Articles and Blog

Copyright © 2002-2013 DVMP



Security Glossary

AES U.S. Advanced Encryption Standard. An improvement upon the Data Encryption Standard (DES). AES uses the Rijndael algorithm, but in practice there is a difference between the methods named “AES” and “Rijndael”. AES allows only one block size (128 bits) and three key sizes (128, 192 and 256 bits), whereas Rijndael allows both block and key sizes of 128, 160, 192, 224 and 256 bits in any combination; where these domains overlap AES and Rijndael will produce identical results for the same inputs.
Asymmetric Algorithm Uses one key to encrypt and another to decrypt. Public Key systems are a class of asymmetric algorithms. Examples: RSA, DSA, ElGamal, Elliptic Curve.
AUTH_DES Uses secret key and public key cryptography. Uses Diffie-Hellman for key exchange between users and DES secret key cryptography for encrypting info sent over the network. DES is also used to encrypt the user’s secret key (using the user’s password as the key and DES as the encryption algorithm) which is stored on a central network NIS/NIS+ server (or in local files in /etc). If the user knows their UNIX password, the workstation software can use it to decrypt the secret key which is then stored for communication with the server. Both client and server generate a session key from their own private key and the other’s public key and use it to encrypt a 56-bit conversation key which is used for the duration of the login.
AUTH_UNIX Authentication via UID and GIDs supplied in the request. The server trusts the UID and GIDs and uses them to decide what actions are allowed. Not secure as UID and GIDs can be spoofed.
Block Encryption Algorithm Encrypts data in blocks of N bits at a time
Clipper An 80-bit encryption chip introduced by the Clinton administration in 1993. (If you could try 1,000 million keys per sec it would take 38 million years to try all keys). Criticised for having a backdoor to allow US government to decrypt messages.
CMS Cryptographic Message Syntax
crypt() Uses 56-bit DES. Used to encrypt UNIX passwords in early UNIX systems. Not to be confused with “crypt” command.
DEA Data Encryption Algorithm. A symmetric algorithm which conforms to DES – but everyone refers to it as DES.
DES Data Encryption Standard. A symmetric algorithm. Is a block encryption algorithm. Key is 56 bits in length which can be broken in months or a couple of years depending on how the key is calculated (a DES-cracking machine may take only a few days). May be replaced as the US encryption standard by Rijndael. See DEA
Diffie-Hellman key exchange

A system for exchanging cryptographic keys. Not actually a method for encryption and decryption, but a method of developing and exchanging a shared private key over a public comms channel. Based on discrete-logarithms. Vulnerable to man-in-the-middle attacks. Used in SSH-2.

It is based on two system public numbers p and g known to all users of the system – one is a prime number and the other has a mathematical relationship to it. They may be hard coded or fetched from a server.

The sending end and receiving end independently generate a random secret number s1 and s2. Both then calculate their public key thus: g^s1 mod p (and g^s2 mod p) and send each other their public keys. Both then compute the shared secret key from their own secret key and the other’s public key – both arrive at the same value for the shared secret key.

The algorithm rests on the unfeasibility of calculating the shared secret key given both of the public keys. See

Digital Certificate Binds a name (i.e. an identity) with a public key. The role of the certificate is to associate a public key with the identity contained in the certificate. It attests that a trusted third party vouches for the key’s owner; the attestation is represented by a digital signature from the third party. Establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
Digital Signature

Can be used to sign a message or data (e.g. email message or financial transaction) to ensure authenticity. With public key cryptography, the private key is used to create the signature, and users can use the public key to verify the signature.

Digital signatures are usually created from a message digest of the data rather than the data itself.


  1. Hash the document
  2. Sign the hash using the private key
  3. Send the plaintext document + signature


  1. Calculate the hash independently
  2. Decrypt the signature with the public key (retrieving the sender’s hash)
  3. Compare sender’s hash with my calculated hash
  4. If hashes are the same, signature is valid and the document has not been modified
DNS DNS was not designed to be a secure protocol. Lookups can not be trusted. Real safety relies on not using IP addresses or hostnames for authentication – this is now possible on a limited basis with DNS extensions for cryptographically signing DNS queries, responses and zone files.
DSA/DSS Digital Signature Standard (DSS) is based on the Digital Signature Algorithm (DSA). As specified DSS can only be used for signatures, thought some implementations of DSA may be used for encryption.
Elliptic curves Public key cryptography system based on solutions to the equation y^2 = x^3 +ax +b. Short keys can offer a high degree of privacy while remaining easily calculable. Can be computed very efficiently in hardware.
Encryption mode How an encryption method is implemented. There are several modes:

