6 Flashcards
What encryption does?
Protects data from prying eyes by putting it in a secret code (cipher text)
What decryption does?
Converts the ciphertext into plaintext using a key.
Give example of encryption:
Caesar cipher, One-time Pad
What Steganography does?
Hides sensitive information inside other information, it prevents the message from being found.
What is the best practice related to encryption?
Using a scheme/algorithm that is open & published. ONLY keep the key secret!
Two types of Cryptography:
Symmetric & Asymmetric
Describe symmetric cryptography.
Encrypts & decrypts with the same key (kept secret).
AES standard, mature, reliable & widely used.
It provides secrecy & authenticity.
How any encryption can be attacked?
By brute force.
Applications of symmetric encryption are…
HTTPS, Disk Encryption
Describe asymmetric cryptography.
It uses two keys, a private key (kept secret) to decrypt/encrypt and a public key (can be shared) to encrypt/decrypt which are mathematically linked.
Applications of asymmetric encryption are…
Digital Signature
Bitcoin
What is end-to-end encrypted?
Message is encrypted when it leaves your phone & decrypted only on your friend’s end. The service provider sees gibberish.
What does a VPN do?
Mask your IP adress with an IP adress in a foreign location.
What’s a hash?
Mathematical function that takes in a plaintext, returns random-looking information.
Sensitive information is “hashed” means:
turned into random-looking information
Describe multi-factor authentication. Add examples.
Knowledge (something you know, ex: password)
Posession (something you have, ex: device)
Bio-metric (something you are, ex: fingerprint, retina scan…)
What’s phising?
Someone tricks you into typing your password into a “bad guy” site, so the “bad guy” gets your password.
What’s the counter to phising?
Always check the URL, and verify whom you give information to.
Give an example of “phising” in real life.
Fake ATM Machine, it prints error message, but records card details & PIN.
How do we know if a web is secure?
It starts with HTTPS (S stands for secure).
It has the padlock icon.
Verify the URL.
Which are the two main purposes of secure web communication?
Domain Verification: prevents phising via domain identification.
Data Encryption: safeguards transmitted data from interception.
How do we name a specially crafted & sophisticated attack against a specific person?
Atypical Spear Phising Case
Typical attacks are…
Bulks
A bulk is…
when million of generic attacks are sent