Dictionary Attack

 Dictionary Attack

Cryptography attacks:
In cryptography attacks, using tools to eavesdrop such as Tcpdump and Wireshark or per- form port scanning Nmap, Unicornscan, Hping, and so on are considered passive attacks because the attacker isn’t affecting the algorithm (key), message, or any parts of the encryp- tion system. Active attacks attempt to determine the secret key used to encrypt plaintext.
When sensitive information is transmitted outside of trusted systems, it should be encrypted to preserve confidentiality. Few consumers would want their credit card information transmitted through the Internet as plain text. Even when data is stored on an organization's own devices, it is sometimes encrypted to prevent information theft. Several high-profile laptop thefts have raised awareness about the dangers of storing large quantities of personally identifying information on mobile devices. Even when encryption is used, threats to confidentiality still exist. ecause they release their source code to the public, suggestions can be made, and users have the freedom to modify or add to the programming code.

 dictionary attack:
A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document.

In cryptanalysis and computer security, a dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
This attack has many variants, all of which involve compiling a ‘dictionary’. In simplest method of this attack, attacker builds a dictionary of ciphertexts and corresponding plaintexts that he has learnt over a period of time. In future, when an attacker gets the ciphertext, he refers the dictionary to find the corresponding plaintext.
In a dictionary attack, after attackers have access to a password file, they can run a password- cracking program that uses a dictionary of known words or passwords as an input file. Most of these input files are available on the Internet and can be downloaded free. Remember that un- authorized password-cracking is illegal in most parts of the world, including the United States.

Two countermeasures against dictionary attacks include:

• Delayed Response: A slightly delayed response from the server prevents a hacker or spammer from checking multiple passwords within a short period of time.

• Account Locking: Locking an account after several unsuccessful attempts (for example, automatic locking after three or five unsuccessful attempts) prevents a hacker or spammer from checking multiple passwords to log in.

• Dictionary attacks are not effective against systems that make use of multiple-word passwords, and also fail against systems that use random permutations of lowercase and uppercase letters combined with numerals.

You can watch this video to have more information about Dictionary Attack:
https://www.youtube.com/watch?v=9B4e0p6zbwk

RESOURCES:
http://searchsecurity.techtarget.com/feature/Information-theft-and-cryptographic-attacks
http://www.tutorialspoint.com/cryptography/attacks_on_cryptosystems.htm 
https://www.techopedia.com/definition/1774/dictionary-attack
http://www.tutorialspoint.com/cryptography/attacks_on_cryptosystems.htm
Hands On Ethical Hacking book

 

Why cryptography is essential to IoT security

Cryptography is the use of codes and ciphers to protect private communication and keep it private from everyone except the intended recipients. The earliest known use of cryptography is from Egypt circa 1900 BCE. Along with the development of cryptography has been a parallel effort in cryptanalysis, which is the science of “breaking” codes and ciphers. The Enigma was an electromechanical cryptographic machine used by Nazi Germany during World War II for secure communication. The Enigma code was eventually “broken” with great difficulty by an Allied cryptanalysis team. Some believe that this shortened the war by as much as two years.

Cryptography use was largely limited to governments until 1977 when two events moved it into the public domain the creation of a U.S. government-approved cipher, the Data Encryption Standard (DES), and the public introduction of RSA, which was the first practical public-key cryptosystem.

The Data Encryption Standard (DES) is a symmetric-key algorithm. DES has a 56-bit key size, which although secure when introduced, no longer provides sufficient security. In January 1999, it was demonstrated that a 56-bit DES key could be broken using a brute-force attack in 22 hours and 15 minutes. Breaking this key so quickly was done using a worldwide network of nearly 100,000 PCs that were testing keys at a rate of 245 billion keys per second.

In a symmetric-key algorithm, like DES, two or more parties have an identical (or nearly identical) key. This approach works but has the practical difficulty that securely delivering the key from the first party to the other parties can introduce a security risk. Anyone who gains access to the symmetric key can read any of the messages and/or modify and send on the messages without the recipients knowing that the messages have been modified. Asymmetric cryptography or public-key cryptography, effectively fixes these issues.

