Overview Of Cryptography

Introduction

Cryptography is a type of a rule or a technique by which private or sensitive information is secured from the public or other members. It focuses on the confidential data, authentication, data integrity etc. The use of Cryptography in passwords is a very famous example. Cryptography is based on mathematical theory and some Computer Science principles.
 
There are many terminologies related to cryptography. Below are the some terms.
  • Ciphertext
    Conversion of plain text into an intelligible text is called ciphertext.

  • Cipher
    It is a technique of encryption and decryption. Key and algorithm plays an important role into this technique.
  • Symmetric
    It is a kind of cryptosystem. It uses same key for the encryption and decryption. It is faster than asymmetric. It uses AES (Advanced Encryption Standard).

  • Asymmetric
    It is also a kind of cryptosystem. It uses a public key for the encryption and the private key for the decryption of any message. It uses RSA(Rivest-Shamir-Adleman) and ECC(Elliptic Curve Cryptography) system.

  • Cryptanalysis
    It is the study of cracking the encryption of the algorithms.
Cryptography is a vast subject. In this article, I will be focused on explaining bad or crackable cryptography. Hence, some bad or crackable cryptographic techniques are given below. We should always try to avoid these.

Use of Weak or Flawed Algorithms

Some cryptographic algorithms are weak. We should always try to avoid using them in the Application. Some weak algorithms are given below.
  • DES
  • 3DES
  • MD5
  • Sha1
  • AES
  • Blowfish
  • Diffie Hellman
Issue with DES Algorithm

DES stands for Data Encryption Standards. It uses the same key to encrypt and decrypt a message. The sender and receiver use the same private key. It was designed by IBM. It uses 16 rounds Feistel Structure. .NET provides this cryptography into System.Security.Cryptography.DES class.
 
It can be cracked by applying brute-force technique. EFF's machine can crack this algorithm easily.

Issues with 3DES Algorithm

3DES stands for Triple Data Encryption Standard Algorithm. It is a symmetric-key blocker cipher algorithm. It applies DES algorithm three times to each data block. It is considered much better than DES in terms of security but still considered vulnerable. Microsoft's OneNote, Outlook 2007 and Microsoft System Center Config Manager 2012 uses this encryption technique. 
 
3DES is vulnerable to sweet32 attacks which let attackers decrypt HTTPS session even without the encryption key.

Issues with MD5 Algorithm

MD5 was designed for a cryptographic HASH function. It is widely used in HASH function, thereby producing a 128-bit Hash value.
 
It can be reversed by Brute-Force attack and suffers from extensive vulnerabilites.

Issues with Sha1 Algorithm

SHA-1 stands for Secure Hash Algorithm. It is a cryptographic HASH function. Now, it is not considered secure against well-funded opponents. Microsoft, Google, Mozilla will stop the use of SHA-1 SSL Certificate by 2017 from their browsers.
 
In 2005, Rijmen and Oswal published an attack on it and in Feb 2005, Xiaoyun Wang, Yiqun Lisa Yin and Hongbo Yu announced the attacks can find Collisions.

Issues with AES Algorithm

AES stands for Advanced Encryption Standard. It is also known as Rijndael. Many attacks like XSL attack, Key-recovery attack, Side-Channel attack have been announced for this cryptography technique.

Issues with Blowfish Algorithm

It is a symmetric-key block cipher cryptography algorithm. It was designed in 1993 by Bruce Schneier. It is vulnerable to Sweet 32 Birthday attack, known as plaintext attacks.

Don't Select Wrong Algorithm

Don't select wrong algorithm in the case mentioned below.
  • Never use HASH function for the encryption.
  • Never use encryption algorithm for Hashing.
  • Never use insecure encrypted modes like DES, EBC, etc.
Use of Key Incorrectly

The points, mentioned below describe the use of key incorrectly. Always think about the points, mentioned below before the selection of any key.

Weak Keys
  • Never select short keys.
  • Key should be not be much less random.
  • Don't use human passwords as an encryption key.
Disclose of Key
  • Never forget to Encrypt key during the message transmission or storage.
  • Don't hard code the key.
  • Clean the encrypted key after the usage.
Sniffing, Snooping, Spoofing

Always try to be safe from three terms: sniffing, snooping, spoofing. Below is the explanation.

Sniffing & Snooping

It is a very famous term in the network traffic between the user and the Website. If the user logs in to a Website and the Website doesn't use any encryption technique, then the user's user name and password can be sniffed off the network by some person, who can capture the network traffic between the user and the website.

Spoofing

In Spoofing, someone tries to introduce himself as another person. An Email can be sent by pretending to be someone else, using Spoofing.

Very famous example of Spoofing is IP Spoofing. Here, a person sends some information to another host. The person uses some other person's IP address for sending. He or she never uses his or her own IP address.

Conclusion

Cryptography is a very good technique for data integrity, authentication and sensitive data protection. It should be used the proper way and proper cryptographic algorithm should be used. The developers must be aware of the  terms Sniffing, snooping and spoofing before the development of any application.