6.0 Cryptography & PKI Flashcards

1
Q

Symmetric algorithm

A

Uses the same key to encrypt and decrypt data. Also known as secret key encryption.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DES

A

Data Encryption Standard. Symmetric block cipher. Encrypts data in 64-bit blocks with key of only 56 bits. Should not be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

3DES (TDES)

A

Triple Data Encryption Standard. Symmetric block cipher. It encrypts data using the DES algorithm in three separate passes and uses multiple keys. Goes through 48 rounds when encrypting plaintext. Still used when legacy hardware doesn’t support AES.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AES

A

Advanced Encryption Standard. Strong symmetric block cipher that encrypts data in 128-bit blocks. The National Institute of Standards and Technology (NIST) adopted AES from the Rijndael encryption algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Blowfish

A

Strong symmetric block cipher that is still widely used today. It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Twofish

A

Related to Blowfish, but encrypts data in 128-bit blocks and it supports 128-, 192-, or 256-bit keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RC4 (or ARC4)

A

Symmetric stream cipher and it can use between 40 and 2048 bit keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IDEA

A

International Data Encryption Algorithm. Symmetric block cipher which uses 64-bit blocks to encrypt plaintext into Ciphertext with a 128-bit key. IDEA is used in PGP. Developed in Switzerland

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

GOST

A

Russian private key encryption standard that uses a 256-bit encryption key. GOST was developed as a counter to the Data Encryption Standard (DES). 64-bit block size. Symmetric block cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CAST-128 (or CAST5)

A

Symmetric key block cipher used in PGP and GPG

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RC5

A

Private key encryption standard developed at MIT. Symmetric block cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Asymmetric algorithms

A

Also known as public key algorithms. The public key can be shared with anyone, whereas the private key is possessed only by the owner. The public key is used to encrypt the data while the private key is used to decrypt the data. Asymmetric ciphers use random number generation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Diffie-Hellman

A

A key exchange algorithm used to privately share a symmetric key between two parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Diffie-Hellman Ephemeral

A

Uses ephemeral keys, generating different keys for each session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Elliptic Curve Diffie-Hellman Exchange

A

Uses ephemeral keys generated using ECC, another version ECDH, uses static keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Elliptic Curve Diffie-Hellman (ECDH)

A

A key exchange protocol used in Public Key Infrastructure (PKI). It allows for establishing shared secrets between two parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

DSA

A

Digital Signature Algorithm. Used as the digital signature for the US government, and was developed by NIST and the NSA. Uses an encrypted hash of a message. The hash is encrypted with the sender’s private key

18
Q

ECC

A

Elliptic curve cryptography. Doesn’t take as much processing power as the other cryptographic methods

19
Q

PGP

A

Pretty Good Privacy. A method used to secure email communication. It can encrypt, decrypt, and digitally sign email

20
Q

GPG

A

GNU Privacy Guard. Free software that is based on the OpenPGP standard

21
Q

RSA

A

Rivest–Shamir–Adleman. Asymmetric encryption method using both a public key and a private key in a matched pair

22
Q

Pseudo-random number generation

A

Used in symmetric ciphers

23
Q

Random random number generation

A

Used in asymmetric ciphers

24
Q

WEP

A

Wired Equivalent Privacy. Introduced as part of the original 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network

25
Q

WPA

A

Wi-Fi Protected Access. An interim replacement for Wired Equivalent Privacy. WPA is designed to work with older wireless clients while implementing the 802.11i standard. WPA is susceptible to password-cracking attacks. WPA uses TKIP

26
Q

WPA2

A

Wi-Fi Protected Access II. Permanent replacement for WEP and WPA. WPA2 supports CCMP (based on AES), which is much stronger than the older TKIP protocol and CCMP should be used instead of TKIP

27
Q

OCSP

A

Online Certificate Status Protocol. OCSP allows the client to query the CA with the serial number of the certificate. OCSP is replacing CRL as OCSP is real-time

28
Q

CRL

A

Certificate Revocation List. A method of validating a certificate. Can take up to 48 hours

29
Q

CSR

A

Certificate Signing Request. A CSR is an encrypted message that validates the information required by the CA for issuing a certificate. Once it is verified by the CA, CSR inserts the generated public key into the certificate, which is then digitally signed with the private key of the CA

30
Q

OID

A

Object Identifiers. An OID is a string of decimal numbers used to uniquely identify the objects (e.g., syntaxes, data elements, and other parts of distributed applications). OIDs are usually found in SNMP, X.500 directories, and OSI applications where uniqueness is crucial

31
Q

MD5

A

Message Digest 5. A common hashing algorithm that produces a 128-bit hash

32
Q

HMAC

A

Hash-based Message Authentication Code. – Fixed-length string of bits similar to other hashing algorithms such as MD5 and SHA-1. However, HMAC also uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key. HMAC verifies both the integrity and authenticity of a message

33
Q

KHMAC

A

Keyed Hashing for Message Authenticate Code. Used to digitally sign packets that are transmitted on IPSec connections

34
Q

RIPEMD

A

RACE Integrity Primitives Evaluation Message Digest. Hash function used for integrity, though it isn’t as widely used as MD5, SHA, and HMAC

35
Q

SHA

A

Secure Hash Algorithm. Another hashing algorithm. There are several variations of SHA grouped into four families – SHA-0, SHA-1, SHA-2, and SHA-3. SHA-1 produces 160-bit checksum

36
Q

EAP

A

Extensible Authentication Protocol. Provides a method for two systems to create a secure encryption key, also known as a Pairwise Master Key (PMK). Systems then use this key to encrypt all data transmitted between the devices. Both TKIP and AES-based CCMP use this key, though CCMP is much more secure

37
Q

PEAP

A

Protected EAP. Provides an extra layer of protection for EAP. PEAP encapsulates and encrypts the EAP conversation in a Transport Layer Security (TLS) tunnel. PEAP requires a certificate on the server, but not the clients. A common implementation is with MS-CHAPv2

38
Q

EAP-FAST

A

EAP-Flexible Authentication via Secure Tunneling. Cisco designed as a secure replacement for Lightweight EAP (LEAP). It supports certificates, but they are optional

39
Q

EAP-TLS

A

One of the most secure EAP standards and is widely implemented. The primary difference between PEAP and EAP-TLS is that it requires certificates on the 802.1x server and on each of the wireless clients

40
Q

EAP-TTLS

A

An extension of PEAP, allowing systems to use some older authentication methods such as Password Authentication Protocol (PAP) within a TLS tunnel. EAP-TTLS requires a certificate on the 802.1x server but not the clients

41
Q

RADIUS Federation

A

RADIUS Federation is a group of RADIUS servers that assist with network roaming. The servers will validate the login credentials of a user belonging to another RADIUS server’s network