Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard now receives more attention, Schneier recommends Twofish for modern applications. Schneier designed Blowfish as a general-purpose algorithm, intended as an alternative to the aging DES and free of the problems and constraints associated with other algorithms. At the time Blowfish was released, many other designs were proprietary, encumbered by patents or were commercial or government secrets. Schneier has stated that, "Blowfish is unpatented, will remain so in all countries; the algorithm is hereby placed in the public domain, can be used by anyone."Notable features of the design include key-dependent S-boxes and a complex key schedule. Blowfish has a variable key length from 32 bits up to 448 bits.
It uses large key-dependent S-boxes. In structure it resembles CAST-128; the adjacent diagram shows Blowfish's encryption routine. Each line represents 32 bits. There are five subkey-arrays: four 256-entry S-boxes; every round r consists of 4 actions: The F-function splits the 32-bit input into four eight-bit quarters, uses the quarters as input to the S-boxes. The S-boxes produce 32-bit output; the outputs are added XORed to produce the final 32-bit output. After the 16th round, undo the last swap, XOR L with K18 and R with K17. Decryption is the same as encryption, except that P1, P2, …, P18 are used in the reverse order; this is not so obvious because xor is associative. A common misconception is to use inverse order of encryption as decryption algorithm. Blowfish's key schedule starts by initializing the P-array and S-boxes with values derived from the hexadecimal digits of pi, which contain no obvious pattern; the secret key is byte by byte, cycling the key if necessary, XORed with all the P-entries in order.
A 64-bit all-zero block is encrypted with the algorithm as it stands. The resultant ciphertext replaces P1 and P2; the same ciphertext is encrypted again with the new subkeys, the new ciphertext replaces P3 and P4. This continues, replacing all the S-box entries. In all, the Blowfish encryption algorithm will run 521 times to generate all the subkeys - about 4KB of data is processed; because the P-array is 576 bits long, the key bytes are XORed through all these 576 bits during the initialization, many implementations support key sizes up to 576 bits. The reason for, a discrepancy between the original Blowfish description, which uses 448-bit key, its reference implementation, which uses 576-bit key; the test vectors for verifying third party implementations were produced with 576-bit keys. When asked which Blowfish version is the correct one, Bruce Schneier answered: "The test vectors should be used to determine the one true Blowfish". Another opinion is that the 448 bits limit is here to ensure that every bit of every subkey depends on every bit of the key, as the last four values of the P-array don't affect every bit of the ciphertext.
This point should be taken in consideration for implementations with a different number of rounds, as though it increases security against an exhaustive attack, it weakens the security guaranteed by the algorithm. And given the slow initialization of the cipher with each change of key, it is granted a natural protection against brute-force attacks, which doesn't justify key sizes longer than 448 bits. Blowfish is a fast block cipher, except; each new key requires pre-processing equivalent to encrypting about 4 kilobytes of text, slow compared to other block ciphers. This is not a problem in others. In one application Blowfish's slow key changing is a benefit: the password-hashing method used in OpenBSD uses an algorithm derived from Blowfish that makes use of the slow key schedule. See key stretching. Blowfish has a memory footprint of just over 4 kilobytes of RAM; this constraint is not a problem for older desktop and laptop computers, though it does prevent use in the smallest embedded systems such as early smartcards.
Blowfish was one of the first secure block ciphers not subject to any patents and therefore available for anyone to use. This benefit has contributed to its popularity in cryptographic software. Bcrypt is a password hashing function which, combined with a variable number of iterations, exploits the expensive key setup phase of Blowfish to increase the workload and duration of hash calculations, further reducing threats from brute force attacks. Bcrypt is the name of a cross-platform file encryption utility implementing Blowfish developed in 2002. Blowfish's use of a 64-bit block size makes it vulnerable to birthday attacks in contexts like HTTPS. In 2016, the SWEET32 attack demonstrated how to leverage birthday attacks to perform plaintext recovery against ciphers with a 64-bit block size; the GnuPG project recommends that Blowfish not be used to encrypt files larger than 4 GB
RSA Security LLC RSA Security, Inc. and doing business as RSA, is an American computer and network security company. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was named. Among its products are the RSA BSAFE cryptography libraries and the SecurID authentication token. RSA is known for incorporating backdoors developed by the NSA in its products, it organizes the annual RSA Conference, an information security conference. Founded as an independent company in 1982, RSA Security was acquired by EMC Corporation in 2006 for US$2.1 billion and operated as a division within EMC. When EMC was acquired by Dell Technologies in 2016, RSA became part of the Dell Technologies family of brands. RSA is based in Bedford, with regional headquarters in Bracknell and Singapore, numerous international offices. Ron Rivest, Adi Shamir and Leonard Adleman, who developed the RSA encryption algorithm in 1977, founded RSA Data Security in 1982.
