Symmetric Cryptography, Asymmetric Cryptography and PKI (LEVEL : Beginner) -PART-3

In this article we will discuss in detail the vulnerabilities of symmetric cryptography.

MITM Attack:

To understand the Man in the middle attack, let’s repeat the scenario where User1 & User2 wants to start encrypted conversation, let’s consider UserX sitting in between User1 & User2, UserX will be able to capture all the communication between User1 and User2. As UserX sitting in the middle, he will be able to capture the secret key being shared between user1 & user2. After key is shared both the parties will start communication in encrypted mode without knowing that the userX is capturing their communication & as userX as already captured a secret key UserX is able to decrypt all the content transferred between User1 & User2.

Brute Force Attack:

    

            Consider a scenario of the combination lock with two decimal digits, each has possibility of 0 to 9. If I want to open the lock without knowing the correct code, I may try all possible combination until I found the correct one; In this case of two digits combination lock, it may have maximum 100 possibilities (00 to 99). I may try all possibilities & get the correct combination code.

In Case attacker has capture ciphered data encrypted with 56bit DES algorithm, but don’t have secret key to decrypt it. What attacker can do is try all different possible keys. 56 bit key size may have 2⁵⁶ possibilities; Attacker may try all the possible key combination systematically until found the correct one. As key size increases, more key combination have to check by the attacker, which takes more time to crack the key. Please look at the following table of key length v/s brute force combinations from wikipedia.

Symmetric key length vs brute force combinations
Keysize in bits	Permutations	Brute force time for a device checking 256 permutations per second
8	28	0 milliseconds
40	240	0.015 milliseconds
56	256	1 second
64	264	4 minutes 16 seconds
128	2128	149,745,258,842,898 years
256	2256	50,955,671,114,250,100,000,000,000,000,000,000,000,000,000,000,000,000 years

Symmetric Cryptography, Asymmetric Cryptography and PKI (LEVEL : Beginner) - PART-2

 Symmetric cryptography:

Only one key is being used for encryption& decryption in symmetric cryptosystem,

The key which is used to encrypt some content, same key must be used to decrypt the encrypted content.

Let’s discuss a scenario where User1 wants to have confidential conversation with User2 using symmetric encryption. The encrypted conversation can only be started between them only if both the user has same symmetric key. In this case User1 has to generate and share the key with the User2. After sharing the key, User1 encrypts message & send it to user2, user2 decrypts the message to read it using the shared key. 

As encrypted conversation can only start after key is shared. But Key sharing itself takes place in unencrypted form. User1 has to share the key with User2 in unencrypted form, and there is a possibility of compromising the secret key during transition at the time of sharing.

Advantages:

·         Less Process consuming

Disadvantages:

·         Problem with key sharing

·         Vulnerable to MITM attack.

·         Vulnerable to Brute force attack.

Symmetric Cryptography, Asymmetric Cryptography and PKI (LEVEL : Beginner) - PART-1

In cryptography, beginners may have lot of confusion & questions like.

1)      What is Symmetric & Asymmetric cryptography?

2)      What Algorithm can be used with Symmetric & Asymmetric cryptography?

3)      What are the vulnerabilities?

4)      Is Asymmetric Cryptography & PKI same?

5)      Why we need PKI, when we have Asymmetric cryptography?  

And many more.

In next few articles, we’ll discuss followings in detail

·         Symmetric cryptography

·         Vulnerabilities in Symmetric cryptography

·         Asymmetric cryptography

·         Vulnerabilities in Asymmetric cryptography

·         How PKI overcomes issues with Asymmetric Cryptography