Welcome to the deep dive. Today, we're venturing into the really fascinating realm of cryptography and computer security.
Indeed, we've got quite a bit of material here, covering everything from the sort of deep mathematical roots of encryption all the way to how it protects us every day.
Right, and our mission really is to sift through all this, pull out the key insights and maybe show you some connections you hadn't thought of. Because cryptography, it sounds technical, but it's everywhere.
Oh absolutely, think about secure websites, messaging apps, even your phone, security, your car. It all relies on the stuff working behind the scenes.
And the consequences if it doesn't work are pretty serious.
Yeah, we're talking email hacks, bank accounts getting breached, identity theft. It's not just theory. These are real threats, which.
Makes you wonder who's doing the attacking right. The motivations vary a lot.
Totally, from criminals after money to while more organized groups with bigger targets. It really highlights why being proactive about security is so vital.
For this deep dive, we're kind of splitting in two.
Yeah, first, we'll tackle the basics, the foundational concepts of cryptography, how it all works at its.
Core and done.
Then we'll look at the practical side, how these ideas actually get built into the technologies you use.
Okay, sounds good. Let's start with the big picture then computer security itself.
Right. So, at as heart, information security is about protecting information and systems. It comes down to three key things often called the CIA.
Triad CIA not the agency I assume.
Huh No, not that CIA. It stands for confidentiality, integrity, and availability.
Okay, confidentiality, keeping secret, secret, integrity, making sure data isn't messed with. What about availability?
Availability is crucial. It means authorized users can actually get to the information and services when they need them. Security isn't just about locking things down. It's also about ensuring access.
That's a great point. We often focus on the secrecy.
Part exactly, but think about attacks that target availability. Sabotaging a system like say car breaks control to lectonically or deleting critical data, or just blocking access to servers. Those are all serious security breaches.
So information security is the umbrella term, and cybersecurity fits underneath it.
Pretty much. Cybersecurity focuses specifically on protecting that digital world, networks, devices, data, everything in cyberspace from attacks.
Got it. Now, let's zoom in on cryptography itself. What's its main job?
Fundamentally, cryptography is about enabling secure communication and building trust even when people don't know each other. It's about privacy and security and a connected world. And you know this isn't a new problem.
Ah, right. The historical examples I saw those in the notes.
Yeah, people have wanted to send secret messages for ages. Think about the ancient Greeks with their side tail a cylinder for scrambling messages, or even Thomas Jefferson's wheel cipher.
Much more complex, I imagine a bit.
Yeah, mechanical shows that drive for secrecy. These were early steps.
And then we get to things like the Enigma machine in World War Two.
Right, Enigma a huge leap in complexity for its time, electro mechanical, very sophisticated.
Codes famously broken by Alan Turing and.
His team exactly, which perfectly illustrates this constant cat and mouse game in cryptography. Code makers build something, code breakers try to crack it. It's always evolving.
Now here's something interesting. Attacks on the algorithms themselves, they're not usually about tricking the user, are they?
That's a key distinction. Things like phishing they prey on human error, but cryptanalysis attacking the crypto algorithm aims to find weaknesses in the math or the design itself, not trying to fool you into giving up your password.
So how does cryptanalysis work? Then? Sounds complicated?
It can be, but the core idea is using knowledge of how the algorithm is built, and often these designs are public. Plus looking for patterns in the original message, the plain.
Text, using the ciphertext the encrypted.
Message right, analyzing the ciphertech, knowing the algorithms structure, maybe knowing something about the likely plaintext, you use computation to try and figure out the secret key or the message.
Okay, the notes mentioned unconditional versus computational security. What's the difference.
Unconditional security is like the theoretical ideal. It means, even with infinite computing power, you couldn't break the cipher. The one time pad is.
An example, but not very practical.
Not usually, No, you need a key as long as the message perfectly random used only once securely shared. Tricky. Computational security is what we rely on, meaning it's theoretically breakable, but it would take an absurd amount of time and computing power, far beyond anything feasible. Our everyday crypto relies on this.
Gotcha and quickly pseudorandom number generators PR andngs. They sound random, but they're not quite exactly.
They're algorithms that produce sequences that look random, but they're deterministic. If you know the starting point, the.
Seed, you can predict the whole sequence.
Yeah, that's the risk. If an attacker gets the seed, the randomness collapses and any security relying on it is potentially gone. So true randomness for seating is vital.