In 1994, RSA was against the Clipper Chip during the Crypto War. In 1995, RSA sent a handful of people across the hall to found Digital Certificates International, better known as VeriSign; the company called Security Dynamics acquired RSA Data Security in July 1996 and DynaSoft AB in 1997. In January 1997, it proposed the first of the DES Challenges which led to the first public breaking of a message based on the Data Encryption Standard. In February 2001, it acquired Xcert International, Inc. a held company that developed and delivered digital certificate-based products for securing e-business transactions. In May 2001, it acquired 3-G International, Inc. a held company that developed and delivered smart card and biometric authentication products. In August 2001, it acquired Securant Technologies, Inc. a held company that produced ClearTrust, an identity management product. In December 2005, it acquired Cyota, a held Israeli company specializing in online security and anti-fraud solutions for financial institutions.
In April 2006, it acquired PassMark Security. On September 14, 2006, RSA stockholders approved the acquisition of the company by EMC Corporation for $2.1 billion. In 2007, RSA acquired Valyd Software, a Hyderabad-based Indian company specializing in file and data security. In 2009, RSA launched the RSA Share Project; as part of this project, some of the RSA BSAFE libraries were made available for free. To promote the launch, RSA ran a programming competition with a US$10,000 first prize. In 2011, RSA introduced a new CyberCrime Intelligence Service designed to help organizations identify computers, information assets and identities compromised by trojans and other online attacks. In July 2013, RSA acquired Aveksa the leader in Identity and Access Governance sector On September 7, 2016, RSA was acquired by and became a subsidiary of Dell EMC Infrastructure Solutions Group through the acquisition of EMC Corporation by Dell Technologies in a cash and stock deal led by Michael Dell. On March 17, 2011 RSA disclosed an attack on its two-factor authentication products.
The attack was similar to the Sykipot attacks, the July 2011 SK Communications hack, the NightDragon series of attacks. RSA called it an Advanced Persistent Threat. RSA's relationship with the NSA has changed over the years. Reuter's Joseph Menn and cybersecurity analyst Jeffrey Carr have noted that the two once had an adversarial relationship. In its early years, RSA and its leaders were prominent advocates of strong cryptography for public use, while NSA and the Bush and Clinton administrations sought to prevent its proliferation. For 10 years, I've been going toe to toe with these people at Fort Meade; the success of this company is the worst thing. To them, we're the real enemy, we're the real target. We have the system. If the U. S. adopted RSA as a standard, you would have a international, unbreakable, easy-to-use encryption technology. And all those things together are so synergistically threatening to the N. S. A.'s interests. In the mid-1990s, RSA and Bidzos led a "fierce" public campaign against the Clipper Chip, an encryption chip with a backdoor that would allow the U.
S. government to decrypt communications. The Clinton administration pressed telecommunications companies to use the chip in their devices, relaxed export restrictions on products that used it. RSA joined civil libertarians and others in opposing the Clipper Chip by, among other things, distributing posters with a foundering sailing ship and the words "Sink Clipper!" RSA Security created the DES Challenges to show that the used DES encryption was breakable by well-funded entities like the NSA. The relationship shifted from adversarial to cooperative after Bidzos stepped down as CEO in 1999, according to Victor Chan, who led RSA's department engineering until 2005: "When I joined there were 10 people in the labs, we were fighting the NSA, it became a different company on." For example, RSA was reported to have accepted $10 million from the NSA in 2004 in a deal to use the NSA-designed Dual EC DRBG random number generator in their BSAFE library, despite many indications that Dual_EC_DRBG was both of poor quality and backdoored.
