Chapter 10 Understanding cryptography and RKI Flashcards
Integrity ensures?
That the data has not been modified. Hashing supports integrity.
What is a hash? a special feature? Common hashing protocol used today?
A calculated value creating a fixed length string. It cannot be reversed. SHA-3.
Confidentiality ensures? what supports it?
That the data is read only by the person that should. Encryption supports it.
Symmetric vs asymmetric encryption?
symmetric, same key to decrypt and encrypt. Assymetric uses a public and private key pair instead.
What is a cipher? two types?
An encryption technique, a stream cipher encrypts 1 bit at a time. Block ciphers encrypt in blocks.
In order to use asymmetric encryption what is required? - not keys but something else.
a PKI, public key infrastructure to issue certificates. This certificate identifies whether the key belongs to that person.
Aim of steneography?
to hide data, embed in code, pictures, sound etc. Providing confidentality.
What is a digital signature made of and what does a digital signature provide when assigned to something?
It is a hash of an email message, encrypted with the user’s private key. Only the receivers public key can decrypt it. Authentication, non-repudiation, and integrity.
Non-repudiation?
A party cannot deny that it is authentic.
What cryptographic hashing protocol is now less-secure/not used often?
MD-5.
List the SHA and their uses?
SHA-0, not in use. SHA-1 weaknesses (not approved), SHA-2 & SHA-3 both in use.
Hashing - what is HMAC? why is it different? What protocols might use it?
Hash-based message authentication code, uses a secret key only the sender and receiver know. If the hash is replicated, without the key, it fails authenticity check. IPsec and TLS.
What is the best algo for encrypting data? MD-5, HMAC, SHA-2 or SHA-3?
Hashes don’t encrypt data!
How do systems store passwords?
They calculate a hash, then when you type it in, it compares it to the stored hash value
An application creates the same hash from two different inputs, is this an issue?
Two passwords could be used for one password. Double the chances. It is a hash collision. MD5 susceptible to this.
Online vs offline password attacks
Trying passwords online such as brute forcing a web page or offline by obtaining a database of hashes, running tools to try find the password matching hash.
Why are spraying attacks so effective?
They bypass account lockouts by using a long list of accounts, trying the same password for all. By the time it loops back around the time period will have expired. May use dictionary and/or brute force.
Password attack clues? where to find?
Logs, authentication failure logs.
What is a pass the hash attack?
Attackers gain access to computer, admin priv, malware etc, they steal the password hash. Hashes should always be encrypted and passed over the network encrypted also.
What is a rainbow attack?
Using a rainbow table, a large table of already computed hashes of many words and combinations. Eliminates the lengthy process of first guessing -> hashing -> comparing. These are often performed offline.
Salting passwords? how?
Add a few random characters prior to hashing, increases complexity/difficulty of hash computed afterwards.
What is the process of key stretching?
Key stretching involves subjecting your passwords to multiple rounds of hashing, effectively turning a weak password into a more secure version. The more rounds you perform, the more secure your password becomes. Salting, on the other hand, provides an extra layer of defense.
Define data @ rest, in transit and in processing?
data @ rest: data stored
in transit: sent over the network
in processing: being used by a computer
Compare symmetric encryption to a house key
Same house key owned by wife, make a copy, give to husband, he can use the same key to open the house as well.
What type of key pair do block and stream ciphers use?
Symmetric
What is AES? list some benefits of using it
AES is advanced encryption standard, a strong symmetric block cipher that encrypts data in 128 bits. It can use 128-256 bit sized keys. The higher, the more difficult to crack (better key strength)
- Fast
- efficient (less resource demanding)
- strong