Okay, makes sense. So strong algorithms plus real randomness. Now, let's get into some of the math behind this. Modular arithmetic, right.
Think of clock arithmetic. After twelve, you're back to one that's modulo twelve. Cryptography uses this a lot, working with numbers within a specific range a modulus. Concepts like Fermat's little theorem, modular square roots their tools in the crypto toolbox.
And groups in fields. Sounds like abstract algebra class.
It is a bit, but structures like ZP, integers modulo a prime P, or finite fields FP define how addition and multiplication work in these limited sets. They provide the mathematical playground for many crypto operations. The order of an element, for instance, is important for security in some systems.
The notes show examples in finite fields, like F twenty three. That looks different.
Yeah, it's math with polynomials over binary fields. We're working with strings of bits, and the rules for adding and multiplying are based on polynomial math modulo some irreducible polynomial sounds complex, but it gives a well defined structure for operations. Generators are elements that can create all others through repeated multiplications.
Okay, I'll trust you on that one. And the Chinese remainder theorem, what's its role?
Ugh crt. It's a clever theorem for solving systems of congruences, finding a number that leaves specific remainders when divided by different numbers. In crypto, especially RSA, it's used to speed things up. You can break a big calculation down into smaller, faster ones modulo the factors of the main number.
Right optimization. Okay, mad foundations late, let's talk symmetric ciphers. The basic idea.
Simple concept, one shared secret key, same key to encrypt the plaintext into ciphertext, same key to decrypt it back. Security hinges entirely on keeping that key secret.
Like the vigenera cipher that's a step up from the basic Cazar shift right.
Instead of shifting every letter the same amount, Vgenia uses a keyword. The keyword letter tells you how much to shift the corresponding plaintex.
Letter, so you repeat the keyword yeap, repeat the.
Keyword to match the message length, then use a Visionaire table to do the look up. It was much harder to break than Caesar for a long time because it uses multiple alphabets. Still breakable, though, especially now.
And reusing keys and stream ciphers is a big no, no.
Huge mistake. Stream ciphers often generate a keystream from the key. If you encrypt two different messages with the exact same keystream problems, big problems. An attacker can xor the two cipher texts together, the KEYSTRM cancels out, and they're left with the xor of the two original plaintexts. If they know or can guess part one message, they can often recover.
Both, like using the same combo on two safes.
Good analogy yeah.
Which leads to crib based tax sounds like spying.
It kind of is. A crib is just a piece of plaintext you guess might be in the message, like weather report in Enigma messages.
How does guessing help?
You? Try a line your guest crib against the cyphertext at different positions. If your guess is right, it can help you deduce parts of the key or confirm your guess. It was vital for breaking Enigma, combining language knowledge with cryptoanalysis.
However, and the XR operation itself simple logic gate but fundamental.
Here absolutely xor is its own inverse a XR B xr B gets you back to a so plaintext, XR key stream ciphertext ciphertext XR keystream plaintext very efficient.
But the key reuse issue comes back to xor.
Yes, because certext one xo R so for text two equals plaintext one, XR keystream, XR plaintext two, XR key stream. The keystreams cancel leaving plaintext one xo R plaintext.
Two, and that leaks information.
It can, yeah, especially with things like AC encoding. The bit patterns for letters versus spaces are different. XOR and ciphertext might reveal if one character was likely a space, which is a common character. It gives the attack or a starting point.
Okay, fascinating how simple operations have big impacts. Let's switch to hash functions, m as and digital signatures different goals.
Here, totally different. Symmetric crypto is about confidentiality. These are more about integrity and authenticity.
So hash functions first, like a digital fingerprint.
Exactly takes any input data, produces a fixed size output the hash. Good ones are one way, easy to compute the hash, hard to go from hashback to input and collision resistant. Hard to find two different inputs that give the same hash.
Saha algorithms are common examples Saha one, Saha two, Saha three Right.
Saha one is weak now, but SAHA two and SAHA three are widely used. They have different structures and output sizes. SAHA three uses something called the sponge construction.
Sponge.
Yeah, think of absorbing the input data into an internal state than squeezing the hash output out. It's a flexible design with good security properties.
Okay, and MAA key's message authentication codes? How are they different from hashes?
