Professional Documents
Culture Documents
TOPICS COVERED
these will be on the exam in one form or another
anonymity networks
biometrics
ransomware
LOGISTICS
short-answer responses/pseudocode
key k
Encrypt(m, k) c
Decrypt(c, k) m
There exist many symmetric encryption algorithms. A few of the well-known ones include AES, DES,
Blowfish, and Skipjack. Symmetric encryption is typically more efficient than asymmetric encryption,
Block Ciphers
The Advanced Encryption Standard or AES is a symmetric block cipher used by the U.S. government
to protect classified information and is implemented in software and hardware throughout the world to
encrypt sensitive data.
Anonymity Networks
Alice wants to send a http request to Bob over the Internet. Alice can encrypt request block just
once but to make it truly anonymous shes going to encrypt message within another encrypted
message and then will do that again. At each passing point, the message is encrypted several
times.
Understand how these network paths work.
All nodes in path from Alice to Bob have different symmetric keys
Alice (decrypt message to get R1) (k) (decrypt message to get R2)(k1-R1) (k2-R2) (k3R3) Bob (k4-R4)
Tor is an example of an example of an anonymity network. Tor has multiple encryption layers like an onion
- ergo onion logo.
Tors application independence sets it apart from most other anonymity networks: it works at
the Transmission Control Protocol (TCP) stream level. Applications whose traffic is commonly
anonymized using Tor include Internet Relay Chat (IRC), instant messaging, and World Wide Web
browsing.
HIDDEN SERVICES PROTOCOL
Hashing
remember, hashing is NOT an encryption algorithm
a lot of students mentioned in HW 1 or 2 that they were going to encrypt or decrypt a hash - this isnt proper
output should be random looking since youre trying to avoid being able to learn anything
from the output to get the input
H: { 0, 1 }* { 0, 1 }^(128)
pre-image resistance
collision resistance
theres no key involved and theres no such thing as unhashing (brute force algorithms are
still not unhashing)
SALTING
basic overview:https://www.addedbytes.com/blog/why-you-should-always-salt-your-hashes/
GP = guessing probability
GPP = password with highest guessing probability
Smith = .09
number of tries = 1/GP
opposite of symmetricencryption
quick overview:https://medium.com/@vrypan/
explaining-public-key-cryptography-to-non-geeks-f0994b3c2d5#.vktjm04jc
each side has a different key to start with and they end up with the same secret key - ergo
its asymmetric
technical overview:http://crypto.stackexchange.com/questions/6307/
why-is-diffie-hellman-considered-in-the-context-of-public-key-cryptography
Biometrics
fuzzy crypto
spoofable
someone spoofs my thumb print to unlock my phone and lets them get into my phone
(eep)
using my thumb to unlock my own phone and it doesnt let me get into my phone (eep)