Cryptanalysis is the study of cryptosystems with the objective of attacking them and decrypting codes and ciphers. The field includes rigorous mathematical investigation of encryption and decryption algorithms as well as side-channel attacks whereby flaws in implementation are exploited rather than a mathematical flaw in the algorithm itself.
Cryptanalysis generally falls into one of several categories which can be broadly considered to be ciphertext only (where only the encrypted output is known), known plaintext (where the plaintext corresponding to some given ciphertext is known), chosen plaintext (where the cryptanalyst may choose plaintext and receive the related ciphertext) and chosen ciphertext attacks (where the cryptanalyst may choose some ciphertext and receive the corresponding plaintext).
In other tutorials we have seen simple cryptanalysis such as letter frequency analysis in the field of affine ciphers. Thi...
In this article, we'll discuss important non-technical aspects of cryptography and computer security. In the first half, we'll talk about the role of open algorithms and peer review in crypto software libraries and it's robustness. In the second half, we'll discuss how humans are at the center of 95% of cybersecurity breaches, and what systems are being created to minimize such errors. In each section, we'll also discuss solutions and directions that are currently being explored but are yet to become the norm.
Open Algorithms and Peer Review in Cryptography
The open source movement is a movement whereby developers from around the world collaborate and contribute to software libraries on a voluntary basis. Editing code is open to all, as is the right to download and use the code. To manage the various pitfalls and risks of such an approach there are platforms such as Github which facilitate safe merging of code and oversight from project leaders.
In cryptography, a major benefit of developing libra...
Public Key Infrastructure (PKI) is the collection of trusted authenticators, key storage mechanisms and policies that enable effective public-key cryptography on public and unsecure networks. Simply stated, the objective of public key infrastructure is to prevent an attacker (say Eve) from issuing a public key posing as Alice and thereby receiving the information intended for Alice. PKI achieves this by tying public keys to entities and verifying that they are who they claim to be through the issue of an independently verifiable certificate from a trusted third party.
How PKI relates to Public Key cryptography
Public key infrastructure is built to facilitate effective use of public key cryptography.
In public key cryptography, the (public) encryption and (private) decryption keys differ. The public keys are published an...
Dictionary Attacks, Rainbow Table Attacks and how Password Salting defends against them
In this article, we will look at some possible attacks on hash functions - dictionary attack and rainbow table attacks. These attacks aim to find the input given the hash. For example, an attacker can be trying to reconstruct the password given its hash. Another common attack on hash functions is the birthday attack, which is discussed in this article.
Dictionary attack is the simplest form of attack possible on a hash function. We simply store for each possible input the corresponding hash. Then, given a hash, we can look it up in our database, and find the matching input. Since storing the hash for all possible inputs is quite infeasible, a key component of dictionary attacks is to guess the likely inputs. For example, if we are trying to infer someones password given its hash, we could try common english words and phrases, as well as various combinations of data someone might use as an easy-to-remember password such as dates or names of people.
In this article, we are going to describe the SHA-2 and MD5 algorithms. Both of these hash functions are widely used in modern computer systems. The SHA-2 algorithm is used for cryptographic applications such as password storage and as a proof-of-work for the Bitcoin cryptocurrency. The MD5 algorithm is a much faster hashing algorithm but it is not cryptographically secure. Its main application is data integrity verification.
The objective of this article is to give you a sense of the anatomy of modern widely-used hash functions.
SHA-2 (256 bit) Algorithm
SHA-2 is a family of hash functions which builds upon the groundwork laid out by SHA-0 and SHA-1. The SHA-2 family of hash functions all share the central operations but differ in the size of ...
Hash Functions and their Role in Cryptography (and the SHA1 Algorithm)
Hash functions are one-way functions that reduce the size of the input to generate an output of a fixed size. The output is known as the hash of the input. Hash functions are one way implies that given that hash of a particular input, it is really difficult (practically impossible) to reconstruct the input (completely or partially).
Properties of Hash Functions
The hash functions used in cases where security is important. They have certain properties that make them cryptographically secure.
Formally, a cryptographic hash function, h, takes as an input a message of arbitrary length and produces a message digest or ‘hash’ of fixed length. To be cryptographically secure and of practical use it must satisfy the following properties:
Given some y, it is computationally infeasible to find an input m’ such that h(m’) = y.
How Random Number Generation works, with Algorithms and Examples
Random number generation is important for lotteries, games and security. In cryptography randomness is important because it removes any reasoning and therefore any predictability. An attacker is usually trying to attain information on a system, when this information is randomly generated there are no clues as to what it maybe and therefore no open opportunities to attack the system.
The difference between True Random and Pseudo-random
Most standard libraries for random number generation will produce pseudo-random numbers. These are numbers that satisfy at least one test for randomness but are generated by a deterministic causal process. This ultimately means that they are not true random numbers because the process will produce the same set of ‘random’ numbers ...
Famous Unsolved Ciphers and Cryptography Puzzles: From Hidden Treasures to Unresolved Murders!
Cryptography is used by all of us and in its never-ending development many cryptosystems have been designed and implemented in ways which have rendered them unsolvable (or at least not solved up until now).
Generally the unsolved ciphers we describe here result from unorthodox implementations of classical cryptosystems or cryptosystems that are revealed without any context within which to solve them. Ultimately they may also be unsolved due to their complexity and the resources that would be required for a solution which are diverted to more pressing cryptographic problems.
The zodiac cipher takes its name from the zodiac killer, a serial murderer in California who used a cipher to write letters of his plans and revealing his identity. The first instance of this cipher was a 408-character cipher in three parts each enclosed with a letter to a California newspaper. The zodiac killer demanded that they...
Digital Signatures: ElGamal Signature Scheme and Digital Signature Algorithm (and Birthday Attacks)
Digital signatures serve the same role as traditional pen and ink signatures to provide authentication, confirmation and to associate identities with documents. The signature must be tied to the document mathematically so that it may not be removed and replaced by another or placed on some other document. Cryptographically secure digital signature schemes are formed of two parts, the signing protocol and the authentication process. These processes are designed such that the signature is made using private information but verifiable using only public information that does not compromise the security of the signatory. This requirement explains why digital signature schemes usually stem from public-key cryptosystems.
There is also the concept of a ‘blind signature’ where the signatory is able to sign a document without seeing its content thereby ensuring sender privacy. This is useful in electronic voting systems for endorsing that a vote was made legally without acquiring k...
Cryptosystems and their Components, Design Objectives and Basis for Security
A cryptosystem is a pair of algorithms: one for the encryption of data and another for decryption. Often these algorithms use a unique key which should be kept secret, in which case the process for generating and sharing the key is also considered part of the cryptosystem.
Modern cryptography is essential to the digital world we live in and has grown to be quite complex. It is used for sending messages in a secure manner on the internet, such as our credit card information and other private data. Encryption is used to keep our data secure online and locally. The Advanced Encryption Standard (AES) is used by governments to maintain the secrecy of their documents and was chosen from a number of candidates across the mathematics community for its security and efficiency.
In addition, digital security can also be used to maintain anonymity, to authenticate one’s identity via digital signatures, to demonstrate proof of work in blockchain technologies and to ensure that software and messages are free from tampering.