20 - Cryptography Flashcards
What is cryptography?
The conversion of data into a scrambled code that is encrypted and sent across a private or public network. Used to protect important data.
What are the types of cryptography?
- Symmetric: Uses the same key for encryption as it does for decryption
- Asymmetric: Uses different key for encryption and decryption.
What is Government Access to Keys (GAK)?
Where the software companies provide copies of all keys to the government so that they can hold onto them in a secure manner. LE agencies will use to monitor suspicious communication.
What is MD5?
Takes a message of arbitrary length as the input and then outputs a 128-bit fingerprint or message or message digest of the input. Not collision resistant. Use of latest algos such as SHA-2 and SHA-3 is recommended. Deployed for digital signatures, file integrity checking and storing passwords.
What is SHA (Secure Hashing Algorithm)?
An algorithm to generate cryptographically secure one-way hash, published by NIST. Produces a 160-bit digest from a message with a maximum length of (264-1) bits, and it resembles the MD5 algorithm. There are currently 3 generations:
- SHA-0: No longer used.
- SHA-1: Produces 160 bit digest from a message with a maximum length of (264-1) bits and resembles the MD5 algorithm.
- SHA-2: Family of 2 similar hash functions with different block sizes: SHA-256 (32 bits) and SHA-512 (64 bits)
- SHA-3: Uses Sponge Construction in which message blocks are XORed into the bits of the state which is then invertibly permuted.
What is RIPEMD-160 (RACE Integrity Primitives Evaluation Message Digest)?
A 160 bit hash algo in which the compression function consists of 80 stages made up of 5 blocks that execute 16 times each. Process repeats twice by combining the results at the bottom using modulo 32 addition.
What is HMAC (Hash-based Message Authentication Code)?
Type of message authentication code that makes use of cryptographic key with a combination of a cryptographic hash function. Includes embedded hash function such as SHA-1 or MD5. Includes 2 stages for computing the hash:
- Inputs inner key and message to produce an internal hash
- Inputs the output from the first stage and outer key and produces the final HMAC code.
What is PKI?
A set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital signatures.
What are the components of PKI?
- Certificate Management System: Generates, distributes, stores, and verifies certs
- Digital Signatures: establishes creds of a person for online transactions
- Validation Authority (VA): Stores certs with their public keys
- Certificate Authority (CA): Trusted entities that issue and verify digital certs
- End User: Requests, manages, and uses certs
- Registration Authority (RA): Acts as the verifier for the CA
What are ciphers?
Algorithms used to encrypt or decrypt the data. Encipherment is the process of converting plain text into a cipher or code (reverse process is called decipherment).
What are different types of ciphers?
-
Classical: The most basic type which operate on alphabets.
- Substitution: User replaces units of plaintext with ciphertext.
- Transposition: Rearranging letters in the plain text according to a system.
-
Modern: Provides message secrecy, integrity, and authentication of the sender.Based on type of key used:
- Symmetric
- Asymmetric
-
Based on the type of input data:
- Block ciphers: Algorithm operating on block (group of bits) of fixed size with an unvarying transformation specified by a symmetric key. Most modern ciphers are block ciphers.
- Stream Ciphers: Symmetric key ciphers are plaintext digits combined with a key stream (pseudorandom cipher digit stream). The user applies the key to each bit, one at a time.
What is the Data Encryption Standard (DES)?
Designed to encipher and decipher blocks of data consisting of 64 bits under control of a 56-bit key. Due to inherent weakness of DES some organizations repeat the process 3 times for added strength (3DES).
What is Advanced Encryption Standard (AES)?
A symmetric-key algorithm that secures sensitive but unclassified material by US gov agencies. AES is an iterated block cipher which works by repeating the same operation multiple times.
What are the RC4, RC5, and RC6 algorithms?
- RC4: A variable key size symmetric stream cipher with byte-oriented operations and is based on the use of a random permutation
- RC5: Parameterized algorithm with a variable block size, variable key size, and a variable number of rounds. 128 bit key
-
RC6: Symmetric key block cipher derived from RC5 with two additional features:
- Uses integer multiplication
- Uses four 4-bit working registers
What is Twofish?
Uses a block size of 128 bits and key sizes up to 256 bits. It is a Feistal cipher that uses a single key for both encrypt and decrypt.
What is DSA (Digital Signature Algorithm)?
Helps in the generation and verification of digital signatures for sensitive and unclassified apps. A digital signature is a mathematical scheme used for the authentication of digital messages. Computation of the digital signature uses a set of rules (i.e., the DSA) and a set of parameters, in that the user can verify the identity of the signatory and integrity of the data. Uses public/private keys.
What is RSA (Rivet Shamir Adleman)?
An internet and authentication system that is one of the de-facto encryption standards. It uses modular arithmetic and elementary number theories to perform computations using two large prime numbers. Based on the assumption that factoring is difficult to carry out, making it safe.
What is Diffie-Hellman?
A cryptographic protocol that allows 2 parties to establish a shared key over an insecure channel.
What is Message Digest (One-Way Hash) Functions?
Hash functions calculate a unique fixed-size bit string representation called a message digest of any arbitrary block of info. If any given bit of the function’s input is changed, then every output bit has a 50% chance of changing. It is computationally infeasible to have two files with the same message digest value.
What is a Digital Signature?
Uses asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form. May be further protected by encrypting the signed email for confidentiality.
What is SSL?
An app layer protocol developed by Netscape for managing the security of a message transmission on the Internet. Uses RSA asymmetric (public key) encryption to encrypt data transferred over SSL connections. Offers Channelsecurity with 3 basic properties:
- Private Channel: All the messages are encrypted after a simple handshake is used to define a secret key.
- Authenticated Channel: The server endpoint of the conversation is always encrypted, whereas the client endpoint is optionally authenticated.
- Reliable Channel: Message transfer has an integrity check.
What is Transport Layer Security (TLS)?
A protocol to establish a secure connection between a client and a server and ensure privacy and integrity of info during transmission. Uses RSA also with 1024 and 2048 bit strengths. Consists of 2 layers:
- TLS Handshake Protocol: It allows the client and server to authenticate each other, select encryption algo, and exchange symmetric key prior to data exchange.
- TLS Record Protocol: It provides secured connections with an encryption method such as DES.
What is Pretty Good Privacy (PGP)?
A protocol used to encrypt and decrypt data that provides authentication and cryptographic privacy. PGP uses RSA for computing digital signatures and MD5 for computing message digests. PGP combines the best features of both conventional and public-key cryptography and is known as hybrid cryptosystem. Compresses data –> creates random key –> uses random key to encrypt compressed message –> random key is encrypted with recipient’s public key –> message and encrypted key are sent to receiver.
What is Disk Encryption?
A technology which protects the confidentiality of the data stored on disk by converting it into an unreadable code using encryption software or hardware, preventing unauthorized users from accessing it.