Category: cryptography

Cryptography – Key Storage ”; Previous Next In the previous chapter we have learned about cryptographic key generation now in this chapter we are going to discuss about the key storage. Cryptography keys are similar to secret passwords that are used to lock and unlock private data. These keys are used to encrypt data and messages so that only the intended receiver can decrypt and read them when they are sent securely. The act of storing these keys so that only authorised users can access them safely is known as key storage. Keep your keys in a safe place The security of your keys depends on where you keep them. Your keys should be kept in a location with limited access, robust encryption, and isolation from the data they are meant to secure. Among the alternatives are encrypted files or databases, cloud key management services (KMSs), and hardware security modules (HSMs). Additionally, you need to frequently backup your keys and store them somewhere different in case they get lost or damaged. Key Storage Importance The encrypted data is accessible if your keys are stolen by an unauthorised person. Thus, protecting your keys is important for ensuring the integrity and security of your data. It is becoming more and more important to ensure good key management as the use of PKI-based solutions increases. Now let”s examine some other approaches of storing cryptographic keys − Certificate/Key Stores for Operating Systems and Browsers Mac OS Keychain and Windows Certificate Store are two examples. These are locally stored public/private key pairs that are software-based databases included in operating systems and browsers. Widely used for their simple user interface and easy programme interaction. Offers customisation, including the ability to enable backups and robust private key protection. Potential vulnerabilities in even with non-exportability settings and the requirement for robust password security are taken into account. Suitable with programmes like client authentication, SSL certificates for web servers, and digital signing. Files with .pfx and.jks (Keystores) Keypairs are stored in password-protected files using formats like PKCS#12 (.pfx or.p12) and.jks (Java KeyStore). These files allow you to store them anywhere, even on remote servers. Use precaution when limiting access to these files and make sure your passwords are strong. Suitable for uses like secure communications with government services and code signing. Cryptographic Smart Cards and Tokens By keeping private keys on hardware and rendering them non-exportable, we can boost security. Increase security by requiring password authentication for every use. Enable safe operation on several computers without the need for duplicate keys. Usually used for client authentication, code signing, and document signing. The introduction of cryptographic hardware is sometimes driven by compliance requirements, like FIPS. HSM (Hardware Security Modules) Offer automated workflows and hardware-based key storage. Conventional HSMs are physical appliances; similar benefits can be achieved with cloud-based solutions like Microsoft Azure”s Key Vault. Helpful for achieving regulatory requirements and signing large volumes of documents or codes. Able to provide additional features like unique signing identities and be connected with public CAs. Future−Generation Key Storage Techniques The primary storage solutions that were just covered are a little bit conventional and have been around for a while. Key storage is not immune to the Internet of Things” influence, and new solutions are being created in line with this, just like everything else in the field of information security. PKI-based solutions are becoming more and more popular among developers and manufacturers as more devices come online and require secure communication and authentication. This has resulted in new requirements, technologies, and considerations for private key protection. We have seen the two trends listed below. TPM (Trusted Platform Modules) Although TPMs are not new in and of themselves, using them to protect private keys is becoming more and more common. The root key can be protected and additional keys generated by an application can be stored (or wrapped) in a TPM. This is a highly helpful authentication technique for endpoints like laptops, servers, and IoT device manufacturers, since the application keys are not usable without the TPM. Even though TPMs are already standard on a lot of laptops, we have not seen much use of them in the enterprise market. However, they are widely used in the Internet of Things (IoT) as a hardware root of trust for secure device identity. PUF (Physically Unclonable Functions) The technology known as Physical Unclonable Function (PUF) is a paradigm change in key protection. Keys are not kept in storage, where they might be physically attacked, but are generated from specific physical characteristics of a chip”s SRAM memory and are only present when the device is powered on. That is, the private key can be repeatedly created (for the duration of the device) on demand, instead of being safely stored. These are guaranteed to be unique because they make use of the natural randomness in silicon bit patterns and an SRAM-based PUF. When combined with a Trusted Execution Environment (TEE), PUF technology offers an appealing answer to the market”s need for ultra-secure key protection that is affordable and simple to implement. When combined with PKI, PUF offers a complete identity solution. A Compromised Key: What Happens? Any information that a key is protecting may be compromised if it has been hacked (that is, lost, stolen, or broken). This may result in illegal financial transactions or the disclosure of confidential or private information, and other sensitive or valuable data. This can therefore have a negative impact on an organization”s reputation, result in penalties, and ultimately lower the company”s worth or possibly force it out of existence. Because of this, keys need to be handled with the same consideration as the object they are meant to secure. It is essential to quickly revoke and replace a compromised key and conduct an investigation to determine the severity of the harm caused and the system behind the compromise in order to prevent another incident from occurring. Print Page Previous

Cryptography – Base64 Encoding & Decoding ”; Previous Next In this chapter, we will see the process of base64 encoding and decoding in Python, from the fundamentals to advanced approaches. So, let”s get started with base64 encoding and decoding. With the help of Base 64, an effective tool, we can transform binary data into a format that allows secure text transmission. So basically Base64 helps us for encoding and changing bytes into ASCII characters. It is useful when you want to send or use data in systems that only handle text. This encoding helps to ensure that the data remains secure and unchanged during transfer. Details of Base64 encoding Base64 refers to a group of related encoding techniques that encode binary data numerically and translate it into a base-64 representation. The word Base64 comes from a specific MIME-content transfer encoding. Design The specific characters used for making up the 64 characters required for Base64 vary for each implementation. The general rule is to select a set of 64 characters that are 1. part of a subset shared by most encodings, and 2. printable. This combination makes it unlikely that the data will be modified while in transit through systems like email, which were previously not 8-bit clean. For example, the first 62 values in MIME”s