• If an algorythm produes the same hash value for two distinctly different messages, it creates a collision.
• A bday attack is when an attacker attempt to force a collision.
• Based on the mathematical birtday paradox that exists in stardard staticstics
• bday paradox = it is more likely to find to matching values in a seas of values than it is to find a match for just one specific value.

• equation for number of symmetric keys needed is N(N-1)/2 = number of keys
• much faster than asymmetrical keys
• Harder to break if a large key is used.
• Key management could be overwhelming
• provides confidentiality but not authenticity or nonrepudiation
• requires secure mechanism to deliver keys properly

• DES - Data Encryption Standard
• 3DES - Triple DES
• Blowfish
• IDEA - International Data Encryption algorithm
• RC4, RC5, and RC6
• AES - Anvanced Encryption Standard

• RSA - (Rivest-Shamir-Adleman)
• ECC - Elliptic Curve Cryptosystem
• Diffe-Hilleman
• El-Gamal
• DSA - Sigital Signature Algorithm
• Merkle-Hellman Knapsack

• Better key distrobution than symmetric key systems
• Better scalability than symmetric key systems
• provide authentication and non repudiation
• work much more slowly than symmetric systems
• mathmatically intensive

Rivest-Shamir-Adleman

• often used in web browsers with SSL
• asyemmetric algorithm used to encrypt the session key created by the client which allows for the session key to be securely transmitted to a web server.
• client and server can then set up a SSL connection which encrypts all data passed back and forth.
• de facto standard and is the most widely used asymmetric algorithm today
• performs encryption, digital signatures, and key exchange

Secure Hash Algorithm

• Used with DSS/DSA for digital signatures
• produces 160 bit hash value or message digest
• that message digest is then encrypted with a private keyn to create a digital signature.
• hashing algorithm alone only provides data integrity

Secure Socket Layer

• based on public key infrastructure (PKI)
• performs authentication by using CAs and certificates
• uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication
• SSL protocol works at the transport layer
• Almost always used with HTTP to form HTTPS

Message Authentication Code

• the use of a symmetric key and a hashing algorithm
• only party that could check integrity is the one that has the other copy of the symmetric key
• provides system authentication and integrity\
• IPSec used a MAC function by calculating the Integrity Check Value (ICV) to provide data origin authentication.

Pretty Good Privacy

• freeware e-mail security program
• uses of web of trust between users instead of a hierarchical trust model like PKI.
• individual users determine to what degree they trust each other
• Public keys are kept in key ring files
• PGP is considered a cryptosystem because it has all the necessary components: symmetric key algorithms, asymmetric key algorithms, message digest algorithms, keys, protocols, and the necessary software components.
• Can provide confidentiality, integrity, authentication, and nonrepudiation
•  

• ECB - Electronic Code Book
• CBC - Cipher Block Chaining
• CFB - Cipher Feedback
• OFB - Output Feedback
• CTR - Counter Mode

• does not handle any form of data encryptionsimply a method of exchanging keys
• a way to exchange public keys and generate session keys (symmetric keys) without needing to set up a prior relationship
• with key exchange functionality, the sender encrypts the symmetric key with the receiver's public key before transmission.
• Vulnerable to man-in-the-middle attacks because no authentication occurs before public keys are exchanged

Encapsulating Security Payload

• protocol within IPsec that uses cryptographic mechanisms to provide confidentiality, message integrity, and system authentication

• AH - Authentication header
• provides integrity and system authentication
• ESP - Encapsulating Security Payload
• uses cryptographic mechanisms to provide source (system) authentication, confidentiality, and message integrity.

Link vs. End-to-End

Encryption

• Encryption can be performed at different communication levels, each with different types of protection and implications.
• Link encryption encrypts the entire packet, including headers and trailers, and has to be decrypted at each hop. It occurs at the data link and physical layers
• End-to-end encryption does not encrypt the headers and trailers, and therefore does not need to be decrypted at each hop.It happens within the applications.

• when two items have the same value but are not supposed to.
• two messages being passed through a hashing algorithm should result in different message digest values
• another example is if different keys generate the same ciphertext for the same message

Elliptic Curve Cryptosystems

• most efficient of asymmetric algorithms
• used EC propterties to combine group and rule information.
• provides digital signatures, secure key distribution, and encryption

Initialization Vector

• Random values that are used with symmetric algorithms to ensure that patterns are not created during the encryption process
• do not need to be encrypted when being sent to destination

• includes key generation and proper destruction, key storage and transmission, key secrecy, and key length
• improper key management is one of the biggest downfalls of encryption.
• most activities are taken care of by different protocols
• automation provides a more accurate and secure approach (like a KDC in kerberos) 

• The key length should be long enough to provide the necessary level of

protection.

• Keys should be stored and transmitted by secure means.

• Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace.

• The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more

sensitive data might require a shorter key lifetime.)

• The more the key is used, the shorter its lifetime should be.

• Keys should be backed up or escrowed in case of emergencies.

• Keys should be properly destroyed when their lifetime comes to an end.

• A suite of protocols used to provide integrity, confidentiality, and system authentication (data origin authentication.

Secure Socket Layer

• provides data encryption over the internet while message is being sent
• Does NOT provide a true VPN service by protecting header information.
• uses public key encryption
• was developed originally by Netscape
• Along with encryption and message integrity, SSL also ensures server authentication and optional client authentication

• Key clustering is an instance when two different keys generate the same ciphertext from the same plaintext
• Collisions are when one algorithm makes same value for two different messages.

• MD2, MD4,MD5 - all one way functions that use 128-bit hash values. MD2 is much slower than the other two and MD5 is more complex. 
• HAVAL - one way function with a variable lenght value. it is a modification of MD5.
• SHA is a one way function that has a 160-bit hash value and is used with DSA
• SHA-1, SHA-256, SHA-384, SHA-512 - Updated versions of SHA. SHA-1 still uses 160 bit hash value. SHA-256 creates a 256-bit value and so on..

• A method of encryption in which the plaintext is combined with a random “pad,” which should be the same length as the plaintext. This encryption process uses a nonrepeating set of random bits that are combined bitwise (XOR) with the message to produce ciphertext. A one-time pad is a perfect encryption scheme, because it is unbreakable and each pad is used exactly once, but it is impractical because of all of the required overhead.
• sometimes it is referred to as the Vernam cipher

• Electronic Code Book (ECB)
• Cipher Block Chaining (CBC)
• Cipher Feedback (CFB)
• Output Feedback (OFB)
• Counter Mode (CTR)