Cryptography

Submitted by Neha mukhi

What is cryptography?
Cryptography is the science of using mathematics to encrypt and decrypt data. Cryptography enables you to store sensitive information or transmit it across insecure networks (like the Internet) so that it cannot be read by anyone except the intended recipient.

Symmetric Key Cryptography

Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key (or, less commonly, in which their keys are different, but related in an easily computable way).

Public Key Cryptography

Public key cryptography is an asymmetric scheme that uses a pair of keys for encryption: a public key, which encrypts data, and a corresponding private, or secret key for decryption.

PGP best features of both PGP combines some of the

conventional and public key cryptography. PGP is a hybrid cryptosystem. When a user encrypts plaintext with PGP, PGP first compresses the plaintext. PGP then creates a session key, which is a one-time-only secret key the result is ciphertext. session key is encrypted with public key ciphertext + encrypted session key

LEVEL OF TRUST IN PGP

There are three levels of trust you can assign to someone elses public key: Complete trust Marginal trust No trust (or Untrusted) To define anothers key as a trusted introducer, you Start with a valid key, one that is either signed by you or signed by another trusted introducer and then Set the level of trust you feel the keys owner is entitled.

Digital Signature
Digital signatures enable the recipient of information to verify the authenticity of the informations origin, and also verify that the information is intact. Thus, public key digital signatures provide authentication and data integrity. A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information.

A one-way hash function takes variable-length input, a message of any length and produces a fixed-length output.The hash function ensures that, if the information is changed in any way even by just one bit an entirely different output value is produced. PGP uses a cryptographically strong hash function on the plaintext the user is signing. This generates a fixedlength data item known as a message digest.

Hash Function

Digital certificates
Digital certificates are used to thwart attempts to substitute one persons key for another. A digital certificate consists of three things: A public key. Certificate information. (Identity information about the user, such as name, user ID, and so on.) One or more digital signatures.

What is Passphrase?
A passphrase is a longer version of a password. PGP uses a passphrase to encrypt your private key on your machine. Your private key is encrypted on your disk using a hash of your passphrase as the secret key. You use the passphrase to decrypt and use your private key. A passphrase should be hard for you to forget and difficult for others to guess.

Protect Public keys from Tampering

In a public key cryptosystem, you dont have to protect public keys from exposure. But its important to protect public keys from tampering, to make sure that a public key really belongs to the person to whom it appears to belong. This may be the most important vulnerability of a public key cryptosystem.It is protetcted by introducing users to each other by providing signatures for their public key certificates. This trusted person could be regarded as a Certifying Authority. Any public key certificates bearing the Certifying Authoritys signature could be trusted as truly belonging to the person to whom they appear to belong to.

Compromised Passphrase and Public key cryptography

Dont use obvious passphrases that can be easily guessed, such as the names of your kids or spouse. Use spaces and a combination of numbers and letters in your passphrase. If you make your passphrase a single word, it can be easily guessed by having a computer try all the words in the dictionary until it finds your password. Thats why a passphrase is so much better than a password. A more sophisticated attacker may have his computer scan a book of famous quotations to find your passphrase. Be creative. Use an easy to remember but hard to guess passphrase; you can easily construct one by using some creatively nonsensical sayings or obscure literary quotes.

Exposure on Multiuser system

PGP was originally designed for a single-user PC under your direct physical control. If you run PGP at home on your own PC, your encrypted files are generally safe , unless someone breaks into your house, steals your PC and persuades you to give them your passphrase (or your passphrase is simple enough to guess). PGP is not designed to protect your data while it is in plaintext form on a compromised system. Nor can it prevent an intruder from using sophisticated measures to read your private key while it is being used. You will just have to recognize these risks on multiuser systems, and adjust your expectations and behavior accordingly.

Conclusion
An expensive and formidable cryptanalytic attack could possibly be mounted by someone with vast supercomputer resources, such as a government intelligence agency. They might crack your public key by using some new secret mathematical breakthrough.There can be no absolute security guarantees in practical cryptographic implementations. Still, some optimism seems justified. The public key algorithms, message digest algorithms, and block ciphers used in PGP. Method explained is simple to understand and easy to Debug.

Thank you

Queries