RSA Security released a statement about the Dual_EC_DRBG kleptographic backdoor: We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, e
In cryptography, CAST-128 is a symmetric-key block cipher used in a number of products, notably as the default cipher in some versions of GPG and PGP. It has been approved for Government of Canada use by the Communications Security Establishment; the algorithm was created in 1996 by Carlisle Adams and Stafford Tavares using the CAST design procedure. Another member of the CAST family of ciphers, CAST-256 was derived from CAST-128. According to some sources, the CAST name is based on the initials of its inventors, though Bruce Schneier reports the authors' claim that "the name should conjure up images of randomness". CAST-128 is a 12- or 16-round Feistel network with a 64-bit block size and a key size of between 40 and 128 bits; the full 16 rounds are used. Components include large 8×32-bit S-boxes based on bent functions, key-dependent rotations, modular addition and subtraction, XOR operations. There are three alternating types of round function, but they are similar in structure and differ only in the choice of the exact operation at various points.
Although Entrust holds a patent on the CAST design procedure, CAST-128 is available worldwide on a royalty-free basis for commercial and non-commercial uses. PGP GPG AES RFC 2144 The CAST-128 Encryption Algorithm "CAST Encryption Algorithm Related Publications". Archived from the original on 2007-12-17. Retrieved 2013-01-15. CS1 maint: BOT: original-url status unknown "Standard Cryptographic Algorithm Naming: Symmetric Ciphers - CAST-128". Retrieved 2013-01-14."CSEC Approved Cryptographic Algorithms for the Protection of Sensitive Information and for Electronic Authentication and Authorization Applications within GC". Communications Security Establishment Canada. 2011-03-01. Retrieved 2014-12-04
Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, military communications. Cryptography prior to the modern age was synonymous with encryption, the conversion of information from a readable state to apparent nonsense; the originator of an encrypted message shares the decoding technique only with intended recipients to preclude access from adversaries. The cryptography literature uses the names Alice for the sender, Bob for the intended recipient, Eve for the adversary. Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become complex and its application more widespread.
Modern cryptography is based on mathematical theory and computer science practice. It is theoretically possible to break such a system, but it is infeasible to do so by any known practical means; these schemes are therefore termed computationally secure. There exist information-theoretically secure schemes that provably cannot be broken with unlimited computing power—an example is the one-time pad—but these schemes are more difficult to use in practice than the best theoretically breakable but computationally secure mechanisms; the growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation. Cryptography plays a major role in digital rights management and copyright infringement of digital media.
The first use of the term cryptograph dates back to the 19th century—originating from The Gold-Bug, a novel by Edgar Allan Poe. Until modern times, cryptography referred exclusively to encryption, the process of converting ordinary information into unintelligible form. Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher is a pair of algorithms that create the reversing decryption; the detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret a short string of characters, needed to decrypt the ciphertext. Formally, a "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, the encryption and decryption algorithms which correspond to each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless for most purposes.
Ciphers were used directly for encryption or decryption without additional procedures such as authentication or integrity checks. There are two kinds of cryptosystems: asymmetric. In symmetric systems the same key is used to decrypt a message. Data manipulation in symmetric systems is faster than asymmetric systems as they use shorter key lengths. Asymmetric systems use a public key to encrypt a private key to decrypt it. Use of asymmetric systems enhances the security of communication. Examples of asymmetric systems include RSA, ECC. Symmetric models include the used AES which replaced the older DES. In colloquial use, the term "code" is used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning, it means the replacement of a unit of plaintext with a code word. Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key required to do so; some use the terms cryptography and cryptology interchangeably in English, while others use cryptography to refer to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis.
English is more flexible than several other languages in which crypto
In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key, created from the password using a key derivation function; this is known as an exhaustive key search. A brute-force attack is a cryptanalytic attack that can, in theory, be used to attempt to decrypt any encrypted data; such an attack might be used when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier. When password-guessing, this method is fast when used to check all short passwords, but for longer passwords other methods such as the dictionary attack are used because a brute-force search takes too long. Longer passwords and keys have more possible values, making them exponentially more difficult to crack than shorter ones. Brute-force attacks can be made less effective by obfuscating the data to be encoded making it more difficult for an attacker to recognize when the code has been cracked or by making the attacker do more work to test each guess.
