CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [170]
FIGURE 7.1 A simple transposition code in action
Steganography
Steganography is the process of hiding one message in another. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message. This type of encryption can be somewhat harder to detect, but it’s still breakable. Consider the following message:
“Meet the mini me that ate later.”
The real message is every third word:
“Meet me later.”
Steganography is also called electronic watermarking. Mapmakers and artists have used watermarking for years to protect copyrights. If an image contains a watermark placed there by the original artist, proving that a copyright infringement has occurred in a copy is relatively easy.
Hybrid Systems
By combining two or more of these methods of physical cryptography, you can make a pretty good cipher system. These types of systems are widely used, and they’re difficult to break using manual methods. Many systems, such as the Enigma machine used during World War II to encode messages between the German command and their U-boats, used a combination of substitution and transposition to make a very sophisticated system.
Understanding Mathematical Cryptography
Mathematical cryptography deals with using mathematical processes on characters or messages. The most common is a function called hashing. Hashing refers to performing a calculation on a message and converting it into a numeric hash value. The hash value of the example in Figure 7.2 is computed by multiplying each character by 2, adding those results together, and then dividing the sum by 10.
FIGURE 7.2 A simple hashing process
Hashing is discussed in detail in the section “The Science of Hashing” later in this chapter.
As you can see, this hash value is a single number. The hash value can’t be used to derive the meaning of the message. The number is transmitted with the message to the receiver, and the receiving end uses the same hash function to determine that the message is authentic. If the hash value is different, the message has been altered in some way. This process is also known as performing a checksum.
This type of hashing is called a one-way process. There is no way to reverse the hash and turn the number back into the original message. This method of hashing is used to verify message authenticity, and it may be used in conjunction with one of the other encryption methods previously defined. It’s important to note that a one-way hash can’t be used to decrypt a message that is used primarily for authenticity verification. Nevertheless, it’s considered an encryption process, used primarily to verify the integrity of the message.
As you can imagine, calculating all the numbers in a larger, more complicated message by hand would be cumbersome and time consuming. Computers make hashing a very fast process.
Hashing is used extensively in computer programming. Many early random access file methods used hashing to locate records in a data file.
A Trusted Platform Module (TPM) can be used to assist with hash key generation. A TPM is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. The TPM can be used to generate values used with whole disk encryption (discussed in Chapter 5) as well as protect cell phones and devices other than PCs. More information on TPM can be found at the Trusted Computing Group’s website: https://www.trustedcomputinggroup.org/home.
Working with Passwords
Many password-generation systems are based on a one-way hashing approach. You can’t take the hash value