Hashes verify integrity? Was the data changed? MAA keys do that plus authentication. They use a secret key shared between sender and res How you compute the MA using the message and the secret key. Send the message and the mt tag. The receiver uses their copy of the key to recompute the MC on the receive message. If the tags matched, the message is intact and it came from someone with the.
Key, So it uses a shared secret like symmetric encryption.
Yes, HMAC is a common way to build up MC using a hash function and a key.
Then digital signatures, they offer non repudiation.
Exactly digital signatures use public key crypto. The sender signs the message or hash of it using their private key. Anyone can verify the signature using the sender's public key, and that proves it proves integrity, message wasn't changed, and authenticity. Only the private key owner could create that signature. Crucially, it provides non repudiation. The sender can't deny signing it because only they have the private key. That's a key difference from MAC got it.
The notes mentioned generic attacks on hashes, pre image, second pre image collision. What are those?
They target? The core properties pre image given a hash, find any input that produces it. Second pre image given an input and its hash. Find a different input with the same hash. Collision find any two different inputs with the same hash.
All bad news for security, definitely.
They undermine the integrity and authenticity guarantees. A collision, for example, could let someone create a malicious file with the same hash as a legitimate one.
Okay, back to cipher's for a moment. Stream cipher is the synchronous model.
Right In synchronist stream ciphers, both sender and receiver generate the exact same keystream independently based on a shared key and usually an IV initialization.
Vector, and the keystream generation is separate from the message completely separate.
Keystream generation doesn't depend on the plaintext or ciphertext. You just XR the plaintext with the generated keystream.
Bits and linear feedbackshift registers LFSRs are used for making keystreams.
They're a basic building block, simple hardware shift bits along calculate the next bit using XORs of previous bits based on a feedback polynomial.
But they have weaknesses.
Yeah, they're linearity algorithms like burlycamp Massy can figure out the feedback polynomial if they see enough of the output stream. So real world stream ciphers use more complex nonlinear methods on top of or instead of basic LFSRs.
Okay, let's shift to block ciphers. Now, how are they different.
Block ciphers work on fixed sized chunks of data like one hundred and twenty eight bits for as stream ciphers work bit by bit or bite by byte. Block ciphers use the same key for each block, but apply complex transformation within each block, usually.
Over multiple rounds, and they're fundamental.
Very use for encrypting bulk data and also as components in other crypto things like hash functions or even stream ciphers when used in certain modes.
kDa and AES are the main standards mentioned right.
TDA or triple DS was a way to strengthen the older DS by applying it three times. DS itself has two small a key size fifty six bits now, as is the modern standard keys one hundred and twenty eight hundred and ninety two two hundred fifty six bits. Stronger design the.
Old DEES process, and it intricate permutations key schedules that f function.
It was initial permutation scrambles the block, then sixteen rounds. Each round splits the block uses the round key derived via the key schedule in the F function on one half xrs the result with the other half than swaps halves. Finally, an inverse initial permutation. The F function itself involved expansion, s box substitutions, and permutation.
Complex and the meat and the middle attack worked against double des yes.
And it reduces the security significantly. Instead of trying all key pairs huge number, you encrypt the plain text with all possible first keys and decrypt the ciphertext of all possible second keys. You store the results and look for a match in the middle.
Cuts down the work dramatically massively.
It makes double des not much stronger than single ds against this attack. TDA is structured to resist this better, but it's still not ideal.
Compared to AES, AES has its own steps.
Like SI subbites right, AES uses a state matrix sub bytes replaces each byte using an s box lookup. Unlike DESS boxes, the ads F box has a clear mathematical structure based on finite field arithmetic. It provides nonlinearity, and mixed columns uses polynomial math YEP. Mixed columns mixes the bytes within each column of the state matrix. Treating columns as polynomials over a finite field. This provides diffusion changes spread quickly.
Across the block and ad round key.
That's the simpler step. Just xor the current state with the round key derived from the main key via the key schedule. This introduces the key material into the process each round.
Okay, so that's encrypting one block. But for longer messages we need modes of operation exactly.
A mode tells you how to use the block cipher repeatedly for a longer message. Different modes have different security properties and uses.
Like ECB Electronic Codebook, simple but flawed.
Very flawed for most uses, encrypts each block independently with the same key. The big problem identical p plain text blocks produce identical sofa text.
Block, which reveals patterns.
