Chapter 3 - Basic Cryptography Flashcards
Cryptography
The practice of transforming information so that it is secure and cannot be accessed by unauthorized persons.
Steganography
Hiding the existence of data within another type of file, such as an image file.
Encryption
The process of changing plaintext into ciphertext.
Plaintext
Unencrypted data that is input for encryption or is the output of decryption.
Ciphertext
The scrambled and unreadable output of encryption.
Cleartext
Readable (unencrypted) data that is transmitted or stored in “the clear” and is not intended to be encrypted.
Cipher (algorithm)
Procedures based on a mathematical formula used to encrypt and decrypt the data.
Key
A mathematical value entered into the algorithm to produce the ciphertext.
Substitution cipher
An encryption algorithm that substitutes one character for another.
ROT13
One type of substitution cipher in which the entire alphabet is rotated 13 steps.
XOR cipher
An encryption algorithm based on the binary operation eXclusive OR that compares two bits.
Diffusion
A means to thwart statistical analysis so that if a single character of plain-text is changed then it should result in multiple characters of the ciphertext changing.
Confusion
A means to thwart statistical analysis so that the key does not relate in a simple way to the ciphertext.
Non-repudiation
The process of proving that a user performed an action.
Obfuscation
Making something obscure or unclear.
Security through obscurity
A false notion that virtually any system can be made secure so long as outsiders are unaware of it or how it functions.
Data-in-use
Data actions being performed by “endpoint devices”, such as printing a report from a desktop computer.
Cryptography can provide protection to data as that data resides at risk in any of three states.
Data-in-transit
Actions that transmit the data across a network.
Cryptography can provide protection to data as that data resides at risk in any of three states.
Data-at-rest
Data that is stored on electronic media
Cryptography can provide protection to data as that data resides at risk in any of three states.
Resource vs security constraint
A limitation in providing strong cryptography due to the tug-of-war between the available resources (time and energy) and the security provided by cryptography.
Low latency
A small amount of time that occurs between when a byte is input into a cryptographic algorithm and the time output is obtained.
High resiliency
The ability to quickly recover from resources vs. security constraints.
Stream cipher
An algorithm that takes one character and replaces it with one character.
Block cipher
A cipher that manipulates an entire block of plaintext at one time.
Three broad categories of cryptographic algorithms
1) Hash algorithms
2) symmetric cryptographic algorithms, 3) asymmetric cryptographic algorithms
Hash
An algorithm that creates a unique digital fingerprint called a “digest”.
It’s purpose is not to create ciphertext that can later be decrypted. Intended to be one way in that it’s digest cannot be reversed to reveal the original set of data.
Digest
The resulting fingerprint of hashing.
Symmetric cryptographic algorithm
Encryption that uses a single key to encrypt and decrypt a message.
Essential that the key be kept private.
Asymmetric cryptographic algorithms
Cryptography that uses two mathematically related keys.
Public key
An asymmetric encryption key that does not have to be protected.
Private key
An asymmetric encryption key that does have to be protected.
Digital signature
An electronic verification of the sender.
Benefits of a digital signature
1) verify the sender
2) prevent the sender from disowning the message
3) prove the integrity of the message
Digital signature algorithm (DSA)
A U.S. federal government standard for digital signatures.
Key exchange
The process of sending and receiving secure cryptographic keys. Also the specific handshake setup between web browser and web server.
Diffie-Hellman (DH)
A key exchange that requires all parties to agree upon a large prime number and related integer so that the same key can be separately created.
Diffie-Hellman Ephemeral (DHE)
A Diffie-Hellman key exchange that uses different keys.
Ephemeral keys
A temporary key that is used only once before it is discarded.
Elliptic Curve Diffie-Hellman (ECDH)
A Diffie-Hellman key exchange that uses elliptic curve cryptography instead of prime numbers in its computation.
Perfect forward secrecy
Public key systems that generate random public keys that are different for each session.
Deprecated algorithms
A cryptographic algorithm that is still available but should not be used because of known vulnerabilities.
Known ciphertext attack
Using statistical tools to attempt to discover a pattern in ciphertexts; also called ciphertext only attack.
Downgrade attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
Misconfiguration implementation
Breaches of cryptography that are the result of incorrect configuration or uses of the cryptography.
Collision
When two files have the same hash.
Collision attack
An attempt to find two input strings of a hash function that produce the same hash result.
Birthday attack
A statistical phenomenon that makes finding collisions easier.
Pretty Good Privacy (PGP)
A commercial product that is commonly used to encrypt files and messages
GNU Privacy Guard (GNuPG)
Free and open-source software that is commonly used to encrypt and decrypt data.
Full disk encryption (FDE)
Encryption that protects all data on a hard drive.
Self-encrypting drives
Drives that automatically encrypt data stored on it.
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
Hardware Security Module (HSM)
A dedicated cryptographic processor that provides protection for cryptographic keys.