Public-key cryptography uses public keys and private keys that are mathematically related to each other. The public keys can be known by anyone and everyone, while the private keys are kept secret and are known to only their owners. Using this system, anyone can encrypt a message using a public key and the encrypted message can then be left on a public server or transmitted over a public network without security concerns. This message can only be decrypted by the intended receiver using their private key. This system relies on cryptographic algorithms based on mathematical problems that do not currently have efficient solutions, such as certain integer factorizations, discrete logarithms, and elliptical curves. Public key/private key pairs can be generated relatively easily and can be used for encryption and decryption. The strength of the security lies in the fact that it is extremely difficult to determine a properly generated private key from its public key. Also, private keys of sufficient length cannot be broken through brute-force attacks using the entire world’s computational power over decades of elapsed time. NIST has determined recommended key lengths to provide effective security through the year 2031 and beyond based on the projected rate of growth in computational power.

The proper use of cryptography through cryptographic ICs is therefore essential to securing all IoT devices, as well as many other electronic products.  Implementing public-key cryptography for IoT devices requires significant expertise, but organizations can turn to IoT security partners who are capable of providing complete, robust security solutions, typically in a matter of weeks, which is mostly performed in parallel with other development efforts.

Obviously, any key can theoretically be broken using a brute-force attack with sufficient computing power. The practical approach of modern cryptography is to use a key of sufficient enough length that it can’t be broken without an extraordinary amount of computing power that would be significantly in excess of the value of the contents that the cryptography protects. The good news is that the above mentioned sub-$1 cryptographic IC utilizes 256-bit Elliptical Curve Cryptography (ECC) keys, each of which is so secure that the computational power to break a single key would require computing resources equal in cost to 300 million times the entire world’s annual GDP (78 trillion USD) working for an entire year.

Modern cryptographic ICs make IoT security so affordable that no IoT product maker has any valid excuse to continue to ignore IoT security risks.

Source:http://iotdesign.embedded-computing.com/guest-blogs/why-cryptography-is-essential-to-iot-security/

Acoustic cryptanalysis

In cryptography, acoustic cryptanalysis is a type of side channel attack which exploits sounds emitted by computers or machines. Modern acoustic cryptanalysis mostly focuses on the sounds produced by computer keyboards and internal computer components, but historically it has also been applied to impact printers and electromechanical cipher machines.

History of Acoustic cryptanalysis

Victor Marchetti and John D. Marks eventually negotiated the declassification of CIA acoustic intercepts of the sounds of cleartext printing from encryption machines. Technically this method of attack dates to the time of FFT hardware being cheap enough to perform the task—in this case the late 1960s to mid-1970s. However, using other more primitive means such acoustical attacks were made in the mid-1950s. 

Source: https://en.wikipedia.org/wiki/Acoustic_cryptanalysis

Famous Cryptographic attack of an Iranian launches Man-in-the-Middle Attack Against Google

Famous Cryptographic attack of an Iranian launches Man-in-the-Middle Attack Against Google 

This Demonstrates Dangerous Weakness of Certificate Authorities

What’s worse than discovering that someone has launched a man-in-the-middle attack against Iranian Google users, silently intercepting everything from email to search results and possibly putting Iranian activists in danger? Discovering that this attack has been active for two months.

A man-in-the-middle attack is a type of cyberattack where a malicious actor inserts him/herself into a conversation between two parties, impersonates both parties and gains access to information that the two parties were trying to send to each other. A man-in-the-middle attack allows a malicious actor to intercept, send and receive data meant for someone else, or not meant to be sent at all, without either outside party knowing until it is too late. Man-in-the-middle attacks can be abbreviated in many ways, including MITM, MitM, MiM or MIM.

People all over the world use Google services for sensitive or private communications every day. Google enables encrypted connections to these services in order to protect users from spying by those who control the network, such as ISPs and governments. Today, the security of this encryption relies entirely on certificates issued by certificate authorities (CAs), which continue to prove vulnerable to attack. When an attacker obtains a fraudulent certificate, he can use it to eavesdrop on the traffic between a user and a website even while the user believes that the connection is secure.

The good news is that the computer security community is now taking this threat very seriously. Unfortunately, the bad news is spectacularly bad: users in Iran (or on any network where an eavesdropper had the key to this certificate) may have been vulnerable for two months. What's more, there are hundreds of certificate authorities in dozens of jurisdictions, and several have been tricked into issuing false certificates. So there may well be other certificates like this out there that we don't know about. That means almost all Internet users are still vulnerable to this sort of attack.