Let pt = plaintext, ct = ciphertext, E = encipher
in ecb: ct[i] = E( pt[i] )
in cbc: ct[i] = E( ct[i-1] ^ pt[i] )
in ofb: ct[i] = pt[i] ^ x[i]; x[i] = E( x[i-1] );
in ctr: ct[i] = pt[i] ^ E( i )

One newer mode is iapm:
x1[i] = E_k1( i + IV )
x2[0] = 0x2[i] = x1[floor(log2(i))] ^ x2[i - 2**floor(log2(i))]
ct[i] = E_k2( pt[i] ^ x2[i] ) ^ x2[i]

Fastest: ctr > ecb > iapm > cbc
Safest: iapm > cbc > ctr
Hybrid Public/Private Cryptosystems Use the slower public key cryptography to exchange a random session key which is the basis for a faster symmetric key algorithm used for encrypting the actual data. Nearly all public key cryptography implementations are hybrid systems.
identd A remote server can contact the local ident daemon (identd) to discover the real name of the user who initiates a TCP/IP connection. This allows accountability, but the local machine’s ident daemon may have been rigged to give misleading info – e.g. there are many free Windows-based ident daemons that return false responses. Probably most useful in tracking down attackers at Universities or large organisations.
IPsec (RFC 2401) an end-to-end packet-level encryption protocol. User X.509 certificates (as used in SSL). Developed for IPv6 and back-ported to IPv4. Has two modes “tunnel” which wraps the entire (encrypted) IP datagram in a new IP datagram, and “transport” where only the payload of the IP datagram is encrypted. Uses HMAC for integrity. Use with manual keys or using IKE (Internet Key Exchange).
Kerberos A secure authentication system for environments where networks may be monitored and computers aren’t under central control. User passwords are held encrypted on a central server which must be physically protected. The encryption is done via a single server key so anyone stealing the server or the data may eventually gain access to all user passwords. Passwords do not travel over the network, authentication messages are encrypted using the user’s unix password and decryption is attempted using the typed-in password at the client end. Successful login causes the server to generate a ticket with a limited lifetime – all requests from the client for services are then authenticated via this ticket or new tickets based upon it. Programs use Kerberos by modifying source code and calling functions in a Kerberos library.
Does it encrypt traffic?
LDAP Local Directory Access Protocol. Lightweight and fast protocol to provide directory information. Is not secure but can be run over an encrypted SSL tunnel.
Message Digest Function

Also called one-way hash function.

Used to create:

  1. a “fingerprint” of a file or a key
  2. a digital signature
  3. an encryption key from a passphrase.

Generates a seemingly random pattern of bits for a given input.

Finding a different input that produces the same fingerprint is unfeasible (collision-resistant).

Most systems that produce digital signatures encrypt a message digest of the data rather than the data itself.

The fingerprint is a MAC (message authentication code). If combined with a shared secret key it is a HMAC (hash message authentication code) which can be used for many of the same things as digital signatures as an HMAC is faster to calculate and is smaller than a digital signature, but offer comparable signature security; however an HMAC has the disadvantage of being based on a shared key.

A few message digest functions in use: MD2, MD4, MD5, SHA, SHA-1, SHA-256, SHA-384, SHA-512, RIPEMD-160

Symmetric block encryption systems (such as DES) can also be used as message digest functions but are slower.

MSP Message Security Protocol
Net_SNMP Uses OpenSSL for encryption
NFS/NIS can be easily spoofed, no encryption, uses standard RPC based on AUTH_UNIX
NIS+ uses Secure RPC (which see)
One-time pad A perfectly secure cipher. Requires that the key be as large as the message it protects, be generated perfectly randomly, and never be re-used.
OpenSSL A cryptography toolkit (derived from SSLeay) implementing SSLv2 and SSLv3 and TLSv1. Has a “crypto” library, and openssl command line tool which can be used to create keys and certificates, calculate message digests, encrypt and decrypt, and handle S/MIME mail; it can also be a SSL client or server for testing.
PEM Privacy Enhanced Mail
PGP Pretty Good Privacy
PKI Public Key Infrastructure. A group of users which can certify their keys to each other in person, or have their keys certified by a trusted authority. SSL provides transparent support for PKI.
Public Key Cryptography (PKC)

A user has 2 keys – a public key which can be distributed to other people and which they use to encrypt messages to be sent to the user, and a private (or secret) key which the user uses to decrypt these messages. Only the private key can decrypt these messages and the user must keep it private.

Can also be used for creating digital signatures.

Computationally expensive – typically requires 1000 times more computer power than symmetric key algorithms.

Public key systems in common use are: Diffie-Hellman, DSA/DSS, RSA, Elliptic curves.

Rhosts Authentication

Authenticates a user attempting to login from another host.

/etc/rhosts.equiv file is checked first, then the .rhosts file of the local (target) user. Auth stops when a matching positive or negative entry is found.

