STUDY NOTES CRYPTOGRAPHY I – Block Ciphers

Stream Ciphers, making OneTimePad practical by replacing random key by pseudorandom key.

At the second week, prof. Bonet talked about a few weak PRGs that are not recommended to be used in cryptography.
One is the linear congruential generator(LCG), and glibc randomizer. I also took a quick look a the built-in random number generator for python which uses Mersenne Twister as the core generator. Also, they mentioned “is completely unsuitable for cryptographic purposes”.

Negligible factor where epsilon is greater than 1/(2^30), likely happen over 1GB of data.

And when epsilon is smaller than 1/(2^80), then it won’t happen over life of key.

They the professor mentioned the convention later on in this course that factor will be negligible when it is exponential and non-negligible when it is polynomial.

Attack1: two time pad is insecure, when you use the same key to encrypt two messages, the eavesdropper capture the cipher, and simply run the xor of the cipher which turned out to be the xor of the messages with the PRG being removed!

Since English natural languages and ASCII contains enough redundancy for the hackers to infer the messages and separate them out based on the the XOR result.  m1 xor m2 => m1, m2.

Project Venona is a real world mistake made by the Russians that reuse the same key, also Microsot PPTP and 802.11b WEP is also interesting stories to read.

FMS(Fluhrer, Martin and Shamir)0 attack is the stream cipher attach on that RC4 stream cipher.

Attack 2: no integrity – (OTP is malleable), if you have active attackers who actually manipulate the text and modify the message when it got decrypted.

CSS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s