1
00:00:01,020 --> 00:00:11,820
Let's try to enhance the security of D.S. to do this you can for example use a variant called D.S. x.

2
00:00:11,860 --> 00:00:15,640
The idea is to keep the algorithm while fixing some major problems.

3
00:00:17,040 --> 00:00:22,140
Making kingsize longer means that the number of operations required to test all possible keys will rise

4
00:00:22,140 --> 00:00:23,340
exponentially.

5
00:00:27,270 --> 00:00:31,400
The Morath operation of the DE ESX algorithm is as follows.

6
00:00:32,700 --> 00:00:38,360
The first block of input is Exel armed with the first 64 bit key.

7
00:00:38,390 --> 00:00:43,580
The result is encrypted using a 56 bit key.

8
00:00:43,600 --> 00:00:45,760
The result is then X ored with the third key.

9
00:00:45,760 --> 00:00:51,620
That also has 64 bits.

10
00:00:51,740 --> 00:00:54,090
In theory having three keys.

11
00:00:54,140 --> 00:01:02,180
Their summary length is 184 bits the size however does not contribute directly to the ciphertext security

12
00:01:03,920 --> 00:01:10,070
cryptographic analysis shows that the practical security the key is entropy boosted from 64 to more

13
00:01:10,070 --> 00:01:11,690
or less 88 bits.

14
00:01:13,190 --> 00:01:14,720
This is a large step forward

15
00:01:19,080 --> 00:01:28,030
ESX is considerably more secure than D.S. the algorithm is relatively fast which is why it was implemented

16
00:01:28,030 --> 00:01:29,830
in the EFI system.

17
00:01:29,870 --> 00:01:32,820
A file encryption system used in earlier Windows systems

18
00:01:38,030 --> 00:01:40,700
and other variant of D.S. is yes.

19
00:01:40,900 --> 00:01:42,170
Triple D s.

20
00:01:43,990 --> 00:01:45,290
The name says it all.

21
00:01:46,210 --> 00:01:51,810
The D.S.O. algorithm is applied in the solution three times to each data block.

22
00:01:51,820 --> 00:01:53,520
The mechanism is as follows.

23
00:01:56,210 --> 00:01:58,200
First a block is encrypted like in D.

24
00:01:58,210 --> 00:02:06,330
Yes it is then decrypted using a different key and finally the result is encrypted using yet another

25
00:02:06,330 --> 00:02:10,200
key as you remember.

26
00:02:10,200 --> 00:02:19,000
Encryption is symmetric and data encryption standard this operation doesn't really tighten the security.

27
00:02:19,040 --> 00:02:30,340
The second phase of the operation does not affect or improve the overall security of the ciphertext.

28
00:02:30,340 --> 00:02:36,750
The main downside of using Triple D Yes is the Scifres low speed.

29
00:02:36,830 --> 00:02:40,270
It's possibly the slowest symmetric algorithm in use today.

30
00:02:41,250 --> 00:02:44,840
All other surfers are much faster and most of them are more secure.

31
00:02:48,620 --> 00:02:52,890
The practical security of trippled Yes is about one hundred bits of strength.

32
00:02:56,630 --> 00:02:59,990
There are also other symmetric ciphers.

33
00:03:00,120 --> 00:03:06,230
Many of them belong to the RC run Rivest Code family.

34
00:03:06,410 --> 00:03:12,870
If you're guessing that the ciphers were created by Ron Rivest turns out you're right.

35
00:03:13,090 --> 00:03:20,850
The first one most showcases are C-2 this special purpose cipher was developed in 1987 for the software

36
00:03:20,850 --> 00:03:24,210
company Lotus.

37
00:03:24,350 --> 00:03:29,390
It was kept secret for some time at first until a researcher once again proved the principles we discussed

38
00:03:29,390 --> 00:03:38,380
earlier are true and published the ciphers mode of operation on a usenet group.

39
00:03:38,560 --> 00:03:48,160
RC to supposedly strong security was debunked the implemented block size with 64 bits it's too short.

