Document Sample

Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Selected Topics of Applied Cryptography Ciphers Used in the OpenSSH Tool Mathematisches Seminar SS/2003 Hofbauer Heinz Stutz Thomas ¨ hhofbaue@cosy.sbg.ac.at tstuetz@cosy.sbg.ac.at Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Introduction to Cryptography • governments, military ,espionage • secure internal communication • World War 2 : Enigma • 20 years of public research • wide range of state of the art cryptographic implementations for normal citi- zens • Cryptography, What for? − access control − data security − privacy − digital signature − ... Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Overview of our Presentation • Terminology • Asymmetric Ciphers − Introduction − Classiﬁcation − Difﬁe-Hellman − ElGamal − RSA • Symmetric Ciphers − Introduction − Binary Basics − DES − Modes of Operation • Usage of Ciphers in OpenSSH Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Terminology • Cipher • Ciphertext, Plaintext • Sender, Receiver • Cryptography, Cryptoanalysis, Cryptology • Symmetric , Asymmetric Ciphers • Public Key • Key, Key Space Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Introduction to Public Key algorithms Consist of • a function ePK to encrypt • a function dK decrypt • a public key PK • a private key K The functions and the public key can be made public, the security does not depend on this fact. • to a Plaintext M the output of the function ePK (M) = C is calculated. • To obtain the original message from the Ciphertext dK (M) is computed. • The Concept of a One Way Function There must not be a simple way to deduct M or K from C,PK and the two functions. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Classiﬁcation by Usage There are generally spoken three classic types of usage for a public key algorithm. • Encryption/Decryption This is what one would expect, that public key algorithms are used to encode and decode data. • Digital Signature are used to securely identify a ﬁle with an owner. − sign function for a Person T : sT − veriﬁcation function for T : vT • Key Exchange This is a major topic since, asymmetric ciphers are quite slow, while symmetric ciphers do not have this complexity and time limitations. Therefore it is useful to use a public key system for key exchange Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Classiﬁcation by Problem • incomplete List • every computational hard problem, (e.g. every NP-complete) could be used for a public key system • many constraints • property of a one way function to some degree This means that the computational effort for encryption is quite little, while the encryption without the public key is nearly impossible. • secure implementation Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Classiﬁcation by Problem (Con’t) • Knapsack • Discrete Logarithm • Factoring • Square Roots Modulo n • Elliptic Curve Cryptosystems Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Knapsack For a given set of values {M1, . . . Mn} and a number S the Knapsack problem consists of solving the following equation: S = b1M1 + b2M2 + . . . + bnMn The values of the bi can either be 0 or 1. The time needed to solve this equations seems to grow exponentially with n , the number of values (all possible solutions are 2n, which can be assumed to be worst case). Plain Text: 1 1 1 0 0 1 0 0 Knapsack: 1 3 5 7 17 20 113 257 Ciphertext: 1 +3 +5 +0 +0 +20 +0 +0 = 29 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Difﬁe-Hellman key exchange algorithm can neither encrypt nor decrypt data • Discrete Logarithm in a ﬁnite Field − Finite Field For a prime p the ﬁnite ﬁeld mod p consists of the set of residues 1, ..., p − 1. − Primitive A number q is called primitive in the ﬁnite ﬁeld mod p, if and only if for each b in 1, . . . , p − 1, there exists some a, such that b ≡ qa mod p. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ A Step by Step Description of Difﬁe-Hellman Consider two persons, let us name them Heinz and Franz, who want to securely exchange a key. 1. They have to agree on a large prime number p and a number g, such that g is primitive mod p. Those two numbers can be said to be the public key. It is no risk to transfer them over an insecure channel. 