Totally encrypt an image with large areas of the same color using ECB, and you can often still see the outline of the original image in the ciphertext. Generally avoid ECB unless you have very specific, short, non repeating data.
CBC cipher blockchaining is.
Better, much better. Before encrypting a plaintext block, you XORR it with the previous ciphertext block for the first block, you use a random IV, so.
Each ciphertext block depends on all previous plaintexts.
Right, it hides patterns, but the IV needs to be unpredictable. If an attacker knows the IV, it can cause problems.
Then OFB and CTR modes they act like stream ciphers.
Yeah, they turn a block cipher into a stream cipher OFB feeds the cipher's output back as input for the next stage. CTR encrypts a counter value for each block and xrrs that result. With the plaintext advantages, CTR especially is efficient, can be parallelized, and doesn't need padding if the message isn't a perfect multiple of the block size, it's quite popular.
And the birthday paradox vulnerability, how does that apply?
The birthday paradox shows you don't need that many people in a room to have a good chance of to sharing a birthday. In crypto, with block size in after about two en blocks, you have a decent chance of seeing two identical ciphertext blocks a collision. What does that collision mean depends on the mode. In ECB, it means identical plaintext blocks. In other modes, it might leak some
information or enable certain attacks. It tells us the block size needs to be large enough like EES is one hundred and twenty eight bits to make two and two a huge unachievable number of blocks.
Okay, moving beyond just confidentiality, authenticated encryption right.
This provides confidentiality and integrity authenticity together. Standard modes like CBC don't inherently stop someone from tampering with the ciphertext.
How does authenticated encryption work?
Modes like GCM glows countermode combine an encryption mode like CTR with a way to generate an authentication tag like GMAC. This tag is calculated over the ciphertext and optionally some associated data you want to protect but not encrypt like headers. Exactly. The receiver decrypts and also recalculates the tag. If the calculated tag doesn't match the received tag, they know the data was tampered with or is an authentic GCM uses a nonce number used ones for each encryption.
And GMC is just the authentication part.
Yes, if you only need integrity and authenticity and not confidentiality.
These modes using nonzs like GCM CCM ASGCM SIV. They help against replay attacks too.
Yes, because the nonce should be unique for each message under the same key. Replaying an old message with its nons would likely be detected or processed differently, and using nonzas means encrypting the same plaintext twice gives different ciphertexts, hiding repetitions.
And they can resist chosen ciphertext attacks.
That's a major goal. In a chosen ciphertext attack, the attacker gets to see plaintext for ciphertexts they choose authenticated encryption modes boil this because if the attacker submits a tampered ciphertext, the integrity check the tag verification fails, and the decryption process refuses to output plaintext or signals and error. It stops the attacker from learning through manipulated ciphertexts.
Okay, so we have all these tools, how do we actually analyze if they're secure?
Good question. Modern crypto relies on computational security. We assume the attacker has limited computing power. Security and analysis tries to prove that breaking the system would take an infeasible amount of computation.
Using theoretical models like adversaries with access.
To oracles exactly. An oracle is a hypothetical black box the attacker can query like an encryption oracle, give it plaintext, it returns ciphertext using the secret key. By seeing how the oracle responds to chosen inputs, the attacker tries to learn the key or break the system. Different oracles model different attack capabilities, and we.
Talk about permutation families and function families.
Yeah, that's mathematical modeling. A block cipher with a fixed key acts like a permutation, a scrambling of all possible blocks. The family is the set of all possible permutations you get by using all possible keys. We analyze how close this family is to a family of truly random permutations or functions. HMAC is an example where this analysis is used.
The goal is to limit the adversaries advantage. Right.
The advantage is how much better the adversary can do at breaking the system, like distinguishing cipher output from random or finding the key, compared to just guessing randomly. A secure system keeps the maximum possible advantage negligibly small, even for powerful adversaries.
The notes give an example of an insecure PRP Yeah.
A pseudorandom permutation. If the output is predictable from the input, it's not behaving randomly, so it's insecure. A simple linear relationship would be an example.
And double encryption isn't always much better if the underlying cipher isn't a secure PRP.
Correct We saw that with meat in the middle on double dies. If the cipher has exploitable structure just layering, it might not help as much you'd hope. But if it is a secure PIP, double encryption is generally.
Strong and predictable ivs in CBC mode a big.