Most of the effective defences against MITM can be found only on router or server-side. You won’t be having any dedicated control over the security of your transaction. Instead, you can use a strong encryption between the client and the server. In this case server authenticates client’s request by presenting a digital certificate, and then only connection could be established.

Another method to prevent such MITM attacks is, to never connect to open WiFi routers directly. If you wish to so, you can use a browser plug-in such as HTTPS Everywhere or ForceTLS. These plug-ins will help you establishing a secure connection whenever the option is available.

I recommend to watch this video which shows how MITM attack works:

Reassures:

https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google

http://www.veracode.com/security/man-middle-attack

http://www.thewindowsclub.com/man-in-the-middle-attack

https://www.youtube.com/watch?v=V6B_x7FtUII

Replay Attack

Replay Attack

A Replay attack occurs when a third party captures a command in transmission and replays it at a later time. By capturing the correct messages, an intruder may be able to gain access to a secure computer or execute commands which are normally encrypted and unreadable. It is often not necessary to decifer the command to use it. Because of this, "Replay attacks are typically simple to perform and require little or no sophistication.”

The Replay attack is simple because it is not difficult to capture the commands to be replayed. An user on a network can run a sniffer program and capture all packets that travel over the network. "Many popular Virtual Private Network (VPN) daemons for Unix and Linux operating systems could allow a remote attacker to launch a replay attack using a sniffer tool to capture encrypted packets and replay them at a later time.  The fact that these packets are encrypted is not a problem. Replay attacks look for systems with weak authentication.

When a user sends a computer command or transmission from one machine to another we want that communication to be secure. There are three different attributes that secure communications should have: secrecy, integrity, and authentication. 

Secrecy means that only the sender and receiver are able to understand the message. This can be achieved with a number of symetric or public key encription schemes. Integrity means that the message is not changed in transmission. It means the reciever got the exact data that the sender transmitted and the message has not been tampered with or changed in transmission. This can also be achived in encription schemes with the addition of hash values or message digests. These functions calculate a unique mathematical value for the message. The receiver can recalculate the hash to see that the message is unchanged.

Authentication, the third attribute of secure communications, means that both the sender and receiver know the identity of each other. If the reciver can not verify the identity of the sender, he is vulnerable to a replay attack. A command captured by a third party can be replayed at a later time and accaepted as true by the reciever. 

Older technology is most vulnerable to replay attacks. For example, telnet transmits its information in clear text with no encryption. "This makes you susceptible to replay attacks in which a cracker simply plays back your username and password." The answer is not with fancier technology. Biometrics offers sophisticated ways to identify a person. Using a fingerprint reader, a remote machine can identify the user. But, "then there's nothing to prevent an attacker from sniffing a fingerprint reading and then replaying it later to masquerade as the fingerprint's owner." The best encryption and identification does nothing if the reciever of a message can not be sure of who sent it.

To prevent Replay attacks, an encryption system needs to include a way for sender and receiver to verify each others identity. This can be done by passing back and forth a one time unique number, or "nounce." For applications where no possibility of replay attacks can be tolerated the server can use one-time response digests which will not be honored for a second time." This is a way of building authentication into the transport layer of internet software. There are also approaches that add security to the IP network layer. 

For more explanation watch this video

References 

• http://all.net/CID/Attack/papers/Replay.html
• http://all.net/CID/Attack/papers/Replay.html
• https://msdn.microsoft.com/en-us/library/aa738652(v=vs.110).aspx

Cryptography or cryptology is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation^[4] are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce. 

 Before the modern era, cryptography was concerned solely with message confidentiality (i.e., encryption)—conversion of messages from a comprehensible form into an incomprehensible one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge. Encryption attempted to ensure secrecy in communications, such as those of spies, military leaders, and diplomats. In recent decades, the field has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.

