Chapter 8 Flashcards
Cryptography
The study of cryptographic algorithms 245
Ciphering
The process of using cipher to encode characters 245
Substitution Cipher
A type of coding or ciphering system that changes one character or symbol into another 246
Like a cryptogram 246
Multi-Alphabet Substitution
Really cool way to cipher a message. Takes substitution to the next level by changing the formula with every character 246
Transposition Cipher
Involves transposing or scrambling the letters in a certain manner. Typically, a message is broken into blocks of equal size, and each block is then scrambled 246
ROT13
rotates every letter 13 places in the alphabet
Little orphan Annie!
Stegography
process of hiding a message in a medium such as a digital image
Most commonly by changing the least significant bit 248
Symmetric Algorithms
Requires both ends of an encrypted message to have the same key and processing algorithms.
Asymmetric Algorthms
Use two keys to encrypt and decrypt data. The two keys are known as a public key and a private key
Types of Key exchange
In-band key exchange: the key is exchanged within the same communications channel is encrypted
Out-of-band key exchange: Key is exchanged in a different channel
ECC
Elliptic Curve Cryptography
uses small keys.
MD
Message Digest Algorithm
Creates a hash value and uses a one way hash
Key stretching
processes used to take a key that might be a bit weak and make it stronger usually by making it longer
256
Frequency Analysis
looking at blocks of an encrypted message to determine if any common patterns exist
257
Brute-Force Attacks
Applying every possible combination of characters that could be the key
257
Cryptographic system
system, methods, or process that is used to provide encryption and decryption
258
Digital Signature
similar in function to a standard signature on a document. It validates the integrity of the message and the sender
261
Nonrepudiation
Prevents a party from denying action they carried out.
262
Key Escrow
addresses the possibility that a third party may need to access keys. Keys needed to encrypt/decrypt data are held in this
262
Key Recovery Agent
an entity that has the ability to recover keys, key components, or plaintext messages as needed
Key Registration
the process of providing certificates to users, and registration authority
IETF
Internet Engineering Task Force
an international community of computer professional that includes network engineers, vendors, administrators, and researchers
ISOC
Internet Society
Professional group whose membership consists primarily of Internet experts
W3C
World Wide Web Consortium
An association concerned with the interoperability, growth, and standardization of the WWW
RFC
Request for Comments
A draft/document that is open for comment to ensure that it meets standards and best practices
IETF
Internet Engineering Task Force
An international community of computer professionals that includes network engineers, vendors, administrators, and researchers
265
X.509
Standard defines the certificate formats and fields for public keys. It also defines the procedures that should be used to distribute public keys
267
PKIX
Public-Key Infrastructure X.509
working group formed by the IETF to develop standards and models for the PKI
environment
266
SET
Secure Electronic Transaction
provides encryption for credit card numbers that can be transmitted over the Internet
PGP
Pretty Good Privacy
A freeware email encryption system. Introduced in the 1990s used widely for email security
272
HTTPS vs S-HTTP
HTTPS is a secure channel
S-HTTP is a secure message
274
FIPS
Federal Information Processing Standard
A set of guidelines for US federal government information systems
CPS
Certificate Practice Statement
Discuss standards of how certificates are issued, what measures are taken to protect certificates, and the rules that CA users must follow to maintain their certificate eligibility
Hierarchical Trust Models
AKA a tree
A root CA at the top provides all of the information. The intermediate CAs
