Oleg Zabluda's blog
Wednesday, November 12, 2003
 
Security and Cryptography. Relationship between the two.
CoolTech Club with Oleg Zabluda : Security and Cryptography. Relationship between the two (Part I) November 12, 2003

Security and Cryptography. Relationship between the two.

Symmetric key cryptography.

Ideal stream cipher. One time Pad. Traffic analysis. Multiple-key
cryptography. Key splitting. Cascading ciphers. 

Ideal hash functions. Cryptographically secure hash functions.
Birthday attack.  Meet-in-the-middle attack. CRC32, MD5, SHA.
Make cosmetic changes to the document you sign. Length-extention attack.
H(X,m). Partial message collision attack H(m,X). Fix the hash function.
H(H(m),m)), H(H(m)).

Ideal block cipher.

Real block ciphers. Types of attack: ciphertext-only, chosen plaintext, chosen
ciphertext, iterative chosen plaintext/ciphertext. Side-channel/out-of-band
attacks (timing, power, RF, optical, malfunction). DES, 3DES, IDEA, AES.
Whatever happenned to double-DES?  Block cipher modes (ECB, CBC).

CoolTech Club with Oleg Zabluda : Security and Cryptography. Relationship between the two (Part II) February 11, 2004
Public key cryptography (RSA, PGP). Hybrid cryptosystems.

Real stream ciphers. Corresponding block cipher modes, OFB, CTR.
RC4. Why 802.11b security is a joke.

Authentication. Man-in-the-middle attack. Interlock protocol.

Symmentric key authentication (MAC, CBC-MAC, HMAC, Kerberos).

Public key authentication (RSA/PGP digital signatures)

PKI. Why it sucks.

SSL.

Miscellaneous:  Dictionary attacks. Secure quantum-mechanical communication
channels. Thermodynamic limits on brute-force attacks. Recommended key length.
Random number generators. Entropy gathering. Clock. Erasing secrets.

Reference material:

"Applied Cryptography: Protocols, Algorithms, and Source Code in C", Second
Edition -- Bruce Schneier 

"Practical Cryptography" -- Niels Ferguson (Author), Bruce Schneier

"Secure Programming Cookbook for C and C++" -- John Viega, Matt Messier

"Secrets and Lies : Digital Security in a Networked World" -- Bruce Schneier 

"PGP: Pretty Good Privacy" -- Simson Garfinkel

Bruce Schneier -- Crypto-Gram Back Issues
http://www.schneier.com/crypto-gram-back.html

"The Art of Deception: Controlling the Human Element of Security" -- Kevin D.
Mitnick, William L. Simon

"The Puzzle Palace" -- James Bamford

"The Codebreakers : The Comprehensive History of Secret Communication from
Ancient Times to the Internet" -- David Kahn

"Elementary Cryptanalysis : A Mathematical Approach" - Abraham Sinkov

Original CTC links:
http://www.tecglobal.org/ctc_20031112
http://www.tecglobal.org/ctc_20040211

Powered by Blogger