protected] Email: [email protected] Email: [email protected] Abstract—Modern attacks are using sophisticated and inno- easily penetrated by simple tunneling. IDS needs to handle vative techniques. The utilization of cryptography, self-modified efficient evasion techniques. ALGs provide more restrictions code, and integrated attack frameworks provide more possibili- for network access by combining filtering on the application ties to circumvent most existing perimeter security approaches, such as firewalls and IDS. Even Application Layer Gateways layer and IDS techniques, such as deep packet inspection. (ALG) which enforce the most restrictive network access can be Most of ALG implementations provide filtering due to ap- exploited by using advanced attack techniques. In this paper, plication layer protocol compliance and even allow to block we propose a new attack for circumventing ALGs. By using certain commands within a specific protocol. Although ALGs polymorphic and encrypted shellcode, multiple shellcode stages, enforce a very restrictive access policy, it is still possible to protocol compliant and encrypted shell tunneling, and reverse channel discovery techniques, we are able to effectively bypass circumvent such devices by using modern attack techniques.
    [Show full text]
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
    [Show full text]