fbpx
Wikipedia

Strong cryptography

January 13, 2023

Strong cryptography or cryptographically strong are general terms applied to cryptographic systems or components that are considered highly resistant to cryptanalysis.

Demonstrating the resistance of any cryptographic scheme to attack is a complex matter, requiring extensive testing and reviews, preferably in a public forum. Good algorithms and protocols are required, and good system design and implementation is needed as well. For instance, the operating system on which the cryptographic software runs should be as carefully secured as possible. Users may handle passwords insecurely, or trust 'service' personnel overly much, or simply misuse the software. (See social engineering.) "Strong" thus is an imprecise term and may not apply in particular situations.

Background

The use of computers changed the process of cryptanalysis, famously with Bletchley Park's Colossus. But just as the development of digital computers and electronics helped in cryptanalysis, it also made possible much more complex ciphers. It is typically the case that use of a quality cipher is very efficient, while breaking it requires an effort many orders of magnitude larger - making cryptanalysis so inefficient and impractical as to be effectively impossible.

Since the publication of Data Encryption Standard, the Diffie-Hellman and RSA algorithm in the 1970s, cryptography has had deep connections with abstract mathematics and become a widely used tool in communications, computer networks, and computer security generally.

Cryptographically strong algorithms

This term "cryptographically strong" is often used to describe an encryption algorithm, and implies, in comparison to some other algorithm (which is thus cryptographically weak), greater resistance to attack. But it can also be used to describe hashing and unique identifier and filename creation algorithms. See for example the description of the Microsoft .NET runtime library function Path.GetRandomFileName.[1] In this usage, the term means "difficult to guess".

An encryption algorithm is intended to be unbreakable (in which case it is as strong as it can ever be), but might be breakable (in which case it is as weak as it can ever be) so there is not, in principle, a continuum of strength as the idiom would seem to imply: Algorithm A is stronger than Algorithm B which is stronger than Algorithm C, and so on. The situation is made more complex, and less subsumable into a single strength metric, by the fact that there are many types of cryptanalytic attack and that any given algorithm is likely to force the attacker to do more work to break it when using one attack than another.

There is only one known unbreakable cryptographic system, the one-time pad, which is not generally possible to use because of the difficulties involved in exchanging one-time pads without their being compromised. So any encryption algorithm can be compared to the perfect algorithm, the one-time pad.

The usual sense in which this term is (loosely) used, is in reference to a particular attack, brute force key search — especially in explanations for newcomers to the field. Indeed, with this attack (always assuming keys to have been randomly chosen), there is a continuum of resistance depending on the length of the key used. But even so there are two major problems: many algorithms allow use of different length keys at different times, and any algorithm can forgo use of the full key length possible. Thus, Blowfish and RC5 are block cipher algorithms whose design specifically allowed for several key lengths, and who cannot therefore be said to have any particular strength with respect to brute force key search. Furthermore, US export regulations restrict key length for exportable cryptographic products and in several cases in the 1980s and 1990s (e.g., famously in the case of Lotus Notes' export approval) only partial keys were used, decreasing 'strength' against brute force attack for those (export) versions. More or less the same thing happened outside the US as well, as for example in the case of more than one of the cryptographic algorithms in the GSM cellular telephone standard.

The term is commonly used to convey that some algorithm is suitable for some task in cryptography or information security, but also resists cryptanalysis and has no, or fewer, security weaknesses. Tasks are varied, and might include:

Cryptographically strong would seem to mean that the described method has some kind of maturity, perhaps even approved for use against different kinds of systematic attacks in theory and/or practice. Indeed, that the method may resist those attacks long enough to protect the information carried (and what stands behind the information) for a useful length of time. But due to the complexity and subtlety of the field, neither is almost ever the case. Since such assurances are not actually available in real practice, sleight of hand in language which implies that they are will generally be misleading.

There will always be uncertainty as advances (e.g., in cryptanalytic theory or merely affordable computer capacity) may reduce the effort needed to successfully use some attack method against an algorithm.

In addition, actual use of cryptographic algorithms requires their encapsulation in a cryptosystem, and doing so often introduces vulnerabilities which are not due to faults in an algorithm. For example, essentially all algorithms require random choice of keys, and any cryptosystem which does not provide such keys will be subject to attack regardless of any attack resistant qualities of the encryption algorithm(s) used.