Base64 implementation are A-Z, a-z, and 0-9, with the final two being “+” and “/”. Other versions, typically derived from Base64, share this attribute but differ in the symbols used for the last two values; for example, the URL and filename safe “RFC 4648 / Base64URL” variant uses “-” and “_”. Base64 has a specific set of characters − 26 Uppercase letters 26 Lowercase letters 10 Numbers Plus sign (+) and slash (/) for new lines It is commonly used in a variety of applications, including email attachments, data transmission via the internet, and storing complex data in simple text formats. Base64 Module of Python The Base64 module in Python provides functions for encoding and decoding data with the help of the Base64 encoding technique. This encoding strategy turns binary data into text format. Below is an overview of the important functions of Base64 − Key Functions of Base64 Sr.No. Function & Description 1 base64.b64encode(s, altchars=None) This function encodes the input bytes-like object s using Base64 and returns the encoded bytes. To generate URL or file system safe Base64 strings, you can supply an alternate set of characters (altchars) to substitute the standard ”+” and ”/” characters. 2 base64.b64decode(s, altchars=None, validate=False) Decodes the Base64 encoded bytes-like object or ASCII string s and returns the decoded bytes. Similar to the b64encode function, you can specify an alternative set of characters (altchars). If characters outside of the Base64 alphabet are present in the input, you can enable validation (validate=True) to report an error. 3 base64.standard_b64encode(s) This function encodes the input bytes-like object s using the standard Base64 alphabet and returns the encoded bytes. 4 base64.standard_b64decode(s) This function decodes the bytes-like object or ASCII string s using the standard Base64 alphabet and returns the decoded bytes. 5 base64.urlsafe_b64encode(s) This function encodes the input bytes-like object s using a URL- and filesystem-safe alphabet, which substitutes ”-” instead of ”+” and ”_” instead of ”/” in the standard Base64 alphabet. The result may still contain ”=”. 6 base64.urlsafe_b64decode(s) This function decodes the bytes-like object or ASCII string s using the URL- and filesystem-safe alphabet and returns the decoded bytes. Implementation using Python Here is how we can do Base64 encoding and decoding in Python − Encoding using Base64 Encoding is the method in which we transform our plaintext in an encrypted form so that the middle person can not understand it. So here i am providing two different methods for encoding using Base64 in Python − Using the base64.b64encode() function In this code, we will explore how to use Python”s base64 module to encode data in a format that can be transmitted or stored in text-based systems. To encode the message, we will use the method base64.b64encode(). This function converts the data into a format that is safe for transmission over systems that handle only text. It is a simple example for understanding the concept of Base64 encoding. Below is the implementation of Base64 encoding using the above function − Example import base64 def base64_encoding(data): encoded_bytes = base64.b64encode(data) encoded_string = encoded_bytes.decode(”utf-8”) return encoded_string #our plain text message data = b”Hello, World!” encoded_data = base64_encoding(data) print(“Our plain text message:”, data) print(“Encoded data using b64encode():”, encoded_data) Following is the output of the above example − Input/Output Our plain text message: b”Hello, World!” Encoded data using b64encode(): SGVsbG8sIFdvcmxkIQ== Using the base64.standard_b64encode() function The code imports the base64 module, which contains functions for encoding and decoding data using the Base64 encoding method. The function encodes the input data with the help of the base64.standard_b64encode() method. This function converts the data into a Base64-encoded format using the standard Base64 alphabet. Below is the Python implementation using standard_b64encode() function − Example import base64 def base64_encoding(data): encoded_bytes = base64.standard_b64encode(data) encoded_string = encoded_bytes.decode(”utf-8”) return encoded_string # Our plaintext example data = b”Hello, Tutorialspoint!” encoded_data = base64_encoding(data) print(“Our plain text message:”, data) print(“Encoded data using standard_b64encode() :”, encoded_data) Following is the output of the above example − Input/Output Our plain text message: b”Hello, Tutorialspoint!” Encoded data using standard_b64encode() : SGVsbG8sIFR1dG9yaWFsc3BvaW50IQ== Using urlsafe_b64encode() In this example, we will use the urlsafe_b64encode() method to return a base64 encoded text designed to use in URLs. This is useful when we need to add binary data in a URL, like a path segment or a query string. Here is the implementation of Base64 encoding using the above function − Example import base64 data = b”Hello, Bharat!” encoded_data = base64.urlsafe_b64encode(data) print(“Our plaintext message: “, data) print(“Encoded data using urlsafe_b64encode(): “, encoded_data) Following is the output of the above example − Input/Output Our plaintext message: b”Hello, Bharat!” Encoded data using urlsafe_b64encode(): b”SGVsbG8sIEJoYXJhdCE=” Decoding using Base64 Decoding is the way of converting encoded or encrypted data back

Cryptography – Key Distribution ”; Previous Next Two parties may exchange cryptographic keys through a procedure known as key exchange, also known as key distribution, in order to use a cryptographic algorithm. For messages to be exchanged via encryption, both the sender and the recipient must be able to encrypt and decrypt them. Depending on the kind of encryption they want to use different technologies are required. Both will need a copy of the same codebook if they use a code. They will need the right keys if they utilise a cipher. Both will require a copy of the same key if the cipher uses symmetric keys. Both parties will need the public key of the other if the key cipher is asymmetric and has the public/private key characteristic. Channel of Distribution Key Distribution is possible in-band or out-of-band. “Channel of distribution” means the way information or keys are swapped between two parties. “Key exchange” is when two parties share secret codes or ”keys” to communicate securely. “In-band” key exchange means the keys are swapped through the same communication channel being used for the actual data. “Out-of-band” key exchange means the keys are shared through a separate, different communication channel from the one used for the actual data. The Key Exchange Problem The goal of the key distribution problem is to safely change the keys so that communications are only read by those who are intended to see them. Messages were encrypted using just one encryption code in the past. But they needed to find a way to pass this key between them so that no one else could figure it out in order to communicate safely. We now have a very advanced technology known as public-key cryptography. It makes use of two keys: a private one that is kept hidden and a public one that is freely shared. Messages can be encrypted with one key and decrypted with another. A well-known technique that allows parties to freely distribute keys without compromising the security of their messages is the Diffie-Hellman key exchange. It is far more secure than exchanging secret codes in the past. Now let us discuss all the problem for key exchange − Symmetric Key Distribution The conventional approach, known as symmetric key distribution, uses a single secret key that is shared by both