Cryptography: What is Cryptanalysis, RC4 and CrypTool
Information plays a vital role in the running of businesses, organizations, military operations, etc. Information in the wrong hands can lead to loss of business or catastrophic results.
To secure communication, a business can use cryptology to cipher information. Cryptology involves transforming information into the Nonhuman readable format and vice versa.
In this Cryptography and Network Security tutorial, we will introduce you to the world of cryptology and how you can secure information from falling into the wrong hands.
What is Cryptography?
Cryptography is the study and application of techniques that hide the real meaning of information by transforming it into nonhuman readable formats and vice versa.
Let’s illustrate this with the aid of an example.
Suppose you want to send the message “I LOVE TO PLAY CRICKET”, you can replace every letter in the phrase with the third successive letter in the alphabet. The encrypted message will be “K NQXG VQ RNCA ETKEMGV”. To decrypt our message, we will have to go back to three letters in the alphabet using the letter that we want to decrypt.
The process of transforming information into a nonhuman readable form is called encryption.
The process of reversing encryption is called decryption.
Decryption is done using a secret key that is only known to the legitimate recipients of the information. The key is used to decrypt the hidden messages. This makes the communication secure because even if the attacker manages to get the information, it will not make sense to them.
The encrypted information is known as a cipher.
What is Cryptanalysis?
Cryptanalysis is the art of trying to decrypt the encrypted messages without using the key that was used to encrypt the messages. Cryptanalysis uses mathematical analysis and algorithms to decipher the ciphers. It is used to breach security systems to gain access to encrypted content and messages even the cryptographic key is unknown.
The success of cryptanalysis attacks depends
- Amount of time available
- Computing power available
- Storage capacity available
The following is a list of the commonly used Cryptanalysis attacks;
- Brute force attack– this type of attack uses algorithms that try to guess all the possible logical combinations of the plaintext which are then ciphered and compared against the original cipher.
- Dictionary attack– this type of attack uses a wordlist in order to find a match of either the plaintext or key. It is mostly used when trying to crack encrypted passwords.
- Rainbow table attack– this type of attack compares the ciphertext against pre-computed hashes to find matches.
What is cryptology?
Cryptology combines the techniques of cryptography and cryptanalysis.
MD5– this is the acronym for Message-Digest 5. It is used to create 128-bit hash values. Theoretically, hashes cannot be reversed into the original plain text. MD5 is used to encrypt passwords as well as check data integrity. MD5 is not collision-resistant. Collision resistance is the difficulty in finding two values that produce the same hash values.
- SHA– this is the acronym for Secure Hash Algorithm. SHA algorithms are used to generate condensed representations of a message (message digest). It has various versions such as;
- SHA-0: produces 120-bit hash values. It was withdrawn from use due to significant flaws and replaced by SHA-1.
- SHA-1: produces 160-bit hash values. It is similar to earlier versions of MD5. It has cryptographic weakness and is not recommended for use since the year 2010.
- SHA-2: it has two hash functions namely SHA-256 and SHA-512. SHA-256 uses 32-bit words while SHA-512 uses 64-bit words.
- SHA-3: this algorithm was formally known as Keccak.
- RC4– Brute force RC4 algorithm is used to create stream ciphers. It is mostly used in protocols such as Secure Socket Layer (SSL) to encrypt internet communication and Wired Equivalent Privacy (WEP) to secure wireless networks.
- BLOWFISH– this algorithm is used to create keyed, symmetrically blocked ciphers. It can be used to encrypt passwords and other data.