key

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

This form of encryption algorithm is asymmetric key block cipher that is characterized by a 128-bit block size, and its key size can be up to 256 bits. Which among the following is this encryption algorithm?

Option 1 : HMAC encryption algorithm
Option 2 : Twofish encryption algorithm
Option 3 : IDEA
Option 4 : Blowfish encryption algorithm

1. HMAC encryption algorithm

HMAC stands for Keyed-Hashing for Message Authentication. it is a message authentication code obtained by running a cryptographic hash function (like MD5, SHA1, and SHA256) over the info (to be authenticated) and a shared secret key. HMAC is laid out in RFC 2104.
HMACs are almost almost like digital signatures. They both enforce integrity and authenticity. They both use cryptographic keys. and that they both employ hash functions. the most difference is that digital signatures use asymmetric keys, while HMACs use symmetric keys.

How HMAC works

To understand how HMAC works, let’s first examine how a hash function (on its own) might be used for conducting a knowledge integrity check on a file transfer. for instance a client application downloads a file from a foreign server. It’s assumed that the client and server have already agreed on a standard hash function, say SHA2.
Before the server sends out the file, it first obtains a hash of that file using the SHA2 hash function. It then sends that hash (a.k.a. message digest) along side the file itself. Upon receiving the 2 items (i.e. the downloaded file and therefore the hash), the client obtains the SHA2 hash of the downloaded file then compares it with the downloaded hash. If the 2 match, then that might mean the file wasn’t tampered along the way.
If an attacker manages to intercept the downloaded file, alter the file’s contents, then forward the tampered file to the recipient, that malicious act won’t go unnoticed. That’s because, once the client runs the tampered file through the agreed hash algorithm, the resulting hash won’t match the downloaded hash. this may let the receiver know the file was tampered along he way.
So a hash function should do the trick then? Not so fast. While a hash function can establish data integrity, i.e. that the file or message wasn’t altered along the way, it can’t establish authenticity. How would the client know the message it received came from the legitimate source?
That’s why secure file transfer protocols like FTPS, SFTP, and HTTPS use HMACs rather than just hash functions.When two parties exchange messages through those secure file transfer protocols, those messages are going to be amid HMACs rather than plain hashes. An HMAC employs both a hash function and a shared secret key.
A shared secret key provides exchanging parties how to determine the authenticity of the message. That is, it provides the 2 parties how of verifying whether both the message and MAC (more specifically, an HMAC) they receive really came from the party they’re alleged to be transacting with.
The secret key enables this capability because it’s generated during key exchange, a preliminary process that needs the participation of the 2 parties. Only those two parties who participated within the key exchange would know what the shared secret key’s . In turn, they might be the sole ones who would be ready to reach an equivalent result if they compute the message’s corresponding MAC using the shared secret key.

Why is HMAC suitable for file transfers?

Aside from its ability to enable data integrity and message authentication, one more reason why HMAC is a superb file transfer data integrity-checking mechanism is its efficiency. As discussed within the article Understanding Hashing, hash functions can take a message of arbitrary length and transform it into a fixed-length digest. meaning , albeit you’ve got relatively long messages, their corresponding message digests can remain short, thereby allowing you to maximise bandwidth.

Choosing an HMAC

Because an HMAC’s properties (especially its cryptographic strength) is very hooked in to its underlying hash function, a specific HMAC is typically identified supported that hash function. So we’ve HMAC algorithms that pass the names of HMAC-MD5, HMAC-SHA1, or HMAC-SHA256.
You’ve probably heard about the collision-related vulnerabilities of MD5. It’s worth noting that HMAC-MD5, in spite of its underlying MD5 hash function, isn’t as suffering from those vulnerabilities. Regardless, SHA-1 remains cryptographically stronger than MD5 and SHA-2 (and its different forms, e.g. SHA-224, SHA-256, SHA-512) is likewise cryptographically stronger than SHA1, so you’ll want to require that into consideration.
So which HMAC do you have to use? you’d normally choose an HMAC supported its underlying hash function. So, for instance , you’d want to use HMAC-MD5 if performance is more critical to you than security. On the opposite hand, if security is more critical, then you would possibly want to use HMAC-SHA256 instead.

2. Twofish encryption algorithm

Twofish is an encryption algorithm designed by Bruce Schneier. It’s a symmetric key block cipher with a block size of 128 bits, with keys up to 256 bits. it’s associated with AES (Advanced Encryption Standard) and an earlier block cipher called Blowfish. Twofish was actually a finalist to become the industry standard for encryption, but was ultimately beaten out by the present AES.
Twofish has some distinctive features that set it aside from most other cryptographic protocols. For one, it uses pre-computed, key-dependent S-boxes. An S-box (substitution-box) may be a basic component of any symmetric key algorithm which performs substitution. within the context of Twofish’s block cipher, the S-box works to obscure the connection of the key to the ciphertext. Twofish uses a pre-computed, key-dependent S-box which suggests that the S-box is already provided, but depends on the cipher key to decrypt the knowledge .