sides. Before communicating, they exchange this key via a secure channel. Public Key Distribution With this approach, a public key and a private key are given to each users. While the private key is kept confidential, the public key is freely shared. The recipient”s public key is used to encrypt messages, while their private key is used to decrypt them. Diffie−Hellman key exchange Based on ideas created by Ralph Merkle, Martin Hellman”s PhD student, Whitfield Diffie and Hellman published the Diffie−Hellman key exchange (D−H) cryptography protocol in 1976. Users can safely exchange secret keys because of the protocol, even if someone else is keeping an eye on the communication channel. However, authentication-that is, the issue of knowing for sure the true identity of the person or “entity” on the other end of the communication channel-is not addressed by the D−H key exchange protocol on its own. Authentication is important when an adversary can track and modify messages within the communication channel (also known as man-in-the-middle or MITM attacks). Public key infrastructure The issue of identity authentication has been addressed with the proposal of public key infrastructures (PKIs). In their most common application, each user requests for a digital certificate from a “certificate authority” (CA) that is universally trusted. This certificate acts as an immutable means of identity verification for other users. Even in the event that the CA is hacked, the infrastructure is secure. However, a lot of PKIs offer a mechanism to revoke certificates in case such happens, making other users suspicious of them. Certificate revocation lists, against which any certificate can be compared, are often where revoked certificates are stored. Legislation or regulations supporting PKIs have been passed in a number of nations and other jurisdictions, providing these digital certificates with some degree of legal standing. Quantum key exchange The use of unique features of small particles known as quantum physics in quantum key distribution makes secrets highly encrypted. These particles undergo minor modifications as we observe or quantify them. Using this technology, an attempt to track on a discussion between two people will cause the particles to become impacted, notifying us to the possibility of an issue. This technique only functions if Alice and Bob, the individuals, already set up a unique, secure means of communication. Kerberos Protocol The Kerberos protocol is a network authentication system that offers safe communication over insecure networks by using symmetric key cryptography. It distributes session keys and performs user authentication using a reliable third party called the Key Distribution Centre (KDC). Print Page Previous Next Advertisements ”;

Cryptography Tutorial Table of content Cryptography Tutorial Why to Learn Cryptography? Cryptography Applications Who Should Learn Cryptography? Prerequisites to Learn Cryptography FAQs about Cryptography PDF Version Quick Guide Job Search Discussion Cryptography Tutorial The most common method for securing data transmissions in web applications or computer science projects is modern Cryptography. It is like a secret code language that helps to keep information safe. This tutorial covers the basics of the Cryptography. It explains how programmers and network professionals can use cryptography to maintain the privacy of computer data. Starting with the origins of cryptography, it moves on to explain cryptosystems, various traditional and modern ciphers, public key encryption, data integration, message authentication, digital signatures and many more. After finishing this course, you will be able to apply the fundamental principles of Cryptography to practical situations. Why to Learn Cryptography? Imagine that you have got a secret message, and you only want certain people to crack the code. Cryptography comes to the rescue in the digital realm. It is like keeping your message into an unseen envelope that only the designated receiver can open. Learning cryptography makes it fun and hands-on. You can create your own secret codes and understand how to decode others. And, it is a cool skill to have in today”s digital age. Cryptography Applications Cryptography has many practical applications which can be a valuable skill − We can use cryptography for securing communication by encrypting the messages and emails. Secondly we can use it for protecting our data in the applications by securing user data, like passwords and personal information. Also you can secure file storage by securing confidential files and documents. Next we can also use cryptography to secure our E-commerce platforms by securing online transactions and payment information. We can also build blockchain technology by ensuring the security and integrity of transactions in blockchain-based systems. Cryptography can also be used for password protection for storing and managing passwords securely. And the most important thing is digital signatures for verifying the authenticity of digital messages or documents. Who Should Learn Cryptography? Learning about cryptography is useful because you can use it in real life to keep information safe. There are lots of tools and help available for cryptography. If you learn it, you might find good jobs in cybersecurity because many companies need people who know how to keep data safe. This tutorial is meant for students of computer science who aspire to learn the basics of cryptography. It will be helpful for networking professionals as well who would like to incorporate various cryptographic algorithms to ensure secure data communication over their networks. Prerequisites to Learn Cryptography This tutorial has been prepared with the view to make it useful for almost anyone who is curious about cryptography. A basic knowledge of computer science and a secondary level of mathematics knowledge is sufficient to make the most of this tutorial. Throughout this tutorial, you will learn the basics of cryptographic algorithms and its implementation in different languages. This tutorial is designed with an assumption that the user has an understanding of the basics of cryptography algorithms and basic programming knowledge. Cryptography also involves solving problems logically. Develop your logical thinking skills to understand and create secure codes. FAQs about Cryptography Now we will see some frequently asked questions (FAQ) about Cryptography in the below section − What is Cryptography? Cryptography is the technique of concealing or encoding(changing its original form) the information in such a way that only the authenticated person can decode(get the original form) it. This technique of cryptography plays an important role in keeping our data safe. The data or information can be bank cards, computer passwords or online transactions and other private data. Cryptography is very important in this modern world because it helps to protect your digital stuff from hackers by turning information into secret language or code. Which are the commonly used symmetric key algorithms? Mathematicians and cryptographers create symmetric key encryption methods, like AES, with the goal that the ciphertext should be impossible to decrypt without the encryption key. This is true for current secure symmetric encryption algorithms (such as AES and ChaCha20), but it might not be true for other methods (such as DES and RC4), which are regarded as insecure symmetric encryption. RC5, RC6, Camellia, ARIA, IDEA, Serpent, AES, ChaCha20, CAST, Twofish, and CAST are a few popular symmetric encryption algorithms. All of these methods are