Chapter 10 Flashcards
What is symmetric encryption?
Symmetric encryption uses the same key to encrypt and decrypt data. It can either use a stream cipher or block cipher to encrypt data.
What is the difference between block ciphers and stream ciphers?
Block cipher: Encrypts data in blocks. More complex and requires more time. High diffusion. Less susceptible to malicious insertions, a single error in a block can corrupt an entire block. Block ciphers require an initialization vector. Generally efficient to use when the size of the data is known, database files.
Stream cipher: Encrypts data one bit at a time. High performance requires fewer resources. lowe diffusion. A single error in a bit is not likely to corrupt subsequent bits. Generally efficient to use when the size of the data is unknown or if it is sent in streams (like streaming video or audio).
What is asymmetric encryption?
Asymmetric encryption used a key pair (private and public key) to encrypt and decrypt data. Asymmetric encryption requires a public key infrastructure (PKI) to issue certificates.
It is also slow and inefficient compared to symmetric encryption.
What is steganography?
steganography is the process of hiding or embedding information inside another piece of information ( a picture for example). It can provide a level of confidentiality, but not as well as encryption.
What do digital signatures provide?
Authentication, Integrity, Nonrepudiation
What is a digital in an email (its composition)?
A user’s digital signature is a hash of the email message encrypted with the sender’s private key.
What’s the general difference between a hash and a checksum?
Hash: More cryptographically secure, produces much longer numeric outcomes.
Checksum: Normally used as a fast way to quickly check the integrity of data, not meant to be cryptographically secure.
What is MD5 and what is its recommended use?
MD5 is a hashing algorithm that has since been compromised and is not safe for use cryptographically. MD5 however, is still used to get quickly check the integrity of data, as a checksum.
MD5 is highly susceptible to Hash Collision.
What is HMAC and does it differ from MD5 and SHA?
Hash-based Message Authentication Code (HMAC) is similar to MD5 and SHA and it provides a fixed-length string of bits (HMAC-MD5, HMAC-SHA256).
Where it differs is it also uses a shared secret key to add additional randomness to the result and only the sender and the receiver know the secret key. It is able to provide both integrity and authenticity of data.
Which secure protocols often use a version of HMAC?
IPsec and TLS often use a version of HMAC such as HMAC-MD5 or HMAC-SHA256
What is a Hash Collision?
A Hash Collision occurs when a hashing algorithm creates the same hash for two different inputs.
What’s the difference between Online and Offline password attacks?
Online password attacks: Attempts to discover passwords from an online system. Systems logs can be used to identify failed login attempts and locked accounts due to multiple failed attempts.
Offline password attacks: Attempts to discover passwords from a captured database or captured packet scan offline. This attack gives attackers more time to discover a password.
What do Event ID 4625 and Event ID 4740 mean in Windows system log?
Event ID 4625: Multiple failed login attempts
Event ID 4740: Account locked due to multiple failed login attempts
What is a dictionary attack?
A dictionary attack is a password attack. It uses a dictionary of common words/phrases and characters (1234) to guess accounts passwords (attempting every word). A dictionary can be used in a brute-force attack.
What is the difference between a brute force attack and a spraying attack?
These are both brute-force password attacks they use different methods to get the same desired outcome.
Brute force attack: Uses a large number of passwords against a single account in an attempt to guess the account password, or force its way in.
Spraying attack: Uses single passwords in rotation on multiple accounts.
What is Pass the Hass Attack?
In a pass-the-hash attack, an attacker discovers the hash of a user’s password and uses this hash to log on to systems as the user.
Things to keep in mind: Strong indicator of this attack is the usage of NTLM as the authentication package and or a logon process of NtLmSSP shown in Event ID 4624 in Windows security log.
Event 4672 determines the privilege used to connect
What is a birthday attack?
Birthday attacks exploit hash collision and the birthday mathematical paradox which states: In a random group of 23 people there is a 50% chance that 2 of them were born on the same day out of the 366 days in a year.
