Chapter 10 Sec + Flashcards
MD5
Message Digest 5
- is a common hashing algorithm that produces 128-bit hash value
-Cracked and really only used for Checksum to verify integrity of files
SHA
Secure Hash Algorithm
Are a group of hashing algorithms
With variations grouped into 4 Standards
SHA 0 do not uses
SHA1 creates 160bit hash not used
SHA2 uses 256,224,384,512 bit hashes
Also verifies file integrity
HMAC
Hash Based Message Authentication Code
Is another way to provide integrity
- is a fixed length string of bits similar to MD5 and SHA-256
-uses a Shared secret integrity Key to add some randomness to the result
-provides both integrity and authenticity
LSASS
Local Security Authority Subsystem Security
A place that has password hashes
Credman
Credential manager
AES
Advanced Encryption Standard
Is a strong symmetric Block Cipher that encrypts data in 128-bit blocks
Uses key sizes of 128,192,256 bit keys
More bits used the harder it is to figure out the key
3DES
Is a Symmetric Block Cipher designed to improve on Legacy Data encrypted Standard (DES)
It Encrypts data using the DES algorithm in 3 separate passes And uses multiple keys
Encrypts data in 64-bit blocks
Key sizes of 112 but and 168 bit
CA
Certificate Authority
Issue and manage certificates to include
Asymmetric Encryption, authentication and digital signatures
ECC
Elliptic Curve Cryptography
It uses mathematical equations to formulate an elliptical curve
-Used on low power devices
RSA
Rivest Shamir Adleman
Is the primary public key Cryptographic algorithm used on the Internet
Uses key sizes of 1024,2048,4096
NIST recommends using 2048 and above keys
DSA
Digital Signature Algorithm
Uses an Encrypted hash of a message
The hash is encrypted with the senders private key
S/MIME
Secure/Multipurpose Internet Mail Extensions
Is the most popular standard to digitally sign and encrypt email
-uses both asymmetrical and symmetrical Encryption
Current Verizon uses Cryptographic Message Syntax(CMS) which allows it to use variety of different hashing algorithms and Encryption algorithms
PKI
Public Key Infrastructure
-is a group of technologies used to request,create,manage,store, distribute,and revoke digital signatures
CSR
Certificate Signing Request
It includes purpose of cert and information about website and public key and user.
And is formatted using the Public Key Cryptography Standards #10 Specifications
RA
Registration Authority
Can assist the CA by collecting digital certs registration information
CRL
Certificate Revocation Lists
Is version 2 certificate that includes a list of revoked certificates identified by Serial numbers
OCSP
Online Certification Status Protocol
Returns answers such as good, Revoked, or Unknown for Certificates
clients before they use certs verify it’s valid with checks
KMS
Key Management System
Is a Centralized system or Service Responsible for the Secure Management of Cryptographic Keys used in Various security Applications
SAN
Subject Alternative Name
Certificate is used for multiple domains that have different names but are owned by the same organization
ASCII
American Standard Code for Information Interchange
BASE64 encoding converts binary data into ASCII String format
CER
Canonical Encoding Rules
Is used for ASCII Format
DER
Distinguish Encoding Rules
Used for Binary Format
PEM
Privacy Enhanced Mail
-Can be used for almost anything
-Can be converted to CER or DER
-Used to share public keys within a cert, request certs from ca as a CSR, install private keys on server, publish a CRL, or share the full cert chain
