Encryption 101

Encryption 101 begins with understanding the terminology and mechanisms. This week, we're breaking down encryption in the context of SSH, from symmetric and asymmetric to block and stream ciphers.

Encryption and Decryption

  • Encryption converts plaintext into ciphertext, decryption vise versa

Plaintext aka Cleartext

  • Unencrypted, human readable text of any nature (sensitive, non-sensitive)


  • The encrypted result of a cipher employed on plaintext


  • Algorithm for encryption or decryption


  • step-by-step procedure for calculations

Asymmetric Encryption Algorithm

  • algorithms using two separate keys, one for encryption and one for decryption
  • Often called public/private keys, or public key encryption
  • What we use to establish authentication and authorization in SSH
    • Key Fingerprint in Known_Hosts authenticates the server
    • id_rsa and id_rsa.pub authorizes the user

SSH Key Architecture

  • User key: Persistent asymmetric key used by client to prove user identity
    • Typically the id_rsa and id_rsa.pub or id_dsa and id_dsa.pub key pairs
  • Host key: Persistent asymmetric key used by server to prove server identity
    • Typically the server's key fingerprint stored in known_hosts file
  • Server key: Temporary asymmetric key used only in SSH-1 protocols to regenerate the session key providing "perfect forward secrecy" (ensures that session isn't compromised if either public or private key are compromised)
  • Session key: Temporary (per session) set of symmetric keys used for encryption of communications between SSH client and server. One key for client-to-server, one for server-to-client, and integrity check keys. Securely created on session initiation and destroyed at session termination.

Symmetric-Key Algorithm

  • Algorithms using identical crypto keys for both encryption and decryption. This represents a shared secret and used with either stream ciphers or block ciphers.

Shared Secret

  • Data only known by private parties, typically password, passphrase, big random number
  • Exchanged at session initiation using a key-agreement protocol
  • SSH symmetric keys are exchanged using the Diffie-Hellman key agreement algorithm
  • Without asymmetric encryption, key exchange algorithms are susceptible to MITM
  • Secrets shared before communication (out-of-band) are called pre-shared keys or PSK

Stream Ciphers

  • A symmetric key cipher where plaintext bits combine one at a time with a keystream to produce ciphertext. Lower CPU requirements but susceptible to some attacks. Used in algorithms like RC4.

Block Ciphers

  • Block Ciphers employ encryption on blocks of plaintext, padding as necessary, rather than each bit at a time. This requires more CPU power but is less susceptible to attack. AES typically employs 128bit blocks.

Algorithms Used by SSH-2

  • Public keys (User and Host keys) can be RSA or DSA
  • Hash functions (Used to create the Host key fingerprint) can be SHA-1 or MD5
  • Symmetric keys can be 3DES, Blowfish, Twofish, CAST-128, IDEA or ARCFOUR
  • Compression is handled by zlib (you may know it from gzip)

RC4 (aka ARC4 or ARCFOUR)

  • Designed by Ron Rivest of RSA in 1987 -- Rivest Cipher 4
  • Popular due to speed and simplicity
  • Initially a trade secret (closed source)
    • In 1994 the source code was anonymously leaked to the Cypherpunks mailinglist
    • Leaked code was confirmed genuine and thus RC4 lost its trade secret status
    • RC4 is trademarked, so RC4 is often referred to as ARCFOUR or ARC4
    • Remains the most widely used stream cipher, employed in WEP and SSL

Weak Keys

  • Symmetric keys are typically combined with an Initialization Vector (random number)
  • Weak IVs allow for use of known-plaintext attacks, widely used in breaking WEP

Known Plaintext Attack

  • Attacker uses samples of both plaintext and ciphertext to reveal secret keys

Chosen Plaintext Attack

  • Attacker chooses samples of plaintext which are encrypted and ciphertext analyzed

Differential Cryptanalysis

  • Studying differences of plaintext effecting ciphertext to discover non-random behavior