Legal issues

See also: Cryptography § Forced disclosure of encryption keys

Since use of strong cryptography makes the job of intelligence agencies more difficult, many countries have enacted laws or regulations restricting or simply banning the non-official use of strong cryptography. For instance, the United States previously defined cryptographic products as munitions since World War II and prohibited export of cryptography beyond a certain 'strength' (measured in part by key size).[citation needed] However, the U.S. restrictions eased in the 1990s along with the rising need for secure e-Commerce and web-connected public software applications. The Clinton Administration issued new rules in 2000 allowing export of products containing strong cryptography, subject to certain limitations.[2] President and government of Russia in 90s has issued a few decrees formally banning uncertified cryptosystems from use by government agencies. Presidential decree of 1995 also attempted to ban individuals from producing and selling cryptography systems without having appropriate license, but it wasn't enforced in any way as it was suspected to be contradictory the Russian Constitution of 1993 and wasn't a law per se.[3][4][5][note 1] The decree of No.313 issued in 2012 further amended previous ones allowing to produce and distribute products with embedded cryptosystems and requiring no license as such, even though it declares some restrictions.[6][7] France had quite strict regulations in this field, but has relaxed them in recent years.[citation needed]

Examples

Strong

  • PGP is generally considered an example of strong cryptography, with versions running under most popular operating systems and on various hardware platforms. The open source standard for PGP operations is OpenPGP, and GnuPG is an implementation of that standard from the FSF. However, the IDEA signature key in classical PGP is only 64 bits long, therefore no longer immune to collision attacks. OpenPGP therefore uses the SHA-2 hash function and AES cryptography.
  • The AES algorithm is considered strong after being selected in a lengthy selection process that was open and involved numerous tests.
  • Elliptic curve cryptography is another system which is based on a graphical geometrical function.
  • The latest version of TLS protocol (version 1.3), used to secure Internet transactions, is generally considered strong. Several vulnerabilities exist in previous versions, including demonstrated attacks such as POODLE. Worse, some cipher-suites are deliberately weakened to use a 40-bit effective key to allow export under pre-1996 U.S. regulations.

Weak

Examples that are not considered cryptographically strong include:

  • The DES, whose 56-bit keys allow attacks via exhaustive search.
  • Triple-DES (3DES / EDE3-DES). see DES - this also suffers a meanwhile known phenomenon, called the "sweet32" or "birthday oracle"
  • Wired Equivalent Privacy which is subject to a number of attacks due to flaws in its design.
  • SSL v2 and v3. TLS 1.0 and TLS 1.1 are also deprecated now [see RFC7525] because of irreversible flaws which are still present by design and because they do not provide elliptical handshake (EC) for ciphers, no modern cryptography, no CCM/GCM ciphermodes. TLS1.x are also announced off by the PCIDSS 3.2 for commercial business/banking implementations on web frontends. Only TLS1.2 and TLS 1.3 are allowed and recommended, modern ciphers, handshakes and ciphermodes must be used exclusively.
  • The MD5 and SHA-1 hash functions, no longer immune to collision attacks.
  • The RC4 stream cipher.
  • The Clipper Chip, a failed initiative of the U.S. government that included key escrow provisions, allowing the government to gain access to the keys.
  • The 40-bit Content Scramble System used to encrypt most DVD-Video discs.
  • Almost all classical ciphers.
  • Most rotary ciphers, such as the Enigma machine.
  • Some flawed RSA implementations[which?] exist, leading to weak, biased keys and other vulnerabilities ("Bleichenbacher Oracle", "ROBOT" attack).
  • RSA keys weaker than 2048 bits.
  • DH keys weaker than 2048 bits.
  • ECDHE keys weaker than 192 bits; also, not all known older named curves still in use for this are vetted "safe".
  • DHE/EDHE is guessable/weak when using/re-using known default prime values on the server
  • The CBC block cipher mode of operation is considered weak for TLS (the CCM/GCM modes are now recommended).

Notes

  1. ^ The sources provided here are in Russian. To alleviate the problem of lack of English-written ones the sources are cited by using official government documents.

References

  1. ^ Path.GetRandomFileName Method (System.IO), Microsoft
  2. ^ ""Reducing US Crypto Export Rules"". Wired. Retrieved 2021-08-05.
  3. ^ Farber, Dave (1995-04-06). "A ban on cryptography in Russia (fwd) [Next .. djf]". Retrieved 2011-02-14.
  4. ^ Antipov, Alexander (1970-01-01). "Пресловутый указ №334 о запрете криптографии". www.securitylab.ru (in Russian). Retrieved 2020-09-21.
  5. ^ "Указ Президента Российской Федерации от 03.04.1995 г. № 334". Президент России (in Russian). Retrieved 2020-09-21.
  6. ^ "Положение о лицензировании деятельности по разработке, производству, распространению шифровальных средств и систем". Российская газета (in Russian). Retrieved 2020-09-21.
  7. ^ "Миф №49 "В России запрещено использовать несертифицированные средства шифрования"". bankir.ru (in Russian). Retrieved 2020-09-21.
  • Strong Cryptography - The Global Tide of Change, Cato Institute Briefing Paper no. 51

