Chapter 8: Cryptography Flashcards
Transposition Cipher
Transposing or scrambling the letters
Caesar Cipher
Shift letters a certain number of spaces in the alphabet
Vigenere Cipher
Use a keyword to look up cipher text in a table, so that the encryption would use a different shift for each letter
ROT13
Shifts every letter 13 places
Steganography
Hiding a message in a medium such as a digital image, audio file, or other file.
least significant bit (lsb) method
Storing data in the least significant bits of the pixels of an image
Is symmetric or antisymmetric cryptography faster?
symmetric
Data Encryption Standard (DES)
- Uses 56-bit key
- Now considered insecure, replaced by AES
Triple-DES
Uses three DES keys
Advanced Encryption Standard (AES)
Supports 128, 192, and 256 bit key sizes, but default is 128.
AES256
Uses 256 bit key. Makes shit top secret.
CAST
Uses a 40-bit to 128-bit key and is very fast.
Blowfish
- 64-bit symmetric block cipher
- Twofish is similar and has 128-bit block
International Data Encryption Algorithm (IDEA)
128-bit key, similar to DES but more secure
One-time Pads
Use a key as long as the plaintext message and are used only once then discarded. So VERY secure
Forward Secrecy
If one key is compromised, subsequent keys will not also .
Called perfect when it is unbreakable.
How does an asymmetric encryption work?
Encrypts with the public key, decrypts with the private key
Public Key Cryptography (PKC)
Any two key encryption system
RSA
Most commonly used public-key algorithm, used for encryption and digital signatures
Diffie-Hellman Key Exchange
Used primarily to send keys across networks, not to encrypt and decrypt messages
Elliptic Curve Cryptography (ECC)
An option to RSA that uses less computing power than RSA and is popular in smaller devices like smartphones
ElGamal
Transmitting digital signatures and key exchanges
Ephemeral Key
A key that only exists for a single session
ECDHE
Elliptic Curve Diffie Hellman using an ephemeral key
3 Characteristics of a Hash Functions
1) It must be one way
2) Variable-length input produces fixed-length output
3) Hashing two different inputs does not give the same output
Secure Hash Algorithm (SHA)
Designed to ensure the integrity of a message
Message Digest Algorithm (MD)
No longer recommended for use hash
RIPEMD
Based on MD4, it is a hash
GOST
A hash that processes a variable-length message into a fixed-length output of 256 bits
NTLM
Hash used primarily for authentication.
Rainbow Table
All of the possible hashes in a table
Salt
Adds bits to the message to combat rainbow tables
Key Stretching
Making a weak key stronger
PBKDF2
Applies some function to the password or passphrase along with Salt to produce a derived key
bcrypt
Uses a derivation of Blowfish to hash a password and add Salt to it
Chosen Plaintext
Looking at a message encrypted and unencrypted and trying to figure out what the encryption method was
Work Factor
An estimate of the amount of time and effort that would be needed to break the system
Message Authentication Code
A method of verifying integrity of a message done by adding data generated from the message and some key
Hash-Based Message Authentication Code (HMAC)
Uses a hashing algorithm along with a symmetric key to add a message authentication code
Message Digest
The signature area of a message
Key Escrow
Keys needed to encrypt/decrypt are kept and made available if a third party needs them.
Certificate Revocation List (CRL)
A list of certificates that are no longer valid
Online Certificate Status Protocol (OCSP)
A real-time protocol that is replacing CRLs
Request For Comments (RFC)
Mechanism used to propose a standard
Public Key Infrastructure X.509 (PKIX)
Develops standards and models for the PKI environment
X.509v2
Method of issuing CRL certificates
End-entity
A system that doesn’t issue certificates but uses them
End-entity certificate
A certificate issued to an end-entity by a CA
CA Certificate
A certificate issued by one CA to another CA
X.509v3
End-entity certificates and CA certificates!
Cipher Suite
A combination of methods such as authentication, encryption, and message authentication code algorithms used together.
Certificate Management Protocol (CMP)
A messaging protocol used between PKI entities
XML Key Management Specification (XKMS)
Designed to allow XML-based programs access to PKI services.
Secure Multipurpose Internet Mail Extensions (S/MIME)
- A standard used for encrypting email
- Contains signature data
- Asymmetric encryption
Secure Electronic Transaction (SET)
Encryption for credit card numbers
SSH Phase 1
Secure channel to negotiate the channel connection
SSH Phase 2
Secure channel used to establish the connection
Pretty Good Privacy (PGP)
A freeware email encryption system
GNU Privacy Guard (GPG)
An alternative to PGP
IPSec
Authentication and encryption across the internet, often used for VPNs
The two protocols used by IPSec
1) Authentication Header (AH)
2) Encapsulating Security Payload (ESP)
Federal Information Processing Standard (FIPS)
Used when an existing commercial or governmental system doesn’t meet federal security requirements.
Public Key Infrastructure (PKI)
A two-key, asymmetric system with four main components:
1) Certificate Authority (CA)
2) Registration Authority (RA)
3) RSA (the encryption algorithm)
4) Digital Certificates
Registration Authority (RA)
A middleman between a user and a CA
Local Registration Authority (LRA)
Can be used to identify or establish the identity of an individual for certificate issuance.
X.509
A standard certificate format supported by the ITU
Certificate Policies
Define what certificates do.
Cross Certification
The process of a CA requiring interoperability.
Certificate Practice Statement
A detailed statement the CA uses to issue certificates and implement its policies.
Bridge Trust Model
A peer-to-peer relationship exists among the root CAs
Mesh Trust Model
Supports multiple paths and multiple root CAs
BitLocker
A full disk encryption feature that can encrypt an entire volume with 128-bit encryption.