One of the measures of the strength of an encryption system is how long it would theoretically take an attacker to mount a successful brute-force attack against it. Brute-force attacks are an application of brute-force search, the general problem-solving technique of enumerating all candidates and checking each one. Brute-force attacks work by calculating every possible combination that could make up a password and testing it to see if it is the correct password; as the password's length increases, the amount of time, on average, to find the correct password increases exponentially. The resources required for a brute-force attack grow exponentially with increasing key size, not linearly. Although U. S. export regulations restricted key lengths to 56-bit symmetric keys, these restrictions are no longer in place, so modern symmetric algorithms use computationally stronger 128- to 256-bit keys. There is a physical argument that a 128-bit symmetric key is computationally secure against brute-force attack.
The so-called Landauer limit implied by the laws of physics sets a lower limit on the energy required to perform a computation of kT · ln 2 per bit erased in a computation, where T is the temperature of the computing device in kelvins, k is the Boltzmann constant, the natural logarithm of 2 is about 0.693. No irreversible computing device can use less energy than this in principle. Thus, in order to flip through the possible values for a 128-bit symmetric key would, require 2128 − 1 bit flips on a conventional processor. If it is assumed that the calculation occurs near room temperature, the Von Neumann-Landauer Limit can be applied to estimate the energy required as ~1018 joules, equivalent to consuming 30 gigawatts of power for one year; this is equal to 30 × 109 W × 365 × 24 × 3600 s = 9.46 × 1017 262.7 TWh. The full actual computation – checking each key to see if a solution has been found – would consume many times this amount. Furthermore, this is the energy requirement for cycling through the key space.
However, this argument assumes that the register values are changed using conventional set and clear operations which generate entropy. It has been shown that computational hardware can be designed not to encounter this theoretical obstruction, though no such computers are known to have been constructed; as commercial successors of governmental ASIC solutions have become available known as custom hardware attacks, two emerging technologies have proven their capability in the brute-force attack of certain ciphers. One is modern graphics processing unit technology, the other is the field-programmable gate array technology. GPUs benefit from their wide availability and price-performance benefit, FPGAs from their energy efficiency per cryptographic operation. Both technologies try to transport the benefits of parallel processing to brute-force attacks. In case of GPUs some hundreds, in the case of FPGA some thousand processing units making them much better suited to cracking passwords than conventional processors.
Various publications in the fields of cryptographic analysis have proved the energy efficiency of today's FPGA technology, for example, the COPACOBANA FPGA Cluster computer consumes the same energy as a single PC, but performs like 2,500 PCs for certain algorithms. A number of firms provide hardware-based FPGA cryptographic analysis solutions from a single FPGA PCI Express card up to dedicated FPGA computers. WPA and WPA2 encryption have been brute-force attacked by reducing the workload by a factor of 50 in comparison to conventional CPUs and some hundred in case of FPGAs. AES permits the use of 256-bit keys. Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion AES keys per second would, in theory, require about 3×1051 years to exhaust the 256-bit key space. An underlying assumption of a brute-force attack is that the complete keyspace was used to generate keys, something that relies on an effective random number generator, that there are no defects in the algorithm or its implementation.
In cryptography, RC6 is a symmetric key block cipher derived from RC5. It was designed by Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin to meet the requirements of the Advanced Encryption Standard competition; the algorithm was one of the five finalists, was submitted to the NESSIE and CRYPTREC projects. It was a proprietary algorithm, patented by RSA Security. RC6 proper has a block size of 128 bits and supports key sizes of 128, 192, 256 bits up to 2040-bits, like RC5, it may be parameterised to support a wide variety of word-lengths, key sizes, number of rounds. RC6 is similar to RC5 in structure, using data-dependent rotations, modular addition, XOR operations. Note that the key expansion algorithm is identical to that of RC5; the only difference is. In August 2016, code reputed to be Equation Group or NSA "implants" for various network security devices was disclosed; the accompanying instructions revealed that some of these programs use RC6 for confidentiality of network communications.