Until modern times, cryptography referred almost exclusively to encryption, which is the process of converting ordinary information (called plaintext) into unintelligible text (called ciphertext).^[9] Decryption is the reverse, in other words, moving from the unintelligible ciphertext back to plaintext. A cipher (or cypher) is a pair of algorithms that create the encryption and the reversing decryption. The detailed operation of a cipher is controlled both by the algorithm and in each instance by a "key". The key is a secret (ideally known only to the communicants), usually a short string of characters, which is needed to decrypt the ciphertext. Formally, a "cryptosystem" is the ordered list of elements of finite possible plaintexts, finite possible cyphertexts, finite possible keys, and the encryption and decryption algorithms which correspond to each key. Keys are important both formally and in actual practice, as ciphers without variable keys can be trivially broken with only the knowledge of the cipher used and are therefore useless (or even counter-productive) for most purposes. Historically, ciphers were often used directly for encryption or decryption without additional procedures such as authentication or integrity checks. There are two kinds of cryptosystems: symmetric and asymmetric. In symmetric systems the same key (the secret key) is used to encrypt and decrypt a message. Data manipulation in symmetric systems is faster than asymmetric systems as they generally use shorter key lengths. Asymmetric systems use a public key to encrypt a message and a private key to decrypt it. Use of asymmetric systems enhances the security of communication.^[10] Examples of asymmetric systems include RSA (Rivest-Shamir-Adleman), and ECC (Elliptic Curve Cryptography). Symmetric models include the commonly used AES (Advanced Encryption System) which replaced the older DES (Data Encryption Standard).

In colloquial use, the term "code" is often used to mean any method of encryption or concealment of meaning. However, in cryptography, code has a more specific meaning. It means the replacement of a unit of plaintext (i.e., a meaningful word or phrase) with a code word (for example, "wallaby" replaces "attack at dawn").

Cryptanalysis is the term used for the study of methods for obtaining the meaning of encrypted information without access to the key normally required to do so; i.e., it is the study of how to crack encryption algorithms or their implementations.

Some use the terms cryptography and cryptology interchangeably in English, while others (including US military practice generally) use cryptography to refer specifically to the use and practice of cryptographic techniques and cryptology to refer to the combined study of cryptography and cryptanalysis. English is more flexible than several other languages in which cryptology (done by cryptologists) is always used in the second sense above. RFC 2828 advises that steganography is sometimes included in cryptology.

The study of characteristics of languages that have some application in cryptography or cryptology (e.g. frequency data, letter combinations, universal patterns, etc.) is called crypto linguistics.

Alphabet shift ciphers are believed to have been used by Julius Caesar over 2,000 years ago.This is an example with k=3. In other words, the letters in the alphabet are shifted three in one direction to encrypt and three in the other direction to decrypt.

The birthday attack

The Birthday Attack

The birthday attack is a statistical phenomenon relevant to information security that makes the brute forcing of one-way hashes easier. It’s based off of the birthday paradox, which states that in order for there to be a 50% chance that someone in a given room shares your birthday, you need 253 people in the room.

If, however, you are looking for a greater than 50% chance that any two people in the room have the same birthday, you only need 23 people.

This works because the matches are based on pairs. If I choose myself as one side of the pair, then I need a full 253 people to get to the magic number of 253 pairs. In other words, it’s me combined with 253 other people to make up all 253 sets.

But if I am only concerned with matches and not necessarily someone matching me, then we only need 23 people in the room . Why? Because it only takes 23 people to form 253 pairs when cross-matched with each other.

So the number 253 doesn’t change. That’s still the number of pairs required to reach a 50% chance of a birthday match within the room. The only question is whether each person is able to link with every other person. If so you only need 23 people; if not, and you’re comparing only to a single birthday, you need 253 people.

This applies to finding collisions in hashing algorithms because it’s much harder to find something that collides with a given hash than it is to find any two inputs that hash to the same value

Reference:

https://danielmiessler.com/study/birthday_attack/

                                   Man-in-the-Middle Attack 

Is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. Man-in-the-middle attacks can be thought about through a chess analogy. Mallory, who barely knows how to play chess, claims that she can play two grandmasters simultaneously and either win one game or draw both. 




RESOURCES:
https://en.wikipedia.org/wiki/Man-in-the-middle_attack

Overview of Cryptography

Overview of Cryptography

 INTRODUCTION

Does increased security provide comfort to paranoid people? Or does security provide some very basic protections that we are naive to believe that we don't need? During this time when the Internet provides essential communication between tens ofMILLIONS of people and is being increasingly used as a tool for commerce, security becomes a tremendously important issue to deal with.

