Ch 4 Key Terms Flashcards
three primary characteristics: randomness, length of key, cryptoperiod (length of time for which a key is authorized for use)
key strength
initialization vector (IV)
salt
Counter (CTR)
Key Strength
after being encrypted, each ciphertext blocks gets “fed back” into the encryption process to encrypt the next plaintext block
Electronic Code Book (ECB)
nonce
Counter (CTR)
Cipher Block Chaining (CBC)
Cipher Block Chaining (CBC)
requires that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged
Galois/Counter (GCM)
nonce
initialization vector (IV)
Counter (CTR)
Counter (CTR)
most widely used algorithm input; random and unpredictable, or at least unique for each message encrypted with a given key
digital certificate
nonce
initialization vector (IV)
salt
initialization vector (IV)
a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest; prevents an attacker from generating digests of commonly used passwords or dictionary words that can be compared to the digest of a stolen password.
encryption
initialization vector (IV)
nonce
salt
salt
if a user wants a digital certificate he must, after generating the public and private keys to be used, complete a request with information such as name, address, email address
online CA
certificate authority (CA)
intermedicate certificate
certificate signing request (CSR)
certificate signing request (CSR)
responsible for digital certificates
certificate authentication authority (CA)
intermedicate certificate
Certificate Revocation List (CRL)
certificate authority (CA)
certificate authority (CA)
a list of certificate serial numbers that have been revoked
offline CA
Certificate Revocation List (CRL)
OCSP stapling
OCSP Responder
Certificate Revocation List (CRL)
performs a real-time lookup of a certificate’s status; aka a request-response protocol
OCSP Responder
OCSP stapling
certificate chaining
Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol (OCSP)
provides immediate revocation information on that one specific certificate
OCSP Responder
pinning
OCSP stapling
certificate chaining
OCSP Responder
the endpoint of the certificate chaining
user certificate
self-signed
user digital certificate
root digital certificate
user digital certificate
created by the master secret; symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity
session keys
Key exchange
handshake
web server digital certificates
session keys
ensure the authenticity of the web server to the client; ensure the authenticity of the cryptographic connection to the web server
web server digital certificates
email digital certificate
handshake
Key exchange
web server digital certificates
web servers can set up secure cryptographic connections so that all transmitted data is encrypted by providing the server’s public key with a digital certificate to the client.
extended validation (EV) Key exchange handshake domain validation digital certificate
Key exchange
enhanced type of domain digital certificate; required more extensive verification of the legitimacy of a business; when a web browser indicates to users that they are connected to a website that uses higher-level EV, a green padlock along with the site’s name is displayed
domain validation digital certificate
machine digital certificate
code signing digital certificate
extended validation (EV)
extended validation (EV)