As RC6 has not been selected for the AES, it was not guaranteed. As of January 2017, a web page on the official web site of the designers of RC6, RSA Laboratories, states the following: "We emphasize that if RC6 is selected for the AES, RSA Security will not require any licensing or royalty payments for products using the algorithm"; the emphasis on the word "if" suggests that RSA Security Inc. may have required licensing and royalty payments for any products using the RC6 algorithm. RC6 was a patented encryption algorithm. Pavan, R. L.. J. B.. Y. L.. "The RC6 Block Cipher". V1.1. Retrieved 2015-08-02. Beuchat, Jean-Luc. "FPGA Implementations of the RC6 Block Cipher". Archived from the original on 2006-05-05. Thompson, Iain. "How the NSA hacks PCs, routers, hard disks'at speed of light': Spy tech catalog leaks". The Register. Retrieved 2015-08-02. "Cryptography - 256 bit Ciphers: Reference source code and submissions to international cryptographic designs contests"."Symmetric Ciphers: RC6". Standard Cryptographic Algorithm Naming.
2009-04-15."RC6® Block Cipher". RSA Laboratories
In cryptography, XTEA is a block cipher designed to correct weaknesses in TEA. The cipher's designers were David Wheeler and Roger Needham of the Cambridge Computer Laboratory, the algorithm was presented in an unpublished technical report in 1997, it is not subject to any patents. Like TEA, XTEA is a 64-bit block Feistel cipher with a suggested 64 rounds. Several differences from TEA are apparent, including a somewhat more complex key-schedule and a rearrangement of the shifts, XORs, additions; this standard C source code, adapted from the reference code released into the public domain by David Wheeler and Roger Needham and decrypts using XTEA: The changes from the reference source code are minor: The reference source code used the unsigned long type rather than the 64-bit clean uint32_t. The reference source code did not use const types; the reference source code omitted redundant parentheses, using C precedence to write the round function as e.g. v1 += + v0 ^ sum + k. To additionally improve speed, the loop can be unrolled by pre-computing the values of sum+key.
In 2004, Ko et al. presented a related-key differential attack on 27 out of 64 rounds of XTEA, requiring 220.5 chosen plaintexts and a time complexity of 2115.15. In 2009, Lu presented a related-key rectangle attack on 36 rounds of XTEA, breaking more rounds than any published cryptanalytic results for XTEA; the paper presents two attacks, one without and with a weak key assumption, which corresponds to 264.98 bytes of data and 2126.44 operations, 263.83 bytes of data and 2104.33 operations respectively. Presented along with XTEA was a variable-width block cipher termed Block TEA, which uses the XTEA round function, but Block TEA applies it cyclically across an entire message for several iterations; because it operates on the entire message, Block TEA has the property that it does not need a mode of operation. An attack on the full Block TEA was described in, which details a weakness in Block TEA's successor, XXTEA. RC4 — A stream cipher that, just like XTEA, is designed to be simple to implement.
XXTEA — Block TEA's successor. TEA — Block TEA's precursor. Sekar, Gautham. Kiayias, A. ed. Meet-in-the-Middle Attacks on Reduced-Round XTEA. Topics in Cryptology – CT-RSA 2011. Lecture Notes in Computer Science. 6558. Pp. 250–267. Doi:10.1007/978-3-642-19074-2_17. ISBN 978-3-642-19073-5. Retrieved 2018-10-10. Ko, Youngdai. Related Key Differential Attacks on 27 Rounds of XTEA and Full-Round GOST. Fast Software Encryption. Lecture Notes in Computer Science. 3017. Pp. 299–316. Doi:10.1007/978-3-540-25937-4_19. ISBN 978-3-540-22171-5. Retrieved 2018-10-10. Hong, Seokhie. Differential Cryptanalysis of TEA and XTEA. Information Security and Cryptology - ICISC 2003. Lecture Notes in Computer Science. 2971. Pp. 402–417. Doi:10.1007/978-3-540-24691-6_30. ISBN 978-3-540-21376-5. Moon, Dukjae. Impossible Differential Cryptanalysis of Reduced Round XTEA and TEA. Fast Software Encryption. Lecture Notes in Computer Science. 2365. Pp. 49–60. Doi:10.1007/3-540-45661-9_4. ISBN 978-3-540-44009-3. Retrieved 2018-10-10. Andem, Vikram Reddy.