### Systems Security Certified Professional (SSCP)

Course
Time
7 hours 35 minutes
Difficulty
Intermediate
CEU/CPE
12

### Video Transcription

00:01
Hey, guys, Welcome to another episode of the S S C P Exam Prep.
00:05
I'm your host, Peter. Simple. Um, this is domain five. Lesson one, cryptography.
00:12
So in this lesson, we're gonna just take a quick look at some of the fundamental concepts associated with cryptography. We're gonna look at the different kinds off ciphers there are, and mostly just basic terminology that has to do with cryptography. And
00:30
this is drill just to get our feet wet
00:32
and to build upon in the later lessons, Let's get started.
00:37
The first fundamental concept of cryptography is the high work factor. So this is the average amount of time or effort, work or work required, really to break an encryption system.
00:50
So this is usually measured in hours or dollar, some sort of figure that that can easily be calculated. This determines whether or not encryption system is considered to be unbreakable or not.
01:03
So there's there's no such thing as an unbreakable encryption system.
01:10
What their women, when they say that what they really mean is the work factor is too high for anyone to break it. So whatever system or encryption system that maybe yeah, it could be broken. If you had 200,000 years but nobody, nobody has 200,000 years. Obviously
01:27
it would take it would take too long and require too much time
01:30
and resource is to break. This is what this is, what will be considered economically infeasible.
01:38
They're really to, Ah, two ways to imprint dated. The first is stream based ciphers, so this happens on a bit by bit base. So all of the text you want to encrypt is compiled into, you know, zeros and ones, and each bit is taken and mixed with the key
01:59
in order to encrypt the data
02:00
bit by bit, one bit at a time, all the way until the end. So the way encryption works is you take that clean text that you have and you mix it with the key stream to produce the cipher text.
02:14
Now the key stream is the key, also made up of just random bits, zeros and ones. And this key stream is mixed with the plain text stream to get the cipher text. So the operation that is normally used is the excellent exclusive for and it's used because of its
02:32
be The extra war is a very, very
02:35
quick method off encrypting data. So to show you how this works, if we have just the simple
02:43
playing plain text zeros and ones there and we want to excellent with the key street. Well, the way explore works. If you were adding zero and zero, you get zero. If you're adding one and one, you get zero. And if you are adding zero and one
03:00
one and zero,
03:02
you get one. So if the numbers you're adding are the same, then the final number will be zero.
03:10
If you were adding numbers that are different than the final number will be one.
03:15
So in this example, as you can see, we simply explore the input, plain text and the key stream.
03:23
And the result is the cipher tax using X door.
03:29
The other type of or the other way of encrypting data is through the block cipher method. This operates on chunks of text instead off simply one bite at a time. For these tax blocks are often, you know, 64 1 28 1 92 bit sizes. Now
03:47
there is a couple
03:49
off ways that you can do this right. You can use a combination of substitution and transposition
03:55
substitution is the process of exchanging one letter or point for another. And then transposition is the process of re ordering the plain text to hide the message. So in substitution, if you wanted to scramble all the letters around before encrypting them, you could do that or in transposition
04:15
transposition. If you wanted to
04:18
move the paragraphs of tax around, you could do that. So if you had on three blocks,
04:26
there are three paragraphs of text
04:28
and you're plain text message. You could rotate those paragraphs around. The third block, becomes the first, and the second becomes 1/3 and someone
04:38
now would be considered transposition.
04:40
Now the block cipher definitely has some advantage over the stream cipher. It's very is a lot stronger torture to break it. It's also computational Lee intensive, which isn't
04:53
necessarily a bad thing if it's used in the right setting. So as a result that its computational e intensive, it's usually used in software where the encryption decryption process doesn't have to be as fast
05:04
stream cipher. On the other hand, it's weaker, yes, but also it's less intensive. It's quicker, so that's why it's used war in the hardware.
05:14
There are a couple of ways a TTE the block cipher. Mood works. Now we'll be looking at these in greater detail further on in this domain, but I just want to give you Ah, quick peek into the different moods off the block cipher. So the 1st 1 is the electric code book. Each block of text is scripted
05:32
independently of every other one
05:34
cipher block chaining. This is where you encrypt one block of data and whatever that cipher text this. It's fed back into the encryption process to encrypt the next book, so the blocks are kind of chained together.
05:48