considered as secure when properly configured and applied. How does asymmetric key cryptography work? Asymmetric-key cryptography is also called Public key cryptography. It is the cryptographic algorithm which uses pairs or related keys; the keys are known as public and private keys. Public key is used to encrypt the data and private key is used to decrypt the data. And both the key pairs are generated using cryptographic algorithms. And the security of public key cryptography depends on keeping the private key secret and the public key can be shared and distributed publicly. How long does it take to learn Cryptography? Although becoming a cryptographer usually requires a lengthy process, the field can pay more than average. An analytical problem-solver with good mathematical and computing abilities could find incredible fulfilment in cryptography. Cryptographers have to keep up with the ever-evolving world of cyberthreats, thus they must regularly refresh their knowledge. The responsibilities of their profession can also vary daily, adding to its dynamic nature. The job can be difficult at times due to the significance of protecting sensitive digital data, as errors can result in breaches of privacy. To help you make a smart decision regarding this career, consider the benefits and drawbacks of being a cryptographer. What are the four purposes of Cryptography? There are form main purpose of cryptography and they are given below − Confidentiality Integrity Authentication Non-repudiation What are the Applications of Cryptography? Here are some applications where we can use cryptography − Authentication Internet of Things Card Payments PC and different passwords

Cryptography – Playfair Cipher ”; Previous Next The Playfair cipher, also known as the Playfair square or the Wheatstone-Playfair cipher, is a manual symmetric encryption scheme that was the first that used literal digram substitution. Charles Wheatstone created the technique in 1854, but it is named after Lord Playfair to promote the use of it. The approach encrypts pairs of letters rather than single letters, as is the case with the simple substitution cipher and the more complex Vigen ere cIpher systems that were previously used. The Playfair cipher is thus substantially more difficult to break because the frequency analysis used for basic substitution ciphers does not apply to it. Frequency analysis of bigrams is possible, but extremely complex. With 600 possible bigrams rather than 26 possible monograms (single symbols, often letters in this context), a far bigger cipher text is necessary to be functional. History The Playfair Cipher is the first and best-known digraph substitution cipher that uses symmetry encryption. Charles Wheatstone created the cipher in 1854, and Lord Playfair, who advocated its use, gave it its name. Unlike a conventional substitution cipher, which only encrypts single letters, the Playfair Cipher approach encodes digraphs or sections of letters. The Playfair Cipher is fast and requires no additional tools to operate. British and Australian forces used it tactically during World War I, the Second Boer War, and World War II. The primary purpose of the encryption was to protect non-critical yet important data during actual battle. By the time the opposition”s cryptanalysts decrypted it, the information was useless. Understanding the Playfair Cipher The Playfair Cipher comprises a 5 by 5 matrix of letters (the key table), with no duplicates. The letters I and J are considered the same letter. We create the key table by arranging the unique letters of a keyword in sequence, followed by the remaining letters of the alphabet. Consider the word SECURITY as an example. First, we record the letters of that phrase in the first squares of a 5 x 5 matrix − The remaining squares of the matrix are then filled with the remaining alphabet letters, in alphabetical sequence. However, since there are 26 letters and only 25 squares available, we allocate both I and J to the same square. When choosing a term, make sure that no letter is duplicated, and especially that the letters I and J do not appear together. Keywords like INJURE, JUICE, and JIGSAW, for example, would be disqualified since they feature both I and J at the same time, which violates this criteria. Encryption Process The encryption process of the Playfair cipher consists of a number of steps that convert a message into its encrypted the same. Create the Key Square To begin, we will create a key square with a specified keyword. In this example, we will utilise the term SECURITY − Prepare the Message Before we can encrypt the message, we must first process it. We treat J as I, so eliminating J from the process of encryption. We also delete any non-alphabetic letters, like spaces and punctuation marks. For example, processing the string HELLOWORLD gives HELOWORLD. Pair the Letters We proceed by breaking the created message into pairs of letters (digraphs). If two successive letters in a digraph are identical, an X is inserted between them. Also, if the plaintext is of odd length, we append X at the end to create a full digraph. For example, while dealing with the word “HELLO WORLD,” we will divide it into pairs of letters − HE LL OW OR LD The digraph LL has identical consecutive letters, so we insert X between them − HE LX LO WO RL D The message has an unusual length after insertion, therefore we append X at the end of it to make it even − HE LX LO WO RL DX Encryption Rules There are mainly three criterias for encrypting letters within the same pair. If the two letters in the pair are in the same row of the key square, we replace them with the letter to their right. If both letters in the pair are found in the same column of the key square, we will replace each letter with the letter below it. If the letters are in different rows and columns, we form a rectangle with them and change each letter with the letter in the opposite corner. Using the matrix with the keyword SECURITY, let us find the row and column of every pair and implement the encryption rules to HELLOWORLD whose pairs are − HE LX LO WO RL DX After applying the encryption rules to all of the letter pairings, we will obtain FUOQMPXNSPHQ. Decryption Process When decrypting a message encrypted with the Playfair Cipher, the method requires reversing the actions used during encryption. Key Square Building The decryption method, like the encryption process, begins by creating the key square with the keyword SECURITY. The key square is a key reference grid that helps decrypt the encoded message. This key square provides the foundation for understanding the encrypted text during decryption. Ecryption Rules Decryption rules are just the reverse encryption rules. When both letters in a pair are in the same row of the key square, we replace them with the letter from the left. Similarly, suppose both letters in the pair are located in the same column of the key square. In that scenario, we replace each letter with the letter immediately above it. When the letters are in separate rows and columns, we use the letter pairs to create a rectangle and replace each letter with the letter in the opposite corner. Process Let us decrypt the message FUOQMPXNSPHQ with the help of the above decryption rules. So, we will process them one by one. F and U are in distinct rows and columns, resulting in a rectangle with corners E, U, F, and H. Exchanging F with its opposite