Two form of entries for granting access to the local system:

  1. hostname – all users from the named host may access the system with the SAME username as on the remote host
  2. hostname username – in a local user’s .rhosts it means the named remote user may access the system as that local user. In /etc/hosts.equiv it means the named remote user will be allowed access as ANY local user
Rijndael Extremely fast symmetric encryption algorithm approved by NIST in 2000 as the new U.S. Advanced Encryption Standard (AES). Used with keys of 128, 192 or 256 bits. May be preferable to DES in future. Named after the developers Joan Daemen and Vincent Rijmen. Dutch, pronounced “Reign-dahl” or “Rhine-dahl”. (see also AES)
RSA Public key cryptography system used for encrypting information and as the basis of a digital signature system. Based on factorising a large number (product of two prime numbers). Key can be any length, depending on the implementation used.
S/Key One-time passwords
SASL Secure Authentication and Security Layer. Library which can authenticate using a separate database or via PAM (e.g. might be used by SMTP to authenticate to IMAP mailboxes)
Secure NFS Uses Secure RPC (which see)
Secure RPC

Better authentication based on AUTH_DES; i.e. authentication data is encrypted but payload is unencrypted so vulnerable to eavesdropping and integrity violation. However see GSSAPI (RPCSEC_GSS ?)

After agreeing a session key, Secure RPC authenticates all RPC requests. Uses a timestamp (with an allowed window) to reduce risk of integrity/replay attacks. But secret key is protected only by weak-ish 56-bit key (AUTH_DES).

Authenticates but does not protect data with encryption or digital signatures (no integrity or confidentiality).

(Needs (?) a server machine – keys are distributed via NIS or NIS+)

Session Key A randomly generated key used in a single encryption session, then discarded. See Hybrid Cryptosystems.
SRP Secure remote password. A technology for strong two-party mutual authentication which improves the security of password-style authentication. Avoids using encryption algorithms. The client only needs to remember a short password which does not need to be so random. The server still has sensitive data for authenticating, but the consequences of its disclosure is less severe than the hashed password data in /etc/shadow.

RSA authentication (client decrypts challenge from server, returns has to server). 3DES session encryption. Long term server id key, short-term encryption key changes every hour. Can use password authentication. Can tunnel other protocols through SSL connection, e.g. POP, SMTP, IMAP, HTTP, and X. Uses MD5 and SHA-1 for integrity checking. RSAADI who originated MD5 (128 bit) recommend changing to the stronger SHA-1 (160 bit) or RIPEMD-160 (160 bits). Uses zlib for compression.

Servers can be run on any port, so a firewall allowing outgoing connections on a specific port number can be used for a service that was not intended – e.g. for a firewall allowing outgoing connections on port 443 for SSL, an outside SSH server can be set up to monitor connections on port 443 and SSH run locally and told to connect to the remote server on port 443; the user can then tunnel multiple connection types through SSH and the firewall would allow it!

Public key algorithms are RSA (default for Solaris SSH) or DSA. Only one key exchange method – Diffie-Hellman. SSH-2 uses SHA-1 rather than MD5 as its MAC hash function.


End-to-end confidentiality and integrity. Usually authenticates server using a certificate – can authenticate client but never used.


  1. Negotiate cipher
  2. Establish shared session key
  3. Authenticate server (optional)
  4. Authenticate client (optional – rare)
  5. Authenticate previously exchanged data

Uses public key cryptography for authentication, and symmetric encryption for sending data. Uses X.509 certificates.

In server authentication, the client will have a list of certificates from trusted CAs, each one carries the public key of the corresponding CA. The certificate sent from the server is queried for the DN (an X.500 Distinguished Name) of the CA that certified it, and the trusted list of certificates is searched for a certificate with a matching DN. When a match is found among the trusted certificates, the public key is read from the matched certificate and used to verify the CA’s signature on the certificate that was sent from the server. If the verification succeeds it proves that the certificate sent from the server is a valid “letter of introduction” from the CA.

Protects session only. Designed for multiple protocols (e.g. POP3 FTP, SMTP) but only used for HTTP.

Can tunnel via an SSL proxy which is the “end” of the protocol.Can not be proxied (between the ends) because a proxy would be a man-in-the—middle-attack which SSL detects. Uses port 443. OpenSSL library. Needs certificate.

stunnel An SSL tool which adds protection to existing services without requiring changes to server source code. Can be invoked from inetd as a wrapper for many service daemons or run standalone to accept connections for a single service.
Symmetric Algorithm

Uses the same key for encryption and decryption, which makes it much faster than asymmetric algorithms. Used for bulk encryption of data or data streams. Two categories: block (encrypts many bytes at a time) and stream (byte-by-byte or bit-by-bit).Sometimes called “secret” or “private” key algorithms (because both parties must keep the key secret) which is confusing as they are not related to public key algorithms. Would need a large number of keys for communication between many people, to prevent a compromised key allowing an attacker to decrypt traffic between all users.

