6 Flashcards
What encryption does?
Protects data from prying eyes by putting it in a secret code (cipher text)
What decryption does?
Converts the ciphertext into plaintext using a key.
Give example of encryption:
Caesar cipher, One-time Pad
What Steganography does?
Hides sensitive information inside other information, it prevents the message from being found.
What is the best practice related to encryption?
Using a scheme/algorithm that is open & published. ONLY keep the key secret!
Two types of Cryptography:
Symmetric & Asymmetric
Describe symmetric cryptography.
Encrypts & decrypts with the same key (kept secret).
AES standard, mature, reliable & widely used.
It provides secrecy & authenticity.
How any encryption can be attacked?
By brute force.
Applications of symmetric encryption are…
HTTPS, Disk Encryption
Describe asymmetric cryptography.
It uses two keys, a private key (kept secret) to decrypt/encrypt and a public key (can be shared) to encrypt/decrypt which are mathematically linked.
Applications of asymmetric encryption are…
Digital Signature
Bitcoin
What is end-to-end encrypted?
Message is encrypted when it leaves your phone & decrypted only on your friend’s end. The service provider sees gibberish.
What does a VPN do?
Mask your IP adress with an IP adress in a foreign location.
What’s a hash?
Mathematical function that takes in a plaintext, returns random-looking information.
Sensitive information is “hashed” means:
turned into random-looking information
Describe multi-factor authentication. Add examples.
Knowledge (something you know, ex: password)
Posession (something you have, ex: device)
Bio-metric (something you are, ex: fingerprint, retina scan…)
What’s phising?
Someone tricks you into typing your password into a “bad guy” site, so the “bad guy” gets your password.
What’s the counter to phising?
Always check the URL, and verify whom you give information to.
Give an example of “phising” in real life.
Fake ATM Machine, it prints error message, but records card details & PIN.
How do we know if a web is secure?
It starts with HTTPS (S stands for secure).
It has the padlock icon.
Verify the URL.
Which are the two main purposes of secure web communication?
Domain Verification: prevents phising via domain identification.
Data Encryption: safeguards transmitted data from interception.
How do we name a specially crafted & sophisticated attack against a specific person?
Atypical Spear Phising Case
Typical attacks are…
Bulks
A bulk is…
when million of generic attacks are sent
What’s a dictionary attack?
Is it effective?
When you try every known password. It fails mostly, but works some percentage of the time.
What do we need to have a stronger password?
Longer, more characters, not a word or pun.
What is cracking passwords?
Typing to decrypt the stolen passwords, many per second.
Name the counters of cracking.
Programmers can build in a short delay, so it takes longer to try passwords.
Programmers can limit the number of attempted logins.
Make your password unique and long.
Two-Factor-Authentication.
What’s 2FA?
Two-Factor-Authentication.
Which are the options to have a second thing to log in?
SMS
OTP generator App (like Microsoft Authenticator, Apple Password)
U2F (Apple Passkey)
Which are the issues with SMS based 2FA?
Bad guys could trick your mobile provider: FTC’s lead Technologist gets hacked.
Phising
Malware on phone
What’s the future of 2FA?
U2F, so the device acts as the 2nd factor (apple passkeys, google passkeys)