Services of Cryptography System
Cryptography is more than encryption. The services provided by cryptography system may include the following:
Confidentiality: renders the information unintelligible except by authorised entities.
Integrity: data has not been altered in an unauthorised manner since it was created, transmitted, or stored.
Authentication: verifies the identity of the user of system that created the information.
Authorisation: upon proving identity, the individual is then provided with the key or password that will allow access to some resource.
Nonrepudiation: ensures that the sender cannot deny sending the message.
RSA, AES and SHA can all provide encryption but for different purpose.
RSA fits in in PKI asymmetric key structure. It provides message encryption and supports authentication and nonrepudiation services.
However, the downside is the encryption process is much slower than symmetric key, such as AES and DES. Therefore, it is often used to encrypt and distribute symmetric key.
Online RSA public and private key generator: http://travistidwell.com/blog/2013/09/06/an-online-rsa-public-and-private-key-generator/
AES fits in symmetric key structure and provides longer key (safer) than DES. It provides message encryption, much faster than asymmetric key such as RSA. Therefore, it is used to encrypt file content and communication.
Online AES encryption: http://aes.online-domain-tools.com/
SHA and MD5 hashing are used to generate message digest to verify message integrity – message is not altered during transition. Hasing is one-way function and cannot be reversed. Same content always generates the same hash value. Therefore, hashing is often used to ensure message integrity; or when no decryption is required, such as Cisco enable password.
However, if simple text is used, the hash value may be reversible and the plaintext password is revealed. It can be done by hashing dictionaries to achieve a hash value library and then matching the hash value of the password to the library to figure out the original password. Therefore, complicated password should always be required for security reason.
Online hashing: http://www.fileformat.info/tool/hash.htm
Cisco password reverser: http://packetlife.net/toolbox/type7/
The following table summarises the pros, cons and usage of different cryptographies.
(e.g. DES, 3DES, AES)
· Hard to break if using large key size
|· How to securely deliver keys?
· Scalability – too many unique keys
· authenticity or nonrepudiation not provided
|· Encrypt files and communication paths|
|Asymmetric Cryptography – PKI
(e.g. RSA, DH, DSA, ECC)
|· Better key distribution than symmetric
· Better scalability
· Provide authentication and nonrepudiation
|· 1000+ times slower than symmetric||· Distribute symmetric key (except DSA)
· Digital signature (except DH)
(e.g. MD5, SHA)
|· One-way function, fast
· Provide message digest – easy file comparison
|· Safety – same content always generates same hash value
· Decryption is not supported, due to one-way function
|· Check message integrity – no alteration|
Summary of Cryptography Mechanism
Following diagram is a summary of cryptography mechanism, including i) key distribution process, enabled by RSA or DH; ii) content and communication encryption process, enabled by AES, 3DES or DES; iii) hashing process, enabled by SHA or MD5; iv) digital signature process; enabled by RSA or DSA etc.