| Question |
| What are the latest cryptography standards and protocols ? |
| Answer |
| Please find the cryptography stands Data Encryption Standard Triple-DES Advanced Encryption Standard (AES) RSA the original public key algorithm OpenPGP CipherSaber Crypto Protocols Internet Key Exchange IPsec Kerberos Point to Point Protocol Transport Layer Security |
| |
| Question |
| What is public and private key? How those keys play a role in term of cryptography? |
| Answer |
| The basic concept of cryptography is very simple. In a typical cryptographic exchange, information that is meant to be hidden for whatever reason is encrypted, or ciphered into a difficult-to-interpret form. We call this conversion encryption because it involves the change of clear text, or understandable data, into cipher text, or difficult-to-interpret data. The encryption process is one-half of the entire cryptographic exchange. At the other end of the process is decryption, or the conversion of cipher text into clear text. Decryption is not always a part of encryption, however – some algorithms are called “hashes†as they only apply encryption (that is, from clear to cipher text) and have no means of deciphering the information. We will cover more on this later. Types of Cryptography Private (Secret) key cryptography Secret key cryptography is also known as symmetric key cryptography. With this type of cryptography, both the sender and the receiver know the same secret code, called the key. Messages are encrypted by the sender using the key and decrypted by the receiver using the same key. This method works well if you are communicating with only a limited number of people, but it becomes impractical to exchange secret keys with large numbers of people. In addition, there is also the problem of how you communicate the secret key securely. Public key cryptography Public key cryptography, also called asymmetric encryption, uses a pair of keys for encryption and decryption. With public key cryptography, keys work in pairs of matched public and private keys. The public key can be freely distributed without compromising the private key, which must be kept secret by its owner. Because these keys work only as a pair, encryption initiated with the public key can be decrypted only with the corresponding private key. |
| |
| Question |
| Brief us about the features of Cryptography? |
| Answer |
| Simplicity Features Interface-driven, POJO based – All of Shiro’s APIs are interface-based and implemented as POJOs. This allows you to easily configure Shiro Cryptography components with JavaBeans-compatible formats like JSON, YAML, Spring XML and others. You can also override or customize Shiro as you see necessary, leveraging its API to save you time and effort. o Simplified wrapper over JCE – The Java Cryptography Extension (JCE) can be complicated and difficult to use unless you’re a cryptography expert. Shiro’s Cryptography APIs are much easier to understand and use, and they dramatically simplify JCE concepts. So now even Cryptography novices can find what they need in minutes rather than hours or days. And you won’t sacrifice any functionality because you still have access to more complicated JCE options if you need them. Object Orientifies†cryptography concepts – The JDK/JCE’s Cipher and Message Digest (Hash) classes are abstract classes and quite confusing, requiring you to use obtuse factory methods with type-unsafe string arguments to acquire instances you want to use. Shiro ‘Object Orientifies’ Ciphers and Hashes, basing them on a clean object hierarchy, and allows you to use them by simple instantiation. o Runtime Exceptions – Like everywhere else in Shiro, all cryptography exceptions are RuntimeExceptions. You can decide whether or not to catch an exception based on your needs.Cipher Features o Hierarchy – Unlike the JCE, Shiro Cipher representations follow an Object-Oriented class hierarchy that match their mathematical concepts: AbstractSymmetricCipherService, DefaultBlockCipherService, AesCipherService, etc. This allows you to easily override existing classes and extend functionality as needed. o Just instantiate a class – Unlike the JCE’s confusing factory methods using String token arguments, using Shiro Ciphers are much easier – just instantiate a class, configure it with JavaBeans properties as necessary, and use it as desired. For example, new AesCipherService(). o More secure default settings – The JCE Cipher instances assume a ‘lowest common denominator’ default and do not automatically enable more secure options. Shiro will automatically enable the more secure options to ensure your data is as safe as it can be by default, helping you prevent accidental security holes. Hash Features o Deault interface implementations – Shiro provides default Hash (aka Message Digests in the JDK) implementations out-of-the-box, such as MD5, SHA1, SHA-256, et al. This provides a type-safe construction method (e.g. new Md5Hash(data)) instead of being forced to use type-unsafe string factory methods in the JDK. o Built-in Hex and Base64 conversion – Shiro Hash instances can automatically provide Hex and Base-64 encoding of hashed data via their toHex() and toBase64() methods. So now you do not need to figure out how to correctly encode the data yourself. o Built-in Salt and repeated hashing support – Salts and repeated hash iterations are very valuable tools when hashing data, especially when it comes to protecting user passwords. Shiro’s Hash implementations support salts and multiple hash iterations out of the box so you don’t have to repeat this logic anywhere you might need it. |
