Chapter 4 - Advanced Cryptography And PKI Flashcards
Key strength
The resiliency of a key to resist attacks.
Three primary characteristics that determine the resiliency of the key to attacks
1) Randomness
2) length of key
3) cryptoperiod
Cryptoperiod
The length of time for which a key is authorized for use.
Block cipher mode of operation
A process that specifies how block ciphers should handle plaintext.
Most common block cipher modes of operation
1) Electronic Code Book (ECB)
2) Cipher Block Chaining (CBC)
3) Counter (CTR)
4) Galois/Counter (GCM)
Electronic Code Book (ECB)
A process in which plaintext is divided into blocks and each block is then encrypted separately.
Cipher Block Chaining (CBC)
A process in which each block of plaintext is XORed with the previous block of ciphertext before being encrypted.
Counter (CTR)
A process in which both the message sender and receiver access a counter, which computes a new value each time a ciphertext block is exchanged.
Galois/Counter (GCM)
A process that both encrypts and computes a message authentication code (MAC).
Crypto service provider
A service used by an application to implement cryptography.
Crypto modules
Cryptography modules that are invoked by crypto service providers.
Algorithm input values
1) salt
2) nonce
Nonce
A value that must be unique within some specified scope.
Initialization vector (IV)
A nonce that is selected in a non-predictable way.
Salt
A value that can be used to ensure that plaintext, when hashed, will not consistently result in the same digest.
Digital certificate
A technology used to associate a users identity to a public key and that has been digitally signed by a trusted third party.
Certificate Signing Request (CSR)
A user request for a digital certificate.
Ex. Car title application
Intermediate certificate authority (CA)
An entity that processes the CSR and verifies the authenticity of the user on behalf of a certificate authority (CA).
Ex. Visit county courthouse
Certificate Authority (CA)
The entity that is responsible for digital certificates. Also called a root CA.
Ex. Title sent from state DMV
Certificate Repository (CR)
A publicly accessible centralized directory of digital certificates that can be used to view the status of a digital certificate.
Certificate revocation list (CRL)
A list of certificate serial numbers that have been revoked.
Online certificate status protocol (OCSP)
A process that performs a real-time lookup of a certificate’s status.
Stapling
A process for verifying the status of a certificate by sending queries at regular intervals to receive a signed time-stamped response.
Certificate chaining
Linking several certificates together to establish trust between all the certificates involved.