Pages

Friday, July 3, 2020

Symmetric, Asymmetric and Hash Algorithms

Encryption is the process of scrambling data to protect personal files, secure communication, hide identities and much more.

1. Symmetric encryption 2. Asymmetrical encryption

Symmetric encryption
The same is used for encrypt and decrypt. Examples Examples of popular symmetric-key algorithms include AES == this is block cipher Twofish Serpent DES == block cipher
RC4 === stream cipher
IDEA == block cipher
Twofish, Serpent, AES (Rijndael), Blowfish CAST5, Kuznyechik, RC4, DES, 3DES, Skipjack, Safer+/++ (Bluetooth), and IDEA

Symmetric encryption pros faster Can be used to encrypt large data scales cons Very hard to transport the key 🔑


Asymmetrical encryptions
Encrypt with public key and decrypt with private key

Also called Public key encryption 1977 Rivest–Shamir–Adleman (RSA) ## use for key exchange and encryption * Diffie–Hellman key exchange protocol * DSS (Digital Signature Standard), which incorporates the Digital Signature Algorithm * ElGAMAL * Various elliptic curve techniques * Various password-authenticated key agreement techniques * Paillier cryptosystem * RSA encryption algorithm (PKCS#1) * Cramer–Shoup cryptosystem * YAK authenticated key agreement protocol

Asymmetric encryption Pros Keys can be shared across a network Perfect for encryption small data such as ssh Cons Slow (due to large prime number and lots of arithmetic operations) Rsa slower then aes Cannot be used for large data




Hash:

hash algorithms are one way calculation. It produces the fixed length output.
This is not for authentication but actually provides integrity.

= Message Digest: output of which is always 128 bit
eg: MD2, MD5

= Secure hash algorithm SHA
eg: SHA-1 == 160 bit
eg SHA-2 [224, 256, 384,512] bit

Normally hash algorithm doesn't use keys. but when HMAC is used its uses keys and it provides both message authentication and integrity.

Here is what actually we do in real world?
we used asymmetric to initiate communication between two parties
We transfer symmetric key using asymmetric encryption thats how TLS works
Server share cert along with public key 
Client encrypts shared key with public key of server and transport to server
Then communicate all the way using symmetric encryption


How end to end encryption works?

Here is the process. DH is used here to exchange the keys
  • Bob generates a private key number X
  • Alice generates a private key number Y
  • There are publicly known numbers A and N provided by the server.
  • Bob does A raised to X and sends the number to Alice(A ^X)
  • Alice does A raised to Y and sends the number to Bob(A^Y)
  • They both raise what the other sent with their own secret key i.e. Bob now has A raised to YX and Alice now has A raised to XY which is the same number. They also mod it with N to get a manageable number between 0 and N. They now have the same secret key without knowing each other's private keys and without the server knowing the final key. The server only knows A and N.
After exchange Bob will have A^Y and Bob raise it to its own private key A^YX
After exchange Alice will have A^X and Alice raise it to its own private key A^XY
They also mod it with N, now they both have same secret key.
The trick is to make X, Y and N sufficiently large to make reverse engineering near impossible.

Now Bob will encrypt symmetric key with Alice public key and send to her
Alice will decrypt it using her private key. Now both will have same symmetric key to communicate further.








For simple integrity check, hashing algorithm like SHA and MD5 is used. To verify this both Hash values on the destination are compared,

HMAC is used to verify integrity check on receiver along with authentication of sender. For HMAC keys are used along with hash algorithm.

On receiver side take data and key and generate hash value. If this hash value match with received hash.Then we can be sure that hash we received was created by a party that owns same symmetric key as we do.

Keys in hash function add sender authentication and are optional. Hashing can be used for password storage.

##create empty file

vi file.txt


md5 file.txt

MD5 (file.txt) = d41d8cd98f00b204e9800998ecf8427e


## modify file

cat file.txt

Hello world!


md5 file.txt

MD5 (file.txt) = 59ca0efa9f5633cb0371bbc0355478d8

md5 is fixed 128 bit


SHA hashed value can be of 128 bits, 256bits or 512 bits


shasum file.txt

47a013e660d408619d894b20806b1d5086aab03b  file.txt


shasum -a 256 file.txt

0ba904eae8773b70c75333db4de2f3ac45a8ad4ddba1b242f0b3cfc199391dd8  file.txt


shasum -a 512 file.txt

32c07a0b3a3fd0dd8f28021b4eea1c19d871f4586316b394124f3c99fb68e59579e05039c3bd9aab9841214f1c132f7666eb8800f14be8b9b091a7dba32bfe6f  file.txt



##Let's modify file

cat file.txt

 Hello world!


 shasum -a 512 file.txt

10d442729541aea42b7a22c6157b05943d1bbdc14302faa3a8564b0836f8734ec6e1ca4b28cd1e856011cfb886dc3ef1821c9c103a7639c8ab33e0354ed7bcda  file.txt


hash value created now is different.


## we cannot reverse hash ..it is one way algorithm


## we can also generate hash online


 ## HAMC: Data + key = Hash

## if  you don't have same key as sender, receiver won't be able to generate same hash.









No comments:

Post a Comment