||U.S. Advanced Encryption Standard. An improvement upon the Data Encryption Standard (DES).
AES uses the Rijndael algorithm, but in practice there is a difference between the methods
named “AES” and “Rijndael”. AES allows only one block size (128 bits) and three key sizes
(128, 192 and 256 bits), whereas Rijndael allows both block and key sizes of 128, 160, 192,
224 and 256 bits in any combination; where these domains overlap AES and Rijndael will
produce identical results for the same inputs.
||Uses one key to encrypt and another to decrypt. Public Key systems are a class of
asymmetric algorithms. Examples: RSA, DSA, ElGamal, Elliptic Curve.
||Uses secret key and public key cryptography. Uses Diffie-Hellman for key exchange between
users and DES secret key cryptography for encrypting info sent over the network. DES is
also used to encrypt the user’s secret key (using the user’s password as the key and DES
as the encryption algorithm) which is stored on a central network NIS/NIS+ server (or in
local files in /etc). If the user knows their UNIX password, the workstation software can
use it to decrypt the secret key which is then stored for communication with the server.
Both client and server generate a session key from their own private key and the other’s
public key and use it to encrypt a 56-bit conversation key which is used for the duration
of the login.
||Authentication via UID and GIDs supplied in the request. The server trusts the UID and GIDs
and uses them to decide what actions are allowed. Not secure as UID and GIDs can be spoofed.
|Block Encryption Algorithm
||Encrypts data in blocks of N bits at a time
||An 80-bit encryption chip introduced by the Clinton administration in 1993. (If you could
try 1,000 million keys per sec it would take 38 million years to try all keys). Criticised
for having a backdoor to allow US government to decrypt messages.
||Cryptographic Message Syntax
||Uses 56-bit DES. Used to encrypt UNIX passwords in early UNIX systems. Not to be confused
with “crypt” command.
||Data Encryption Algorithm. A symmetric algorithm which conforms to DES – but everyone
refers to it as DES.
||Data Encryption Standard. A symmetric algorithm. Is a block encryption algorithm. Key is
56 bits in length which can be broken in months or a couple of years depending on how the
key is calculated (a DES-cracking machine may take only a few days). May be replaced as
the US encryption standard by Rijndael. See DEA
|Diffie-Hellman key exchange
A system for exchanging cryptographic keys. Not actually a method for encryption and
decryption, but a method of developing and exchanging a shared private key over a public
comms channel. Based on discrete-logarithms. Vulnerable to man-in-the-middle attacks.
Used in SSH-2.
It is based on two system public numbers p and g known to all users of the system – one
is a prime number and the other has a mathematical relationship to it. They may be hard
coded or fetched from a server.
The sending end and receiving end independently generate a random secret number s1 and
s2. Both then calculate their public key thus: g^s1 mod p (and g^s2 mod p) and send each
other their public keys. Both then compute the shared secret key from their own secret key
and the other’s public key – both arrive at the same value for the shared secret key.
The algorithm rests on the unfeasibility of calculating the shared secret key given both
of the public keys. See http://postdiluvian.org/~seven/diffie.html
||Binds a name (i.e. an identity) with a public key. The role of the certificate is to
associate a public key with the identity contained in the certificate. It attests that a
trusted third party vouches for the key’s owner; the attestation is represented by a
digital signature from the third party. Establishes your credentials when doing business
or other transactions on the Web. It is issued by a certification authority (CA).
It contains your name, a serial number, expiration dates, a copy of the certificate
holder's public key (used for encrypting messages and digital signatures), and the digital
signature of the certificate-issuing authority so that a recipient can verify that the
certificate is real. Some digital certificates conform to a standard, X.509. Digital
certificates can be kept in registries so that authenticating users can look up other
users' public keys.
Can be used to sign a message or data (e.g. email message or financial transaction) to
ensure authenticity. With public key cryptography, the private key is used to create the
signature, and users can use the public key to verify the signature.