How Secure is Twofish?

Twofish is seen as a really secure option as far as encryption protocols go. one among the explanations that it wasn’t selected because the advanced encryption standard is thanks to its slower speed. Any encryption standard that uses a 128-bit or higher key, is theoretically safe from brute force attacks. Twofish is during this category.
Because Twofish uses “pre-computed key-dependent S-boxes”, it are often susceptible to side channel attacks. this is often thanks to the tables being pre-computed. However, making these tables key-dependent helps mitigate that risk. There are a couple of attacks on Twofish, but consistent with its creator, Bruce Schneier, it didn’t constitute a real cryptanalysis. These attacks didn’t constitue a practical break within the cipher.

Products That Use Twofish

GnuPG: GnuPG may be a complete and free implementation of the OpenPGP standard as defined by RFC4880 (also referred to as PGP). GnuPG allows you to encrypt and sign your data and communications; it features a flexible key management system, along side access modules for all types of public key directories.
KeePass: KeePass may be a password management tool that generates passwords with top-notch security. It’s a free, open source, lightweight and easy-to-use password manager with many extensions and plugins.
Password Safe: Password Safe uses one master password to stay all of your passwords protected, almost like the functionality of most of the password managers on this list. It allows you to store all of your passwords during a single password database, or multiple databases for various purposes. Creating a database is straightforward , just create the database, set your master password.
PGP (Pretty Good Privacy): PGP is employed mostly for email encryption, it encrypts the content of the e-mail . However, Pretty Good Privacy doesn’t encrypt the topic and sender of the e-mail , so make certain to never put sensitive information in these fields when using PGP.
TrueCrypt: TrueCrypt may be a software program that encrypts and protects files on your devices. With TrueCrypt the encryption is transparent to the user and is completed locally at the user’s computer. this suggests you’ll store a TrueCrypt file on a server and TrueCrypt will encrypt that file before it’s sent over the network.

3. IDEA

IDEA (International encoding Algorithm) is an encryption algorithm. it’s a symmetric block cipher which takes 64 bit as a input, 28-bit key and performs 8 identical rounds for encryption during which 6 different subkeys are used and 4 keys are used for output transformation.

Understanding IDEA Algorithm

• The standard block size is 16 bytes of 128 bits. A block cipher will typically operate in round blocks where a part of the key’s applied to the round then other operations are performed thereon . After a particular number of rounds, say between 10 to 16, we find yourself with our ciphertext for that block.
• The ciphertext block is strictly an equivalent size because the plain text block, 16 bytes. for every round, we operate the block employing a a part of the encryption key that we call because the round key. We derive the multiple round keys from the encryption key employing a key schedule.
• The key schedule is an algorithm that Shifts, XORs, Multiplies and performs other sorts of operation on the first encryption key so as to return up with these round keys. Well if I even have 16-byte block and that i have a 128-bit key.

4. Blowfish encryption algorithm

Blowfish features a 64-bit block size and a key length of anywhere from 32 bits to 448 bits. it’s a 16-round Feistel cipher and uses large key-dependent S-boxes. it’s similar in structure to CAST-128, which uses fixed S-boxes.
The diagram to the left shows the action of Blowfish. Each line represents 32 bits. The algorithm keeps two subkey arrays: the 18-entry P-array and 4 256-entry S-boxes. The S-boxes accept 8-bit input and produce 32-bit output. One entry of the P-array is employed every round, and after the ultimate round, each half the info block is XORed with one among the 2 remaining unused P-entries.
The diagram to the proper shows Blowfish’s F-function. The function splits the 32-bit input into four eight-bit quarters, and uses the quarters as input to the S-boxes. The outputs are added modulo 232 and XORed to supply the ultimate 32-bit output.
Since Blowfish may be a Feistel network, it are often inverted just by XORing P17 and P18 to the ciphertext block, then using the P-entries in reverse order.

The Feistel structure of Blowfish

Blowfish’s key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern. the key key’s then XORed with the P-entries so as (cycling the key if necessary). A 64-bit all-zero block is then encrypted with the algorithm because it stands. The resultant ciphertext replaces P1 and P2. The ciphertext is then encrypted again with the new subkeys, and P3 and P4 are replaced by the new ciphertext. This continues, replacing the whole P-array and every one the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to get all the subkeys – about 4KB of knowledge is processed.

Learn CEH & Think like hacker


This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment