issuhub.com

CEH

(Jeff_L) #1

Issues with Cryptography 69


Let’s look at an example of the hashing process. Say you have two parties, Sean and
Katrina. Sean is the sender of the message and Katrina is the receiver:



  1. Sean creates a message.

  2. Sean hashes the message using an algorithm such as MD5 or SHA2.

  3. Sean encrypts the hash with his private key.

  4. Sean binds the encrypted bundle and the plaintext message together.

  5. Sean sends the combination to Katrina.

  6. Katrina sees that the message came from Sean.

  7. Seeing who the sender is, Katrina retrieves Sean’s public key from the CA they both
    trust.

  8. Katrina decrypts the hash; it decrypts successfully, thus validating the identity of the
    sender (Sean).

  9. After the hash is decrypted, Katrina reruns the MD5 algorithm against the plaintext
    message and compares the new hash with the one she received from Sean.

  10. If the two hashes match, the message has not been altered since Sean signed it.


Issues with Cryptography


Much like any system that will be explored in this text, cryptography has its faults and
potential attacks. Attacks are designed to leverage weaknesses in both implementation and
logic in many cases. However one thing that should always be kept in mind is that no mat-
ter how strong or well designed a system may be, it will always be vulnerable to those with
enough computing power, time, and determination.


Cryptographic systems are all vulnerable to what is known as a brute-

force attack. In such an attack, every possible combination of characters

is tried in an attempt to uncover a valid key. This type of attack can take

an extremely long time to be successful, depending on the cryptosystem

being targeted.

The first type of attack we’ll look at is the one most commonly seen in movies, books,
and other media: the brute-force attack. A brute-force attack works by trying every possible
combination of codes, symbols, and characters in an effort to find the right one. DES is
vulnerable to brute-force attacks, whereas Triple-DES encryption is very resistant to brute-
force attacks due to the time and power involved to retrieve a key; see Table 3.1.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2025. All rights reserved.