CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [175]
Blowfish Blowfish is an encryption system produced by Counterpane Systems that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher than can use variable-length keys. The original author was Bruce Schneier; he next created Twofish, which performs a similar function on 128-bit blocks.
International Data Encryption Algorithm International Data Encryption Algorithm (IDEA) was developed by a Swiss consortium. It’s an algorithm that uses a 128-bit key. This product is similar in speed and capability to DES, but it’s more secure. IDEA is used in Pretty Good Privacy (PGP), a public domain encryption system used by many for e-mail. Currently, ASCOM AG holds the right to market IDEA.
Working with Asymmetric Algorithms
Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as the public key and the private key. The public key can be used by the sender to encrypt a message, and the private key can be used by the receiver to decrypt the message. As you may recall, symmetrical systems require the key to be private between the two parties. With asymmetric systems, each circuit has one key.
The public key may be truly public or it may be a secret between the two parties. The private key is kept private and is known only by the owner (receiver). If someone wants to send you an encrypted message, they can use your public key to encrypt the message and then send you the message. You can use your private key to decrypt the message. One of the keys is always kept private. If both keys become available to a third party, the encryption system won’t protect the privacy of the message.
Perhaps the best way to think about this system is that it’s similar to a safe deposit box. Two keys are needed: The box owner keeps the public key, and the bank retains the second, or private, key. In order to open the box, both keys must be used simultaneously. Figure 7.5 illustrates the two-key method. Notice that in the encryption process, Key 1 is used to encrypt the message and Key 2 is used to decrypt it. In this way, it’s harder to break the code unless both the public and private keys are known.
FIGURE 7.5 A two-key system in use
Two-key systems are referred to as Public Key Cryptography (PKC). Don’t confuse this with Public Key Infrastructure (PKI), which uses PKC as a part of the process.
The algorithms used in this two-key process are complicated, and several volumes would be needed to explain them thoroughly. In this book, I’ll focus primarily on how the two-key process is used. It’s implemented in systems such as Public Key Infrastructure (PKI), which is discussed in more detail later in this chapter.
Four popular asymmetric systems are in use today:
RSA RSA is named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is an early public-key encryption system that uses large integer numbers as the basis of the process. It’s widely implemented, and it has become a de facto standard. RSA works for both encryption and digital signatures, which are discussed later in the chapter. RSA is used in many environments, including Secure Sockets Layer (SSL).
Diffie-Hellman Dr. W. Diffie and Dr. M. E. Hellman conceptualized the Diffie-Hellman key exchange. They are considered the founders of the public/private key concept; their original work envisioned splitting the key into two parts. This algorithm is used primarily to send keys across public networks. The process isn’t used to encrypt or decrypt messages; it’s used merely for the transmission of keys in a secure manner.
Elliptic Curve Cryptography Elliptic Curve Cryptography (ECC) provides similar functionality to RSA. ECC is being implemented in smaller, less-intelligent devices such as cell phones and wireless devices. It’s smaller than RSA and requires less computing power. ECC encryption systems are based on the idea of