See also

January 13, 2023
strong, cryptography, this, article, needs, additional, citations, verification, please, help, improve, this, article, adding, citations, reliable, sources, unsourced, material, challenged, removed, find, sources, news, newspapers, books, scholar, jstor, decem. This article needs additional citations for verification Please help improve this article by adding citations to reliable sources Unsourced material may be challenged and removed Find sources Strong cryptography news newspapers books scholar JSTOR December 2007 Learn how and when to remove this template message This article possibly contains original research Please improve it by verifying the claims made and adding inline citations Statements consisting only of original research should be removed November 2021 Learn how and when to remove this template message Strong cryptography or cryptographically strong are general terms applied to cryptographic systems or components that are considered highly resistant to cryptanalysis Demonstrating the resistance of any cryptographic scheme to attack is a complex matter requiring extensive testing and reviews preferably in a public forum Good algorithms and protocols are required and good system design and implementation is needed as well For instance the operating system on which the cryptographic software runs should be as carefully secured as possible Users may handle passwords insecurely or trust service personnel overly much or simply misuse the software See social engineering Strong thus is an imprecise term and may not apply in particular situations Contents 1 Background 2 Cryptographically strong algorithms 3 Legal issues 4 Examples 4 1 Strong 4 2 Weak 5 Notes 6 References 7 See alsoBackground EditThe use of computers changed the process of cryptanalysis famously with Bletchley Park s Colossus But just as the development of digital computers and electronics helped in cryptanalysis it also made possible much more complex ciphers It is typically the case that use of a quality cipher is very efficient while breaking it requires an effort many orders of magnitude larger making cryptanalysis so inefficient and impractical as to be effectively impossible Since the publication of Data Encryption Standard the Diffie Hellman and RSA algorithm in the 1970s cryptography has had deep connections with abstract mathematics and become a widely used tool in communications computer networks and computer security generally Cryptographically strong algorithms EditThis term cryptographically strong is often used to describe an encryption algorithm and implies in comparison to some other algorithm which is thus cryptographically weak greater resistance to attack But it can also be used to describe hashing and unique identifier and filename creation algorithms See for example the description of the Microsoft NET runtime library function Path GetRandomFileName 1 In this usage the term means difficult to guess An encryption algorithm is intended to be unbreakable in which case it is as strong as it can ever be but might be breakable in which case it is as weak as it can ever be so there is not in principle a continuum of strength as the idiom would seem to imply Algorithm A is stronger than Algorithm B which is stronger than Algorithm C and so on The situation is made more complex and less subsumable into a single strength metric by the fact that there are many types of cryptanalytic attack and that any given algorithm is likely to force the attacker to do more work to break it when using one attack than another There is only one known unbreakable cryptographic system the one time pad which is not generally possible to use because of the difficulties involved in exchanging one time pads without their being compromised So any encryption algorithm can be compared to the perfect algorithm the one time pad The usual sense in which this term is loosely used is in reference to a particular attack brute force key search especially in explanations for newcomers to the field Indeed with this attack always assuming keys to have been randomly chosen there is a continuum of resistance depending on the length of the key used But even so there are two major problems many algorithms allow use of different length keys at different times and any algorithm can forgo use of the full key length possible Thus Blowfish and RC5 are block cipher algorithms whose design specifically allowed for several key lengths and who cannot therefore be said to have any particular strength with respect to brute force key search Furthermore US export regulations restrict key length for exportable cryptographic products and in several cases in the 1980s and 1990s e g famously in the case of Lotus Notes export approval only partial keys were used decreasing strength against brute force attack for those export versions More or less the same thing happened outside the US as well as for example in the case of more than one of the cryptographic algorithms in the GSM cellular telephone standard The term is commonly used to convey that some algorithm is suitable for some task in cryptography or information security but also resists cryptanalysis and has no or fewer security weaknesses Tasks are varied and might include generating randomness encrypting data providing a method to ensure data integrityCryptographically strong would seem to mean that the described method has some kind of maturity perhaps even approved for use against different kinds of systematic attacks in theory and or practice Indeed that the method may resist those attacks long enough to protect the information carried and what stands behind the information for a useful length of time But due to the complexity and subtlety of the field neither is almost ever the case Since such assurances are not actually available in real practice sleight of hand in language which implies that they are will generally be misleading There will always be uncertainty as advances e g in cryptanalytic theory or merely affordable computer capacity may reduce the effort needed