2. Heinz chooses a random large integer x and sends Franz X = gx mod p 3. Franz also chooses a random large integer y and sends Heinz Y = gy mod p Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ A Step by Step Description of Difﬁe-Hellman (Con’t) 4. Heinz now computes k = Yx mod p 5. Franz computes k = Xy mod p k and k are equal to gxy mod p. Nobody can compute their value unless he/she computes the discrete logarithm of X = gx or Y = gy. This is considered to be a hard computational issue. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ An Illustrated Example Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ A Simple Mathematica Implementation << NumberTheory‘NumberTheoryFunctions‘ (* Prime n and g are chosen, such that g is primitive modulo n*) agree[i_] := {Prime[i], PrimitiveRoot[Prime[i]]} heinzX[{n_, g_}, x_] := {Mod[gˆPrime[x] , n], n} franzY[{n_, g_}, y_] := {Mod[gˆPrime[y] , n], n} heinzKey[ {franzsY_ , n_}, x_] := Mod[franzYˆPrime[x], n] franzKey[ {heinzX_, n_}, y_] := Mod[heinzXˆPrime[y], n] Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ ElGamal The ElGamal scheme is based on the computation of the discrete logarithm. It was proposed in 1985 by Taher ElGamal. It can be used for both digital signatures and encryption. A variant of this scheme is DSA used in the digital signature standard (DSS). DSA (Digital Signature Algorithm) which was proposed by the NIST (National Institute of Standards and Technology). This means that DSA is used for digital signatures in Federal Systems in the United States. It seems that this standard is more or less a patchwork of other cryptosytems (including ElGamal,RSA, Difﬁe-Hellman, ... ). Three patent holders claim that the DSA infringes their patents, Difﬁe-Hellman, Merkle-Hellman and Schnorr. Therefore it does not make sense to explain the standard, but the algorithms it is based on. Difﬁe-Hellman is an algorithm which can just be used to securely generate/exchange keys. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ ElGamal (Con’t) • Digital Signature • not to encrypt message • to certify that they are from a distinct person T • every one who wants to sign a message, needs his own signature function sT • other people have to verify the signature of T and therefore need a veriﬁca- tion function vT • private key for signing • public key for veriﬁcation Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ ElGamal, Key Generation • Choose a prime p, g and x (both less than p). • Compute y ≡ gx mod p • Now you can make (y, g, p) public. The private key is x. After generating the keys, a message m can be signed. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ ElGamal, Digital Signature • In order to do so you randomly choose an integer k such that k and p − 1 are relatively prime. • Compute a ≡ gk mod p and b ≡ k−1(m − xa) mod p − 1. The signature is the pair (a, b), k and x are secret. The veriﬁcation is done through yaab ≡ gm mod p Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Encryption with ElGamal For encryption with ElGamal you have to generate the keys as described in Digital Signature with ElGamal. • Choose a random number k, which is relatively prime to p − 1. • Compute a ≡ gk mod p b ≡ yM mod p 1. a and b are the cipher text, which has the double size of the original message. To decrypt you have to use your private key x and calculate: M ≡ b/ax mod p Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ ElGamal - Illustrated Examples Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ RSA • named after the three inventors, Ron Rivest, Adi Shamir, and Leonhard Adle- man. • RSA gets its security from the difﬁculty of factoring large numbers. • Mathematical Background • Euler’s ϕ function ϕ(n) is the number of elements in the reduced set of residues mod n. In other words ϕ(n) is the number of positive integers less than n relative prime to n. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ RSA (Con’t) • Fermat’s little theorem If p is prime and x is not of the form x := k ∗ p for any integer k than: x p−1 ≡ 1 mod p. • Euler’s generalization of Fermat’s little Theorem If the greatest common divisor of to numbers x and n is one, in short terms gcd(x, n) = 1, then xϕ(n) mod n ≡ 1 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ A Step by Step Description of the RSA Algorithm 1. Randomly choose two large prime numbers p and q, with p = q. 2. Compute the product: n = pq. 3. Choose a number e, the encryption key, such that e and ϕ(n) = (p − 1)(q − 1) are relatively prime and e ≤ n. 4. Compute the decryption key d , using the extended Euklidian Algorithm, such that ed ≡ 1 mod (p − 1)(q − 1) or d ≡ e−1 mod ((p − 1)(q − 1)) Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ RSA (Con’t) 5. Note that d, n are also relatively prime. The public key consists of the numbers e and n. d is the private key. The prime numbers p, q are no longer needed, but should not be revealed since the security of the process is based on their indeterminacy. 