Encryption Flashcards

Questions and Answers

When is cryptography needed?

When there is an insecure communication channel and you want to send this message in a way that ensures that only the intended recipient can read it.

How does a message look like before encryption?

like a normal message

How might a message look after encryption?

the actual message looks like gibberish

What does PGP stand for?

pretty good protection

What is symmetric cryptography?

Apply the key to the original message using some 'rule' - say Exclusive OR.

What are the steps of symmetric cryptography?

1. Encrypt the message at Computer1 using the shared key. 2. Send the encrypted message from Computer1 to Computer2. 3. Decrypt the message at Computer2 using the shared key.

What is the goal of cryptography?

To ensure that only the intended recipient can read the message.

What are the constraints of symmetric cryptography?

Must be sure about who has the key because once it's out (stolen), security is lost.

How do you ensure Computer1 and Computer2 have the SAME key?

If we have a secure channel over which to transmit the key.

What is Asymmetric Cryptography?

There are two mathematically linked keys.

What can you NOT decrypt a message using in asymmetric cryptography?

Can't decrypt a message encrypted with a public key using the public key.

Who creates private keys in Asymmetric Cryptography?

Private keys are created by each user.

Who can use public keys?

Public keys are made available to anyone who wants them.

What are the steps to Asymmetric Cryptography?

1. Computer1 acquires Computer2's public key to encrypt the message. 2. Computer1 sends the encrypted message to Computer2. 3. Computer2 decrypts the message using its private key.

What is the goal of Asymmetric Cryptography?

To ensure that only the intended recipient can read the message.

What are the constraints of Asymmetric Cryptography?

Only practical for short messages, must keep private keys private, and must ensure that the public key came from the right source.

How many keys are required for Asymmetric Cryptography?

4

Is Asymmetric Cryptography good for ecommerce?

NO

How is the goal of Asymmetric Cryptography and a digital signature different?

To ensure that only the intended recipient can read the message, and to provide assurance that the message is authentic and unchanged.

How do you ensure the recipient that the message is authentic and hasn't been changed?

a digital signature

What is a digital signature?

The digital equivalent to a human signature.

What is more secure, a human signature or digital signature?

digital signature is more secure than actual signature because it's locked with a private key.

What is step 1 of the digital signature process?

Computer1 encrypts the message with its own private key, thereby signing it.

What is step 2 of the digital signature process?

Computer1 acquires Computer2's public key, and uses it to encrypt the (already encrypted) message.

What is step 3 of the digital signature process?

Computer1 sends the double-encrypted message to Computer2.

What is step 4 of the digital signature process?

Computer2 uses its private key to decrypt the message and obtains an encrypted message.

What is step 5 of the digital signature process?

Computer2 obtains Computer1's public key and uses it to retrieve the original message.

Could anyone other than Computer1 have sent the message?

No, because Computer1's public key was used to decrypt the message.

Could the message have been changed en route?

No, because Computer1's public key was used to decrypt the message.

Can only the intended recipient read the message?

Yes, because only Computer2's private key can decrypt the message.

Which type of encryption does ecommerce use?

A hybrid approach is used in practice.

Why doesn't asymmetric encryption work for ecommerce?

It is too slow for all but the smallest messages.

Why doesn't symmetric encryption work for ecommerce?

The seller doesn't want to hand-deliver the key to potential customers.

What is the objective of ecommerce's encryption?

To send a credit transaction securely from Computer1 to Computer2 with Computer1's digital signature.

What is step 1 in Web-Based Commerce encryption?

Computer1 obtains Computer2's public key from the Public Key Repository.

What is step 2 in Web-Based Commerce encryption?

Computer1 uses Computer2's public key to encrypt its symmetric key.

What is step 3 in Web-Based Commerce encryption?

Computer1 sends the encrypted symmetric key to Computer2.

What is step 4 in Web-Based Commerce encryption?

Computer2 uses its private key to decrypt Computer1's symmetric key.

What is a benefit of Web-Based Commerce encryption?

Good for secure, frequent transactions with large varying customer base.

What are scenarios that might pop into your head if you are wondering how do I know that I actually retrieved your public key?

Perhaps someone is pretending to be a public key repository, or it could be a legitimate repository but with incorrect key details.

