Encryption 101 begins with understanding the terminology and mechanisms. This week we're breaking down encryption in the context of SSH - from symmetric and asymmetric to block and stream ciphers. All that and more, this time on Hak5.

Download HD Download MP4

Encryption and Decryption

• Encryption converts plaintext into ciphertext, decryption vise versa

Plaintext aka Cleartext

• Unencrypted, human readable text of any nature (sensitive, non-sensitive)

Ciphertext

• The encrypted result of a cipher employed on plaintext

Cipher

• Algorithm for encryption or decryption

Algorithm

• step-by-step procedure for calculations

Asymmetric encryption algorithm

• algorithms using two separate keys, one for encryption and one for decryption

• Often called public/private keys, or public key encryption
• What we use to establish authentication and authorization in SSH
  • Key Fingerprint in Known_Hosts authenticates the server

  • id_rsa and id_rsa.pub authorizes the user

SSH Key Architecture

• User key: Persistent asymmetric key used by client to prove user identity
  • Typically the id_rsa and id_rsa.pub or id_dsa and id_dsa.pub key pairs
• Host key: Persistent asymmetric key used by server to prove server identity
  • Typically the server's key fingerprint stored in known_hosts file
• Server key: Temporary asymmetric key used only in SSH-1 protocols to regenerate the session key providing "perfect forward secrecy" (ensures that session isn't compromised if either public or private key are compromised)
• Session key: Temporary (per session) set of symmetric keys used for encryption of communications between SSH client and server. One key for client-to-server, one for server-to-client, and integrity check keys. Securely created on session initiation and destroyed at session termination.

Symmetric-key Algorithm

• Algorithms using identical crypto keys for both encryption and decryption. This represents a shared secret and used with either stream ciphers or block ciphers.

Shared secret

• Data only known by private parties, typically password, passphrase, big random number

• Exchanged at session initiation using a key-agreement protocol
• SSH symmetric keys are exchanged using the Diffie-Hellman key agreement algorithm
• Without asymmetric encryption, key exchange algorithms are susceptible to MITM
• Secrets shared before communication (out-of-band) are called pre-shared keys or PSK

Stream Ciphers

• A symmetric key cipher where plaintext bits combine one at a time with a keystream to produce ciphertext. Lower CPU requirements but susceptible to some attacks. Used in algorithms like RC4.

Block Ciphers

• Block Ciphers employ encryption on blocks of plaintext, padding as necessary, rather than each bit at a time. This requires more CPU power but is less susceptible to attack. AES typically employs 128bit blocks.

Algorithms used by SSH-2

• Public keys (User and Host keys) can be RSA or DSA

• Hash functions (Used to create the Host key fingerprint) can be SHA-1 or MD5
• Symmetric keys can be 3DES, Blowfish, Twofish, CAST-128, IDEA or ARCFOUR
• Compression is handled by zlib (you may know it from gzip)

RC4 (aka ARC4 or ARCFOUR)

• Designed by Ron Rivest of RSA in 1987 -- Rivest Cipher 4

• Popular due to speed and simplicity
• Initially a trade secret (closed source)
  • In 1994 the source code was anonymously leaked to the Cypherpunks mailinglist

  • Leaked code was confirmed genuine and thus RC4 lost its trade secret status
  • RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4
  • Remains the most widely used stream cipher, employed in WEP and SSL

Weak Keys

• Symmetric keys are typically combined with an Initialization Vector (random number)

• Weak IVs allow for use of known-plaintext attacks, widely used in breaking WEP

Known Plaintext Attack

• Attacker uses samples of both plaintext and ciphertext to reveal secret keys

Chosen Plaintext Attack

• Attacker chooses samples of plaintext which are encrypted and ciphertext analyzed

Differential Cryptanalysis

• Studying differences of plaintext effecting ciphertext to discover non-random behavior