Digital signatures are usually created from a message digest of the data rather than the
- Hash the document
- Sign the hash using the private key
- Send the plaintext document + signature
- Calculate the hash independently
- Decrypt the signature with the public key (retrieving the sender’s
- Compare sender’s hash with my calculated hash
- If hashes are the same, signature is valid and the document has not been modified
||DNS was not designed to be a secure protocol. Lookups can not be trusted. Real
safety relies on not using IP addresses or hostnames for authentication – this is now possible on a limited basis with DNS extensions for cryptographically signing DNS queries, responses and zone files.
||Digital Signature Standard (DSS) is based on the Digital Signature Algorithm (DSA). As
specified DSS can only be used for signatures, thought some implementations of DSA may be
used for encryption.
||Public key cryptography system based on solutions to the equation y^2 = x^3 +ax +b. Short
keys can offer a high degree of privacy while remaining easily calculable. Can be computed
very efficiently in hardware.
||How an encryption method is implemented. There are several modes:
Let pt = plaintext, ct = ciphertext, E = encipher
in ecb: ct[i] = E( pt[i] )
in cbc: ct[i] = E( ct[i-1] ^ pt[i] )
in ofb: ct[i] = pt[i] ^ x[i]; x[i] = E( x[i-1] );
in ctr: ct[i] = pt[i] ^ E( i )
One newer mode is iapm:
x1[i] = E_k1( i + IV )
x2 = 0x2[i] = x1[floor(log2(i))] ^ x2[i - 2**floor(log2(i))]
ct[i] = E_k2( pt[i] ^ x2[i] ) ^ x2[i]
Fastest: ctr > ecb > iapm > cbc
Safest: iapm > cbc > ctr
|Hybrid Public/Private Cryptosystems
||Use the slower public key cryptography to exchange a random session key which is the basis
for a faster symmetric key algorithm used for encrypting the actual data. Nearly all public
key cryptography implementations are hybrid systems.
||A remote server can contact the local ident daemon (identd) to discover the real name of
the user who initiates a TCP/IP connection. This allows accountability, but the local
machine’s ident daemon may have been rigged to give misleading info – e.g. there are many
free Windows-based ident daemons that return false responses. Probably most useful in
tracking down attackers at Universities or large organisations.
||(RFC 2401) an end-to-end packet-level encryption protocol. User X.509 certificates (as used
in SSL). Developed for IPv6 and back-ported to IPv4. Has two modes “tunnel” which wraps the
entire (encrypted) IP datagram in a new IP datagram, and “transport” where only the payload
of the IP datagram is encrypted. Uses HMAC for integrity. Use with manual keys or using IKE
(Internet Key Exchange).
||A secure authentication system for environments where networks may be monitored and
computers aren’t under central control. User passwords are held encrypted on a central
server which must be physically protected. The encryption is done via a single server key
so anyone stealing the server or the data may eventually gain access to all user passwords.
Passwords do not travel over the network, authentication messages are encrypted using the
user’s unix password and decryption is attempted using the typed-in password at the client
end. Successful login causes the server to generate a ticket with a limited lifetime – all
requests from the client for services are then authenticated via this ticket or new tickets
based upon it. Programs use Kerberos by modifying source code and calling functions in a
Does it encrypt traffic?
||Local Directory Access Protocol. Lightweight and fast protocol to provide directory information.
Is not secure but can be run over an encrypted SSL tunnel.
|Message Digest Function
Also called one-way hash function.
Used to create:
- a “fingerprint” of a file or a key
- a digital signature
- an encryption key from a passphrase.
Generates a seemingly random pattern of bits for a given input.
Finding a different input that produces the same fingerprint is unfeasible (collision-resistant).
Most systems that produce digital signatures encrypt a message digest of the data rather
than the data itself.
The fingerprint is a MAC (message authentication code). If combined with a shared secret
key it is a HMAC (hash message authentication code) which can be used for many of the
same things as digital signatures as an HMAC is faster to calculate and is smaller than
a digital signature, but offer comparable signature security; however an HMAC has the
disadvantage of being based on a shared key.
A few message digest functions in use: MD2, MD4, MD5, SHA, SHA-1, SHA-256, SHA-384,
Symmetric block encryption systems (such as DES) can also be used as message digest
functions but are slower.
||Message Security Protocol
||Uses OpenSSL for encryption
||can be easily spoofed, no encryption, uses standard RPC based on AUTH_UNIX
||uses Secure RPC (which see)
||A perfectly secure cipher. Requires that the key be as large as the message it protects,
be generated perfectly randomly, and never be re-used.
||A cryptography toolkit (derived from SSLeay) implementing SSLv2 and SSLv3 and TLSv1.