to successfully use some attack method against an algorithm In addition actual use of cryptographic algorithms requires their encapsulation in a cryptosystem and doing so often introduces vulnerabilities which are not due to faults in an algorithm For example essentially all algorithms require random choice of keys and any cryptosystem which does not provide such keys will be subject to attack regardless of any attack resistant qualities of the encryption algorithm s used Legal issues EditSee also Cryptography Forced disclosure of encryption keys Since use of strong cryptography makes the job of intelligence agencies more difficult many countries have enacted laws or regulations restricting or simply banning the non official use of strong cryptography For instance the United States previously defined cryptographic products as munitions since World War II and prohibited export of cryptography beyond a certain strength measured in part by key size citation needed However the U S restrictions eased in the 1990s along with the rising need for secure e Commerce and web connected public software applications The Clinton Administration issued new rules in 2000 allowing export of products containing strong cryptography subject to certain limitations 2 President and government of Russia in 90s has issued a few decrees formally banning uncertified cryptosystems from use by government agencies Presidential decree of 1995 also attempted to ban individuals from producing and selling cryptography systems without having appropriate license but it wasn t enforced in any way as it was suspected to be contradictory the Russian Constitution of 1993 and wasn t a law per se 3 4 5 note 1 The decree of No 313 issued in 2012 further amended previous ones allowing to produce and distribute products with embedded cryptosystems and requiring no license as such even though it declares some restrictions 6 7 France had quite strict regulations in this field but has relaxed them in recent years citation needed Examples EditStrong Edit PGP is generally considered an example of strong cryptography with versions running under most popular operating systems and on various hardware platforms The open source standard for PGP operations is OpenPGP and GnuPG is an implementation of that standard from the FSF However the IDEA signature key in classical PGP is only 64 bits long therefore no longer immune to collision attacks OpenPGP therefore uses the SHA 2 hash function and AES cryptography The AES algorithm is considered strong after being selected in a lengthy selection process that was open and involved numerous tests Elliptic curve cryptography is another system which is based on a graphical geometrical function The latest version of TLS protocol version 1 3 used to secure Internet transactions is generally considered strong Several vulnerabilities exist in previous versions including demonstrated attacks such as POODLE Worse some cipher suites are deliberately weakened to use a 40 bit effective key to allow export under pre 1996 U S regulations Weak Edit Examples that are not considered cryptographically strong include The DES whose 56 bit keys allow attacks via exhaustive search Triple DES 3DES EDE3 DES see DES this also suffers a meanwhile known phenomenon called the sweet32 or birthday oracle Wired Equivalent Privacy which is subject to a number of attacks due to flaws in its design SSL v2 and v3 TLS 1 0 and TLS 1 1 are also deprecated now see RFC7525 because of irreversible flaws which are still present by design and because they do not provide elliptical handshake EC for ciphers no modern cryptography no CCM GCM ciphermodes TLS1 x are also announced off by the PCIDSS 3 2 for commercial business banking implementations on web frontends Only TLS1 2 and TLS 1 3 are allowed and recommended modern ciphers handshakes and ciphermodes must be used exclusively The MD5 and SHA 1 hash functions no longer immune to collision attacks The RC4 stream cipher The Clipper Chip a failed initiative of the U S government that included key escrow provisions allowing the government to gain access to the keys The 40 bit Content Scramble System used to encrypt most DVD Video discs Almost all classical ciphers Most rotary ciphers such as the Enigma machine Some flawed RSA implementations which exist leading to weak biased keys and other vulnerabilities Bleichenbacher Oracle ROBOT attack RSA keys weaker than 2048 bits DH keys weaker than 2048 bits ECDHE keys weaker than 192 bits also not all known older named curves still in use for this are vetted safe DHE EDHE is guessable weak when using re using known default prime values on the server The CBC block cipher mode of operation is considered weak for TLS the CCM GCM modes are now recommended Notes Edit The sources provided here are in Russian To alleviate the problem of lack of English written ones the sources are cited by using official government documents References Edit Path GetRandomFileName Method System IO Microsoft Reducing US Crypto Export Rules Wired Retrieved 2021 08 05 Farber Dave 1995 04 06 A ban on cryptography in Russia fwd Next djf Retrieved 2011 02 14 Antipov Alexander 1970 01 01 Preslovutyj ukaz 334 o zaprete kriptografii www securitylab ru in Russian Retrieved 2020 09 21 Ukaz Prezidenta Rossijskoj Federacii ot 03 04 1995 g 334 Prezident Rossii in Russian Retrieved 2020 09 21 Polozhenie o licenzirovanii deyatelnosti po razrabotke proizvodstvu rasprostraneniyu shifrovalnyh sredstv i sistem Rossijskaya gazeta in Russian Retrieved 2020 09 21 Mif 49 V Rossii zapresheno ispolzovat nesertificirovannye sredstva shifrovaniya bankir ru in Russian Retrieved 2020 09 21 Strong Cryptography The Global Tide of Change Cato Institute Briefing Paper no 51See also Edit40 bit encryption Cipher security summary Export of cryptography Comparison of cryptography libraries FBI Apple encryption dispute Hash function security summary Security level Retrieved from https en wikipedia org w index php title Strong cryptography amp oldid 1113642212, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.