Problem, huge problem. If the attacker can predict the iv they can potentially control parts of the plaintext after decryption, especially the first block. It breaks the confidentiality goals. Ivs must be unpredictable, usually random.
There's even a formula shown for calculating adversary advantage in aes GCMSIV based on nonce usage and message lengths. Looks complicated it is.
Those formulas come from deep security proofs. They quantify the security based on usage parameters, how many messages, how long nonce collisions which should never happen. They give concrete security bounds.
Okay, let's switch to the attacker side. Cryptanalysis attacks on symmetric.
Ciphers, right, how do people try to break.
These things, route force is the obvious one.
Simplest idea, try every possible key feasible For small key spaces like old dees fifty six bits, but for as one twenty eight or higher, the number of keys is astronomical. Twenty one to twenty eight is just impossibly large to search, so brute force is usually not a practical threat for modern ciphers. Dictionary attacks that target's weak passwords used to
derive keys. Attacker tries common words, names variations from a dictionary list, hashes them, and compares against stolen password hashes. Not an attack on the cipher itself, but on poor key generation from passwords.
Meet and that'll be covered. What about time memory trade offs like rainbow.
Tables clever idea. You pre compute a lot of data to speed up the actual attack leader. Rainbow tables are often used against password hashes. You precalculate chains of hashes starting from possible passwords. You store only the start and end points of these chains.
How does that help crack a specific hash?
You take the target hash, run it backwards through the chain logic, and see if you hit an endpoint stored in your table. If you do, you can regenerate the chain from the corresponding start point to find the original password. It trades storage space for the table for attack.
Time fifty than the really advanced stuff.
Yeah.
Linear and differential cryptanalysis.
Yeah, these are powerful techniques against the internal structure of block ciphers. Linear cryptanalysis looks for statistical linear approximations relationships involving XO R sums of plaintext bits, ciphertext bits, and key bits that hold slightly more often than random chance. And differential differential cryptanalysis studies how differences between pairs of
inputs propagate through the cipher rounds. You choose input pairs with a specific difference and look at the probability distribution of the output differences. Certain differences might occur more often than expected, leaking information about the key. The difference distribution table DDT analyzes this for the s boxes.
And even more advanced versions exist.
Yes, higher ordered differential looks at differences of differences. Algebraic cryptanalysis tries to write the whole cipher as a system of algebraic equations, often using boolean polynomials, and then solve for the key. Superpoles are specific algebra of structures used in some of these attacks.
Wow, okay, deep stuff. Let's witch paradigms completely. Now public key cryptosystems, what's the big idea here?
The game changer is having two keys, a public key you can share with anyone and a private key you keep secret. No need to securely share a secret beforehand.
How does that work for sending a message?
Alice wants to send a secret message to Bob. She encrypts it using Bob's public key. Only Bob with his corresponding private key it can decrypt. It solves the key distribution headache of symmetric.
Crypto and RSA is the classic example based on factoring large numbers exactly.
Security relies on it being really hard to factor a large number n into its two large prime factors P and Q. Key generation involves picking P and q, calculating mpq, and finding exponents E public and D private that have a special mathematical relationship involving P and Q.
Encryption is message m to the power of E mod n.
Yep cels me mod n, and.
Decryption is ciphertech C to the power of D mod en.
Correct mlcd mod n. The math just works.
Out elegant and cot DRSA speeds up decryption.
Yes, using the Chinese remainder theorem, it breaks the CD mod end calculation into smaller calculations modp and mod q than combines the results much faster.
Is basic RSA secure enough on its own? The notes mentioned semantic security issues.
Right, plaintextbook, RSA isn't semantically secure. Encrypting the same message twice gives the same ciphertext. An attacker could guess possible messages, encrypt them with the public key, and see if they match the intercepted ciphertext.
So how do we fix that?
Padding schemes? You add randomness to the message before RSA encryption. RSAPSS is a modern standard for this. It ensures encrypting the same message twice gives different results, crucial for real world security.
And RSA can do digital signatures too.
Yes, you just reverse the keys to sign You hash the message, then encrypt the hash with your private key. Anyone can verify by decrypting the signature with your public key and checking if it matches the hash of the message they received.
Other public key systems mentioned are elgamol and DSA.
Elgamol is another option often for encryption based on a different hard problem, the discrete logarithm problem DLP in a finite field DSA digital signature algorithm is specifically for signatures. Also based on DLP, Schnor signatures are another DLP based signature scheme known for efficiency.