What is Diffie-Hellman Key Exchange?

Asymmetric and symmetric combined.

What is MOD?

MOD takes the remainder of a division.

How many options for MOD are there when you divide by 4?

4 (0, 1, 2, 3)

What is 17 MOD 4?

1

How does Diffie-Hellman Key Exchange work?

Alice and Bob agree on a prime number p and base g, choose secret integers, and send calculated values to each other.

Study Notes

When is Cryptography Needed?

• Required when communicating over insecure channels to ensure only the intended recipient can read the message.

Message Appearance Before Encryption

• Looks like a normal email format with header details (To, From, Subject) followed by the actual message.

Message Appearance After Encryption

• Transformed into gibberish; format includes encrypted content, e.g., "-----Begin PGP Message----" followed by random characters.

PGP (Pretty Good Protection)

• Provides strong encryption for secure communication.

Symmetric Cryptography

• Uses a single shared key to encrypt and decrypt messages.
• Method includes applying the same key and "Exclusive OR" (XOR) rule which outputs 1 only if one bit is 1.

Steps of Symmetric Cryptography

• Encrypt at the sender's device.
• Send the encrypted message to the recipient.
• Decrypt message at the recipient's device using the same key.

Goal of Cryptography

• To guarantee that only the intended recipient can read the message.

Constraints of Symmetric Cryptography

• Security is compromised if the shared key is lost or stolen.
• Ensuring the correct recipient has the key is critical.

Ensuring Key Sharing

• If a secure channel is available, the key can be securely transmitted, allowing messages to be sent without encryption.

Asymmetric Cryptography (AC)

• Employs two mathematically linked keys: a public key for encryption and a private key for decryption.

Decryption Limitations in AC

• Cannot decrypt messages with the same key used for encryption (public/private).

Private Key Creation

• Generated by the user and never transmitted over a network, ensuring security.

Public Key Access

• Public keys are freely available to anyone wanting them.

Steps of Asymmetric Cryptography

• Sender encrypts using recipient's public key.
• Encrypted message is sent to the recipient.
• Recipient decrypts the message using their private key.

Goal of Asymmetric Cryptography

• Similar to symmetric: ensure that only the intended recipient can read the message.

Constraints of Asymmetric Cryptography

• Best suited for short messages due to inefficiency.
• Private keys need to be securely kept.
• Verification of public key authenticity is crucial.

Key Requirements for AC

• Four keys are generally needed for proper functionality.

AC Notes

• Not efficient for web browsing or e-commerce.
• Despite resolving key distribution issues, it doesn't fully address other cryptography concerns.

Use of Digital Signatures

• Offers assurance that: the message originates from the claimed sender, and has not been altered during transmission.
• Recognized as legally binding since June 2000.

Security Comparison

• Digital signatures provide superior security compared to traditional handwritten signatures.

Digital Signature Process Steps

• Message signed using sender's private key.
• Encrypted again with recipient's public key.
• Sent as double-encrypted message.

Verification of Sender and Integrity

• Only the sender could have created the message due to reversible encryption with a private key, ensuring authenticity and integrity.

E-commerce Encryption Approach

• Adopts a hybrid model, combining both asymmetric and symmetric encryption for efficiency and security.

Hybrid Encryption Process in E-commerce

• Public key of the receiver is obtained.
• Symmetric key is encrypted using this public key and sent.
• Upon receiving, the recipient decrypts using their private key to access the symmetric key for further secure transactions.

Security Concerns in Key Exchange

• Potential risks include impersonation or counterfeit public keys leading to security breaches.

Diffie-Hellman Key Exchange

• A method combining asymmetric and symmetric approaches to establish a shared secret key without direct key exchange.

Understanding MOD

• MOD operation finds the remainder after division, with limited results based on the divisor.

Example of Diffie-Hellman Key Usage

• Alice and Bob use shared prime numbers and generate private and public keys to securely exchange a shared secret key.

General Formula Overview for Key Exchange

• Variables defined: secret (private) keys a and b, and public results A and B based on modular mathematical operations.

Description

Test your knowledge on encryption and cryptography concepts with these flashcards. Learn when cryptography is necessary and how messages appear before and after encryption. Perfect for students or anyone interested in secure communication.