Basic Cryptographic Terminology
We use an encryption function and a key to convert the
plaintext (the input) into the ciphertext (the output).
The intended receiver hopes to
quickly and correctly reverse the process -
something that adversaries should be unable to do.
We assume that the adversary knows the encryption function (process)
being used, and that the key is secret and changed frequently.
The key length is expressed in bits:
Technology |
Key lengths |
Possible keys |
Key length |
ATM PIN |
4 decimal digits |
10,000 |
14 bits |
old-style Unix passwords |
8 characters |
1268 = 6.3x1016 |
56 bits |
Unix passwords with MD5 |
any number of characters |
unlimited, though duplicates |
128 bits |
The following attacks against cryptography are common.
Each has the goal of determining the cryptographic key(s),
so that existing data may be exposed,
or future messages decrypted without the repeated effort:
- Known plaintext attack -
the cryptanalyst
(fancy name for an adversary with a Maths degree) has (or determines)
a block of plaintext and its corresponding block of ciphertext.
This may seem unlikely,
but regularly exchanged encrypted messages have fixed or
predictable payloads (e.g. email headers, VPN-session establishment).
- Chosen plaintext attack - the cryptanalyst can have their
intended victim unknowingly encrypt fixed, known blocks of data.
- Differential analysis - a kind of plaintext attack
involving many very similar plaintexts being encrypted,
and their resulting ciphertexts being compared.
If there is no separate integrity check on the encrypted data -
an attacker may be able to alter it so that it decrypts to data of the
attacker's choice.
CITS3002 Computer Networks, Lecture 12, Cryptography's role in networking, p3, 22nd May 2024.
|