Are there specific attacks against RSA itself.
Yes, things like choosing a small private exponent can sometimes make it vulnerable, or the common modulus attack. If two people use the same n but different ease, and you encrypt the same message to both, it might be breakable. Proper key generation avoids these.
Okay, diffy Hillman key exchange that's about agreeing on.
A key exactly allows two parties, Alice and Bob to establish a shared secret key over a public channel without setting the key itself. It's amazing, also based on the discrete logarithm problem.
How does it work? Roughly?
They agree publicly on a prime P and a generator G. Alice pick secret A, Bob picks secret B. Alice sends gay mod P to Bob. Bob sends gb MODP to Alice. Alice calculates do B MODP both get the same results GB MODP. That's their shared secret.
Ingenius but vulnerable demand in the middle.
The basic protocol is yes. If Mallory sits between Alice and Bob, she can intercept their public values j JB and substitute her own GM. She does a separate dage exchange with Alice getting secret GAM, and another with Bob getting secret tobm Alice thinks she's talking to Bob, Bob thinks he's talking to Alice, but both are actually talking to Mallory, who relays messages reading everything.
So authentication is needed.
Absolutely critical. You need to verify who you're doing the exchange with, usually using digital signatures or pre shared keys, before you trust the resulting shared secret.
Okay, Now, Elliptic curve cryptography ECC, what's the big deal? There?
Main advantage much smaller keys for the same level of security compared to RSA or traditional Diffie Hellman.
Why.
It's based on the math of elliptic curves over finite fields. The hard problem is the elliptic curve discrete logarithm problem ECDLP, which seems to be harder than factoring or the standard DLP for the same key size.
So smaller keys mean faster operations, less bandwidth, good for mobile.
Devices exactly big benefits and resource constrained environments.
An elyptic curve isn't like a geometric ellipse.
No, it's defined by a specific cubic equation like y two equals three plus x plus b. The points xy satisfying this over a finite field plus a point at infinity form a group. You can define point addition and scaler multiplication repeated edition on these points, and.
That math forms the basis for ECC crypto.
Yes, you can do diffy Hellman on elliptic curves ECDH, Digital Signatures e CDSA and integrated encryption schemes ecees same concepts as before, but using elliptic curve point operations instead of modular exponentiation.
The notes even show point doubling on a curve looks involved.
The formulas can look messy, but they're just the rules for the group operation on the curve.
Points.
Point doubling, adding a point to itself, and point addition are the core operations needed for scaler multiplication, which is how you use the private key.
Okay, we've covered a ton of crypto concepts. Let's move to part two. Practical implementation. Starting with key management seems crucial, but maybe overlooked hugely crucial.
You can have the best algorithms in the world, but if your keys are handled badly generated, weekly stored, and securely lost stolen, the whole system fails. Key management is the entire life cycle generation, storage, distribution, use, backup, revocation, destruction.
And there are many types of keys.
Oh yeah, symmetric encryption keys, key wrapping keys to encrypt other keys, master keys, key derivation keys, and mac keys, key agreement keys, signature keys, verification keys. Each has a specific job and needs managing properly.
Key derivation functions kdfs help general.
Yes, KDS takes some initial secret material like a password or a Divvyhulman shared secret, and derive one or more strong cryptographic keys from it. They often add salt and use iteration to make the derived keys resistant to attacks, even if the initial secret isn't perfectly random. The note showed different KDF modes like counter feedback double pipelined, so.
Kdfs are used for establishing symmetric keys too often.
Yes, you might establish a shared secret using DH, then run that secret through a KDF to get the actual encryption and MSS keys for your session.
And generating RSA or ECC key pairs.
RSA involves finding those large primes P and q, then calculating N, E and D. ECC involves picking curve parameters in a base point, then choosing a random private key an integer, and computing the public KeyPoint via scalar multiplication. Both need good randomness and careful parameter selection.
Key distribution Centers KDCs, like Curbaro's centralized key management.
In a network setting. Yes, Carbero's uses a trusted KDC. A client authenticates to the kdc's authentication server AS using a long term secret like derived from a password. The AS gives back a ticket granting ticket TGT to access a specific service. The client presents the TGT to the kdc's ticket granting server TGS, asking for a service ticket. The TGS issues a ticket encrypted for the service, plus a session key for the client and service. The client
presents the ticket to the service. They both extract a session key and can communicate securely.