Cryptosystem – Rainbow table Attack ”; Previous Next What is the Rainbow table Attack? Rainbow table attack is a technique used to decipher passwords that uses a table known as a “rainbow table”. Passwords are not kept in simple text, they are encrypted into hashes instead. When a user attempts to log in by keying in a password, it”s transformed into hashes. they are then linked to the server”s table of stored hashes to verify a match. A match signifies that the user”s identity has been confirmed, granting them access to the software. the rainbow table itself displays a pre-calculated table of password hash values in whatever plain characters are used in the authentication process. Hackers can easily crack every password using the rainbow table if they have access to the password hash list. A tool called “salting” has drastically decreased the rainbow table attacks. Salt is a modern way of preventing rainbow table attacks. this needs adding a new random value to each hash password to create a unique hash value. Most modern password authentication systems contain salts, to greatly reduce the number of successful rainbow table attacks. Most programmers use salting, but there are still some who do not and this makes them more vulnerable to rainbow tables. Here is a simple diagram of how the rainbow table attack works − Explanation the user enters a password. the password is converted to a hash (a special code). the hash is compared with the hashes stored on the server. If a match is found, access is granted. Otherwise, the user can try again. Rainbow table attacks occur when hackers gain access to stored hashes and use a pre-computed table to quickly find the original passwords associated with those hashes. How actually Rainbow table attack work? to attack the rainbow table, hackers must first gain access to the leaking hash. Sometimes the password database itself is not well secured, or perhaps they have access to Active Directory. Users who need to gain access to the password database gain access through phishing techniques. In all these ways, there are already millions and millions of leaked password hashes on the Dark Web available to hackers. Once the password hash is obtained, the rainbow table is used to help decrypt the password hash. As long as there is no “salt” in the password hash, (defined above), encrypted passwords can be translated into plain text. the whole rainbow table attack process has four steps − Creation − The rainbow table generates a hash list by first taking a list of potential passwords and applying a hash function to each one. A rainbow table is used to store the hashes that are produced along with the plaintext passwords that correspond with them. Finding − A hacker can use the rainbow table to find passwords in plaintext that match a collection of hashes they have. In order to find a match to the target hash, the hashes in the rainbow table are verified backwards, beginning with the final hash in each chain. Cracking − When the matching hash value is found, it indicates that the target hash”s original password is the matching plaintext password. Now a hacker can use the authentication process to gain access to someone else”s account. Reduction − the hashes in the rainbow table are reprocessed by a reduction function to generate a new hash set. the reduction function maps each hash to a new value, and the new value is used as the starting point for the next step. this step is repeated several times to create a hash chain. Rainbow table Attack Examples Below we list two real world examples of how rainbow table attacks can happen − the attacker discovers a web application with outdated password hashing techniques and very poor security. By obtaining the password hashes, the attacker can utilise the rainbow table to decrypt each user”s password for the application. the hacker is able to gain access to the password hash by searching for vulnerabilities in the company”s Active Directory. A rainbow table attack is used to decrypt the hashes into plain text passwords after you get a list of them. Protect Against a Rainbow table Attack! Defending yourself against rainbow table attacks is fairly straightforward if you follow these guidelines − Eliminate passwords − the only way to ensure that password-based attacks are prevented is to resolve passwords. there is no way to do a rainbow gate attack without having a password hash list to steal. Learn more about passwordless authentication today and keep your important applications running smoothly. Using salt − Hash passwords should never be stored without salting. this makes it more difficult to decrypt the password. However, it is recommended removing the alphanumeric term altogether. Use biometrics − It is very difficult, if not impossible, for an attacker to conduct a rainbow table attack successfully when using a biometric authentication mechanism against a biometric password. Monitor your servers − Most modern server security software monitors attempts to access sensitive information and can work to minimize and catch attackers before they discover the password database. Avoid using outdated hashing algorithms − Hackers target applications and servers that use outdated password hashing algorithms MD5 and SHA1. If your application uses an outdated algorithm, the chances of rainbow table attacks may increases dramatically. Rainbow table Attack vs. Dictionary Attack Both rainbow table attacks and dictionary attacks are password cracking techniques used by hackers to obtain passwords. An attacker uses a pre-computed hash table in a rainbow table attack to determine the hash password”s plaintext version.. Unlike a dictionary attack, where an attacker tries each word in a dictionary until a match is found, a rainbow table attack allows an attacker to quickly find a plaintext word that contains a preceding table that has been calculated. But they take a lot of time to create and use a lot of space. In a dictionary attack, the hacker uses a pre-compiled list of common passwords

Cryptosystems – Cryptanalysis Techniques ”; Previous Next Before deep dive into cryptanalysis techniques let us first discuss what exactly cryptanalysis is, who are cryptanalysts and what are their roles and responsibilities. The study of decrypting and examining encrypted text and messages without the need for a key is known as cryptanalysis. It”s a combination of study and exercise. It is based on the assumption that experts in mathematics, physics and cryptanalysis are unaware of the process and miss the necessary keys for encryption and decryption It is also a way to easily view the content of a transaction when you don”t have access to a decryption key. Who are Cryptanalysts? The codes are interpreted by cryptanalysts. The term “cryptoanalysis” is derived from the Greek words kryptós (means “hidden”) and analein (means “analysis”). As a cryptanalyst, you are in charge of decoding or decrypting data to understand cryptic signals, even if you do not have the encryption key. Role and Responsibilities of Cryptanalysts In order to access data that would otherwise be difficult to read, a cryptoanalyst will examine ciphers, codes, and encryption systems to learn how they operate. Your specific responsibilities as a crypto analyst will vary depending on the company and organization you work for. The following are some real-world cryptoanalyst positions and responsibilities − Gathering, analysing, and processing data Analyse scrambled intercepts Make use of encrypted resources Debugging software programmes Find the cryptography algorithms” flaws. Create new cryptanalysis tools. Develop strategies to exploit vulnerabilities in computer networks. How is Cryptanalysis performed? While the aim of cryptanalysis is to find weaknesses in cryptographic algorithms or find alternative ways around them, cryptographers use