6. Divide the plain text’s numerical representation into blocks mi smaller than n. 7. To encrypt the whole plain text, encrypt all blocks mi. This is done quite simply by: ci ≡ me i mod n where ci is the encrypted message block mi. 8. To decrypt a message, take each block ci and compute: mi = cd i since kϕ(n)+1 kϕ(n) cd = (me)d = med = mi i i i = mimi = m1 ∗ 1 = mi all modulo n. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Symmetric Block Cipher - Overview • Basics − XOR − left-shift, rotational left-shift • Feistel networks • DES − f-function − key-function • Modes of Operation − ECB − CBC − CFB − OFB Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Basics - XOR Most ciphers today operate on a binary representation of the plaintext denoted by the alphabet Σ = {0, 1}, letters from this alphabet are called binary digits or bits. The map ⊕ : Σ × Σ → Σ, (a, b) → a ⊕ b is called XOR and ⊕ is deﬁned as follows: ⊕ 0 1 0 0 1 1 1 0 Let A, B ∈ Σn where A = (a1, . . . , an) and B = (b1, . . . , bn) with ∀ j ∈ {1, . . . , n} : a j , b j ∈ Σ then ⊕ : Σn × Σn → Σn (A, B) → (a1 ⊕ b1, . . . , an ⊕ bn). Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Basics - (cyclic) left-shift Let A ∈ Σn then <<: Σn × N → Σ, (A, x) → A ∗ 2x mod 2n. The map << is called left shift and for A << x we usually say a x -bit left shift of A. Example: A = 01001011, n = 8 and x = 2 then: A << 2 = 01001011 << 2 = 01001011 ∗ 22 mod 28 = 01 00101100 mod 28 = 00101100 If the bits which are shifted out to the left, 01 in the above example, are added to A after the leftshift is complete the operation is called cyclic or rotational left shift and is denoted by <<<. Example: From the above example: A <<< 2 = (A << 2) + A ∗ 2x−n = 00101100 + 01 = 00101101 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Basics - Concatenation Let A ∈ Σn and B ∈ Σm where A = (a1, . . . , an) and B = (b1, . . . , bm) with ∀i : ai, bi ∈ Σ then by concatenating A and B we mean ◦ : Σn × Σm → Σn+m (A, B) → (a1, . . . , an, b1, . . . , bm) A ◦ B is also often written (AB) or even (A, B). Example: A = 010 and B = 110 then A ◦ B = (AB) = 010110 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Feistel Networks 1 Feistel networks date back to the early 1970s and were created by H. Feistel. Many modern block ciphers utilize feistel networks and are often referred to as feistel ciphers. The list of block ciphers which use a feistel network includes, but is not limited to: − DES − Lucifer − Blowﬁsh − GOST − FEAL − LOKI We will in the following describe so called balanced feistel networks, where the plaintext is split into two halves of equal length. Note that there are also unbalanced feistel networks where the two halves need not be of equal size. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Feistel Networks 2 Plaintext The scheme for a 16-round feistel network is illustrated on the left. L0 R0 f K1 Note that the number of iterations in an feistel network are not ﬁxed. In the following we will L1=R0 R1=L0 XOR f(K1,R0) f describe the encryption and decryption for K2 n-round feistel networks. L2=R1 R2=L1 XOR f(K2,R0) A plaintext-block of length n (where n must be even) is split into two halves (L0 and R0) L15=R14 R15=L14 XOR f(K15,R14) of length n . 2 f K16 L16=L15 XOR f(K16,R15) R16=R15 Chipertext Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Feistel Networks 3 Plaintext The encryption is deﬁned as an iterative pro- cess: L0 R0 f K1 Li =Ri−1 L1=R0 R1=L0 XOR f(K1,R0) Ri =Li−1 ⊕ f (Ri−1, Ki) f K2 L2=R1 R2=L1 XOR f(K2,R0) To form the ciphertext, the output of the feistel network is swapped an concatenated L15=R14 R15=L14 XOR f(K15,R14) C = (RnLn) f K16 L16=L15 XOR f(K16,R15) R16=R15 Clearly the security of the feistel cipher de- pends on the security of the function f . The Chipertext iteration however increase the security of f . Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Feistel Networks 4 Plaintext Decryption function exactly like encryption, it is however necessary to reverse the keyor- L0 R0 der. So when decrypting K1 becomes Kn from f K1 encryption. Note that f doesn’t need to be in- vertible, it is sufﬁcient that the keys can be L1=R0 R1=L0 XOR f(K1,R0) f reproduced and be brought into reverse or- K2 der. L2=R1 R2=L1 XOR f(K2,R0) Basically the last step of encryption is rever- sed by the ﬁrst step of decryption: L15=R14 R15=L14 XOR f(K15,R14) f K16 L1 =R0 = Ln = Rn−1 L16=L15 XOR f(K16,R15) R16=R15 R1 =L0 ⊕ f (R0, K1) Chipertext =(Ln−1 ⊕ f (Rn−1, Kn)) ⊕ f (Rn−1, Kn) =Ln−1 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES plaintext The keysize is 56, and the blocksize is 64 bit. DES uses a 16-round feistel network with IP an initial and terminal permutation. The terminal permutation is the reverse of the initial permutation such that the basic way how decryption works remains the same as feistel network with feistel networks. To totally understand DES it is thus sufﬁcient -1 IP to look at: • key-function ciphertext • f -function Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES - key function 1 DES uses a 56 bit key which is Key brought to 64 bits by adding a PC1 parity bit after every 7 key-bits. C0 D0 Left Left The 64 bit key is run through Shift1 Shift1 a permutation an selection box C1 D1 PC2 K1 (PC1). This box skips the parity C1 D1 bits and permutates the 56 key Left Left bits. Shift2 Shift2 C2 D2 PC2 K2 The 56 permuted key bits are split C2 D2 into two equal sized parts C0 and D0 each containing 28 bits. C0 are the ﬁrst 28 bits of PC1(K) and D0 C15 D15 are the remaining 28 bits. Left Left Shift16 Shift16 C16 D16 PC2 K16 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES - key function 2 The 16 round keys K1 through K16 Key are generated by the following ite- PC1 ration: C0 D0 1. Ci = Ci−1 <<< LSi Left Left Shift1 Shift1 2. Di = Di−1 <<< LSi C1 D1 PC2 K1 C1 D1 3. Ki = PC2(CiDi) Left Left Shift2 Shift2 Where 1 ≤ i ≤ 16, LSi is the C2 D2 PC2 K2 left shift amount for this round C2 D2 and PC2 being another selection and permutation box, which se- lects and permutates 48 bits from C15 D15 the 56 bits which are (CiDi). Left Left Shift16 Shift16 C16 D16 PC2 K16 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES - f -function 1 The round key for DES if of size R K 48, but the R from the feistel network is only 32 bit, since the E blocksize of DES is 64 bit. E(R) So we ﬁrst bring R up to the same size as the key K . To do this we B1 B2 B3 B4 B5 B6 B7 B8 use the E box (E for expansion). S1 S2 S3 S4 S5 S6 S7 S8 The E box duplicates ceratain bits and permutes them. C1 C2 C3 C4 C5 C6 C7 C8 P Since E(R) and K are of equal si- f(R,K) ze we can calculate B = E(R) ⊕ K Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES - f -function 2 B is split up into 8 blocks R K B1, . . . , B8 each 6 bit in size. E Each of Bi is run through a E(R) corresponding S-Box ( S for substi- tution) which generates Ci which 4 bits in size. B1 B2 B3 B4 B5 B6 B7 B8 S1 S2 S3 S4 S5 S6 S7 S8 The transformation is a lookup in the S-box by taking the ﬁrst and the last bit of Bi as index for the rows C1 C2 C3 C4 C5 C6 C7 C8 P and the bits 2 through 5 as column f(R,K) index. The looked up number is in the range from 0 to 15 which can be represented by 4 bit and directly corresponds to Ci. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES - f -function 3 - Example of an S-Box lookup B1B2B3B4B5B6 Let us try to transform B1 = 0101102 in- to C1. The ﬁrst and the last bit of B1 are both zero, so the row index is 0. The co- B2B3B4B5 lumn index is generated by bits 2 through 5 which are 10112 = 1110. When we look up B1B6 S-box the eleventh element of the zero-row we get 12 which when represented in binary yields C1 = 11002. S-box 1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0 14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 1 0 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 2 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 3 15 12 8 2 4 9 1 7 5 11 3 14 10 0 6 13 Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ DES - f -function 4 The concatenation of S = R K C1, . . . ,C8 is already 32 bits in length since the S-box lookup is E lossy. E(R) The output S is permuted via the P-box and the output is B1 B2 B3 B4 B5 B6 B7 B8 S1 S2 S3 S4 S5 S6 S7 S8 f (R, K) = P(S) C1 C2 C3 C4 C5 C6 C7 C8 P As can be seen clearly f (R, K) is f(R,K) irreversible. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Modes of Operation - ECB ECB - Electronic Codebook Mode • Plaintext is expanded with random bits to be of size k ∗ 64 bits. • Plaintext is split into blocks 64 bits in length. • The ciphertext is produced by encoding each plaintext block and concatena- ting the ciphertext blocks. Clearly this is a naive method. There is no position dependent information. