Cryptographic Concepts
N THE FIELD OF INFORMATION SECURITY, there are a handful of topics that
serve as the foundation to understanding other technologies. One of these
foundations is cryptography, which is a body of knowledge that deals with
the protection and preservation of information. Cryptography is one of the
techniques woven into the very fabric of other technologies including IP Security
(IPSec), certifi cates, digital signatures, and many others. Common examples of
cryptography in use include Wired Equivalent Privacy (WEP), Wi-Fi Protected
Access (WPA), and 802.11i (WPA2), not to mention Secure Sockets Layer (SSL),
just to name a few. With a fi rm grasp of cryptography in hand, you can fully
understand other technologies and techniques—and their proper applications.
Cryptography provides information protection in the areas of confi dentiality
and integrity as well as providing the additional advantages of nonrepudiation.
If applied properly, cryptography can provide robust protection that would not
otherwise be possible. Confi dentiality is the ability to protect information from
unauthorized disclosure; information cannot be viewed by those not authorized
access. Integrity is provided through the cryptographic mechanism known as
hashing. Nonrepudiation provides the ability to prevent a party from denying
the origin of the information in question. You can use cryptographic techniques
to provide these same solutions to information both in transit and in storage.
From another perspective, it is important to understand cryptography in order
to properly evaluate systems. Understanding the different types of cryptographic
algorithms can make evaluating software and services easier by providing
insight into how something is supposed to work. Furthermore, understanding
cryptography allows the ethical hacker to understand how to properly evaluate
systems to look for weaknesses and better understand threats. Password
cracking, authentication systems testing, traffi c sniffi ng, and secure wireless
networks are all mechanisms that use encryption and are common mechanisms
that are tested by ethical hackers on behalf of clients.
Chapter 3 Topics
This chapter covers the following topics and concepts:
What the basics of cryptography are
What symmetric encryption is
What asymmetric encryption is
What the purpose of public key infrastructure (PKI) is
What hashing is
What common cryptographic systems are
What cryptanalysis is
Chapter 3 Goals
When you complete this chapter, you will be able to:
Describe the purpose of cryptography
Describe the usage of symmetric encryption
List the advantages and disadvantages of symmetric encryption
Detail components of symmetric algorithms such as key size,
block size, and usage
Show the importance of asymmetric encryption and how it provides
integrity and nonrepudiation
Describe common asymmetric algorithms
Identify the purpose and usage of hashing algorithms
Explain the concept of collisions
State the purpose of digital signatures
Explain the usage of PKI
Identify common cryptographic systems
Describe basic password attack methods

Get Hacker Techniques, Tools, and Incident Handling now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.