In a birthday attack, the attacker aims to create a password that produces the same hash as a user’s password.
If the password could only be one of 366 possibilities, the attacker has a 50% chance of guessing it after 23 attempts. This attack is stopped by increasing the number of bits in a hash to increase the number of possible hashes. MD5 is susceptible to birthday attacks (128 bits hash), whereas SHA-3 is not (512 bits hash).
What is a Rainbow Table Attack?
A Rainbow Table Attack attempts to guess a user’s password from the hash.
Rainbow tables are huge databases of password and their hash. If an attacker gets a hash of a user password they can use a Rainbow table to see if the user’s hash matches any hash in the table. If there is a match, then the attacker knows the password or at least a password that produces the same hash as the user’s password.
Rainbow Tables are normally used in offline attacks.
What is salting a password?
Password salting adds additional characters to a password before it is hashed, this adds complexity to the password and produces a hash that is different than the hash of just the password itself.
Salting is a great way to stop rainbow table attacks, dictionary attacks, brute force attacks, and other password attacks.
What is Key Stretching?
Key Stretching is used to increase the strength of the stored password by adding a cryptographic stretching algorithm to a salted password.
Three common key stretching algorithms are bcrypt, PBKDF2, Argon2.
What is bcrypt?
Bcrypt is used in many Unix/Linux environments to safeguard passwords. It does this by salting a password and using blowfish to encrypt the salted password. It goes through this process of salting and encrypting many times.
What is PBKDF2?
Password-based Key Derivation Function 2 protects a user password by adding salt of at least 64 bits to a password before adding additional randomness to the password using HMAC or a similar function. This process can be repeated as many times as desired to increase the
What is Argon2?
Argon2 works the same as PBKDF2 and Bcrypt, by adding salts and running the slats output through an algorithm several times to increase the security of a password.
There are several versions of Argon2.
What are the 3 common symmetric algorithms outlined in the book?
AES: Advance encryption standard
3DES: 3DEs or Trippes DES (Data Encryption Standard) is an improvement of the legacy DES algorithm, 64-bit Block cipher.
Blowfish & Twofish
What is AES and what are its benefits?
AES: Advance encryption standard, is a strong symmetric block cipher that encrypts data in 128-bit blocks. AES can use various key sizes to encrypt data (128bits, 192bits, 256bits), the larger the key the stronger the encryption (that is universal for mostly all encryption algorithms).
Benefits of AES:
Fast - encrypts/decrypts data on one pass
Efficient - AES uses fewer resources as compared to other encryption symmetric algorithms
Strong - provides strong encryption, which provides a strong level of confidentiality
What is 3DES?
3DES: 3DEs or Trippes DES (Data Encryption Standard) is an improvement of the legacy DES algorithm. 64-bit Block cipher. 3DES uses 3 separate passes and multiple keys to encrypt and decrypt, use more resources, and is slower than AES. Can be used as an alternative when AES is not supported. Provides strong encryption, key sizes (56 bits, 112 bits, and 168 bits).
What are blowfish and twofish?
Blowfish: A block cipher that encrypts in 64 bits blocks, and supports key sizes between 32 bits and 448 bits.
Twofish: related to blowfish, but encrypts data in 128-bit blocks and it supports 128-192- or 256-bit keys.
What are certificates?
A certificate is a digital document that typically includes the public key and information on the owner of the certificate. Certificate Authorities (CA) issue and manage certificates.
Certificates are used for a variety of purposes, including asymmetric encryption, authentication, and digital signatures.
What are ephemeral keys and what is its benefit?
Ephemeral keys are temporary key pairs typically used for a single session and discarded. in contrast, certificates are based on static keys, which are embedded and can be used for the life cycle of the certificate.
Perfect forward secrecy: simply put, ephemeral keys are randomly generated even given the same input. This ensures that systems are not resuing session keys and that the compromisation of a key has no bearing on other keys.