Cryptography

Cryptography is an interdisciplinary subject, drawing from several fields. Older forms of cryptography were chiefly concerned with patterns in language. More recently, the emphasis has shifted, and cryptography makes extensive use of mathematics, particularly discrete mathematics, including topics from number theory, information theory, computational complexity, statistics and combinatorics. Cryptography is also considered a branch of engineering, but it is considered to be an unusual one as it deals with active, intelligent and malevolent opposition (see cryptographic engineering and security engineering). Cryptography is a tool used within computer and network security.

Cryptanalysis

Main article: Cryptanalysis

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

The goal of cryptanalysis is to find some weaknesses or insecurity in a cryptographic scheme. Cryptanalysis might be undertaken by a hostile attacker, attempting to subvert a system; or by the system's designer (or others) wishing to evaluate whether a system is secure.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

There are a wide variety of cryptanalytic attacks, and they can be classified in several ways. One distinction concerns what an attacker can know and do in order to learn secret information. For example, does the cryptanalyst have access only to the ciphertext? Does he also know or can he guess some corresponding plaintexts? Or even: Can he choose arbitrary plaintexts to be encrypted? These scenarios correspond to ciphertext only, known plaintext and chosen plaintext attacks, respectively.

Related Topics:
Ciphertext only - Known plaintext - Chosen plaintext

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

While pure cryptanalysis uses weaknesses in the algorithms themselves, other attacks are based upon the implementation, known as side-channel attacks. If a cryptanalyst has access to, say, the amount of time the algorithm took to encrypt a number of plaintexts, he may be able to use a timing attack to break a cipher that is otherwise resistant to analysis. An attacker also might consider studying the pattern and length of messages to derive valuable information; this is known as traffic analysis.

Related Topics:
Implementation - Side-channel attack - Timing attack - Traffic analysis

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

If a cryptosystem uses a key derived from a password, it may be at risk of exhaustive search, due to the insufficient size or randomness of passwords. This is a common weak point in cryptographic systems. For network applications, a password-authenticated key agreement protocol can address some of the limitations of passwords. For standalone applications, either a secure means for storing the password-derived data and/or a passphrase is often recommended.

Related Topics:
Password - Exhaustive search - Password-authenticated key agreement - Passphrase

~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Linear and differential cryptanalysis are general methods for symmetric key cryptography. When cryptography relies on hard mathematical problems, as is usually the case in asymmetric cryptography, algorithms for tasks such as factoring become potential tools for cryptanalysis.

Related Topics:
Linear - Differential cryptanalysis - Symmetric key cryptography - Hard - Mathematical problem - Asymmetric cryptography - Factoring

~ ~ ~ ~ ~ ~ ~ ~ ~ ~