Saturday, December 24, 2016

A Note on Cryptography Fundamentals & Algorithms

Encryption is the most effective way to achieve data security. Basically when a plain text is encrypted it becomes scramble which is unreadable. This is not only for text documents, can be applied to any type of data..

To encrypt and decrypt data, you need to have a Key, and a Key is a parameter which will define a functional output of a cryptographic algorithm. Encryption algorithms can be Symmetrical & Asymmetrical in the way they use Keys.

Symmetrical Encryption Algorithms
use only one key for both encryption and decryption.
Generally used in bulk encryption of data streams..

Asymmetrical Encryption Algorithms
use 2 keys, one key to encrypt and another key to decrypt.
Anything encrypted by the 1st key can be decrypted only by the 2nd key and vice versa.
Generally used for authntications..

Hashing Algorithms
use to verify the data integrity, means it will help you to check whether the data is manipulated in transit of not. Output of a hashing algorithm is called a hash/checksum/digest.
Ex:- MD5, SHA

Hashing algorithms are one way functions, so it is almost impossible retrieve original data by just a hash. If a hacker altered a single data bit in transit, checksum becomes completely different.
In the following example, you can see what happens to the digest when the last letter "t" is deleted.

Following command in Cisco devices will verify the integrity of a downloaded IOS image
R#verify /md5 flash:<filename.bin>

HMAC (Hashed Message Authentication Code)
use to verify the hash/checksum/digest generated by a hashing algorithm.
A hacker can capture and manipulate data in transit and run the hashing algorithm and attach the new hash and send to the destination as the original packet. This is a possibility in man in the middle attacks. HMAC is used to stop this.
Basically HMAC is a secret key which is used as an external parameter in computing hash using regular hashing algorithms like MD5 or SHA.
HMAC is known by the both sender and receiver only.

Now let's see a scenario of all the above things and how HMAC is used for integrity.
Here, let's assume a case where a man in the middle hacker some how could grab the encryption key. In this case if HMAC is not used, receiver will think the malicious data he received is correct.

Now lets' see what happens when HMAC is used in hashing. Because the Key used to generate HMAC is only known by the sender and receiver, hacker cannot regenerate the correct HMAC.
Basically, HMAC is the output of a hashing algorithm which can only be generated by a unique way and can be only done by the people who has the secret key.

0 comments to “A Note on Cryptography Fundamentals & Algorithms”

Post a Comment