Ch 4 Key Terms Flashcards
three primary characteristics: randomness, length of key, cryptoperiod (length of time for which a key is authorized for use)
key strength
initialization vector (IV)
salt
Counter (CTR)
Key Strength
after being encrypted, each ciphertext blocks gets “fed back” into the encryption process to encrypt the next plaintext block
Electronic Code Book (ECB)
nonce
Counter (CTR)
Cipher Block Chaining (CBC)
Cipher Block Chaining (CBC)
requires that both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged
Galois/Counter (GCM)
nonce
initialization vector (IV)
Counter (CTR)
Counter (CTR)
most widely used algorithm input; random and unpredictable, or at least unique for each message encrypted with a given key
digital certificate
nonce
initialization vector (IV)
salt
initialization vector (IV)
a value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest; prevents an attacker from generating digests of commonly used passwords or dictionary words that can be compared to the digest of a stolen password.
encryption
initialization vector (IV)
nonce
salt
salt
if a user wants a digital certificate he must, after generating the public and private keys to be used, complete a request with information such as name, address, email address
online CA
certificate authority (CA)
intermedicate certificate
certificate signing request (CSR)
certificate signing request (CSR)
responsible for digital certificates
certificate authentication authority (CA)
intermedicate certificate
Certificate Revocation List (CRL)
certificate authority (CA)
certificate authority (CA)
a list of certificate serial numbers that have been revoked
offline CA
Certificate Revocation List (CRL)
OCSP stapling
OCSP Responder
Certificate Revocation List (CRL)
performs a real-time lookup of a certificate’s status; aka a request-response protocol
OCSP Responder
OCSP stapling
certificate chaining
Online Certificate Status Protocol (OCSP)
Online Certificate Status Protocol (OCSP)
provides immediate revocation information on that one specific certificate
OCSP Responder
pinning
OCSP stapling
certificate chaining
OCSP Responder
the endpoint of the certificate chaining
user certificate
self-signed
user digital certificate
root digital certificate
user digital certificate
created by the master secret; symmetric keys to encrypt and decrypt information exchanged during the session and to verify its integrity
session keys
Key exchange
handshake
web server digital certificates
session keys
ensure the authenticity of the web server to the client; ensure the authenticity of the cryptographic connection to the web server
web server digital certificates
email digital certificate
handshake
Key exchange
web server digital certificates
web servers can set up secure cryptographic connections so that all transmitted data is encrypted by providing the server’s public key with a digital certificate to the client.
extended validation (EV) Key exchange handshake domain validation digital certificate
Key exchange
enhanced type of domain digital certificate; required more extensive verification of the legitimacy of a business; when a web browser indicates to users that they are connected to a website that uses higher-level EV, a green padlock along with the site’s name is displayed
domain validation digital certificate
machine digital certificate
code signing digital certificate
extended validation (EV)
extended validation (EV)
verifies the identity of the entity that has control over the domain name; displays a green padlock icon in the web browser
email digital certificate
domain validation digital certificate
extended validation (EV)
machine digital certificate
domain validation digital certificate
was created to satisfy the requirements of the X.509 specification for secure data transfer
PKCS#12
Privacy enhancement mail (PEM)
canonical encoding rules (CER)
distinguished encoding rules (DER)
distinguished encoding rules (DER)
follow ITU-T X.690
tunnel mode
PKI (Public Key Infrastructure)
X.509 certificates
email digital certificate
X.509 certificates
PEM, PFX and PKCS#12
x.609 file formats
Hierarchical Trust Model
x.509 file formats
bridge trust model
x.509 file formats
a consistent means to manage digital certificates; the underlying infrastructure for the management of public keys used in digital certificates
PKI (Public Key Infrastructure)
Key exchange
key escrow
Secure key escrow
PKI (Public Key Infrastructure)
refers to a process in which keys are managed by a third party such as a trusted CA; the private key is split and each half is encrypted; the two halves are registered and sent to the third party which store each half in a separate location
cerfificate life cycle
key escrow
Secure key escrow
key recovery agent
key escrow
a highly trusted person responsible for recovering lost or damaged digital certificates
key escrow
key recovery agent
cipher suite
Secure key escrow
key recovery agent
a protocol suite for securing IP communications; encrypts and authenticates each IP packet of a session between hosts or networks; can provide protection to a much wider range of applications than SSL or TLS; transparent security protocol; is in the OS or the communication hardware
IP Security (IPsec)
IP
PKE
transport mode
IP Security (IPsec)
authentication, confidentiality and key management
IPsec TRIAD
IPsec protocols
transport mode
IP Security (IPsec)
IPsec protocols