Has a “crypto” library, and openssl command line tool which can be used to create keys
and certificates, calculate message digests, encrypt and decrypt, and handle S/MIME mail;
it can also be a SSL client or server for testing.
||Privacy Enhanced Mail
||Pretty Good Privacy
||Public Key Infrastructure. A group of users which can certify their keys to each other in
person, or have their keys certified by a trusted authority. SSL provides transparent
support for PKI.
|Public Key Cryptography (PKC)
A user has 2 keys – a public key which can be distributed to other people and which they
use to encrypt messages to be sent to the user, and a private (or secret) key which the
user uses to decrypt these messages. Only the private key can decrypt these messages and
the user must keep it private.
Can also be used for creating digital signatures.
Computationally expensive – typically requires 1000 times more computer power than
symmetric key algorithms.
Public key systems in common use are: Diffie-Hellman, DSA/DSS, RSA, Elliptic curves.
Authenticates a user attempting to login from another host.
/etc/rhosts.equiv file is checked first, then the .rhosts file of the local (target) user.
Auth stops when a matching positive or negative entry is found.
Two form of entries for granting access to the local system:
- hostname – all users from the named host may access the system with the SAME username as on the remote host
- hostname username – in a local user’s .rhosts it means the named remote user may access the system as that local user. In /etc/hosts.equiv it means the named remote user will be allowed access as ANY local user
||Extremely fast symmetric encryption algorithm approved by NIST in 2000 as the new U.S.
Advanced Encryption Standard (AES). Used with keys of 128, 192 or 256 bits. May be
preferable to DES in future. Named after the developers Joan Daemen and Vincent Rijmen.
Dutch, pronounced “Reign-dahl” or “Rhine-dahl”. (see also AES)
||Public key cryptography system used for encrypting information and as the basis of a
digital signature system. Based on factorising a large number (product of two prime
numbers). Key can be any length, depending on the implementation used.
||Secure Authentication and Security Layer. Library which can authenticate using a separate
database or via PAM (e.g. might be used by SMTP to authenticate to IMAP mailboxes)
||Uses Secure RPC (which see)
Better authentication based on AUTH_DES; i.e. authentication data is encrypted but payload
is unencrypted so vulnerable to eavesdropping and integrity violation. However see GSSAPI
After agreeing a session key, Secure RPC authenticates all RPC requests. Uses a timestamp
(with an allowed window) to reduce risk of integrity/replay attacks. But secret key is
protected only by weak-ish 56-bit key (AUTH_DES).
Authenticates but does not protect data with encryption or digital signatures (no
integrity or confidentiality).
(Needs (?) a server machine – keys are distributed via NIS or NIS+)
||A randomly generated key used in a single encryption session, then discarded. See Hybrid Cryptosystems.
||Secure remote password. A technology for strong two-party mutual authentication which
improves the security of password-style authentication. Avoids using encryption algorithms.
The client only needs to remember a short password which does not need to be so random.
The server still has sensitive data for authenticating, but the consequences of its
disclosure is less severe than the hashed password data in /etc/shadow.
RSA authentication (client decrypts challenge from server, returns has to server). 3DES session encryption.
Long term server id key, short-term encryption key changes every hour. Can use password authentication.
Can tunnel other protocols through SSL connection, e.g. POP, SMTP, IMAP, HTTP, and X. Uses MD5 and SHA-1 for
integrity checking. RSAADI who originated MD5 (128 bit) recommend changing to the stronger SHA-1 (160 bit) or
RIPEMD-160 (160 bits). Uses zlib for compression.
Servers can be run on any port, so a firewall allowing outgoing connections on a specific port number can be
used for a service that was not intended – e.g. for a firewall allowing outgoing connections on port 443 for SSL,
an outside SSH server can be set up to monitor connections on port 443 and SSH run locally and told to connect to
the remote server on port 443; the user can then tunnel multiple connection types through SSH and the firewall
would allow it!
