Decrypting Encryption
(for Fun and Profit)
Christopher Ward,
CISSP,
CCISO
Director of Information Security
Vinson & Elkins, LLP
Just because you’re paranoid
doesn’t mean they’re not out to
get you.
System Centric vs. Data Centric Security
Valuable Data
Access Control Lists
Admin Access
2 Factor
Authentication
Firewall
System Centric vs. Data Centric Security
Encryption and Data
Centric
Security
Encryption:
o
Independent of
o
operating system
o
transmission
o
media
o
Maintains its own independent
ACLs
Protection strength based on algorithms used and key
length
Encryption Types
Hashes
A
cryptographic
hash
function
is
an
algorithm that takes an
arbitrary block of data and returns a fixed

size bit
string.
The
ideal cryptographic hash function has four main properties:
it is easy to compute the hash value for any given message
it is infeasible to generate a message that has a given hash
it is infeasible to modify a message without changing the hash
it is infeasible to find two different messages with the same
hash
.
Common:
MD5
SHA1
SHA256
RIPEMD
Encryption Types
Hashes
Password Encryption
Digital Document Fingerprinting
Message Integrity Verification
Encryption Types
Symmetric Encryption
Symmetric

key
encryption
uses
the same cryptographic
key
(shared key) for
both encryption of plaintext and decryption of
ciphertext.
Two basic types:
Stream ciphers encrypt the
digits/bytes/ characters
of a
message one at a time.
Block ciphers take a number of bits and encrypt them as a
single unit, padding the plaintext so that it is a multiple of
the block
size.
Encryption Types
Symmetric Encryption
Most common form of encryption
Fast
Control strength by key length and
iterations
Common
Algorithms:
AES
Blowfish
DES / Triple DES
Serpent
Twofish
RC4
(stream)
Encryption Types
Symmetric Encryption
Most common uses:
Local file encryption (MS Word, WinZip,
TrueCrypt
)
Fixed point

to

point encryption
Device & disk encryption
Asymmetric payload encryption
Symmetric Encryption
Encryption Types
Asymmetric
Encryption
Asymmetric

key
encryption
uses
two keys:
1.
Public key used for encryption
of plaintext
2.
Private key used for decryption
of
ciphertext
Common Algorithms:
RSA
Diffie
–
Hellman
Digital Signature Standard (
DSS
)
Elliptic Curve
Encryption Types
Asymmetric Encryption
Secure key distribution
Slower
Associate key with identity
Easier key management
Encryption Types
Asymmetric Encryption
Examples of protocols using asymmetric key algorithms
include
:
Internet Key Exchange (
X.509
certificates)
Transport
Layer Security (TLS)
PGP
/
OpenPGP
/
GPG
SSH
Bitcoin
Asymmetric Encryption
Practical Examples
Do you know what I know?
Practical Examples
File Sharing with Symmetric Keys
Practical Examples
File Sharing with Public Keys
Practical Examples
Digital Signatures
Pra
ctical Examples
Cloud “Security”
Perfect Forward Security
Key Length
Asymmetric (RSA) keys
Longer keys = more secure
but longer processing
Key length should be 2048 bits to protect data for about
20 years
•
3072
bits for 20+ years
•
4096 bits for lifetime of the universe
•
8192 bits for the
uber

paranoid
Key Length
Symmetric Keys
Each bit doubles the key length
256 Bits AES is both fast and secure enough for your lifetime
NSA “Suite B”
http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Function
Use
Bits
Standard
Hash
SHA
256 / 384
FIPS
180

2
Symmetric
AES
128 / 256
FIPS
197
Signature
ECDSA
256 / 384
FIPS
186

2
Key Exchange
ECDH
256 / 384
SP
800

56
Questions
Comments 0
Log in to post a comment