There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography. But it is important to note that while cryptography is necessary for secure communications, it is not by itself sufficient. The reader is advised, then, that the topics covered here only describe the first of many steps necessary for better security in any number of situations.

This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today.

I would like to say at the outset that this page is very focused on terms, concepts, and schemes in current use and is not a treatise of the whole field. No mention is made here about pre computerised crypto schemes, the difference between a substitution and transposition cipher, cryptanalysis, or other history. Interested readers should check out some of the books in the references section below, a short list of my crypto URLs, or the Learn Cryptography page for detailed — and interesting! — background information.

THE PURPOSE OF CRYPTOGRAPHY

Cryptography is the science of writing in secret code and is an ancient art; the first documented use of cryptography in writing dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that cryptography appeared spontaneously sometime after writing was invented, with applications ranging from diplomatic missives to war-time battle plans. It is no surprise, then, that new forms of cryptography came soon after the widespread development of computer communications. In data and telecommunications, cryptography is necessary when communicating over any untrusted medium, which includes just about any network, particularly the Internet.

Within the context of any application-to-application communication, there are some specific security requirements, including:

• Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
• Privacy/confidentiality: Ensuring that no one can read the message except the intended receiver.
• Integrity: Assuring the receiver that the received message has not been altered in any way from the original.
• Non-repudiation: A mechanism to prove that the sender really sent this message.

Cryptography, then, not only protects data from theft or alteration, but can also be used for user authentication. There are, in general, three types of cryptographic schemes typically used to accomplish these goals: secret key (or symmetric) cryptography, public-key (or asymmetric) cryptography, and hash functions, each of which is described below. In all cases, the initial unencrypted data is referred to as plaintext. It is encrypted into ciphertext, which will in turn (usually) be decrypted into usable plaintext.

In many of the descriptions below, two communicating parties will be referred to as Alice and Bob; this is the common nomenclature in the crypto field and literature to make it easier to identify the communicating parties. If there is a third or fourth party to the communication, they will be referred to as Carol and Dave. Mallory is a malicious party, Eve is an eavesdropper, and Trent is a trusted third party.

TYPES OF CRYPTOGRAPHIC ALGORITHMS

There are several ways of classifying cryptographic algorithms. For purposes of this paper, they will be categorized based on the number of keys that are employed for encryption and decryption, and further defined by their application and use. The three types of algorithms that will be discussed are (Figure 1):

• Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption
• Public Key Cryptography (PKC): Uses one key for encryption and another for decryption
• Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information

Reference:

https://www.youtube.com/watch?v=fNC3jCCGJ0o

http://www.garykessler.net/library/crypto.html

http://www.mcpressonline.com/security/ibm-i-os400-i5os/your-guide-to-a-successful-encryption-project.html

Past, present, and future methods of cryptography and data encryption

Past, present, and future methods of cryptography and data encryption

• Historical cryptography 

• Rome

The earliest recorded military use of cryptography comes from Julius Caesar 2,000 years ago. Caesar, being commander of the Roman army, solved the problem of secure communication with his troops. The problem was that messengers of secret military messages were often overtaken by the enemy. Caesar developed a substitution cipher method in which he would substitute letters for different letters. Only those who knew the substitution used could decipher the secret messages. Now when the messengers were overtaken the secret messages were not exposed. This gave the Roman army a huge advantage during war. 

• Modern cryptography 

• One-Time Pad 

The "one-time pad" encryption algorithm was invented in the early 1900's, and has since been proven as unbreakable. The one-time pad algorithm is derived from a previous cipher called Vernam Cipher, named after Gilbert Vernam. The Vernam Cipher was a cipher that combined a message with a key read from a paper tape or pad. The Vernam Cipher was not unbreakable until Joseph Mauborgne recognized that if the key was completely random the cryptanalytic difficultly would be equal to attempting every possible key (Kahn 1996). Even when trying every possible key, one would still have to review each attempt at decipherment to see if the proper key was used. The unbreakable aspect of the one-time pad comes from two assumptions: the key used is completely random; and the key cannot be used more than once. The security of the one-time pad relies on keeping the key 100% secret.

