7 Cryptography and the PKI Flashcards
What are the three main goals of cryptography?
- Confidentiality
- Integrity
- Authentication
- Nonrepudiation
The CIA triad consists of Confidentiality, Integrity, and Availability, but Authentication is a goal specific to cryptography.
Define cryptography.
The practice of encoding information in a manner that it cannot be decoded without access to the required decryption key.
What are the two main operations of cryptography?
- Encryption
- Decryption
What does encryption do?
Transforms plain-text information into ciphertext using an encryption key.
What does decryption do?
Transforms ciphertext back into plain text using a decryption key.
What is the goal of confidentiality in cryptography?
To protect sensitive information from prying eyes.
What is the goal of integrity in cryptography?
To ensure that data is not maliciously or unintentionally altered.
What is the goal of authentication in cryptography?
To validate the identity of individuals.
What is nonrepudiation in the context of cryptography?
Ensures that individuals can prove to a third party that a message came from its purported sender.
True or False: The terms cryptography and cryptology are always used interchangeably.
False
What is the significance of modern cryptography in real-world security?
It is used regularly by security practitioners to keep data confidential.
What is Public Key Infrastructure (PKI)?
A framework that includes public key, private key, and key escrow.
List types of encryption levels.
- Full-disk
- Partition
- File
- Volume
- Database
- Record
- Transport/communication
Define obfuscation in the context of cryptography.
Steganography
What is hashing?
A process of converting data into a fixed-size string of characters, which is typically a hash value.
What is salting in cryptography?
The practice of adding random data to passwords before hashing them.
What are digital signatures?
Cryptographic values that validate the authenticity and integrity of a message.
What does key stretching do?
Enhances the security of weak passwords by increasing their length.
What is blockchain?
A distributed ledger technology that records transactions across many computers.
What does an open public ledger do?
Records transactions in a way that is accessible to anyone.
What are certificates in cryptography?
- Certificate authorities
- Certificate revocation lists (CRLs)
- Online Certificate Status Protocol (OCSP)
- Self-signed
- Third-party
- Root of trust
- Certificate signing request (CSR) generation
- Wildcard
What is a cryptographic attack?
An attempt to breach the security of cryptographic systems.
List types of cryptographic attacks.
- Downgrade
- Collision
- Birthday