Chapter 11: Cryptography Flashcards
US encryption export policy focuses on these three things
review of products before sale
streamlined post export reporting
license review of certain products to foreign governments
Cryptosystem
Disguises messages for all but the intended recipient
Cryptography
the craft of designing, building, and using cryptosystems
Cryptanalyisis
the craft of breaking a cryptosystem
Cryptology
the umbrella study of all cryptography
Transposition
Letters are rearranged
Substitution
Letters are swapped out
Plaintext
A message before running through a cryptosystem
Ciphertext
A message in it cryptographed form
Symmetric key cryptography
one key is used both to encrypt and decrypt
Example: Data Encryption Standard (DES)
3DES
128 bit key that is used to encrypt data three times (or “folds” the data); commonly used by banks at ATMs
Advanced Encryption Standard (AES)
Identification Friend or Foe (IFF) standard
Uses keys (that get changed out frequently) to decode “challenges” These challenges are sent with a preamble that warns that the encrypted message is coming. If the transponder cannot decrypt the challenge, it is then marked as “not a friend”
Asymmetric key encryption
Uses two keys, a public key that you share to anyone you want to send a message to, and a private key that you keep secret. The keys are mathematically related but not derived either one from the other. Public Key Infrastructures (PKI) are examples of this.
Public Private Key (PPK) allows for
Authentication:
Privacy:
Message integrity:
Hashing
A one way trip for data that distills a strong down into a tiny string. It is not reverse engineerable. It provides security by rehashing data and seeing if hashes match correctly, which tells if the data is intact or not, or can tell if a password matches or not. The result is called a MAC or a message authentication code
Message digest
a unique fingerprint rendered out of a message via a hashing algorithm.
Digital signing
You append the message digest to your message (and encrypt it with your own private key for transmission) so that the recipient can decrypt the digest and attempt to render the same fingerprint and see if they match.
Secure Hashing Algorithm (SHA)
Algorithms designed for hashing. We are up to SHA-3 now.
Digital certificates
Public-private key sets created and issued by a trusted authority to ensure legitimacy
Certificate authority (CA)
Issues the certificates and maintains rules on how the certs may be used and when and under what circumstances. This could be for commerce, inside an individual company
Block ciphers
Designed to encrypt large chunks of data at once, such as on a file system. DES, 3DES, and AES are examples of this.
Secure Sockets Layer (SSL)
A protocol for client/server applications that is the de facto standard for ensuring integrity and privacy of information across the internet. Denoted by the “S” in https and used in online payments
Transport Layer Security (TLS)
A protocol that emphasizes the following:
Cryptographic security: creates a secure connection
Interoperability: allows for secure communication without require a code exchange between applications
Extensibilitiy: provides a framework for public key and bulk encryption to grow into, eliminating the need to create other new structures
Relative efficiency: TLS caches session data to allow for a minimization of back and forth data and CPU resource consumption
Pretty Good Privacy (PGP)
Distributed key system that does not rely on a central certificate authority. Users can sign other users’ keys to provide validity. Often used to encrypt emails where the password to decrypt is sent via a secondary route to ensure security
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Implemented, in many cases, along with Open PGP. Did not work because the two protocols did not work together and users could not communicate.