Streamlines things reduces password sending, but still needs authentication. For Diffie Helman if used.
Yes, even if you use static Diffie Hellman keys DH static, you must authenticate the exchange somehow, maybe with certificates or signatures to prevent those man in the middle attacks. Basic DH isn't enough on its own, which.
Brings us to digital certificates and PKI public key infrastructure. How do they establish trust?
Certificates Link a public key to an identity, person, server, etc. A Certificate authority CAA verifies the identity and then digitally signs the certificate containing the public key and identity info using the CAA's private key.
So I trust the CAA.
You can verify the CAA's signature on the certificate using the CAA's public key. If it's valid, you trust that the public key in the certificate really belongs to the entity named in it. It builds a web of.
Trust, and they're different CAA structures single, two tier, three tier right.
Single tier is simple but risky. Root CAA compromises catastrophic. Two tier has intermediate CAAs issuing certificates protected by the root CAA. Three tier adds more layers, often for policy enforcement. More tiers give more flexibility and limit the root CAA's exposure, but add complexity.
How do we know if a certificate is still good even before it expires? What if the key got stolen?
Good point. CAAs maintain certificate revocation lists CRLs, lists of serial numbers of certificates that are no longer valid. Browsers or applications are supposed to check these CRLs.
That sounds slow downloading big lists.
It can be The alternative is OCSP Online Certificate Status protocol. The application directly queries an OCSP responder run by the CAA about a specific certificate status. It's faster for checking one cert.
And TLS for secure web connections. HTTPS uses all this heavily.
When your browser connects to an HTTPS site, the server sends its certificate. Your browser verifies the signature, tracing it back to a trusted root. CAA checks the expiration date, checks for revocation CROCSP, and make sure the name matches. If all checks out, the browser trusts the server's.
Public key and uses that public key for for the.
Key exchange part of the TLS handshake. They use the server's public key or Diffie Hellman, authenticated by the certificate to establish a symmetric session p for encrypting the actual website data. The key share extension helps negotiate the specifics of this exchange and cerberos.
Besides key distribution is also just a general authentication system.
Yes, its main goal is authentication in its network centralized secrets. Ticket based access avoid sending passwords repeatedly. Strong system, but depends heavily on the KDC being available and secure and requires unique names.
Okay, last practical area. Generating pseudorandom and prime numbers. We need randomness everywhere and primes for.
RSA absolutely good randomness. High entropy is the foundation. PRNGs need to be seated with entropy. We need drbg's deterministic random bit generators based on cryptoprimitives like hashes or block ciphers to generate long sequences from a good seed, and.
The period of a PRNG needs to be long.
Very long, ideally astronomical. If the sequence repeats too soon, it's predictable and insecure.
Entropy measures the unpredictability.
Yes, more entropy in your random source means more unpredictability. Drbgs have a security strength related to the entropy of their.
Seed and prime number generation. Not just picking random numbers.
No, you generate a large random odd number, then test if its prime trial division is too slow. We use probabilistic tests like.
Mil Rabin probabilistic, not guaranteed.
Miler raven gives very high probability run at enough times, and the chance of a composite number slipping through is prime becomes vanishingly small, small enough for cryptographic purposes. There are deterministic tests like aks, but often slower. Sometimes specific strong primes are generated for extra resilience.
Okay. The source material also has review questions and an index helpful for learning.
Definitely, exercises help solidify understanding questions about key usage, hash collisions diffy Hellman. They test if you grasp with the concepts, and a good index is invaluable for quickly finding details on specific topics like AES or boot force attacks.
Well, this has been quite the journey through cryptography and security from the core math to real world systems.
It really has, and it's amazing how these concepts, often invisible, underpins so much of our digital safety.
It's complex, no doubt, but hopefully listeners now have a better feel for what's going on behind the scenes, what makes these technologies secure or potentially insecure?
Right, Which leads to maybe a final thought for you, the listener. Given how fast threats and defenses evolve in this space, what's our responsibility as individuals as organizations to keep learning and adapting our own security practices.
That's a really important question something to think about. We definitely encourage you to dig deeper into the source materials if specific topics caught your interest.
Yeah, this deep dive is really just scratching the surface of a fascinating and vital field. There's always more to learn.