Chapter 8: Cryptography Flashcards

Question

Kerchoff's Principle

Answer 1

The security depends on the secrecy of the key, no the algorithm

Answer 2

- Cannot be reversible - No matter how many characters you input, the hash size is the same - Few/no collisions

Answer 3

- 160-bit, used with encryption protocols - SHA-2: 224, 256, 334, 512 bit - SHA-3 is out, but SHA-2 is pretty much flawless, so...

Answer 4

Used to maintain integrity - MD5, 4, 2. MD4 was used by NTLM - MD5 produces a 128-bit hash, but it's very secure. Doesn't have strong collision resistance, so don't use it

Answer 5

Based on MD4

Answer 6

Old soviet symmetric cipher modded to work as a 256-bit hash

Answer 7

Pre-NT was a protocol used for authentication. It used LM Hash and two DES keys on the side

Answer 8

Replaced LANMAN | -Still pretty common despite MS wanting to employ Kerberos

Answer 9

A rainbow table is when you put in a password, get all of its possible hashes, find the hash of a stored password, and connect the two. -Salt is when the OS adds bits to combat this

Answer 10

Strengthening a weak key, usually by making it longer - PBKDF2 - Applies some function (hash or HMAC) plus Salt to get a good password - Bcrypt - Used with passwords, blowfish for hashing plus Salt

Answer 11

Analyze blocks for common patterns. Does not work on modern algorithms

Answer 12

Comparing cypher text to plaintext to crack the algorithm. Once you do, that key is now yours.

Answer 13

Like a chosen plaintext attack, but you obtain cipher text encrypted under two different keys.

Answer 14

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

Answer 15

Gives you a value to check with the message | -HMAC hashes

Answer 16

Validates the integrity of message and sender | -The private key could be an example

Answer 17

- Determining that someone is telling the truth | - Certificate authorities certify people with public keys legitimately

Answer 18

Keys are kept safe in case a 3rd party (generally the government or your employer) needs it

Answer 19

Used to access information encrypted with older keys

Answer 20

Providing Certificates. The RA hands these over to the CA

Answer 21

If your term expires, you're added to the CRL and your certificate is no longer valid, usually after an hour or a day or something, but if OCSP is in action, then it'll be pretty immediately

Answer 22

Creates code, breaks code, and codes for the government - Thought to be the world's largest employer of mathematicians - All missions are extremely highly classified - Enemies of EFF, Tor Project, Freenet, and I2P

Answer 23

Helps coordinate DoD branch activities

Answer 24

involved in many standards, but it is primarily concerned with government systems

Answer 25

This is how you propose a new standard

Answer 26

Concerned with the world of financial security

Answer 27

Improving the internet and computer security

Answer 28

Experts who oversee committees such as the IETF

Answer 29

Standardization of the WWW. Primary sponsor of XML

Answer 30

Responsible for pretty much all telecommunications and radio communication standards on Earth - ITU-R: Radio - ITU-T: Telecommunications - ITU-D: Expanding telecommunications in developing nations - Headquartered in Switzerland and sponsored by the UN

Answer 31

PKC, wireless, networking protocol standards

Answer 32

PKIX formed by IETF to develop PKI standards | PKCS, voluntary standards created by a ton of organizations and coordinated through the RSA

Answer 33

Certificate formats for public keys and how we should distribute said keys - end-entity certificate - most common, issued by CA to a system that uses, not issues, certificates

Answer 34

A certificate that's issued by one CA to another

Answer 35

- Signature - Version - Serial number - Signature algorithm ID - Issuer name - Validity Period - Subject name - Subject public-key info - Issuer unique ID - Subject unizue ID - Extensions

Answer 36

Establishes a secure connection between two TCP machines - Steps in handshake are between 4 and 9 - Establishes connection with asymmetric encryption, maintains with symmetric - You need an "up-to-date browser" that supports 128 bit encrypted sessions

Answer 37

Expands on SSL, and will likely replace it. Should have replaced it long ago.

Answer 38

- CMP is used for messaging between PKI entities - XML Key Management Specification (XKMS - Allow XML programs to access PKI services. Built on CMP

Answer 39

Standard for email encryption. Originally published by RSA | -MIME is email standard. Asymmetric encryption, digital certificates

Answer 40

- Developed by visa and Mastercard for secure credit card transactions - Identification through an electric wallet

Answer 41

Tunneling protocol originally used on Unix systems, but works on Windows now -similar handshake to SSL

Answer 42

- Freeware email encryption. Introduced in the early 90s - Uses symmetric and asymmetric systems, which is why it's so good - GPG (GNU Privacy Guard) is an alternative - Session key is encrypted in a public key

Answer 43

Secures the channel between client and server | -It's common for secure transactions

Answer 44

Secure message, not secure channel | -Uses an RSA or digital certificate

Answer 45

Built into IPv6, becoming standard for VPN -Highly secure Open UDP Port 500 in firewall Two primary protocols -Authentication Header (AH) protocol 51 -Encapsulating Security Payload (ESP) protocol 50

Answer 46

Encapsulation from one point to one point - Encapsulates and encrypts PPP packets - The negotiation is in the clear, then the channel is encrypted - A sniffer can get information like this relatively easily

Answer 47

Developed by Cisco for Dial-up tunneling | -Similar to PPP. Provides authentication, no encryption. Port 1701. TCP

Answer 48

Hybrid of PPTP and L2F. Primarily point-to-point - Can be sued as a bridge across many types of systems - Not encrypted. uses UDP port 1701

Answer 49

Issued by NIST, establishes guidelines for US federal Information Systems

Answer 50

``` Meant to offer security to messages and transactions on a grand scale Two key, asymmetric system with: -Certificate Authority (CA) -Registration Authority (RA) -RSA, for encryption -Digital Certificates Public/Private key system ```

Answer 51

A CA is an organization who does shit with certificates - A certificate associates a person with a public key - To get a certificate, you send a CSR

Answer 52

It will act as the middleman and offload work for the CA - It can distribute keys, accept CSR, and validate identities - It cannot, however, issue certificates - A Local RA (LRA) can identify individuals on behalf of the CA

Answer 53

- These define what certificates do - A CA will have policies to give out different kinds of certifications for different applications - This also helps because the consumer will be able to verify that it's the right kind of certificate

Answer 54

This provides the users with information on the CS's policies, rules, and standards of practice. you should not trust a company without a CPS.

Answer 55

Hierarchal Bridge Mesh Hybrid

Answer 56

- A tree model - Allows tight control, probably the best model - Intermediate CAs only trust root and each other. Roots can trust roots and intermediate and leaves can trust each other

Answer 57

- intermediates only trust those above and below them - Roots trust each other - Adds flexibility and interoperability, but there's a lack of trustworthiness. - good for geographically dispersed or partnered companies - All of the roots must maintain high security standards

Answer 58

Expanded bridge, good for when companies need CAs to certify each other