Chapter 7: PKI and Cryptographic Applications Flashcards
Explain Merkle Hellman Knapsack
It is based on the difficulty of performing factoring operations. It relies on super-increasing sets rather than prime numbers.
What is the use of key length
It is important to understand the capabilities of encryption algorithms used and choose a key length that provides an appropriate level of protection.
The more critical your data the stronger the key used to protect it should be.
List some Asymmetric Cryptosystems
Cryptosystem Key Length
- Rivest, Shamir, Adleman (RSA) 1024 bits
- Digital Signature Algorithm (DSA) 1024 bits
- Elliptic Curve 160 bits
What is Diffie Hellman? (Recap)
Uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure channels. Uses standard logarithms
Disadvantage of El Gamal Algorithm
This algorithm doubles the length of any message it encrypts. Uses standard logarithms
Explain mathematical operation used in Elliptic Curve algorithms
ECC uses discrete logarithms.
Explain Message Digest
Hash functions take a potentially long message and generate a unique output from the content of the message. This is known as the message digest.
List some message digest synonyms
Hash, hash value, hash total, Cyclic Redundancy Checks, fingerprint, checksum and Digital ID
List 5 RSA basic requirements
- Input can be of any length
- Output has a fixed length
- Hash function is easy to compute for any input
- Hash Function is one-way
- Hash function is collision free
List 4 common hashing algorithms
- Secure Hash Algorithm (SHA)
- Message Digest (MD2/4/5)
- Hash Message Authentication Code (HMAC)
4.
Explain HAVAL
Hash of Variable Length (HAVAL) is a modification of MD5. It uses 1024 bit blocks and produces hash values of 128, 160, 192, 224, 256 bits.
Explain SHA in terms of the name, Message Digest and Block Size
Secure Hash Algorithm (SHA)
Algorithm Message Digest Block Size
SHA 1 160 512
SHA 256 256 512
SHA 224 224 512
SHA 512 512 1024
SHA 384 384 1024
Explain MD2
Message Digest 2 is used to provide a secure hash function for 8 bit processors. Pads the message so that its length is a multiple of 16 bytes.
Explain MD4
MD4 supports 32 bit processors and increases the level of security.
It processes 512 bit blocks of messages.
Explain MD5
MD5 processes 512 bit blocks of messages.
It is subject to collusions and preventing its use for message integrity.
List 2 uses of digital signatures
- Digitally signed messages assure the recipient that the message trully came from the claimed sender.
- Ptovides assurance that the message was not altered between the sender and the recipient.
Other uses of digital signatures
Digital signatures are used by software vendors to authenticate code distributions that are downloaded from the internet such as applets and software patches.
Explain HMAC
Hashed Message Authentication Code algorithm implements a partial digital signature. It guarantees the integrity of a message during transmission but it does not provide for nonrepudiation.
HMAC can be combined with message digest generated algorithm like SHA 3 by using a shared secret key. It does not provide non repudiation because it relies on secret keys.
List some common rules for encryption, decryption, message signing algorithms etc
- If yo want to encrypt a message use the recipient’s public key
- If you want to decrypt a message use your private key.
- If you want to digitally sign a message that you are sending to someone else use your private key.
- If you want to verify the signature on a message sent by someone else use the sender’s public key
Explain Digital Signature Standard
Federal Information Processing Standard (FIPS) 186-4 is also known as Digital Signature Standard (DSS)
List some DSS Aproved encryption Algorithms
- Digital Signature Algorithm (DSA)- FIPS 186.4
- Rivest-Shamir-Adleman (RSA)- ANSI X9.31
- Elliptic Curve Digital Signature Algorithm (ECDSA)- ANSI X9.62
Describe PKI
Public Key Infrastructure (PKI) is used to facilitate communications between parties previously known to each other. PKI relies on heirarchy of trust.
Describe Digital Certificates
Digital Certificates provide communicating parties with the assurance that people are communicating with who they claim to be.
They are endorsed public key copies. Their construction is governed by an International standard known as X.509
Describe Registration Authority
Registration Authority (RA) assist certificate Authorities with the burder on verifying users’ identities before issuing digital certificates.
Describe Certificate Path Validation (CPV)
Certificate Path Validation (CPV) means that each certificate in a certificate path from the original start or root of trust down to the server or client in question is legitimate or valid.
What does enrollment mean in terms of generation and destruction of PKI
This involves proving yourself to some CA in some manner. This can involve credit report checking and identity verification.
Explain the verification process for CAs
- You verify the Certificate by checking the CA’s digital signature using the CA’s public key.
- Check the certificate was not revoked using certificate revocation list or Online Certificate Status Protocol. (OCSP)
List some reasons for revocation of certificates
- Certificate was compromised.
- The certificate was erroneously issued
- Details of the certificate changed
- Security Association changed
Describe Control Revocation Lists
It contains the serial number of certificates that have been issued by a CA and have been revoked with the date and time the revocation went into effect
Online Certificate Status Protocol (OCSP)
This protocol eliminates the latency inherent in the use of certicate revocation lists by providing a means for real time certificate verifications.