Chapter 2 Cryptography Definitions Flashcards
block cipher
A block cipher is a symmetric key cipher (meaning the same key is used to encrypt and decrypt) that operates on a group of bits called a block.
Name 5 Block Ciphers
- Advanced Encryption Standard (AES)
- Triple Digital Encryption Standard (3DES)
- Blowfish
- Digital Encryption Standard (DES)
- International Data Encryption Algorithm (IDEA)
Stream Cipher
A stream cipher is a symmetric key cipher (meaning the same key is used to encrypt and decrypt), where the plaintext data to be encrypted is done a bit at a time against the bits of the key stream, also called a cipher digit stream.
Symmetric algorithm
Symmetric algorithm An encryption algorithm that uses the same key to encrypt the data and decrypt the data.
Asymmetric algorithm
Asymmetric algorithm An encryption algorithm that uses two different keys—a public key and a private key. Together they make a key pair.
Hashing
Hashing is a method used to verify data integrity. For example, you can verify the integrity of a downloaded software image file from Cisco, and then verify its integrity using a tool such as the verify md5 command
Name 3 different Hash Algorithms
- Message Digest 5 (MD5): This hash creates a 128-bit digest.
- Secure Hash Algorithm 1 (SHA-1): This hash creates a 160-bit digest.
- Secure Hash Algorithm 2 (SHA-2): Options include a digest between 224 bits and 512 bits.
HMAC
Hashed Message Authentication Code (HMAC) uses the mechanism of hashing, but kicks it up a notch. Instead of using a hash that anyone can calculate, it includes in its calculation a secret key of some type.
What are three bennifits to digintal signatures?
- Authentication
- Data integrity
- Nonrepudiation
Digital certificates
Digital certificates can be used for clients who want to authenticate a web server to verify they are connected to the correct server using HTTP Secure (HTTPS), Transport Layer Security (TLS), or Secure Sockets Layer (SSL).
CA
A certificate authority is a computer or entity that creates and issues digital certificates. Inside of a digital certificate is information about the identity of a device, such as its IP address, fully qualified domain name (FQDN), and the public key of that device.
Root certificate
Root certificate A root certificate contains the public key of the CA server and the other details about the CA server.
Identity certificate
Identity certificate An identity certificate is similar to a root certificate, but it describes the client and contains the public key of an individual host (the client).
What are the relevant parts of a Certificate?
- Serial number: Issued and tracked by the CA that issued the certificate.
- Issuer: The CA that issued this certificate. (Even root certificates need to have their certificates issued from someone, perhaps even themselves.)
- Validity dates: The time window during which the certificate is considered valid. If a local computer believes the date to be off by a few years, that same PC may consider the certificate invalid due to its own error about the time. Using the Network Time Protocol (NTP) is a good idea to avoid this problem.
- Subject of the certificate: This includes the organizational unit (OU), organization (O), country (C), and other details commonly found in an X.500 structured directory. The subject of the root certificate is the CA itself. The subject for a client’s identity certificate is the client.
- Public key: The contents of the public key and the length of the key are often both shown. After all, the public key is public.
- Thumbprint algorithm and thumbprint: This is the hash for the certificate. On a new root certificate, you could use a phone to call and ask for the hash value and compare it to the hash value you see on the certificate. If it matches, you have just performed out-of-band verification (using the telephone) of the digital certificate.
X.500
X.500 is a series of standards focused on directory services and how those directories are organized.