| |
| Question |
| What is the benefit of cryptography for an end user? |
| Answer |
| Advantage of Cryptography Very high speed of encryption. The chip contains the SED algorithm and all the other features of ClassicSys. One system covers all cryptographic needs, for all applications. New applications can be added without updating the chip. ClassicSys works is fully automated, requests to the TA are returned directly, without human intervention. PrivateKeys are completely unknown to everybody, even the Trust Authority’s manager ! All keys are written into chips and are not accessible to humans or other machines. This guarantees the privacy of all the end-users. Once an end-user has received the information to generate his ApplicationKeys, he does not need the intervention of the TA anymore. Email for example, users do not need the TA to exchange messages between themselves. ClassicSys acts like a public key cryptosystem : every end-user has one public ID number, which is used in a similar way to public keys. Email for example, when somebody wants to communicate with another end-user, he sends to the TA his ID number and the one from his correspondent. In return he receives information from the TA to generate their SessionKey. Cryptography allows us to hide information. Be it a letter, be it a file, be it a constant stream of video or audio over digital sources. Now computers are good at only one thing it’s manipulating and processing truly staggering amounts of data and information of many kinds in a short period of time. Information that would take humans to work though many, many times longer. There for the basis of breaking encryption becomes much easier with computers and logical/Turing machines which are constructed to apply mathematical force to a cytological methods until it finds the key. Normally it would take a bunch of people working on paper and pencil a insanely long time due to the complexity of modern cryto-methodology. So much so it’s just not remotely feasible without some kind of computer. In fact, computer technology as we know it today is largely based on the work of men who created them as tools to, in fact, try and break codes during world war II. So since computers make breaking codes much easier it therefore becomes necessary to use stronger and stronger methods of encryption and increasingly more complex keys. This has been a constant war for some time between those who built crypto-systems and those who break codes. Since most of the data in the world these days flows over computers on either public or private network connection ranging from local to global it becomes necessary to have a strong, reliable encryption methods for your data because it’s laughably easy for some one to just sniff packets off a network and read all the data you happen to be sending if it’s not encrypted. So Crypto-systems are needed in order to maintain data secrecy (for Governments, Companies protecting intellectual property, individuals who seek private communication and yes, even criminals who seek to keep their data safe from the authorities) for the people in question. |
| |
| Question |
| |
| What is Feistel Cipher and How it is used for encryption purpose by breaking the plain text into two halves ? |
| Answer |
| In cryptography, a Feistel cipher is a symmetric structure used in the construction of block ciphers, named after the German-born physicist and cryptographer Horst Feistel who did pioneering research while working for IBM (USA); it is also commonly known as a Feistel network. A large proportion of block ciphers use the scheme, including the Data Encryption Standard (DES). The Feistel structure has the advantage that encryption and decryption operations are very similar, even identical in some cases, requiring only a reversal of the key schedule. Therefore the size of the code or circuitry required to implement such a cipher is nearly halved. Example of Feistel Cipher Let {rm F} be the round function and let K_0,K_1,ldots,K_{n} be the sub-keys for the rounds 0,1,ldots,n respectively. Then the basic operation is as follows: Split the plaintext block into two equal pieces, (L_0, R_0) For each round i =0,1,dots,n, compute L_{i+1} = R_i, R_{i+1}= L_i oplus {rm F}(R_i, K_i). Then the ciphertext is (R_{n+1}, L_{n+1}). Decryption of a ciphertext (R_{n+1}, L_{n+1}) is accomplished by computing for i=n,n-1,ldots,0 R_{i} = L_{i+1}, L_{i} = R_{i+1} oplus {rm F}(L_{i+1}, K_{i}). Then (L_0,R_0) is the plaintext again. One advantage of the Feistel model compared to a substitution-permutation network is that the round function {rm F} does not have to be invertible. The diagram illustrates both encryption and decryption. Note the reversal of the subkey order for decryption; this is the only difference between encryption and decryption. |