cryptanalysts” knowledge to improve, replace, or enhance weak techniques. The term “cryptology,” which is defined as the mathematical study of codes, ciphers, and related algorithms, includes both cryptography, which focuses on developing and improving encryption ciphers and other procedures, and cryptanalysis focuses on decoding encrypted data. Researchers may create attack strategies that fully overcome an encryption method, making it possible to decrypt ciphertext that has been encrypted using that algorithm without requiring the encryption key. Sometimes, cryptanalysis”s findings identify problems with the design or application of the technique, which reduces the quantity of keys that need to be tried on the target ciphertext. The methods for cryptanalysis differ based on the kind of cipher used. This previously stated, one way to break into simple substitution ciphers is to figure out which letters are most commoon in the message and then compare the result to a list of the most common letters in the English language. Another encryption technique is called a transposition cipher, which reorders the message”s characters without altering them. These ciphers are vulnerable to “anagramming” approaches, which involve experimenting with different letter combinations and looking for patterns or words that are simple to identify in the results. Cryptanalysis Techniques & Attacks A cryptographic system must be attacked in order to identify its vulnerabilities. We refer to them as cryptanalytic attacks. The nature of the algorithm and an understanding of the general characteristics of the plaintext which may be Java code or a conventional English document are prerequisites for the attacks. Therefore, before attempting to take advantage of the attacks, one should be aware of the nature of the plaintext. There are a wide variety of cryptanalysis attack techniques. However, the two most widely used methods are − Ciphertext-Only Attack A potential attacker does not know the encryption algorithm being used, the plaintext data, or any cryptographic key data other than the at least one encrypted message that they have access to. When intelligence agencies try to decipher encrypted messages from a target, they frequently encounter this challenge. However, because there is not much target data, this attack is difficult to execute. Known Plaintext Attack(KPA) When it comes to implementation, this attack is simpler than the ciphertext-only attack. The analyst probably has access to some or all of the plaintext of the ciphertext when they use a known plaintext attack. Finding the key that the target used to encrypt the communication and using it to decrypt it are the cryptanalyst”s goals. The attacker can decrypt any message encrypted with that particular key once they have found it. Attackers using known plaintext techniques must be able to decipher all or part of an encrypted message, or even only the format of the original plaintext. Here are some additional techniques and types that cybersecurity professionals may need to be aware of − Differential Cryptanalysis Attack(DCA) This particular variant of the plaintext attack targets block ciphers that examine plaintext in pairs instead of the one at a time. Using this method enables the analyst to figure out how the algorithm in problem works when it encounters various data types. Man-in-the-Middle Attack(MITM) When an intruder manages to get into a normally secure channel used by two parties to exchange keys, an attack takes place. The key exchange is carried out by the cryptanalyst with each end-user, who thinks they are carrying it out with each other. As a result, the people concerned are utilising a key that the attacker is aware of without realising it. Differential Cryptanalysis A cryptanalyst using differential cryptanalysis can access pairs of messages that are closely related, differing only by a single letter or bit, along with their encrypted versions. This enables the attacker to investigate how modifications made to the source text affect the ciphertext produced by the algorithm. Chosen Plaintext Attack(CPA) When an analyst uses a selected plaintext attacks, they can either use the encryption device or already know the encryption. The selected plaintext can then be encrypted using the intended algorithm by the cryptanalyst in order to obtain information about the key. Side-Channel Attack(SCA) Side-channel attacks depend on data obtained from the actual system used for encryption and decryption. Rather than using the plaintext that is going to be encrypted or the ciphertext that is produced during the encryption process, this attack makes use of data related to the target

Cryptography – Hash functions ”; Previous Next A hash function in cryptography is like a mathematical function that takes various inputs, like messages or data, and transforms them into fixed-length strings of characters. Means the input to the hash function is of any length but output is always of fixed length. This is like compressing a large balloon into a compact ball. The importance of this process lies in its generation of a unique “fingerprint” for each input. Any minor alteration in the input results in a substantially different fingerprint, a quality known as “collision resistance.” Hash functions play a crucial role in various security applications, including password storage (hash values instead of passwords), digital signatures, and data integrity checks. Hash values, or message digests, are values that a hash function returns. The hash function is shown in the image below − Key Points of Hash Functions Hash functions are mathematical operations that “map” or change a given collection of data into a fixed-length bit string that is referred to as the “hash value.” Hash functions have a variety of complexity and difficulty levels and are used in cryptography. Cryptocurrency, password security, and communication security all use hash functions. Operation of Cryptographic Hash Functions In computing systems, hash functions are frequently used data structures for tasks like information authentication and message integrity checks. They are not easily decipherable, but because they can be solved in polynomial time, they are regarded as cryptographically “weak”. Typical hash functions have been improved with security characteristics by cryptographic hash functions, which make it more challenging to decipher message contents or recipient and sender information. Specifically, cryptographic hash functions display the following three characteristics − The hash function are called as “collision-free.” As a result, no two input hashes should be equal to the same output hash. They are hidden. A hash function”s output should make it difficult to figure out the input value from it. They should to be friendly to puzzles. The selection of an input that generates a predetermined result needs to be difficult. As such, the input needs to be taken from as wide as possible. Properties of hash functions To be a reliable cryptographic tool, the hash function should have the following properties − Pre-Image Resistance According to this feature, reversing a hash function should be computationally difficult. In other words, if a hash function h generates a hash value z, it should be difficult to identify an input value x that hashes to z. This feature defends against an attacker attempting to locate the input with just the hash value. Second Pre-Image Resistance This property says that given an input and its hash, it should be difficult to find another input with the same hash. In other words, it should be challenging to find another input value y such