2.4 Key-Based Cryptography

Cryptography is perhaps one of the most important fundamental concepts in computer security today. Cryptography has played a role in every version of Windows to date, and it plays an even larger role in Windows Server 2003 than ever before. Many of the technologies and techniques I discuss in this book rely heavily on cryptography, including smart cards, data encryption, digital signatures, and email security. For that reason, it's important that you understand what cryptography is and how it works.

At its heart, cryptography is about scrambling data so that only the sender and the recipient can read it. Modern cryptography serves the same purpose as the secret decoder ring you had as a kid, although it's vastly more complex and powerful than that ring. Modern cryptography uses complicated mathematical processes called algorithms to scramble and unscramble data. And I mean complicated. In fact, some of the world's most popular cryptography algorithms are so complex and unique that they've received worldwide patents.

There are three basic kinds of cryptography: keyed hashing, shared secret keys, and public keys. Each provides a slightly different technique for encrypting data, and each is used for a specific set of purposes.

2.4.1 Hashing

A hash is a form of encryption in which a computer uses a well-known algorithm to scramble data and return a fixed-length result that is reasonably unique to the data. Theoretically, hashes aren't really that secure, because the algorithm is often very well known. The most common use of a hash, however, cannot be decrypted by anyone. Such one-way hashes are "lossy" and do not contain a full representation of all the original data, making it impossible to ever decrypt the result and retrieve the original data. As an analogy, one-way hashes are similar to your fingerprint. I can't make a complete copy of you out of your fingerprint, but I can statistically rely on the fact that your thumbprint is unique to you.

One-way hashes are similar to long division. For example, five divided by six equals one, with a remainder of one. Think of the five as the original data, the six as part of the hash algorithm, and the answer (one with a remainder of one) as the encrypted result. So long as you have the complete answer and the original algorithm, you can work the math backward to arrive at the original data. A one-way hash might discard the remainder and keep only part of the answer: one. Even if you have the original algorithm, you can't determine what the original data was with only part of the answer.

Windows Server 2003 uses a one-way cryptographic hash to store local user passwords within its Security Accounts Manager (SAM) and within Active Directory. Once a password is hashed and stored, Windows Server 2003 has absolutely no way of retrieving the original password. When Windows Server 2003 needs to check the password, it takes the password that the user types in, runs it through the same hash, and compares the result to the stored, hashed password. If the two match, the user must have typed the correct password.

The description of password checking here is an oversimplification, because Windows Server 2003 actually uses a more complicated means of validating user passwords, as you'll learn in Chapter 7.

The hashed password makes it impossible to easily retrieve the original password, even for an administrator. If a user forgets his password, an administrator's only option is to reset the password, create a new one, and communicate it to the user, because the original password is hashed.

Hashing Isn't Totally Secure

I do need to note that hashed passwords aren't completely unbreakable. The algorithm that Windows uses to create its hashes is fairly well known, especially to security specialists and programmers. This fact allows attackers to conduct dictionary attacks to try and discover the original unhashed passwords. For example, suppose a user named Kevin uses "Doggie" as his password. Hashed, that password might be "34$_h7G5Sjka$87*jdjN#lSlnjFnl@ln#ln$#lk4nln" or something similar. Now suppose that an attacker is able to obtain the hashed password. Since the hash algorithm is well known, the attacker simply has to run lots of words through the algorithm until a matching hash is produced. When the attacker runs "Doggie" through the algorithm, and it produces the matching hash "34$_h7G5Sjka$87*jdjN#lSlnjFnl@ln#ln$#lk4nln," the attacker knows that the original password is "Doggie" and can use that password to gain access to network resources.

Dictionary attacks can be quite sophisticated, although they can obviously take a long time to run. Attackers know that users commonly substitute the number 1 for the letter I, commonly capitalize the first character of a password, use the number 3 for the letter E, or the symbol @ for the letter O. Attackers take these common substitutions into account when conducting dictionary attacks.

The best defense against dictionary attacks is to ensure passwords can't be recognized as words and that passwords are as long as possible. "mY5#CoMp_teR" is a decent password, because it isn't based on a single English word and it's littered with numbers and symbols. It's also quite long, meaning a dictionary attack?which generally focuses on English words with common letter substitutions?won't likely guess it.

Enforcing this type of password requirement is discussed later in this chapter.

2.4.2 Shared Secret Key Cryptography

Shared secrets are one of the oldest forms of cryptography. A shared secret is simply an encryption key that is known to two or more parties. The same key is used to encrypt and decrypt data. Because the same key is used to encrypt and decrypt data, shared secrets are sometimes referred to as symmetric keys, meaning both cryptographic operations?encryption and decryption?are performed with the same key. Similarly, shared secret key cryptographic algorithms (such as AES and DES) are known as symmetric algorithms, because the keys are the same for encryption and decryption.

The problem with shared secrets lies in securely communicating the secret to the other parties. Until each party has a copy of the key, they won't be able to encrypt or decrypt data with it. And because the key itself is usually transmitted over the network, the key can theoretically be intercepted by unauthorized users, compromising the security of any data encrypted with the key. There are ways to combat this key interception, such as using a specific cryptographic technique called the Diffie-Hellman Key Exchange algorithm to publicly exchange private key material.

As you'll learn in Chapter 7, Windows Server 2003 makes use of shared secrets for Kerberos authentication and many other types of data protection. The operating system takes special steps to secure the shared secret from interception, which is also discussed in Chapter 7.

2.4.3 Public Key Cryptography

Public key cryptography, also referred to as public/private key cryptography, is perhaps the most secure form of cryptography available today. Encryption and decryption is performed with a pair of keys, rather than just one. One key, the private key, is held only by an individual person or computer. That key can be used to either encrypt or decrypt data (but not both).

The other half of the equation is a public key. Public keys are easily accessible by almost anyone. The public half of a key pair can be used to decrypt anything that was encrypted with the private half or, more frequently, to encrypt things that will be decrypted with the private half. Simply put, when one key encrypts data, only the other key can decrypt that data. Which key encrypts and which decrypts is important and depends entirely on the type of protection desired.

Because the two keys work together, they are sometimes referred to as asymmetric keys, and the corresponding algorithms are known as asymmetric algorithms. RSA is an example of a popular asymmetric algorithm.

Public key cryptography has hundreds of uses in today's business environments. If someone wants to send you sensitive data, they obtain your public key and use it to encrypt the data. Once encrypted, only your private key can be used to decrypt the data. Public key cryptography can also be used to verify the contents of less-sensitive data. For example, suppose you want to send an email to someone and you want her to be able to verify that the contents of the email didn't change in transit. You could send the email in clear (unencrypted) text, along with a second copy that you encrypted with your private key. Anyone receiving the email could use your public key to decrypt the attachment and ensure that the now-decrypted version of the email matches the original. Since only your private key could have been used to create the encrypted version, recipients can be sure that the email came from you and wasn't altered in transit.

Public key cryptography's single point of weakness is the private key. If your private key is obtained by anyone else, everything you use the key for is compromised. As you'll learn in Chapter 9, most public key implementations include a means for publishing revocation lists. Revocation lists contain a list of keys that should no longer be used because they have been compromised, similar to the "bad credit card lists" distributed to retail merchants.

Windows Server 2003 allows you to use public key cryptography in a number of ways, although it doesn't require you to use public key cryptography at all. Public keys can be used instead of shared secrets in Kerberos authentication (Chapter 7), for example. They are also used in several optional security components within Windows Server 2003 including EFS, IIS, and IPSec. The most common uses for public key cryptography are for tasks performed by third-party software, such as accessing applications or validating user identity on the Internet. Windows Server 2003 provides a complete public key cryptography infrastructure, which I'll cover in Chapter 9.

You've Probably Already Used Public Key Encryption

If you've ever purchased something on the Internet, you've probably used public key encryption without knowing it. Whenever the little lock icon appears on your web browser's status bar, public key encryption is in use.

Secure web servers?servers capable of using the HTTPS (Hypertext Transport Protocol Secure) protocol?are configured with digital encryption certificates. When your web browser requests a secure connection, the server transmits a copy of its certificate to your web browser. The certificate contains the server's public encryption key, which your web browser is able to read. Your browser uses the server's public key to encrypt a randomly generated session key, which the browser transmits to the server. The server uses its public key to decrypt the session key, providing a shared key that the browser and server can use to encrypt further communications between them. There are several standards for this exchange and the resultant secure communication, including Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

The server's certificate ensures that your browser is communicating with the server you intended, because only the intended server possesses the private key necessary to decrypt that initial session key. Public key encryption has been making Internet shopping safer for millions of users who don't even realize that they're using it!