What are the advantages of having a symmetric encryption algorithm with a lower probability of key retrieval than the asymmetric encryption used for transferal of symmetric key? I can see how it obligates the eavesdropper to concentrate on the asymmetric key, but are there other advantages?
Related
so I understand that Vigenere Cipher can be cracked, without key, by using frequency analysis and there are
some clever ways to get the key length.
My question is what if we encrypt the ciphertext again with a different set of keys?
All methods I've seen at obtaining the key length so far relies on frequency analysis of some sort.
The first round of encryption should give a pretty even distribution of letters, so if we
encrypt it again, then it should be disable any method that try to decrypt without the key.
Would this make it unbreakable?
No, hypothetically we can still apply frequency analysis on the new ciphertext, as the Vigenere cipher is still broken. You simply make it more difficult for an attacker to perform analysis, but all you're adding is a layer of obfuscation. This doesn't magically patch broken ciphers unfortunately.
Example, say we have a plaintext and encrypt it twice, using different keys
plaintext stackoverflow
key1 heapunderflow
key2 cryptographic
ciphertext boygxpezizdku
This would be equal as first encrypting key1 with key2 and then using that output as a key on the plaintext
key1 heapunderflow
key2 cryptographic
key3 jvyenbjvruswy (ciphertext of key1-key2 encryption)
plaintext stackoverflow
key3 jvyenbjvruswy
ciphertext boygxpezizdku
Of course, then we could still apply analysis. When the key is truly random, as long as the plaintext and only used once, only then is the Vigenere cipher hypothetically unbreakable, however, then the key provides the cryptography strength, not the cipher, in which scenario we refer to the system as a one-time pad.
I'm reading that it is because RSA has to do with math (prime numbers) while Symmetric key encryption is about taking blocks of data and modifying the blocks with replacements and remappings, but I still don't understand why Asymmetric encryption has to have longer keys because of that, or if that's even why?
For symmetric ciphers, the cipher strength depends on the key length assuming the cipher is not broken.
Asymmetric encryption is based on a trapdoor function (not necessarily prime numbers, there are others as well, such as elliptic curves or lattices). It should be one way function (for encryption) with very difficult computation of its inverse (decryption) without some kind of secret. So the strength of the asymmetric cipher depends on key length and as well on how difficult is to compute the function inverse with the specific key length
Example: breaking a 128 bit symmetric key would mean testing 2^128 numbers. Solving discrete logarithm problem (inverse of RSA) for 128 bit key will take much less time (we need to solve a math problem, not find a random key), so much longer key is needed to make up the same level of security
Can we assume that same encryption key is used to encrypt data if encrypted data are same?
For example, plain text is 'This is sample'.
First time we use 3DES algorithm and encryption key to encrypt it. Encrypted data became 'MNBVCXZ'.
Second time again, we use 3DES algorithm and encryption key to encrypt it. Encrypted data became 'MNBVCXZ'.
My questions are:
Can I assume static encryption key is used in this encryption process?
How many keys can be used to encrypt data using 3DES algorithm?
Can I assume static encryption key is used in this encryption process?
Yes, if you perform the encryption yourself (with a very high probability), no if an adversary can perform the encryption and the plaintext/ciphertext is relatively small.
As 3DES does indeed have 2^168 possible keys and 2^64 possible blocks, it should be obvious that some keys will encrypt a single plaintext to the same ciphertext. Finding such a pair of keys requires about 2^32 calculations on average (because of the birthday paradox).
If the plaintext is larger (requires more than one block encrypt) then the chance of finding a different key that produces the same ciphertext quickly will go to zero.
If one of the keys is preset it will take about 2^64 calculations to find another key. And - for the same reason - there is only a chance of 1 / 2^64 to use two keys that unfortunately produce the same ciphertext for a specific plaintext.
If you want to make the calculations yourself, more information here on the crypto site.
How many keys can be used to encrypt data using 3DES algorithm?
2^168 if you consider the full set of possible keys, i.e. you allow DES-ABC keys. These keys are encoded as 192 bits including parity. This would include DES-ABA and DES-AAA keys (the latter is equivalent to single DES).
2^112 if you consider only DES-ABA keys. These keys are encoded as 128 bits including parity. This would include single DES.
I read some white paper about RSA encryption. I find this statement. but I can't understood why?
Statment is The time for RSA encryption and Decryption depends on the key size, but does not depend on the size and content of input data, if this statment right meaningly wehen encrypt 1000 byte , 10000 byte same time for encrypt and decrypt?
The time is always the same because the input length is always the same.
The plain text is padded to the size of the RSA modulus. If the plain text is too long, you cannot encrypt it with RSA. Of course, you can split your plain text up and encrypt each chunk with an independent RSA operation, but this isn't how the algorithm was intended to be used.
RSA encryption is best suited as a key transport algorithm. You choose a symmetric key, and use an RSA public key to encrypt it. The symmetric key can be used for encrypting a lot of data with some algorithm like AES. This is much, much faster than using public key cryptography to encrypt and decrypt bulk data.
I'm some newbie of data encryption. I goggling data encryption and mostly found md5 and SHA algorithms.Which technology do you consider to be the best for data storage/security and why?
MD5 and SHA are hash functions, they create fingerprint - fixed-length representation - from the bunch of data. For example, they are extensively used as a way to check consistency of your iso image downloads for many open-source products, but this means you can use them to create fingerprints from any selection of bytes. So they do not encrypt.
If you want to encrypt, you should check for encryption algorithms. The most feasible now I believe is AES (Advanced encryption Standard) if you look for symmetric encryption algorithms (eg. where key for encryption and decryption is the same or easily computed one from another) or RSA if you look for asymmetric (where you have 2 keys - public and private, and compute private key from public is hard task).
If you are about to create digital signatures, you may want to check things like DSA (digital signature algorithm) and ECDSA (DSA over elliptic curves.). Note that asymmetric algorithms work over numbers with extended precision - like 512, 1024, 2048 bits and so on. You need special libraries that can handle such numbers. If you use C++ I can recommend you trying Crypto++. Find something similar for other languages.
I hope this was useful for you.
If your data is password and you want to store it some where then Use MD5 or SHA Hash.
There are two advantages of these.
A hash can not be decrypted to recover old value so your password will never ever will be cracked even if you provide MD5/SHA hash of password to some one :)
A hash of particular string will be always same so you can compare passwords based on Hash.
AES :
Symmetric algorithm so faster
Use with PKCS5Padding and CBC mode
Always store IV
Symmetric so you need same key while you are decrypting encrypted text so you can not at all share keys.
RSA
PKI Infrastructure to exchange Keys
Slow
There are other algorithms also Like DES(Not So Secure), 3DES(Often called Tripple DES- Not enough secure compared to DES)