Chapter 8 - Cryptography Flashcards
what is cryptography?
8 - 245
the study of cryptographic algorithms
what is a cipher?
8 - 245
a method used to encode characters to hide their value
2 methods of ciphering (nonmathematical)
8 - 246
substitution (shift the letters over) and
transposition (break the letters into separate blocks and then scramble the blocks)
how do you do ROT13?
8 - 247
shift the letter by 13. works backwards and forwards.
what was the enigma typewriter?
8 - 248
typewriter that implemented a multi-alphabet substitution cipher
what is steganography?
8 - 248
process of hiding a message in a medium like a digital image, audio file, or other file
what is the most common method of steganography?
8 - 248
least significant bit method
3 major areas of modern cryptography
8 - 249
symmetric - same key at each end, which will be a secret (private) key
asymmetric
hashing algorithms
what are the two kinds of ciphers that symmetric methods use?
8 - 250
block cipher
steam cipher
9 examples that use symmetric algorithms
8 - 250
Data Encryption Standard - replaced by AES, uses 56 bit key
Triple-DES - more secure than DES, uses 3 56 bit keys
Advanced Encryption Standard - uses the Rijndael algorithm, key sizes are 128, 192, 256
AES256 - US Govt Top Secret, 256 bit
CAST - Carlisle Adams and Stafford Tavares
Ron’s Cipher - RC4, RC5, and RC6. max key size 2048.
Blowfish and Twofish - symmetric block cipher, variable length keys, 64 bit block cipher
International Data Encryption Algorithm - Swiss developed, 128 bit
One-Time Pads - the only truly secure cryptographic implementations, uses a key that is as long as a plaintext message
two kinds of key exchange
8 - 251
in-band
and
out-band
what is a common approach to achieving forward secrecy
8 - 251
use ephemeral keys
you are exchanging keys over an insecure medium and IPSec is not part of the scenario. what algorithm will you be using?
8 - 253
Diffie-Hellman
this cryptography is similar to RSA but uses smaller key and is based on the idea of using points on a curve
8 - 253
Elliptic Curve Cryptography
a hashing algorithm is different from cryptography because it has these 3 characteristics
8 - 255
it must be one-way
variable length input produces fixed length output
the algorithm must have few or no collisions
when you are key stretching, how do you usually make it stronger?
tell me 2 types of key stretching
8 - 256
make it longer
Password-Based Key Derivation Function 2 - applies a hash or HMAC to the password/passphrase along with salt to produce a derived key
Bcrypt - used with passwords, essentially uses a derivation of the Blowfish algorithm, converted to a hashing algorithm, to hash a password and add Salt to it
common code breaking techniques. tell me 5
8 - 257
frequency analysis - looking at blocks to determine patterns
chosen plaintext - obtain the ciphertexts corresponding to a set of plaintexts of their own choosing
related key attack - like a chosen plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys
brute force attacks - apply every possible combination of characters
exploiting human error - not encrypting when you should
what does WPA use? what does WPA2 use?
8 - 258
TKIP
CCMP
the three most important concepts in security
8 - 259
confidentiality
integrity
availability
what are the two things that HMAC uses?
8 - 260
hashing algorithm and a symmetric key
what’s a digital signature?
8 - 261
validates the integrity of the message and the sender
what is nonrepudiation responsible for?
8 - 262
prevents one party from denying actions they carried out
tell me the 4 main trust models of PKI
8 - 262
bridge - peer to peer relationship between the root CAs
hierarchal - root CA at top provides all the info
hybrid - two root CAs, but the peer to peer occurs between the intermediate CAs
mesh - expands the bridge, more than 2
what does X.509 define?
8 - 267
defines the certificate formats and fields for public keys
who developed Secure Electronic Transaction?
8 - 270
visa and mastercard
tell me what Kerckhoff’s principle is.
8 - 254
states that the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself
this is the most widely used and recommended hashing algorithm
8 - 255
SHA2
the strength of a cryptographic system is determined by what?
what is strength also known as?
8 - 257
how difficult it is to crack
work factor
in terms of THIS chapter, what does MAC stand for and what is it derived from?
8 - 260
message authentication code
the message and the shared key
what is the mechanism used to propose a standard?
8 - 264
the Request for Comments, the RFC
Pretty Good Privacy uses symmetrical and asymmetrical systems. During the encryption process, the public key uses another kind of key to create the ciphertext. What is that other type of key called and what does it use?
8 - 272
session key
uses a one-use random number
how does the Caesar cipher work?
8 - 246
shift each letter to the right by 3
Vigenere cipher
8 - 246
most famous example of a multi-alphabet substitution. each letter in the keyword generated a different substitution alphabet
Two-key systems are referred to as what?
8 - 252
public-key cryptography
tell me 4 asymmetric algorithms
8 - 254
diffie-hellman - key agreement
ElGamal - tranmit digital signatures and key exchanges
Elliptic Curve - an option to RSA that uses less computing power than RSA and is popular in smaller devices like smartphones.
RSA - most commonly used public key algorithm, RSA is used for encryption and digital signatures
tell me the hashing algorithms
8 - 255, 256
Secure Hash Algorithm - one way hash, 160 bit, SHA2 has the strongest collision resistance
Message Digest Algorithm - newest is MD5, 128 bit
RIPEMD - RACE integrity primitives evaluation message digest - based on MD4
GOST - symmetric cipher, variable length message into a fixed length output of 256 bits
LANMAN - authentication protocol, used LM Hash and two DES keys, replaced by NTLM
NTLM - uses MD4/5 hashing algorithms, less preferred than Kerberos
tell me about Rainbow Tables and Salt
8 - 256
rainbow table - all of the possible hashes are computed in advance
salt - countermeasure to password cracking tools, the salt is the addition of bits at key locations, either before or after the hash
key escrow. what is it?
8 - 262
keys are held in this type of account in case the government needs to get at them
certificate revocation list
8 - 262
list a certificates that a specific CA states should no longer be used
what is XKMS?
8 - 270
XML Key Management Specification, designed to allow XML based programs access to PKI services
what is MIME?
8 - 270
the de facto standard for email messages
2 primary protocols used by IPSec
8 - 274
authentication header, protocol 51
encapsulating security paylod, protocol 50
both can operate in either the transport o tunnel mode
what is PKI?
8 - 278
Public Key Infrastructure
two key, asymmetric system with 4 main components:
CA, RA, RSA, and digital certificates
what is granularity?
8 - 285
the ability to manage individual resources in the CA network
