Chapter 2 Cryptography Basics Flashcards
Cryptography?
Is the scientific method of protecting information and communications using codes.
Obfuscation?
Is a cybersecurity technique that disguises sensitive information to prevent unauthorized access. It can be used to protect data, code, or digital footprints.
Diffusion?
Is a cryptographic technique that spreads the influence of plaintext bits across ciphertext, making it harder for attackers to break the code.
Caesar Cipher
Is a very basic encryption method where each letter in a message is shifted a fixed number of positions along the alphabet. Replacing each letter with another letter a set number of places away making is a simple substitution cipher. RoT 1-13 is how many times you would rotate the letters.
Cryptanalysis
Is the practice of studying and analyzing cryptographic systems to identify weaknesses and vulnerabilities. Allowing an attacker to decipher encrypted messages without knowing the secret key.
Vigenère Cipher
Is a method of encrypting alphabetic text where each letter of the plaintext is encoded with a different Caesar cipher
Pieces to create cryptography are:
- Algorithm, and the algorithm are the different types of Caesar ciphers and rotations.
- Key- The key allows us to make any type of changes we want within our OT zero to OT 25 to be able to encrypt our values.
Binary Data
Is data represented using only two possible states, typically “O” and “1”.
Exclusive OR (XOR)
Is a Boolean logic operation used to encrypt and decrypt data. Its technique in cryptographic algorithms that protects sensitive information from unauthorized access.
Hashing
Is a mathematical process that transforms data (like a password, file, or message) into a unique, fixed-length string of characters, essentially acting as a digital fingerprint to verify data integrity and authenticity making it impossible to reverse the process and retrieve the original data from the generated hash value.
Hash Types
- Message Digest 5 – (MD5) oldest of the hashes invented in 1992 by Ron Rivest.
- Uses 128-bit hash.
Secure Hash Algorithm (SHA) - Devloped by NIS
- SHA-1 is the earlist version of SHA
- 160-bit hash
Both MD% and SHA -1 have the ability to generate what is called collisions.
Collision – is when you take two different types of data and generate the same hash.
SHA-2 – is a set of cryptographic hash functions considered the industry standard for verifying data integrity and authenticity. - this hash is being used today for websites and all kinds of stuff.
- broken down into different types based on the length of the hash SHA256 or SHA-512
RIPEMD (RACE Integrity Primitives Evaluation Message digest)
-Not very common
-Open standard
-128, 160, 256, 320-bit digests
Cryptographic Attacks
Cryptanalysis?
Is the study of how to decipher encrypted messages without the original decryption key. It’s used in many areas, including digital forensics, network security, and incident response.
Cryptosystems
is a set of cryptographic algorithms, protocols, and keys used to securely encrypt and decrypt data.
Wireless Encryption Policy (WEP)
Is a set of guidelines that define the minimum-security standards for encrypting data transmitted over a wireless network.
Attack the Key
A type of cyber-attack that specifically targets the cryptographic key used to encrypt data, aiming to decipher it by discovering the key itself, essentially allowing unauthorized access to sensitive information that was previously protected by encryption.
Password Cracking:
Brute force attack?
Is a hacking technique where an attacker attempts to gain access to a system by systematically trying every possible combination of passwords, usernames, or encryption keys until they find the correct one.
Dictionary Attack
Is a hacking technique where an attacker attempts to gain access to a system by systematically trying various common words, phrases, or known passwords form a pre-defined list.
Rainbow Table
A precomputed table that contains the password hash value for each plain text character used during the authentication process. Uses advanced math called reduction functions to make it a lot easier to search.
Offline Attack
A malicious activity where an attacker gains access to sensitive data, like passwords or encryption keys, and attempts to crack them without directly interacting with the target system.
Salting
The practice of adding a random string of characters, called a “salt” to a password before it is hashed. This makes it significantly harder for attackers to crack passwords.
Example: password: Timmy123
Salted password: Timmy123krj8e00
Salted password hash: 97567hthghy757575
Key Stretching
A technique used to significantly strengthen a cryptographic key by adding complexity through algorithms or hashing functions, making it much harder for attackers to crack the key using brute force methods.
Key Derivation Function 2
(KDF2) usually referred to as PBKDF2 (password based key derivation function 2) is a cryptographic algorithm used to generate a secure cryptographic key from a password or passphrase.