Public key algorithms are RSA (default for Solaris SSH) or DSA. Only one key exchange method – Diffie-Hellman.
SSH-2 uses SHA-1 rather than MD5 as its MAC hash function.
End-to-end confidentiality and integrity. Usually authenticates server using a certificate
– can authenticate client but never used.
- Negotiate cipher
- Establish shared session key
- Authenticate server (optional)
- Authenticate client (optional – rare)
- Authenticate previously exchanged data
Uses public key cryptography for authentication, and symmetric encryption for sending
data. Uses X.509 certificates.
In server authentication, the client will have a list of certificates from trusted CAs,
each one carries the public key of the corresponding CA. The certificate sent from the
server is queried for the DN (an X.500 Distinguished Name) of the CA that certified it, and
the trusted list of certificates is searched for a certificate with a matching DN. When a
match is found among the trusted certificates, the public key is read from the matched
certificate and used to verify the CA’s signature on the certificate that was sent from the
server. If the verification succeeds it proves that the certificate sent from the server is
a valid “letter of introduction” from the CA.
Protects session only. Designed for multiple protocols (e.g. POP3 FTP, SMTP) but only used for HTTP.
Can tunnel via an SSL proxy which is the “end” of the protocol.Can not be proxied
(between the ends) because a proxy would be a man-in-the—middle-attack which SSL detects.
Uses port 443. OpenSSL library. Needs certificate.
||An SSL tool which adds protection to existing services without requiring changes to server
source code. Can be invoked from inetd as a wrapper for many service daemons or run
standalone to accept connections for a single service.
Uses the same key for encryption and decryption, which makes it much faster than asymmetric
algorithms. Used for bulk encryption of data or data streams. Two categories: block
(encrypts many bytes at a time) and stream (byte-by-byte or bit-by-bit).Sometimes called
“secret” or “private” key algorithms (because both parties must keep the key secret) which
is confusing as they are not related to public key algorithms. Would need a large number of
keys for communication between many people, to prevent a compromised key allowing an
attacker to decrypt traffic between all users.
Some common symmetric algorithms are: Blowfish, DES, IDEA, MARS, RC2, RC4, RC5, RC6,
Rijndael, Serpent, Triple-DES (3DES), Twofish, AES. Best rated are RC2 and Rijndael.
||A small daemon program tcpd which sits between inetd and the servers it spawns (ftp,
telnet). tcpd uses the files hosts.allow and hosts.deny to allow or refuse access to ftp
or telnet etc based on the sending hosts identity in the ip packets.
||Transport Layer Security. IETF-standardised evolution of SSLv3. Identifies itself as SSLv3.1
||Uses secure RPC if you use ttsession “-a des” option
|Triple-DES or 3DES
||Threefold application of the DES algorithm using 3 different keys - effectively a 168-bit
key length. Actually it’s not as simple as that, because you can use 2 keys (one of them
twice); there’s also some debate as to whether the real key strength is simply a 3 times
Note that encryption protects the data in packets but not the source and destination addresses
and port numbers which must be readable by routers.
Using Encryption is not enough – it must be properly implemented (e.g. original encryption standard for 802.11 wireless LANs was WEP (Wired Equivalent Privacy) which is flawed so it’s easy to determine the encryption keys.
Encryption only protects against eavesdropping. DOS attacks can still succeed against hosts which use encryption.
Client & Server now use session key to encrypt data and send it.
For more info see http://developer.netscape.com/docs/manuals/security/sslin/contents.htm
Avoided by cryptographically verifying the server host identity (compares server’s
host key against a local list associating server names and addresses with their keys).
For a symmetric algorithm, each bit doubles the difficulty of finding the key. For RSA, each additional bit only nominally increases the difficulty of factoring the composite number used by the algorithm, assuming there are advances in our ability to identify prime numbers. So a 128-bit RC2 key may be stronger than a 1024-bit RSA key.
For a 128-bit key to be truly secure, all 128 bits must be randomly chosen (i.e there must be 2^128 distinct possible keys). If the key is derived from a password of (say) 4 lowercase letters, even though the key appears to be 128-bits long, there are really only 26x26x26x26 or 456,976 different keys that could actually be used; so the effective key length is between 18 and 19 bits!