| |
| Question |
| Any new standard for machine to machine communication unique to its low bandwidth and low data processing constraints ? |
| Answer |
| |
| We can use Identity Based (IDB) Cryptosystems to solve privacy and security issue in M2M communication. Other benifit is is IDB which is certificate less. |
| |
| Question |
| How does a certificate authority work? Or whats the purpose of a certificate authority? |
| Answer |
| |
| certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made by the private key that corresponds to the certified public key. CA is a trusted third party – trusted both by the subject (owner) of the certificate and by the party relying upon the certificate A certificate is required in order to avoid the case that a malicious party which happens to be on the path to the target server pretends to be the target The client uses the CA certificate to verify the CA signature on the server certificate, as part of the checks before establishing a secure connection |
| |
| Question |
| What is a the meaning of the term MAC and What is the difference between a MAC and a hash function? |
| Answer |
| Hashes are used to guarantee the integrity of data, a MAC guarantees integrity AND authentication. This means that a hashcode is blindly generated from the message without any kind of external input: what you obtain is something that can be used to check if the message got any alteration during its travel. A MAC instead uses a private key as the seed to the hash function it uses when generating the code: this should assure the receiver that, not only the message hasn’t been modified, but also who sent it is what we were expecting: otherwise an attacker couldn’t know the private key used to generate the code. usually a MAC generation algorithm is based upon a hash code generation algorithm with the extension that cares about using a private key. A hash is a function that produces a digest from a message. A cryptographically secure hash is for which it is computationally infeasible to generate a message with a given digest. On its own a hash of a message gives no information about the sender of a given message. If you can securely communicate the hash of a message then it can be used to verify that a large message has been correctly received over an unsecured transport. A message authentication code is a way of combining a shared secret key with the a message so that the recipient of the message can authenticate that the sender of the message has the shared secret key and the no-one who doesn’t know the secret key could have sent or altered the message. An HMAC is a hash-based message authentication code. Usually this involves applying a hash function one or more times to some sort of combination of the shared secret and the message. HMAC usually refers the the algorithm documented in RFC 2104 or FIPS-198. A MAC does not encrypt the message so the message is in plain text. It does not reveal the secret key so a MAC can be sent across on open channel with out compromising the key. |
| |
| Question |
| What is secret-key cryptography? What is public-key cryptography? What is the advantage of public-key cryptography over secret-key cryptography and vice-versa? |
| |
| Answer |
| |
| The Public Key is what its name suggests – Public. It is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa. Secret Key Encryption Systems Secret key encryption uses a single key to both encrypt and decrypt messages. As such it must be present at both the source and destination of transmission to allow the message to be transmitted securely and recovered upon receipt at the correct destination. The key must be kept secret by all parties involved in the communication. If the key fell into the hands of an attacker, they would then be able to intercept and decrypt messages, thus thwarting the attempt to attain secure communications by this method of encryption. Secret key algorithms like DES assert that even although it is theoretically possible to derive the secret key from the encrypted message alone, the quantities of computation involved in doing so make any attempts infeasible with current computing hardware. The Kerberos architecture is a system based on the use of secret key encryption. Public Key Encryption Public key systems use a pair of keys, each of which can decrypt the messages encrypted by the other. Provided one of these keys is kept secret (the private key), any communication encrypted using the corresponding public key can be considered secure as the only person able to decrypt it holds the corresponding private key. The algorithmic properties of the encryption and decryption processes make it infeasible to derive a private key from a public key, an encrypted message, or a combination of both. RSA is an example of a public key algorithm for encryption and decryption. It can be used within a protocol framework to ensure that communication is secure and authentic. |