Some common symmetric algorithms are: Blowfish, DES, IDEA, MARS, RC2, RC4, RC5, RC6, Rijndael, Serpent, Triple-DES (3DES), Twofish, AES. Best rated are RC2 and Rijndael.

tcpwrapper A small daemon program tcpd which sits between inetd and the servers it spawns (ftp, telnet). tcpd uses the files hosts.allow and hosts.deny to allow or refuse access to ftp or telnet etc based on the sending hosts identity in the ip packets.
TLS Transport Layer Security. IETF-standardised evolution of SSLv3. Identifies itself as SSLv3.1
Tooltalk Uses secure RPC if you use ttsession “-a des” option
Triple-DES or 3DES Threefold application of the DES algorithm using 3 different keys - effectively a 168-bit key length. Actually it’s not as simple as that, because you can use 2 keys (one of them twice); there’s also some debate as to whether the real key strength is simply a 3 times multiplier.


Levels of Encryption of IP Packets

Note that encryption protects the data in packets but not the source and destination addresses and port numbers which must be readable by routers.

  1. Link-Level encryption – automatic encryption of packets when transmitted over an insecure data link such as a radio network.
  2. End-to-end encryption – the host automatically encrypts packet contents. Useful for sending data over VPNs (e.g. IPsec)
  3. Application-level encryption – done by applications such as SSH which replace telnet etc. Application level encryption an also be provided by tunneling (via ssh for example). Individual application servers and clients can be wrapped using SSL and TLS protocols.

Using Encryption is not enough – it must be properly implemented (e.g. original encryption standard for 802.11 wireless LANs was WEP (Wired Equivalent Privacy) which is flawed so it’s easy to determine the encryption keys.

Encryption only protects against eavesdropping. DOS attacks can still succeed against hosts which use encryption.

SSL Handshake



Client Hello ---->

Message Contents:

  • client version (version of SSL supported by client)
  • random data (unix date + 28 bytes random data)
  • session id (to continue a previous session)
  • cipher list suite (each entry defines a key exchange algorithm and a CipherSpec, in order of preference)
  • compression methods list
  <--- Server Hello

Message Contents:

  • server version (chosen version of SSL)
  • random data (unix date + 28 bytes random data)
  • session id (same as suggested by client to continue a past connection, or a new connection id)
  • cipher suite (the suite selected by the server from the list which was sent by the client)
  • compression method (selected by server from client’s list)
  <--- Server Certificate

Message Contents:

  • certificate list (server certificate first, root authority certificate last)
  • server's public key

Certificate type must be appropriate for the selected cipher suite's key exchange algorithm

  • Authenticate server
  • Use client & server random data to create
    premaster secret
  • Encrypt premaster secret with server’s
    public key (from certificate)
Encrypted premaster secret --->  
  • decrypt premaster secret using server’s private key
  • create master secret from premaster secret
  • generate session key from master secret
  • create master secret from premaster secret
  • generate session key from master secret
Future msgs from client will be encrypted with the session key --->  
Encrypted msg stating that client part of handshake is complete ->  
  <--- Future msgs from server will be encrypted with the session key
  <--- Encrypted msg stating that server part of handshake is complete

Client & Server now use session key to encrypt data and send it.

For more info see



Naming server and IP spoofing

 Avoided by cryptographically verifying the server host identity (compares server’s host key against a local list associating server names and addresses with their keys).

Public Key Authentication problems:

  • management of private keys (must be kept secure)
  • certification of public keys

Certification of Public Keys

If an attacker can substitute their own public key for a someone else’s all communication will be visible to the attacker. Solutions are: - use secure channel to exchange public keys. Ssh copies public key to remote system after logging-in with a non-public key method (e.g. password) - use PKI

Symmetric vs Asymmetric Key Sizes

For a symmetric algorithm, each bit doubles the difficulty of finding the key. For RSA, each additional bit only nominally increases the difficulty of factoring the composite number used by the algorithm, assuming there are advances in our ability to identify prime numbers. So a 128-bit RC2 key may be stronger than a 1024-bit RSA key.

Security of keys derived from passwords

For a 128-bit key to be truly secure, all 128 bits must be randomly chosen (i.e there must be 2^128 distinct possible keys). If the key is derived from a password of (say) 4 lowercase letters, even though the key appears to be 128-bits long, there are really only 26x26x26x26 or 456,976 different keys that could actually be used; so the effective key length is between 18 and 19 bits!


<< Back to “Articles & Blog”