The one-time pad is typically implemented by using a modular addition (XOR) to combine plaintext elements with key elements. An example of this is shown in Figure 11. The key used for encryption is also used for decryption. Applying the same key to the ciphertext results back to the plaintext. 

• Future methods of cryptography 

• Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) has technically already been invented but is considered by the author to be a future technique of cryptography because its advantages and disadvantages are not yet fully understood. ECC is an approach to encryption that utilizes the complex nature of elliptic curves in finite fields. ECC typically uses the same types of algorithms as that of Diffie-Hellman Key Exchange and RSA Encryption. The difference is that the numbers used are chosen from a finite field defined within an elliptic curve expression.

• Resources 

• http://www.eng.utah.edu/~nmcdonal/Tutorials/EncryptionResearchReview.pdf
• http://www.studentpulse.com/articles/41/a-brief-history-of-cryptography
• http://web.itu.edu.tr/~orssi/dersler/cryptography/Chap2-1.pdf

TYPES OF CRYPTOGRAPHIC ALGORITHMS

TYPES OF CRYPTOGRAPHIC ALGORITHMS

      There are several ways of classifying cryptographic algorithms. For purposes of this paper,they will be categorized based on the number of keys that are employed for encryption and decryption,    and further defined by their application and use. The three types of algorithms that will be discussed are:

• Secret Key Cryptography (SKC): Uses a single key for both encryption and decryption.
• Public Key Cryptography (PKC): Uses one key for encryption and another for decryption.
• Hash Functions: Uses a mathematical transformation to irreversibly "encrypt" information.

Secret Key Cryptography

With secret key cryptography, a single key is used for both encryption and decryption. , the sender uses the key (or some set of rules) to encrypt the plaintext and sends the ciphertext to the receiver. The receiver applies the same key (or ruleset) to decrypt the message and recover the plaintext. Because a single key is used for both functions, secret key cryptography is also called symmetric encryption.
With this form of cryptography, it is obvious that the key must be known to both the sender and the receiver; that, in fact, is the secret. The biggest difficulty with this approach, of course, is the distribution of the key.
Secret key cryptography schemes are generally categorized as being either stream ciphers or block ciphers. Stream ciphers operate on a single bit (byte or computer word) at a time and implement some form of feedback mechanism so that the key is constantly changing.
Block ciphers can operate in one of several modes; the following four are the most important:

1. Electronic Codebook (ECB) mode. 
2. Cipher Block Chaining (CBC) mode.
3. Cipher Feedback (CFB) mode.
4. Output Feedback (OFB) mode.

Public-Key Cryptography

Public-key cryptography has been said to be the most significant new development in cryptography in the last 300-400 years. Modern PKC was first described publicly by Stanford University professor Martin Hellman and graduate student Whitfield Diffie in 1976. Their paper described a two-key crypto system in which two parties could engage in a secure communication over a non-secure communications channel without having to share a secret key.
PKC depends upon the existence of so-called one-way functions, or mathematical functions that are easy to compute whereas their inverse function is relatively difficult to compute.

Public-key cryptography algorithms that are in use today for key exchange or digital signatures include:

• RSA
• Diffie-Hellman.
• Digital Signature Algorithm (DSA).
• ElGamal.
• Public-Key Cryptography Standards (PKCS).

Hash Functions

Hash functions, also called message digests and one-way encryption, are algorithms that, in some sense, use no key. Instead, a fixed-length hash value is computed based upon the plaintext that makes it impossible for either the contents or length of the plaintext to be recovered. Hash algorithms are typically used to provide a digital fingerprint of a file's contents, often used to ensure that the file has not been altered by an intruder or virus. Hash functions are also commonly employed by many operating systems to encrypt passwords. Hash functions, then, provide a measure of the integrity of a file.

Hash algorithms that are in common use today include:

• Message Digest (MD) algorithms. 
• Secure Hash Algorithm (SHA).
• Tiger.

watch this video to know how asymmetric encryption works:

 Some more  videos :
https://www.youtube.com/watch?v=ERp8420ucGs
https://www.youtube.com/watch?v=E5FEqGYLL0o

References :

http://www.garykessler.net/library/crypto.html#fig01

https://cryptography.io/en/latest/

http://www.encryptionanddecryption.com/algorithms/encryption_algorithms.html