Task 1
1.1. How to Create a Key
To generate the keysquare we use a 5x5 grid, filling in the spaces of the table with the letters of the keyword (dropping any duplicate letters). The remaining spaces can then be filled with the rest of the letters of the alphabet in order (usually omitting a letter to reduce the alphabet to fit e.g. “J”). The key can be written in the top rows of the table, from left to right, or in some form of pattern known only to the legal recipient of the message.
1.2 How to Encipher Plain Text with the Key
To encrypt a message we break it into digraphs (groups of 2 letters). We then begin to encipher each digraph by applying the following 4 rules, in order, to each pair of letters in the plaintext:
1.3 How to Decipher Plain Text with the Key
Tools Used:
Playfair-Linux http://www.jw-stumpel.nl/puzzles.html
Allows the planning out of possible keysquares, and has a side by side comparison of the bigraph plaintext/ciphertext, see most frequently occurring bigraphs etc.
Attacks Used:
A different approach to tackling Playfair (if it were to be implemented into a program) would be the shotgun hillclimbing method. Since computers are much faster at solving problems of this nature. It would explore the different range of possibilities, with the plaintext or something very close being found based on finding the best candidate for output.
References:
Plain Text:
harry potter is a series of seven fantasy novels written by british author jk rowling the books chronicle the adventures of the adolescent wizard harry potter together with ron weasley and hermoine granger his friends from the hogwarts school of witchcraft and wizardry the central story arc concerns harrys struggle against the evil wizard lord voldemort who killed harrys parents in his quest to conquer the wizarding world and subjugate nonmagical people to his rule several successful derivative films video games and other themed merchandise have been based upon the series since the release of the first novel harry potter and the philosophers stone which was retitled harry potter and the sorcerers stone in the united states the books have gained immense popularity critical acclaim and commercial success worldwide the book series has sold more than four hundred million copies and has been translated into sixty seven languages and the last four books have consecutively set records as the fastest selling books in history english language versions of the books are published by bloomsbury in the united kingdom scholastic press in the united states allen unwin in australia and raincoast books in canada
KeySquare:
Task 2
Cryptographic Hash Functions
Should be Used
SHA-2
Currently, the best public attacks on SHA-2 break 24 of the 64 or 80 rounds. Although secure, SHA-2 functions are still not yet widely used.
http://eprint.iacr.org/2008/270.pdf
RIPEMD-160
Similar in performance to SHA-1 and has no current known vulnerabilities.
Tiger
Designed for efficiency on 64-bit platforms, no known attacks have been made on the full 24 round tiger.
RadioGatún
RadioGatún is a derivative of Panama. RadioGatún does not have Panama's weaknesses when used as a hash function.
Whirlpool
No known security vulnerabilities. It has also been adopted by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as part of the joint ISO/IEC 10118-3 international standard. http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=39876
Recommendation:
If performance in encryption/decryption is required, the RIPEMD-160 algorithm is a suitable option.
Otherwise, SHA-2 and Whirlpool are also good viable options for security (while supporting larger key sizes).
Should not be used
SHA-1
“NIST encourages a rapid adoption of the SHA-2 hash functions for digital signatures, and, in any event, Federal agencies must stop relying on digital signatures that are generated using SHA-1 by the end of 2010.”
http://csrc.nist.gov/groups/ST/hash/statement.html
MD5
“Weaknesses in the MD5 algorithm allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic.” http://www.kb.cert.org/vuls/id/836068
SHA-0, HAVAL, MD4, RIPEMD
http://www.rsa.com/rsalabs/node.asp?id=2738
MD2
“...it has been shown that it is possible to find collisions for the compression function of MD2”
ftp://ftp.rsa.com/pub/pdfs/bulletn4.pdf
Panama
“We present a practical attack on the Panama hash function that generates a collision in 26 evaluations of the state updating function.” This means that collisions can be produced in practice.
http://radiogatun.noekeon.org/panama/
Public Key Cryptosystems
Should be Used
RSA
RSA is secure given sufficiently long keys and the use of up-to-date implementations. It is a block cipher, the most widely implemented. However is much slower than DES and other symmetric cryptosystems.
Diffie-Hellman
Allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.
Recommendation:
RSA is the most suitable option in majority of cases. It has proven to be secure, and is the most commonly implemented public key cryptosystem.
Should not be Used
“Almost all the equations... can be solved in polynomial time, and thus cleartexts that correspond to given cyphertexts can be easily found”
http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C82/279.PDF
