|
A Cryptographic primitives are well-established cryptographic routines that are frequently used in security-related topics. These routines include, but are not limited to, one-way hash functions and encryption functions. Computer security is a field of computer science concerned with the control of risks related to computer use. ...
In cryptography, a cryptographic hash function is a hash function with certain additional security properties to make it suitable for use as a primitive in various information security applications, such as authentication and message integrity. ...
This article is about algorithms for encryption and decryption. ...
Rationale
When creating cryptographic systems, designers use cryptographic primitives as their most basic building blocks. Because of this, cryptographic primitives are designed to do one very specific task in a highly reliable fashion. One such task can be, for instance, encryption of data, or a digital signature on a set of data. A cryptosystem (or cryptographic system) is the package of all procedures, protocols, cryptographic algorithms and instructions used for encoding and decoding messages using cryptography. ...
Since cryptographic primitives are used as building blocks, they must be very reliable, i.e. perform according to their specification. E.g. if an encryption routine claims to be only breakable with X number of computer operations, then if it can be broken with significantly less than X operations, than that cryptographic primitive is said to fail. If a cryptographic primitive is found to fail, almost every protocol that uses it becomes vulnerable. Since creating cryptographic routines is very hard, and testing them to be reliable takes a long time, it is essentially never sensible (nor secure) to design a new cryptographic primitive to suit the needs of a new cryptographic system. The reasons include:
- The designer might not be competent in the mathematical and practical considerations involved in cryptographic primitives
- Designing a new cryptographic primitive is very time-consuming and very error prone, even for those expert in the field
- Since algorithms in this field are not only required to be designed well, but also need to be tested well by the cryptologist community, even if a cryptographic routine looks good from a design point of view it might still contain errors. Successfully withstanding such scrutiny gives some confidence (in fact, so far, the only confidence) that the algorithm is indeed secure enough to use; security proofs for cryptographic primitives are generally not available.
Cryptographic primitives are similar in some ways to programming languages. A computer programmer rarely invents a new programming language while writing a new program; instead, s/he will use one of the already established programming languages to program in. Categories: Move to Wiktionary | Computer stubs ...
A programming language is an artificial language that can be used to control the behavior of a machine (often a computer). ...
Computer programming (often simply programming) is the craft of implementing one or more interrelated abstract algorithms using a particular programming language to produce a concrete computer program. ...
Cryptographic primitives are one of the building block of every crypto system, eg, such as TLS, SSL, SSH, etc. Crypto system designers, not being in a position to definitively prove their security, must take the primitives they use as secure. Choosing the best primitive available for use in a protocol usually provides the best available security. However, compositional weaknesses are possible in any cryptosystem and it is the responsibility of the designer(s) to avoid them. The initialism TLS can mean many things. ...
SSL can mean more than one thing: Secure Sockets Layer, a communications protocol. ...
In computing, Secure shell, or SSH, is both a computer program and an associated network protocol designed for logging into and executing commands on a remote computer. ...
Combining cryptographic primitives Cryptographic primitives, on their own, are quite limited. They cannot be considered, properly, to be a cryptographic system. For instance, a bare encryption algorithm will provide no authentication mechanism, nor any explicit message integrity checking. Only when combined in security protocols, can more than one security requirement be addressed. For example, to transmit a message that is not only encoded but also protected from tinkering (i.e. it is confidential and integrity-protected), an encoding routine, such as DES and a hash-routine such as SHA-1 can be used in combination. If the attacker does not know the encryption key, he can not modify the message so that message digest values can't be successfully faked. Confidentiality has been defined by the International Organization for Standardization (ISO) as ensuring that information is accessible only to those authorized to have access and is one of the cornerstones of Information security. ...
In telecommunication, the term data integrity has the following meanings: The condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed. ...
General Designer(s) IBM First published 1975 (January 1977 as the standard) Derived from Lucifer (cipher) Cipher(s) based on this design Triple DES, G-DES, DES-X, LOKI89, ICE Algorithm detail Block size(s) 64 bits Key size(s) 56 bits Structure Feistel network Number of rounds 16 Best...
The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions designed by the National Security Agency (NSA) and published by the National Institute of Standards and Technology (NIST). ...
Combining cryptographic primitives to make a protocol is itself an entire specialization. Most exploitable errors (ie, insecurities in crypto systems) are due, not to design errors in the primitives (assuming always that they were chosen with care), but to the way they are used, i.e. bad protocol design and buggy or not careful enough implementation. Mathematical analysis of protocols is, at the time of this writing, not mature. There are some basic properties that can be verified with automated methods, such as BAN logic. There are even methods for full verification (e.g. the SPI calculus) but they are extremely cumbersome and cannot be automated. Protocol design is an art requiring deep knowledge and much practice; even then mistakes are common. An illustrative example, for a real system, can be seen on the OpenSSL vulnerability news page at [1]. Burrows-Abadi-Needham logic (also known as the BAN logic) uses postulates and definitions -- like all axiomatic systems -- to analyze authentication protocols. ...
OpenSSL is an open source implementation of the SSL and TLS protocols. ...
A List of cryptographic primitives: Category:Cryptographic primitives
References - Levente Buttyán, István Vajda : Kriptográfia és alkalmazásai (Cryptography and applied cryptography), Typotex 2004, ISBN 963-9548-13-8
External links |
Feeds |
Contact