Chapter 11: Cryptography Flashcards

1
Q

US encryption export policy focuses on these three things

A

review of products before sale

streamlined post export reporting

license review of certain products to foreign governments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cryptosystem

A

Disguises messages for all but the intended recipient

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cryptography

A

the craft of designing, building, and using cryptosystems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cryptanalyisis

A

the craft of breaking a cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cryptology

A

the umbrella study of all cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Transposition

A

Letters are rearranged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Substitution

A

Letters are swapped out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Plaintext

A

A message before running through a cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Ciphertext

A

A message in it cryptographed form

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Symmetric key cryptography

A

one key is used both to encrypt and decrypt

Example: Data Encryption Standard (DES)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

3DES

A

128 bit key that is used to encrypt data three times (or “folds” the data); commonly used by banks at ATMs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Advanced Encryption Standard (AES)

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Identification Friend or Foe (IFF) standard

A

Uses keys (that get changed out frequently) to decode “challenges” These challenges are sent with a preamble that warns that the encrypted message is coming. If the transponder cannot decrypt the challenge, it is then marked as “not a friend”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Asymmetric key encryption

A

Uses two keys, a public key that you share to anyone you want to send a message to, and a private key that you keep secret. The keys are mathematically related but not derived either one from the other. Public Key Infrastructures (PKI) are examples of this.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Public Private Key (PPK) allows for

A

Authentication:

Privacy:

Message integrity:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Hashing

A

A one way trip for data that distills a strong down into a tiny string. It is not reverse engineerable. It provides security by rehashing data and seeing if hashes match correctly, which tells if the data is intact or not, or can tell if a password matches or not. The result is called a MAC or a message authentication code

17
Q

Message digest

A

a unique fingerprint rendered out of a message via a hashing algorithm.

18
Q

Digital signing

A

You append the message digest to your message (and encrypt it with your own private key for transmission) so that the recipient can decrypt the digest and attempt to render the same fingerprint and see if they match.

19
Q

Secure Hashing Algorithm (SHA)

A

Algorithms designed for hashing. We are up to SHA-3 now.

20
Q

Digital certificates

A

Public-private key sets created and issued by a trusted authority to ensure legitimacy

21
Q

Certificate authority (CA)

A

Issues the certificates and maintains rules on how the certs may be used and when and under what circumstances. This could be for commerce, inside an individual company

22
Q

Block ciphers

A

Designed to encrypt large chunks of data at once, such as on a file system. DES, 3DES, and AES are examples of this.

23
Q

Secure Sockets Layer (SSL)

A

A protocol for client/server applications that is the de facto standard for ensuring integrity and privacy of information across the internet. Denoted by the “S” in https and used in online payments

24
Q

Transport Layer Security (TLS)

A

A protocol that emphasizes the following:

Cryptographic security: creates a secure connection

Interoperability: allows for secure communication without require a code exchange between applications

Extensibilitiy: provides a framework for public key and bulk encryption to grow into, eliminating the need to create other new structures

Relative efficiency: TLS caches session data to allow for a minimization of back and forth data and CPU resource consumption

25
Q

Pretty Good Privacy (PGP)

A

Distributed key system that does not rely on a central certificate authority. Users can sign other users’ keys to provide validity. Often used to encrypt emails where the password to decrypt is sent via a secondary route to ensure security

26
Q

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A

Implemented, in many cases, along with Open PGP. Did not work because the two protocols did not work together and users could not communicate.