Site for feedback. Each block of the key stream that is the key made up of zeros ones comes from encrypting the previous block of cipher text. So depending on how the cipher tax comes out, then that's what that's how the key stream is formulated for the next block
06:05
output feedback. The key stream is generated completely independently of the message and finally, the counter method, which uses ah Formula based plus end as a key stream generator. And the base is a 64 bit number, and the end is just accounting function.
06:24
It's a more fundamental concepts which you should be aware of in order to understand cryptography. One is the key length, right? This is the size of the key measured and Vincent blanks. Key size is very important because an algorithm cannot exceed its key length. So
06:43
the longer the key, like the better. If you have a short key Lang
06:46
security will be weak in that outgrew. The longer it is, the better it is
06:53
block size. This is the size of the blocks used in block Cyprus. Remember, I said, they're made up of 64 bit 1 28 1 56
07:02
1 92 Those made about those sizes now,
07:06
Every once in a while, one of the blocks won't be a full size. So algorithms work with a set block size that cannot change. But the cipher text are the plain text that you were using. Rather may not be your equal the size of a block. So if you're using 100 and 28 bit block,
07:27
but the size of your plain text
07:30
is on Lee ah, 100 bits,
07:33
then patting is necessary in order to work the encryption process so the way padding works, you just add a bunch of like zeros at the end, off the tax in order to the block and until the block size is reached.
07:46
Initialization factors Ivy's is just an initial value to start some process. It's really just a random generated value.
07:55
Hashing. This is a cryptographic function that is considered practically impossible to invert. So what it does is it takes the input, runs it through a hash function or an hour of them. And it comes out with a digest, which is just a random string of characters, and that digest
08:13
represents
08:16
whenever the import Wallace, As you can see from the example now, there is only one digest pull per input. So even if you add some text
08:26
and delete the text again
08:30
and you re do the plane tax through the hash function, that digest will be different.
08:37
So each digest is strictly unique to its tax. Now it's considered impossible to invert, so hashing works in one way the input through the hashing algorithm, and then you get the output. You can't take the output and figure out the input.
08:54
Specific hashes include Message digest,
08:58
secure hashing out over Evan, Listen in a shop of all and ripened the 1 60
09:03
birthday paradox. Now fifth Birthday Paradox states that there's a greater than 50% chance that two people share a birthday within a group off 23 people. Now, I'm not going to get too much into the probability or anything like that in this. But this is
09:22
the formula. It's used to calculate the
09:24
probability of two people sharing a birthday. It's end times and minus one, divided by two. Now why am I even talking about to the birthday paradox?
09:33
Well, it's because hashes must not be susceptible to this. If the hash applies the same way with birthday paradox, and that means they're eventually there will be two. Hash is with that come from different outputs. So it if you have the same hash, full hash output
09:54
for two different inputs, and it's a huge problem that's called a collision. That's not supposed to happen.
10:01
Salting salting is just random data that's used as an additional input to a password or a string of text
10:11
that's going to be hatched now. This prevents dictionary and rainbow table attacks. Now get into them later, rolling in this course, but for now, the way Dictionary of Rainbow Table Attacks work. It's where Attackers hash commonly used passwords and regular words,
10:31
and so they try to break your password
10:33
by comparing hash algorithms, the hash of your password and the hash off the value that's in their table.
10:43
To avoid this, you want to solve your passwords so you take your password and add salt. And then that's the new password that's going to be ash. So even if you have an insecure passwords such as password 123 you add the salt, which is really just a random string of characters.
11:01
And now you have this new password, which is much
11:03
longer and much more difficult to break. This is a password that won't be found in a hashing algorithm table.
11:13
In today's lecture, we discussed fundamental cryptography concepts
11:18
with time
11:20
when using stream based ciphers. Why's the X, or method normally used to produce the cipher text isn't a easy to remember.
11:28
Be easy to calculate.
11:30
See it's quick
11:31
or D provides strong security.
11:37
If you said C, it is quick than you are correct. Remember if the two numbers are the same than The final number is the around. If the two numbers are different than the final number is one.
11:52
Thanks for watching guys. I hope you learned a lot in this video and I'll see you next time.

### Systems Security Certified Professional (SSCP)

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

### Instructed By

Pete Cipolone
Cyber Security Analyst and Programmer
Instructor