6.2 Cryptography algorithms and their basic characteristics Flashcards
AES
(Advanced Encryption Standard) A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.
DES
(Data Encryption Standard) Symmetric encryption protocol. DES and its replacement 3DES are considered weak in comparison with modern standards, such as AES.
Blowfish/Twofish
Blowfish: A freely available 64-bit block cipher algorithm that uses a variable key length.
Twofish: A symmetric key block cipher, similar to Blowfish, consisting of a block size of 128 bits and key sizes up to 256 bits.
CBC
(Cipher Block Chaining) An encryption mode of operation where an exclusive or (XOR) is applied to the first plaintext block.
GCM
(Galois/Counter Mode) An encryption mode of operation that adds authentication to the standard encryption services of a cipher mode.
ECB
(Electronic Code Book) An encryption mode of operation where each plaintext block is encrypted with the same key.
Counter Mode
(CTM) An encryption mode of operation where a numerical counter value is used to create a constantly changing IV.
RSA
RSA is widely deployed as a solution for creating digital signatures and key exchange.
DSA
(Digital Signature Algorithm) A public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.
Diffie-Hellman
A key agreement protocol. It is used to securely agree on a key to encrypt messages using a symmetric encryption algorithm.
DHE
(Diffie-Hellman Ephemeral) A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.
ECDHE
(Elliptic Curve Diffie-Hellman Ephemeral) A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography.
Elliptic curve
A type of trapdoor function used to generate public/private key pairs.
PGP/GPG
(Pretty Good Privacy) A method of securing emails created to prevent attackers from intercepting and manipulating email and attachments by encrypting and digitally signing the contents of the email using public key cryptography.
(Gnu Privacy Guard) A popular open-source implementation of PGP.
MD5
The Message Digest Algorithm was designed in 1990 by Ronald Rivest, one of the “fathers” of modern cryptography. The most widely used version is MD5, released in 1991, which uses a 128-bit hash value. It is used in IPSec policies for data authentication.
SHA
(Secure Hash Algorithm) A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.
HMAC
(hash-based message authentication code) A method (described in RFC-2104) used to verify both the integrity and authenticity of a message by combining cryptographic hash functions, such as MD5 or SHA-1, with a secret key.
RIPEMD
(RACE Integrity Primitives Evaluation Message Digest) A message digest algorithm designed as an alternative to MD5 and SHA.
bcrypt
A key-derivation function based on the Blowfish cipher algorithm.
PBKDF2
(Password-Based Key Derivation Function 2) A key derivation function used in key stretching to make potentially weak cryptographic keys such as passwords less susceptible to brute force attacks.
Obfuscation
A technique that essentially “hides” or “camouflages” code or other information so that it is harder to read by unauthorized users.
XOR
(exclusive OR) An operation that outputs to true only if one input is true and the other input is false.
ROT13
A caesarian/substitution cipher that rotates each letter 13 places.
Substitution ciphers
An obfuscation technique where each unit of plaintext is kept in the same sequence when converted to ciphertext, but the actual value of the unit changes.
