Fri Sep 24, 2010 4:13 pm
A+, Security+, MCP, CCENT, CCNA, and CCNA Security

Asymmetric and Digital Signature Notes

Fri Aug 19, 2011 9:41 pm

I'll be taking another practice test soon...

Chapter 13

Hashing and HMACs: A cryptographic function that produces a hash sum that radically differs if the input is slightly changed. A hash collision, or “hash clash,” occurs when two different inputs produce the same hash sum output. A HMAC uses a hash to securely transport a secret key.

Hash Applications: Hashing algorithms are used to verify the integrity of transmissions and passwords.

• 128-bit hash value typically expressed in a 32-character hexadecimal number
• 4 rounds of 16 operations for a total of 64 operations
• Created by Rivest of MIT
• Random data bits (salt) should be added to password before they are hashed with MD5.

Rainbow Tables: RBTs are used to map hash outputs into strings. Slating makes RBTs less effective.

Secure Hash: A has is considered to be secure if:
• It is computationally impossible to find the message that corresponds to a digest
• No two different messages produce the same hash value.

• Widely used in application such as TLGS, SSL, PGP, SSH, S/MIME, and IPSEC.
• A small change in input will produce a drastically different hash output.
• 224, 256, 384, and 512 bit versions have been published by NIST
• Vulnerable because of weak file processing steps and certain math operations in the first 20 rounds.

Digital Signatures and PKI: Hashing and asymmetric encryption can be combined to provide encryption and authentication. These attributes are especially effective when implemented in a Public Key Infrastructure System.

Hashes and Digital Signatures: A message can be encrypted with another user’s public key. A signature is then hashed and encrypted with the sender’s private key. If both users have exchanged their public keys, the recipient will be able to decrypt the message with his public key and the signature with the sender’s public key. The hash of the signature can then be recomputed and the message’s integrity verified.

A Digital Signature Scheme is compose of three algorithms:
• Key generation algorithm to generate a user’s public/private key pair
• Signature algorithm that signs the message with a signing key
• Signature verification algorithm with verifying key

RSA: RSA uses public/private key cryptography. It is typically 1024-2048 bits long.

RSA Message Signing:
• The sender creates a hash for the message and raises it to the power of d mod n.
• The hash value is attached to the message
• The recipient raises the signature to a power of e mod n. The same procedure was performed when the message was encrypted.
• The hash value is compared and integrity is verified.

RSA Vulnerabilities:
• Timing Attacks: Measuring the decryption times and comparing them to known cipher texts. Set times and blinding, in which the multiplicative property is used so that timing is insignificant, are two methods used to combat timing attacks.
• Adaptive chose cipher text attack: Exploits flaws in the PKCS#1 scheme to recover SSL session keys. Addressed by RSA in a PKCS#1 update.
• Branch Prediction Analysis (BPA): Attempts to statistically discover private keys by observing simultaneous multithreading patterns.

DSA Algorithm: DSA is used to generate digital signatures and verify authenticity. In a DSA scheme, a user must be aware of the sender’s private key. DSA requires that keys be bound to users.

Return to david7eagle - CCNA Security

Who is online

Users browsing this forum: No registered users and 7 guests