APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Concepts in Cryptography

by Girish Venkatachalam

Girish Venkatachalam is a UNIX hacker with more than a decade of networking and crypto programming experience. His hobbies include yoga,cycling, cooking and he runs his own business. Details here:

http://gayatri-hitech.com

http://spam-cheetah.com

Music has existed since eternity. In India, music has enjoyed and still enjoys a special place in the life of Hindus and others alike. A look at this video will show you a sample of what richness is found.


Rajhesh Vaidhya
      Veena fusion in Sumanesa Ranjani raaga

Veena is one of the greatest stringed instruments and its music is very special. I have a plan to learn the instrument one day. I had such a plan 8 years go. I wanted to learn cryptography.

Learning a musical instrument takes at least 5 years. If you practice for 2 hours in the morning after bath and in the evening for another 2 hours with full devotion to Guru and its art, then you achieve some mastery over the instrument. A similar devotion is necessary when you are tackling something as abstruse and difficult as cryptography. The web has enough resources to help you in this long journey. The book Applied Cryptography by Bruce Schneier is a must. But first you have to clear the haze in the brain about what public cryptography means. How it works and how it is different from symmetric ciphers like AES or DES and why RSA keylengths are usually 1024 bits and why 192 bits is incredibly secure for an AES key.

Obviously such a deep topic filled with mathematical concepts, logic and extensive theory cannot be understood in a teeny weeny article like this. I will endeavor to get you interested perhaps. If not at least you are assured of some entertainment in reading this.

Practical applications of cryptography

Practical applications of cryptography include the PGP encryption system for e-mail invented by Phil Zimmerman, the Enigma cipher of World War II which was a hardware with moving parts and the OpenSSH project.

The OpenSSL library is also a widely used open source project which have all the cryptographic algorithms and protocols implemented. It is the most comprehensive crypto toolkit. You have facilities (both high level and low level) for message digest, symmetric cryptography, public key cryptography, signing and for generating certificates.

You can obtain a shell prompt into OpenSSL once you install it on any linux or UNIX box. It is also found in Windows. You can enter simple commands for encrypting a file or BASE64 conversion or even generating random data.

There are several OpenSSL command lines you can find by browsing the Internet. It is easy to use and you can play with it to learn a lot about crypto and to learn its application in real life. But it cannot substitute for theoretical knowledge.

Certain concepts that can help you

Encryption can be achieved in broadly two ways - using a symmetric cipher like DES, AES, DES3, RC4 or RC6 . Or using a public key crypto system like RSA, DSA, Diffie Hellman or El Gamal. There is a lot of difference in their application and theory.

Symmetric ciphering works by a process involving substitution and transposition. This is also known as confusion and diffusion. You use a key and derive a key sequence(known as round keys) and a variation of the EX-OR bit operation is used to combine the round keys with the input bits. This is continued for typically around 16 rounds and this is combined with the previous block or the next block depending on the mode in which the cipher is operating. And you have block and stream ciphers in symmetric cryptography. Too much work but done very quickly since none of these steps are costly. All this finishes in no time with even a modest computer or an embedded system like a mobile phone or PDA.

This was a very quick rundown of what happens in a symmetric cipher which is the most common encryption variant available. But this does not solve the basic problem involved in secure communications. How to exchange the secret key over an insecure channel?

It is to solve this problem and other associated problems like digital signing that crypto systems like RSA are employed. Normally all that happens is that the secret key is encrypted using the RSA public key of the recipient and the message is transmitted by symmetric ciphering.

The recipient decrypts the secret key(symmetric) using his RSA private key and then recovers the message by symmetric decryption. All this might sound very confusing but suffice it to say that the theory of RSA is very different from that of AES or DES. How does RSA work?

Public key cryptographic algorithms typically involve either of two hard problems also known as NP complete problems in computer science. One is prime number factorization. You can easily multiply two prime numbers but you cannot divide them easily. The other problem is known as discrete logarithm computation. I don't know anything more about this.

And RSA in particular uses this basic mathematical concept.

	a^b^c   = a^c^b = a^bc
 

If you raise a to the power of b and then to c, it is the same as doing it in the reverse direction since this mathematical equation is transitive in nature.

The other concept used frequently is that of message digests like SHA1 or MD5. Nowadays you even have SHA-512. If you use a secret key with it, it is known as HMAC. This is used for the online banking transactions and even with e-mail authentication for websites like gmail and hotmail. Basically all SSL implementations have to generate a master secret with HMAC algorithm.

Modulo arithmetic is another frequently used technique in message digests and public key cryptography. It is very simple. Your hour clock wraps around at 24 hours, the weekdays wrap around at 7 days and circular linked lists and circular buffers are used in computing which use the same concept. Basically the same set of values wrap around to prevent growth in values.

Modulo arithmetic puts boundaries in results without affecting the effectiveness of the algorithm employed. Then you have other advanced protocols like zero knowledge protocols, challenge response authentication mechanisms and so on.

You can use the resources given in the reference section to explore this ocean.

References and further reading

  1. PKCS standards
  2. OpenSSL crypto library
  3. Pretty Good Privacy
  4. OpenSSH
  5. OpenSSH under the hood



Got something to add? Send me email.



1 comment



Increase ad revenue 50-250% with Ezoic


More Articles by © Girish Venkatachalam





------------------------
Kerio Samepage


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





If we define Futurism as an exploration beyond accepted limits, then the nature of limiting systems becomes the first object of exploration. (Frank Herbert)

If debugging is the process of removing bugs, then programming must be the process of putting them in. (Edsger W. Dijkstra)










This post tagged: