THIS IS A DEMO VERSION. Please get a login for full access.Login

Encryption

Bob

[Back] This is a site which presents a number of key security methods using MVC ASP.NET:

A few basic principles

  • Brute Force (with increasing keys). Brute Force. This is an outline for brute force calculations.
  • Brute Force (with increasing computing power). Brute Force (over the years). This is an outline for brute force calculations for increasing computing power.
  • Large numbers. Large. With encryption we normally deal with large numbers. This example shows how we can display these.
  • Random number. Random. This provides a 192-bit random number.
  • Random number (512-bit). Random. This provides a 512-bit random number which is used in 1024-bit encryption.
  • GCD. GCD. GCD is the greatest common divisor.
  • Key Entropy. Entropy. Determines key entropy.

Prime numbers

The following are the tips related to prime numbers, which are a key principle in public=key encryption:

  • Find primes. Find Prime Numbers. Many public key algorithms depend on primary number, which are difficult to factorize when multiplied together. This program creates the ones from 1 to 1,000,000.
  • Prime numbers. Prime. Prime numbers are used extensive in encryption, such as in the Diffie-Hellman method.
  • Test if prime? testprime. Thi s checks for whether a number is prime.

Public-key encyption methods

The following are the tips related to encryption:

  • RSA. Simple RSA Calculation. This is a simple tutorial for RSA key generation.
  • RSA. RSA Encryption. This uses RSA key generation and encryption.
  • DSA. DSA Encryption. This uses DSA key and fingerprint generation.
  • ElGamal. ElGamal. ElGamal is a public key method which uses discrete logarithms.

Private-key encyption methods

The following are the tips related to encryption:

  • DES. DES. DES encryption algorithm is block cipher and uses a 64-bit block and a 64-bit encryption key.
  • 3DES. 3DES. DES encryption algorithm is block cipher and uses a 64-bit block and a 64-bit encryption key (of which only 56 bits are actively used in the encryption process). Unfortunately DES has been around for a long time, and the 56-bit version is now easily crackable (in less than a day, on fairly modest equipment). An enhancement, and one which is still fairly compatible with DES, is the 3-DES algorithm. It has three phases, and splits the key into two. Overall the key size is typically 112 bits (2x54 bits - with a combination of the three keys - of which two of the keys are typically the same). The algorithm is EncryptK3( DecryptK2( EncryptK1(message), where K1 and K3 are typically the same (to keep compatibility).
  • RC2. RC2. RC2 ("Rivest Cipher") is a block cipher, and is seen as a replacement for DES. It was created by Ron Rivest in 1987, and is a 64-bit block code and can have a key size from 40 bits to 128-bits (in increments of 8 bits). The 40-bit key version is seen as weak, as the encryption key is so small, but is favoured by governments for export purposes, as it can be easily cracked. In this case the key is created from a Key and an IV (Initialisation Vector). The key has 12 characters (96 bits), and the IV has 8 characters (64 bits), which go to make the overall key.
  • AES. AES. AES (or Rijndael) is a new block cipher, and is the new replacement for DES, and uses 128-bit blocks with 128, 192 and 256 bit encryption keys. It was selected by NIST in 2001 (after a five year standardisation process). The name Rijndael comes from its Belgium creators: Joan Daemen and Vincent Rijmen.
  • Blowfish. Blowfish. Bruce Schneier created Blowfish with a general-purpose private key block cipher encryption algorithm.
  • Blowfish (with CBC). Blowfishcbc. With CBC we split the message into blocks and encrypt each block. The input from the first stage is the IV (Initialisation Vector), and the input to the following stages is the output from the previous stage. In this example we will use Blowfish to encrypt, using CBC.
  • Twofish. Twofish. Bruce Schneier created Twofish with a general-purpose private key block cipher encryption algorithm.
  • Skipjack. Skip jack. Skipjack is a block cipher, using private-key encryption algorithm, and designed by NSA.
  • Camellia. Camellia. Camillia is a block cipher created by Mitsubishi and NTT.
  • RC4. RC4. RC4 is a stream cipher used in WEP (in wireless encryption).
  • Affine. Affine. Affine is a stream cipher which uses an equation to encrypt.

Hash functions

The following are the tips related to hashing:

  • MD5 and SHA-1. Hash. MD5 and SHA-1 methods produces a hash signature, and are the two of the most widely used methods. The MD5 algorithm has been show to have weaknesses, and a collision of message hashes has been shown to occur in less than one day. An MD5 signature has 128 bits, an SHA-1 signature has 160 bits, and an SHA-256 signature has 256 bits.
  • MD5 Cracking. Hash Cracker. MD5 has a 128-bit signature, and can be cracked using rainbow tables. This page tries to crack the MD5 signature.
  • MD5 and SHA-1 (to Base-64) Hash. MD5 and SHA-1 produces a hash signature, and the output is typically show in a hex format or a Base-64. In this example the output is converted into a Base-64 format.
  • MD5 and SHA-1 (to Base-64) with salt Salt. It is possible to add salt to the MD5 algorithm, to mix it up a little.
  • MD2 and MD4 MD2/4. The MD2 and MD4 hashing functions were developed by Prof Ronald Rivest in 1989 and 1990, respectively. They both produce a 128-bit hash, but have been shown be vunerable to attack (see the Collision section in the page).
  • LM Hash. LM Hash. This is an LM Hash Calculator. LM Hash is used in many version of Windows to store user passwords that are fewer than 15 characters long.
  • Whirlpool. Whirlpool. Whirlpool is a 512-bit cryptographic hash function, and was created by Vincent Rijmen (one of the AES creators) and Paulo Barreto, in 2000.
  • RIPEMD (RACE Integrity Primitives Evaluation Message Digest) and GOST. RIPEM160. RIPEMD is a 128-bit, 160-bit, 256-bit or 320-bit cryptographic hash function, and was created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. It is used on TrueCrypt, and is open source. The 160-bit version is seen as an alternative to SHA-1, and is part of ISO/IEC 10118
  • Tiger. Tiger. Tiger is a 192-bit hash function, and was designed by Ross Anderson and Eli Biham in 1995. It is often used by clients within Gnutella file sharing networks, and does not suffer from known attacks on MD5 and SHA-0/SHA-1. Tiger2 is an addition, in which the message is padded with a byte of 0x80 (in a similar way to MD4, MD5 and SHA), whereas in Tiger it is 0x01. Otherwise the two methods are the same in their operation.
  • SHA-3. SHA-3. SHA-3 was known as Keccak and is a hash function designed by Guido Bertoni, Joan Daemen, MichaĆ«l Peeters, and Gilles Van Assche. MD5 and SHA-0 have been shown to be susceptible to attacks, along with theoretical attacks on SHA-1. NIST thus defined there was a need for a new hashing method which did not use the existing methods for hashing, and setup a competition for competing algorithms. In October 2012, Keccak won the NIST hash function competition, and is proposed as the SHA-3 standard. It should be noted that it is not replacement SHA-2, which is currently a secure methods. Overall Keccak uses the sponge construction where the message blocks are XORed into the initial bits of the state, and then invertibly permuted.
  • Bcrypt. Bcrypt. This creates a hash value which has salt.

One Time Passwords/Time Stamps

The following are the tips related to hashing:

  • One Time Passwords. One Time. This allows a new unique password to be created each instance, based on an initial seed.
  • Timed One Time Password (TOTP). Timed One Time Password. This allows a new unique passcode to be created each instance, based on an initial seed for a given time window. We will use a five second window in this case, where a new passcode is generated every five seconds, based on an initial seed of a pass phrase.
  • Hashed One Time Password (HOTP). Hashed One Time Password. This allows a new unique passcode to be created each instance, based on a counter value and an initial seed.
  • Time Stamp Protocol. TSP. This creates a time stamp for data.

Message authentication codes (MACs)

  • MAC Triple-DES. MAC3DES. MACs can be used to authenticate a message, as a key is required to determine the hash value. With this the sender computes the hash with a secret key, and sends to the receiver, where the receive then calculates the hash of the message, and uses the secret key. If the hash received is the same as the computed one, the message has not been tampered with. The key size can be 8, 16 or 24 bytes. In this case, 24 bytes are used, and produces a hash of 8 bytes (64 bits), using the TripleDES encryption method.
  • HMAC. HMAC. HMAC is a message authentication code (MAC) and can be used to verify the integrity and authentication of a message. It involves hashing a message with a secret key. As with any MAC, it can be used with standard hash function, such as MD5 or SHA-1, which results in methods such as HMAC-MD5 or HMAC-SHA-1. As with any hashing function, the strength depends on the quality of the hashing function, and the resulting number of code bits. Along with this the number of bits in the secret key is a factor.

Authenticated Encryption

  • AES CCM. AES CCM. AES is a secret key encryption method, and does not provide authentication of the message. CCM can add to AES by providing an authentication and encrypt block cipher mode [CCM - Counter with CBC-MAC]]. It has two parameters: M which indicates the indicates the size of the integrity check value (ICV) and L which defines the size of the length field in octets.

Data Integrity

  • CRC-32. CRC-32. CRC is one of the most reliable error detection schemes and can detect up to 95.5% of all errors. The most commonly used code is the CRC-32 standard code which is defined by the CCITT, and will give a 32-bit CRC signature (8 hex characters). This signature is normally appended onto the data, and then checked when the data is read. If the CRC-32 check differs from the stored value, there is likely to be an error in the data.

Key interchange

Pigpen

The following relates to key interchange:

  • Diffie-Hellman. Diffie-Hellman Calculation. Diffie-Hellman is a standard method of Alice and Bob being able to communicate, and end up with the same secret encryption key. It is used in many applications.
  • Diffie-Hellman (Real example). Diffie-Hellman Real. Diffie-Hellman is a standard method of Alice and Bob being able to communicate, and end up with the same secret encryption key. It is used in many applications.

Digital Certificates

The following are the tips related to hashing:

Associated

The following are the tips related to associated material:

  • Web.config. Web.config. The following is a demonstration of the Web.config file in ASP.NET. Alt Demo: Security Software (ASP.NET)
  • Role-based security. Role-based. The Microsoft .NET environment now offers an excellent alternative to Java in producing portable and secure code. It uses a role-based approach for user authentication, with the WindowsIndentity class, where the GetCurrent() method can be used to get the current user. The WindowsPrincipal class can then be used to apply the role.
  • Shamir's Secret Sharing. Shamir.
  • SFE. SFE. SFE can be used to verify a value, without releasing the original data. For example if we have a voting competion with Bob, Alice and Carol. Bob, Alice and Carol vote, and they want to keep their votes secret, but they need to calculate the overall total. Typically an independent person would tally up the votes, but what if they do not trust anyone. This is where SFE comes in, where they can calculate the total with knowing the votes from the others.