CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [173]
Understanding Cryptographic Algorithms
Cryptographic algorithms are used to encode a message from its unencrypted or clear-text state into an encrypted message. The three primary methods of encoding messages are hashing, using symmetric algorithms, and using asymmetric algorithms. The following sections discuss these methods and some of the standards in which they’re used.
The Science of Hashing
As we mentioned earlier, hashing is the process of converting a message, or data, into a numeric value. The numeric value that a hashing process creates is referred to as a hash total or value. Hashing functions are considered either one way or two way.
A one-way hash doesn’t allow a message to be decoded back to the original value. A two-way hash allows a message to be reconstructed from the hash. Most hashing functions are one way. Two primary standards exist that use the hashing process for encryption:
Secure Hash Algorithm The Secure Hash Algorithm (SHA) was designed to ensure the integrity of a message. The SHA is a one-way hash that provides a hash value that can be used with an encryption protocol. This algorithm produces a 160-bit hash value. SHA has been updated; the new standard is SHA-1.
Real World Scenario
Watch for the Weakest Link
A courier who was responsible for carrying weekly encryption keys took commercial flights that caused him to arrive at his destination on Friday evenings. The courier was obligated to follow certain security methods including hand-carrying these encryption key units and getting a signature from an authorized signatory at the remote facility. Unfortunately, his flight frequently arrived late at its destination. When this happened, the courier was forced to spend the night in the remote location. On Saturday morning, the courier would go to the facility and hand the key units to the appropriate person.
This process had been going on for several years. The courier often kept the key units in the trunk of his rental car overnight. Unfortunately, one night his car was stolen from the hotel parking lot, and the key units were in the trunk. Luckily, the car was recovered later in the morning, and the trunk had not been opened. This security breach caused the courier to lose his job, and the entire cryptographic system had to have new keys issued worldwide.
As you can see, even if you’re extra cautious, sometimes even the safest code isn’t safe. Murphy’s Law says human error will creep into the most secure security systems.
Message Digest Algorithm The Message Digest Algorithm (MD) also creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity. There are several versions of MD; the most common are MD5, MD4, and MD2.
Message digests are discussed in detail later in this chapter. The primary thing to know about a message digest is that it’s nothing more than text expressed as a single string of digits.
MD5 is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security.
Both SHA-1 and MD5 are good hashing algorithms. The primary difference between the two is speed; MD5 is faster to process than SHA.
LANMAN Prior to the release of Windows NT, Microsoft’s operating systems used the LANMAN protocol for authentication. While functioning only as an authentication protocol, LANMAN used LM Hash and two DES keys. It was replaced by the NT LAN Manager (NTLM) with the release of Windows NT.
NTLM Microsoft replaced the LANMAN protocol with NTLM (NT LAN Manager) with the release of Windows NT. NTLM uses MD4/MD5 hashing algorithms. Several versions of this protocol exist (NTLMv1, NTLMv2), and it is still