40
00:03:49,880 --> 00:03:54,550
The cipher is also susceptible to chosen plaintext attacks that we talked about earlier.

41
00:03:56,860 --> 00:04:00,750
Let's now comment on the attack categories.

42
00:04:00,910 --> 00:04:07,120
The first basic type of cryptanalysis attack relies on an attacker having access to the ciphertext only

43
00:04:08,440 --> 00:04:17,740
this type of attack is completely passive an attacker has access to the ciphertext it must crack it.

44
00:04:17,760 --> 00:04:23,160
The second class of attacks known as plaintext attacks involves the assumption that an attacker has

45
00:04:23,160 --> 00:04:28,450
access both to the plaintext and to the ciphertext.

46
00:04:28,460 --> 00:04:30,590
This is actually not infrequent at all.

47
00:04:31,890 --> 00:04:37,380
If you encrypt something in a network an attacker can in most cases rightly assume that some information

48
00:04:37,380 --> 00:04:38,430
is heavily patterned

49
00:04:41,060 --> 00:04:48,050
an e-mail message very often starts off with high or when you encrypt data using SSL and IP protocol

50
00:04:48,050 --> 00:04:53,550
header containing your PC's IP address will be at the start.

51
00:04:53,590 --> 00:05:01,740
In most cases an attacker has in fact access to at least part of the plaintext and the ciphertext.

52
00:05:01,910 --> 00:05:07,910
The third attack category plaintext injection involves a manipulation of the plain text in order to

53
00:05:07,910 --> 00:05:09,880
observe resulting ciphertext.

54
00:05:11,540 --> 00:05:16,370
An attacker may send a crafted message to you without raising suspicions to make you encrypt it and

55
00:05:16,370 --> 00:05:17,460
send it back.

56
00:05:18,880 --> 00:05:20,820
This happens quite often as well.

57
00:05:23,220 --> 00:05:27,250
It's crucial for the system to be immune against the two letter attack models.

58
00:05:29,840 --> 00:05:34,520
All adequate algorithms are now secured against the ciphertext only cryptanalysis attack

59
00:05:37,540 --> 00:05:42,520
the true security of the RC algorithm is estimated at thirty four bits.

60
00:05:42,520 --> 00:05:44,550
This means that it can be cracked instantly

61
00:05:51,950 --> 00:05:53,460
another version of the algorithm.

62
00:05:53,480 --> 00:05:57,320
RC 5 was developed in 1994 for RSA

63
00:06:01,540 --> 00:06:09,290
The algorithm is very flexible many variables used in the scheme can be altered.

64
00:06:09,420 --> 00:06:15,310
You can for example specify a round number block size in Keeling's.

65
00:06:15,540 --> 00:06:22,120
There can be from one to two hundred and fifty five rounds and block size can be from 32 to 128 bits.

66
00:06:23,680 --> 00:06:27,820
Keys can even be up to two kilobytes.

67
00:06:27,830 --> 00:06:30,910
The mechanism used in RC 5 is depicted in the slide

68
00:06:36,380 --> 00:06:39,170
will now discuss the algorithms mode of operation briefly

69
00:06:42,550 --> 00:06:43,020
first.

70
00:06:43,030 --> 00:06:45,250
A key has to be divided into subkey.

71
00:06:47,040 --> 00:06:50,580
The number of subcase must be equal to the selected number of rounds.

72
00:06:53,560 --> 00:06:59,130
Then as usual split the message block into two even pieces.

73
00:06:59,260 --> 00:07:03,390
The two halves are combined with the first two subcase the round keys.

74
00:07:05,710 --> 00:07:13,850
Then perform the exo are and transpose bits bits reordered in the two halves.

75
00:07:14,080 --> 00:07:20,800
RC 5 in its variant called RC 6 were entered into a contest to choose the D.S. algorithm's replacements

76
00:07:20,800 --> 00:07:28,980
Sipher the did not come close to winning both algorithms are assessed negatively and because of this

77
00:07:29,190 --> 00:07:31,690
they are not considered particularly secure.