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Modes of Operation - CBC CBC - Cipherblock Chaining Mode • Plaintext is expanded with random bits to be of size k ∗ 64 bits. • Plaintext is split into blocks m1, . . . , mu each 64 bits in length. • Encryption for 1 ≤ i ≤ u is ci = Ek (ci−1 ⊕ mi). − c0 is set to some initial vector IV . • Decryption for 1 ≤ i ≤ u is mi = ci−1 ⊕ Dk (ci). − Clearly c0 must be set to the same IV used for encryption. Through the use of the previous ciphertext block CBC gains position dependent encoding. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Modes of Operation - CFB CFB - Cipherblock Feedback Mode • Allows for smaller blocksizes than would be allowed by the underlying block cipher. • Fills a different role than ECB and CBC. • The costly part of the decoding function can be calculated on step ahead. Since CFB does support smaller block than the block cipher we have to choose an r with 1 ≤ r ≤ n where n is the block size of the cipher in use. The plaintext is split up into m1, . . . , mu, each blocks of size r. Since the block cipher cannot encode blocks of size r it encodes blocks Ii and those blocks are used to encrypt the plaintext. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Modes of Operation - CFB 2 I1 is set to some initial vector IV and then encryption for blocks 1 ≤ j ≤ u works like this: 1. O j = Ek (I j ) 2. set x j to the ﬁrst r bits of O j 3. c j = m j ⊕ x j 4. for j < u generate I j+1 = (I j << r) + c j Decoding is likewise, again I1 = IV and for 1 ≤ j ≤ u: 1. O j = Ek (I j ) 2. set x j to the ﬁrst r bits of O j 3. m j = c j ⊕ x j 4. for j < u generate I j+1 = (I j << r) + c j Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Modes of Operation - OFB OFB - Output Feedback Mode • Similar to CFB in it’s operation. • Uses the Ek (Ii) for feedback instead of the ci. • The costly part of the decoding function can be fully calculated ahead. Like CFB we have to choose an r with 1 ≤ r ≤ n where n is the block size of the cipher in use. The plaintext is split up into m1, . . . , mu, each blocks of size r. Since the block cipher cannot encode blocks of size r it encodes blocks Ii and those blocks are used to encrypt the plaintext. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Modes of Operation - OFB 2 I1 is set to some initial vector IV and then encryption for blocks 1 ≤ j ≤ u works like this: 1. O j = Ek (I j ) 2. set x j to the ﬁrst r bits of O j 3. c j = m j ⊕ x j 4. I j+1 = O j for j < u Decoding is likewise, again I1 = IV and for 1 ≤ j ≤ u: 1. O j = Ek (I j ) 2. set x j to the ﬁrst r bits of O j 3. m j = c j ⊕ x j 4. I j+1 = O j for j < u Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Application: OpenSSH, Browser, ... How SSH negotiates an encrypted session • The server has a 1024bit public/private key pair. • On connection the server sends the client it’s public key. • The client checks if the key has changed. • The client generates a random 256 bit key and encrypts it with the servers public key. • The client send the encrypted key to the server. • The server decrypts the key. • Since both now have the same key, the communication switches to a symme- tric cipher. Previous Page Quit Full Screen Next Page Selected Topics of Applied Cryptography Hofbauer, Stutz ¨ Fini Previous Page Quit Full Screen Next Page

DOCUMENT INFO

Shared By:

Categories:

Tags:
applied cryptography, number theory, block ciphers, public key, hash functions, computer security, selected areas in cryptography, introduction to cryptography, computer science, international workshop, how to, block cipher, information security, international conference, symmetric encryption

Stats:

views: | 20 |

posted: | 5/13/2010 |

language: | English |

pages: | 47 |

OTHER DOCS BY abs19986

How are you planning on using Docstoc?
BUSINESS
PERSONAL

By registering with docstoc.com you agree to our
privacy policy and
terms of service, and to receive content and offer notifications.

Docstoc is the premier online destination to start and grow small businesses. It hosts the best quality and widest selection of professional documents (over 20 million) and resources including expert videos, articles and productivity tools to make every small business better.

Search or Browse for any specific document or resource you need for your business. Or explore our curated resources for Starting a Business, Growing a Business or for Professional Development.

Feel free to Contact Us with any questions you might have.