Chapter 14 - Cryptography Flashcards
Define an encryption algorithm?
A mathematical process that converts plaintext data into ciphertext data - often published to peer review their strength and validity.
What is Symmetric Encryption?
Data is encrypted and decrypted with the same key value.
What is Asymmetric Encryption?
Data is encrypted and decrypted using two different keys, typically a public key and a private key.
What is a Cryptographic System?
A system that includes all the necessary resources to support a particular method of encryption/decryption.
What is Cryptanalysis?
The study of cryptography in attempt to discover their strengths and weaknesses.
What is hashing?
A one-way mathematical encryption method that converts a file into a hash to check for its integrity.
A hash of the same file will always be the same.
What are examples of broken hashing algorithms that should not be used due to vulnerabilities?
MD5 (128-bit)
SHA-1 (160-bit)
What are the different bits that SHA-2 can produce?
224
256
384
512
What algorithms does SHA-3 use?
Keccak algorithms
producing 224, 256, 384, 512 bit hashes
What is a commonly used symmetric encryption algorithm?
AES
What is a Block Stream Cipher?
Data is encrypted in defined fixed-length blocks.
What is a Stream Cipher?
Data is encrypted in a stream rather than encrypting blocks of data.
What is a PKI?
Public Key Infrastructure is used to create, manage, distribute, use, store and revoke digital certificates used in public key encryption.
What is RSA?
Rivest, Shamir and Adleman
RSA is a very popular type of asymmetric encryption using large prime numbers to create secure matching public and private keys.
What is used to secure HTTPS and VPN traffic?
TLS
How does TLS use both symmetric and asymmetric encryption?
Asymmetric to share the session key.
Symmetric data to encrypt the session data.
What are TLS/SSL decryptors?
TLS/SSL decryptors are placed between client and server to detect any malicious activity.
Client — TLS session —> TLS decryptor — TLS session —> Server
Client <— TLS session — TLS decryptor <— TLS session — Server
The TLS decryptor will receive unencrypted data that can then be analysed by various detective methods such as AV, DLP etc.
What function does Diffie Helman serve?
Diffie Helman is a key exchange protocol that allows the sharing of keys over a public network.
What is Elliptic Curve Cryptography (ECC)?
ECC uses mathematically defined curves to create public and private keys.
Less resource and computation intensive as it can use smaller-bit size keys.
Employed in smaller mobile devices.
What is the standard used when encrypting and digitally signing e-mails?
S/MIME
Secure Multipurpose Internet Mail Extensions
What is a digital signature?
A digital signature is an encrypted hash of a message.
message > hashed > encrypted
A Digital Signature Algorithm (DSA) creates digital signatures.
How do digital signatures work in emails?
- Sender hashes their message and encrypts this with their private key.
- The encrypted has is then sent to the recipient along with the message.
- Recipient retrieves the sender’s public key via their certificate.
- The encrypted hash is then decrypted using the sender’s public key
- Hash comparison can now be compared.
Authentication - proof that the sender sent the email as the encrypted hash was decrypted by the sender’s public key.
Integrity - Hashes can be compared to test for integrity
Non-Repudiation - only the sender has the private key
How does DKIM prevent email spoofing?
Organizations publish DKIM DNS records.
Each email sent out by the organization includes their DKIM signature.
Recipient can look up the published DKIM DNS record to see if attached DKIM signature matches.
If they match, the email is confirmed to have originated from that organization.
What is DMARC?
DMARC is used in addition to DKIM or SPF.
DMARC contains instructions as to what to do when a spoofed email is received.