that h(y) equals h(x) if a hash function h for an input x returns the hash value h(x). This feature of the hash function protects against an attacker who wants to replace a new value for the original input value and hash, but only holds the input value and its hash. Collision Resistance This feature says that it should be difficult to identify two different inputs of any length that produce the same hash. This characteristic is also known as a collision-free hash function. In other words, for a hash function h, it is difficult to identify two distinct inputs x and y such that h(x)=h(y). A hash function cannot be free of collisions because it is a compression function with a set hash length. The collision-free condition simply indicates that these collisions should be difficult to locate. This characteristic makes it very hard for an attacker to identify two input values that have the same hash. Furthermore, a hash function is second pre-image resistant if it is collision-resistant. Efficiency of Operation Computation of h(x) for any hash function h given input x can be an easy process. Hash functions are computationally considerably faster than symmetric encryption. Fixed Output Size Hashing generates an output of a specific length, regardless of the input size, and helps to make an output of the same size from different input sizes. Deterministic For a given input, the hash function consistently produces the same output, like a recipe that always yields the same dish when followed precisely. Fast Computation Hashing operations occur rapidly, even for large amounts of data sets. Design of Hashing Algorithms Hashing essentially involves a mathematical function that takes two data blocks of fixed size and converts them into a hash code. The function is a key part of the hashing algorithm. The length of these data blocks differ according to the algorithm used. Usually, they range from 128 bits to 512 bits. Below is an example of a hash function − Hashing algorithms use a sequence of rounds, similar to a block cipher, to process a message. In each round, a fixed-size input is used, which usually combines the current message block and the result from the previous round. This process continues for multiple rounds until the entire message is hashed. A visual representation of this process is provided in the illustration below. Due to the interconnected nature of hashing, where the output of one operation affects the input of the next, even a minor change (a single bit difference) in the original message can drastically alter the final hash value. This phenomenon is known as the avalanche effect. Additionally, it”s crucial to distinguish between a hash function and a hashing algorithm. The hash function itself takes two fixed-length binary blocks of data and generates a hash code. A hashing algorithm, on the other hand, establishes how the message is divided into blocks and how the outcomes of multiple hash operations are combined. Popular Hash Functions Hash functions play an important role in computing, providing versatile capabilities like: Quick retrieval of data, Secure protection of information (cryptography), Ensuring data remains unaltered (integrity verification). Some commonly used hash

Cryptography – Caesar Cipher ”; Previous Next So the next cryptographic algorithm is Caesar Cipher. In this chapter we will see what exactly Caesar Cipher is, how it works and also its implementations with different techniques. So let us deep dive into it. What is a Caesar Cipher ? The Caesar Cipher algorithm is the simple and easy approach of encryption technique. It is a simple type of substitution cipher in which the alphabets are moved by using a selected number of areas to create the encoded message. An A can be encoded as a C, M as an O, a Z as an B, and so on with the usage of a Caesar cipher with a shift of 2. This technique is named after Roman leader Julius Caesar. It is used in his private correspondence. It is one of the simplest and oldest methods to encrypt messages. Algorithm Here”s the algorithm for the Caesar Cipher for encryption and decryption both − Encryption Algorithm For encryption algorithm the steps are as follows − Choose a number to be your “shift” value. This number decides how much each letter will move in the alphabet. Start with your message. Look at each letter in your message. Move each letter forward in the alphabet by the chosen shift value. For example, if the shift value is 3, then “A” will become “D”, “M” will become “P”, and so on. Save the new letter instead of the old one. Continue this for every letter in the message. Decryption Algorithm For the decryption algorithm see the steps below − Start with the encrypted message. Know the shift value used for encryption. Look at each letter in the encrypted message. Move each letter back in the alphabet by the shift value to decrypt it. For example, if the shift value is 3, then “D” will become “A”, “P” will become “M”, and so on. Save the decrypted letter instead of the encrypted one. Continue this for all the letters in the encrypted message. Implementation Using Python So, using various Python modules and methods, we can implement this algorithm in multiple ways. In the sections below, let us explore each of these methods individually − Using the String Module Using the List Comprehension Using the String Module In this approach we are going to use the string module of Python. This module is used to work with strings. This module has some constants, utility functions, and classes for string manipulation. As it is a built-in module so we will have to import it before using any of its constants and classes. So the string module is used to access the lowercase alphabet and perform string manipulation operations necessary for creating the Caesar Cipher algorithm. Encryption Example Below is the implementation of Caesar Cipher using string module of Python − import string def caesar_cipher(text, shift): letters = string.ascii_lowercase shifted_letters = letters[shift:] + letters[:shift] table = str.maketrans(letters, shifted_letters) return text.translate(table) # function execution message = “hello” shift_value = 3 encrypted_msg = caesar_cipher(message, shift_value) print(“Encrypted message:”, encrypted_msg) Following is the output of the above example − Input/Output I/P -> Plain text : hello O/P -> Encrypted message: khoor Decryption Example To decrypt the above text message we can use the below code in Python − def caesar_decipher(text, shift): # Decryption is just like encryption but with a negative shift return caesar_cipher(text, -shift) # Decryption encrypted_msg = khoor decrypted_msg = caesar_decipher(encrypted_msg, shift_value) print(“Decrypted message:”, decrypted_msg) Following is the output of the above example − Input/Output I/P -> Cipher Text: khoor O/P -> Decrypted message: hello Using the List Comprehension Now we are going to use list comprehension to create a new string via iterating over each person within the input text. Inside the listing, there is a conditional expression that checks if each letter is uppercase, lowercase, or non-alphabetical. We will basically encrypt every alphabetical letter within the input text and leave away the non-alphabetical characters as it is. Encryption Example Here is the implementation of the Caesar Cipher algorithm using list comprehension in Python − def caesar_cipher(text, shift): encrypted_text = ”” for char in text: if ”A” <= char <= ”Z”: encrypted_text += chr((ord(char) – 65 + shift) % 26 + 65) elif ”a” <= char <= ”z”: encrypted_text += chr((ord(char) – 97 + shift) % 26 + 97) else: encrypted_text += char return encrypted_text # function execution message = “hello everyone” shift_value = 3 encrypted_msg = caesar_cipher(message, shift_value) print(“Encrypted message:”, encrypted_msg) Following is the output of the above example − Input/Output I/P -> Plain text: hello everyone O/P -> Encrypted message: khoor hyhubrqh Decryption Example To create the decryption program for the Caesar Cipher encrypted message, we can reverse the encryption process. Here”s the decryption code for the above Caesar Cipher encryption function using list comprehension − def caesar_decipher(text, shift): decrypted_text = ”” for char in text: if ”A” <= char <= ”Z”: decrypted_text += chr((ord(char) – 65 – shift) % 26 + 65) elif ”a” <= char <= ”z”: decrypted_text += chr((ord(char) – 97 – shift) % 26 + 97) else: decrypted_text += char return decrypted_text # Function execution encrypted_msg = “khoor hyhubrqh” shift_value = 3 # Decryption decrypted_msg = caesar_decipher(encrypted_msg, shift_value) print(“Decrypted message:”, decrypted_msg) Following is the output of the above example − Input/Output I/P -> Cipher text: khoor hyhubrqh O/P -> Decrypted message: hello everyone Implementation using C++ This approach takes a message and a shift value as an input. It then iterates over each character inside the message and shifts it over the given amount to create Caesar Cipher algorithm. It returns the encrypted message as a string. So below is the implementation of Caesar Cipher using C++ programming langugage − Example #include <iostream> #include <string> using namespace std; // Function to encrypt a message string encrypt(string message, int shift) { string encrypted = “”; for (char& c : message) { // Shift each character by the given spaces if (isalpha(c)) { if (isupper(c)) { encrypted

Cryptography – Counter (CTR) Mode ”; Previous Next Counter Mode (CTR) is similar to OFB, with one difference that CTR uses a counter for feedback. This method has the same advantages as OFB (patterns are destroyed and errors are not transmitted), but it also allows for parallel encryption because the feedback can be as simple as an ascending number. A simple example is that the first block is XORed with the number 1, the second with the number 2, and so on. This method allows for the simultaneous completion of any number of rounds. It can be thought of as a counter-based version of CFB mode without the feedback. In this mode, both the sender and receiver must have access to a reliable counter that generates a new shared value each time a ciphertext block is transferred. This shared counter is not always a secret value; though, both parties must keep the counter synchronised. Operation The following image shows encryption and decryption in CTR mode. Steps in operation are as follows − Load the top register with the initial counter value that is the same for both the sender and receiver. It provides the same purpose as the IV in CFB (and CBC) mode. Encrypt the data of the counter with the key and save the result in the bottom register. Take the first plaintext block (P1) and XOR it with the data of the bottom register. The outcome of this is C1. Send C1 to the receiver, then update the counter. The counter update a substitutes the ciphertext feedback in the CFB mode. Continuing in this manner until the final plaintext block is encrypted. Decryption is an opposite process. The ciphertext block is XORed with the encrypted data of the counter value. Each ciphertext block counter is updated after decryption, exactly as it was when encrypted. Analysis of CTR Mode It has no message dependency, hence a ciphertext block is not dependent on preceding plaintext blocks. Just like CFB mode, CTR mode does not include block cipher decoding. This is because the CTR mode generates a key-stream with the block cipher and then encrypts it with the XOR function. In other words, CTR mode changes a block cipher into a stream cipher. The major disadvantage of CTR mode is that it needs the use of synchronous counters at both the transmitter and receiver. Loss of synchronisation causes insufficient plaintext recovery. However, CTR mode offers practically all of the same advantages as CFB mode. Also, no transmission errors are propagated. Formula for CTR Mode CTR is similar to OFB in that it XORs a series of pad vectors with plaintext and ciphertext blocks. The primary difference is how these pad vectors are created. In the CTR mode, we begin with a random seed, s, and then compute pad vectors using the formula − Vi = EK(s+i-1) where EK is the block encryption technique with key K, Vi is a pad vector, and i is the vector”s offset from 1. Once the vectors have been constructed, encryption comparable to the OFB mode can be performed using the following formula − Ci = Vi ⊕ Bi Decryption works in a similar way − Bi = Vi ⊕ Ci CTR uses the same encryption algorithm for both encryption and decryption just like CFB and OFB modes. Bit-Width of CTR Mode The Counter (CTR) mode is a typical block cipher mode of operation that uses the block cipher algorithm.In this version, we offer Advanced Encryption Standard (AES) processing; the cipherkey length for AES is 128/192/256 bits. Another constraint is that our working mode operates on units of a set size (128 bits per block), but text in the actual world has a variety of lengths. As a result, the final block of text provided to this primitive must be padded to 128 bits before it can be encrypted or decrypted. The following table show the bit-width of the interfaces that CTR mode offer − Advantages of CTR Mode So below are some advantages of counter (CTR) mode − Hardware efficiency − Unlike the three chaining modes, CTR mode allows encryption (or decryption) to be performed in parallel on many blocks of plain-text or ciphertext. For chaining modes, the algorithm has to complete the computation on one block before proceeding to the next. This limits the algorithm”s maximum throughput to the reciprocal of the time required for a single execution of block encryption or decryption. In CTR mode, throughput is just limited by the amount of parallelism obtained. Software efficiency − Additionally, while CTR mode supports parallel execution, processors with parallel capabilities like aggressive pipelining, multiple instruction dispatch per clock cycle, a high number of registers, and SIMD instructions can be properly used. Preprocessing − The underlying encryption technique is executed regardless of whether the plaintext or ciphertext is given. As a result, considering enough memory is available and security is maintained, preprocessing can be utilised to prepare the output of the encryption boxes, which feed into the XOR functions. When the plaintext or ciphertext input is given, the only operation performed is a series of XORs. As an approach significantly increases throughput. Random access − The ith block of plaintext or ciphertext is possible to handled using random access. With the chaining modes, block Ci cannot be computed before the i – 1 preceding block is computed. There are applications where a ciphertext is kept and just one block needs to be decrypted; in these applications, the random access functionality is useful. Simplicity − CTR mode is simpler than ECB and CBC modes since it only requires the encryption algorithm to be implemented, not the decryption algorithm. This is especially important when the decryption algorithm differs significantly from the encryption algorithm, as is the case with AES. Also, there is no requirement to create decryption key scheduling. Disadvantages of CTR Mode The main drawback of the CTR is that a synchronised counter must be maintained at both the receiving and