Chapter 7 PKI and Cryptographic Applications Flashcards
Describe RSA.
Rivest, Shamir, and Adleman proposed the standard in 1977, and it’s still the worldwide standard. Start with two prime numbers (200 digits long). Multiply them, then find a number that is less than the product of them. This is used to create the public key, with another number used as the private key.
Compare different symmetric and asymmetric key lengths.
128 bit symmetiric, 3072 bit RSA, and 256 bit elliptical curve all have the same strength.
Describe ElGamal.
Based on same math as Diffie Hellman. Originally had the benefit of being publicly available, although RSA now is as well. Doubles the size of any message. Based on standard discrete logarithm problem.
Describe Elliptical Curve Cryptography.
Based on elliptical curve discrete logarithmic problem. More efficient than RSA.
Describe Diffie Hellman.
The idea is that they generate a shared secret without ever transmitting it. They use PKI to generate a shared secret. It is hybrid cryptography. It is not technically an encryption protocol, but a key exchange protocol. Often used in TLS.
Describe quantum cryptography.
Replaces binary 1 and 0 bits with multidimensional quantum bits called qubits. Quantum supremacy is the idea that quantum computers can solve problems that cannot currently be solved. Quantum key distribution is an approach to develop shared secrets similar to Diffie Hellman.
Describe SHA-1.
Produces 160 bit message digests.
Describe SHA-2
SHA-256 produces 256 bit MDs.
SHA-224 produces 224 bit MDs
SHA-512 produces 512 bit MDs.
SHA 384 produces 384 bit MDs.
Describe MD5.
Produces 128 bit MDs.
Describe RIPEMD.
Produces 128 MD bit MDs. Not secure. Same for RIPEMD-128.
RIPEMD-160 still secure.
RIPE 256 has the same level of security as 128, so 160 is more secure than 256.
Describe HAVAL.
Hash of Variable length. Can be 128, 160, 192, 224, and 256.
What is HMAC?
Hashed message authentication mode. Guarantees integrity but not nonrepudiation because it uses a shared secret key. It is more efficient than digital signatures.
Can be combined with standard hashing algorithms.
What does NIST say about digital signatures?
All federally approved digital signature algorithms must use SHA-3.
Three algorithms may be used: DSA, a variant of ElGamal; RSA; Elliptical Curve DSA.
Being changed to RSA, ECDSA, and the Edwards Curve DSA.
What information should a digital certificate have?
–version of X509 used
–Serial number
–Signature algorithm identifier
–Issuer name
–Validity period
–Common nanmeof the cert and the distinguished name of the entity that owns the public key
–subject’s public key.
Certificate can include a wildcard so it’s good for subdomains, but you can only go one level.
What is a registration authority?
Do not issue certificates but help CAs with authentication.