Stronger cryptography or strong cryptography is a generic term applied to cryptographic systems or components that are deemed very resistant to password readings.
Demonstrating the opposite of any cryptographic scheme to attack is a complex issue, requiring extensive testing and review, preferably in public forums. Good algorithms and protocols are required, and good system design and implementation are also required. For example, operating systems run by cryptographic software should be secured as accurately as possible. Users can handle passwords unsafe, or trust too many 'services' personnel, or just misuse the software. (See social engineering.) "Strong" is an inappropriate term and may not apply in certain situations.
Video Strong cryptography
​​â € <â €
The use of computers changed the process of reading the password, which is famous for Colossus Bletchley Park. But as the development of digital and electronic computers helps in cryptanalysis, it also allows a much more complex cipher. Usually the case of using quality ciphers is very efficient, while breaking them up requires much larger order attempts - making code readings inefficient and impractical and therefore ineffective.
Since the publication of Data Encryption Standards, Diffie-Hellman and RSA algorithms in the 1970s, cryptography has a deep connection with abstract mathematics and is a widely used tool in communications, computer networks, and computer security in general.
Maps Strong cryptography
Strong cryptographic algorithms
The term "cryptographically strong" is often used to describe an encryption algorithm, and implies, compared to some other algorithm (thus weak cryptography), greater resistance to attack. But it can also be used to describe hashing and unique identifiers and file name creation algorithms. See for example description of Microsoft.NET Path runtime function Path.GetRandomFileName. In this usage, this term means "hard to guess".
The encryption algorithm is meant to be solved (in this case as powerful as it once was), but it may be solved (in this case as weak as ever) so non-existent, in principle, the power continuum as idiom seems to imply: Algorithm A is stronger than Algorithm B which is stronger than Algorithm C, and so on. The situation is made more complex, and less subsumable into a single power metric, with the fact that there are many types of cryptanalytic attacks and that any given algorithm tends to force attackers to do more work to solve them when using one attack than another.
There is only one cryptographic system that can not be solved, once pad, this is generally impossible to use because of the difficulties involved in the exchange of one bearing without them being compromised. So any encryption algorithm can be compared with perfect algorithm, pad once.
The usual meaning in which the term is (loosely) used, refers to a particular attack, the search for brute force keys - especially in explanations for newcomers in the field. Indeed, with this attack (always assuming the key has been randomly selected), there is a continuum of resistance depending on the key length used. There are, however, two major issues: many algorithms permit the use of different long keys at different times, and any algorithm can ignore the use of the full key length possible. Thus, Blowfish and RC5 are coded block algorithms whose designs are specifically permitted for some key lengths, and which therefore can not be said to have certain power with respect to the search for brute force keys. Furthermore, US export regulations limit the key lengths for cryptographic products that can be exported and in some cases in the 1980s and 1990s (eg, well-known in the case of Lotus Notes export approval) only partial keys are used, reducing the 'power' against brute attacks force for their (export) version. More or less the same thing happens outside the US as well, as in the case of more than one cryptographic algorithm in GSM mobile phone standards.
The term is generally used to convey that some algorithms are suitable for some tasks in cryptography or information security, but also reject the reading of the password and have no, or fewer, security flaws. Tasks vary, and may include:
- produces randomness
- encrypt data
- provides a method to ensure data integrity
Strong Cryptographic seems to mean that the method described has some sort of maturity, perhaps even approved for use against various types of systematic attacks in theory and/or practice. Indeed, the method may withstand those attacks long enough to protect the information carried (and what is behind the information) for a useful period of time. But due to the complexity and subtlety of the field, it almost never happens. Because such assurances are not really available in real practice, the skills in language that imply that they will generally be misleading.
There will always be uncertainty as progress (for example, in cryptanalytic theory or simply affordable computer capacity) can reduce the effort required to successfully use some method of attack against an algorithm.
In addition, the actual use of cryptographic algorithms requires their encapsulation in cryptosystems, and doing so often introduces vulnerabilities that are not due to errors in an algorithm. For example, essentially all algorithms require a random selection key, and any cryptosystem that does not provide those keys will be the target of the attack regardless of the quality of any attack of the encryption algorithm used.
Legal issues
Because the use of strong cryptography makes the task of intelligence agencies more difficult, many countries have enacted restrictive laws or regulations or only prohibit unauthorized use of cryptography. For example, the United States has defined cryptographic products as ammunition since World War II and has banned the export of cryptography outside certain 'powers' (measured in part by key measures), and Russia banned its use by individuals in 1995. It is unclear whether Russia's ban is still apply. France has quite strict regulations in this field, but has loosened it in recent years.
Example
- PGP is generally regarded as a robust cryptographic example, with versions running under the most popular operating systems and on various hardware platforms. Open source standards for PGP operations are OpenPGP, and GnuPG is a standard implementation of the FSF.
- The AES algorithm is considered robust after being selected in a long, open selection process involving multiple tests.
- Elliptic curve cryptography is another system based on graphical geometric functions
Examples that are not considered cryptographically strong include:
- DES, whose 56-bit key allows attacks through complete search.
- Wired Equivalent Privacy is subject to a number of attacks due to defects in its design.
- SSL v2 and v3.
- MD5 and SHA-1 hash functions.
- Cipher stream RC4.
- Clipper Chip, a failed initiative from the US government that includes key storage provisions, allows the government to gain access to the key.
- 40-bit Content Trap System is used to encrypt most DVD-Video discs.
- Almost all classic passwords.
- Most rotary ciphers, like Enigma machines.
The latest version of the TLS protocol (version 1.2), used to secure Internet transactions, is generally considered powerful. Some vulnerabilities exist in earlier versions, including the attacks shown such as POODLE. Worse, some ciphers are deliberately attenuated to use 40-bit effective keys to allow exports under US regulations in 1996.
Note
References
- Strong Cryptography - Changes in Global Change, Cato Institute Briefing Paper no. 51
See also
- 40-bit encryption
- Encryption security summary
- Cryptography export
- Comparison of cryptographic libraries
- FBI-Apple encryption dispute
- Hash security function summary
- Security level
Source of the article : Wikipedia
0 Comments