Chp 3 Cryptographics Flashcards
Algorithm
is the process used to encrypt and decrypt a message.
Cryptanalysis
The science, art, and practice of breaking codes and ciphers.
AES-256
Advanced Encryption Standard-
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption.
Hashing
Hashing is a process used to transform data into a fixed-size string of characters, which is typically a hash value. It’s widely used in computer science and cryptography for ensuring data integrity.
Example:
Original password: MySecurePassword123
SHA-256 Hashed Password: 6e9c2461176ac19694f59d16e4300fce0d2a39b154e42cbfa9d682b8f3082ef4
SHA
Secure Hash Algorithm-
current version is SHA-2. hash functions designed to ensure data integrity.
SHA algorithms take an input (or ‘message’) and return a fixed-size string of bytes. The output is typically called the hash value or digest. The process is deterministic, meaning the same input will always produce the same output.
MD5
Message Digest Algorithm #5-
It’s poopoo. MD5 is not considered to be quite as safe for use as SHA256, but it might be required for compatibility between security products.
Digital Signature
A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.
PKI
Public Key Infrastructure-
PKI enables secure, encrypted communication and authentication over networks such as the internet. It uses a pair of cryptographic keys: a public key and a private key.
CA
A Certificate Authority (CA) is a trusted entity that issues and manages digital certificates. These certificates are used to verify the identity of entities (like websites, individuals, and organizations) and to facilitate secure communication over networks
Digital Certificate
is essentially a wrapper for a subject’s public key. The certificate is digitally signed to prove that it was issued to the subject by a particular CA.
Root Certificate
A root certificate is a self-signed digital certificate issued by a Certificate Authority (CA).
It acts as the ultimate trust anchor in a PKI system.
CSR
Certificate Signing Request (CSR) A CSR is a block of encoded text submitted to a Certificate Authority (CA) when applying for a digital certificate.
It contains the public key and identifying information about the entity requesting the certificate.
CRL
Certificate Revocation List (CRL)
A CRL is a publicly available list maintained by a Certificate Authority.
It contains serial numbers of certificates that have been revoked and are no longer valid.
OCSP
Online Certificate Status Protocol (OCSP)
It allows clients (such as web browsers) to query a Certificate Authority’s (CA) server to determine if a certificate is still valid or has been revoked.
entropy
A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.
PRNG
Pseudo-Random Number Generator (PRNG)
A PRNG is an algorithm that produces a sequence of numbers that appears to be random but is actually deterministic.
TRNG
True Random Number Generator (TRNG)
is a device or system that generates random numbers by utilizing a physical process, rather than an algorithm. Unlike Pseudo-Random Number Generators (PRNGs), which produce numbers that appear random but are actually deterministic, TRNGs produce genuinely random numbers.
TPM
Trusted Platform Module (TPM)
It provides secure generation and storage of cryptographic keys, helping ensure platform integrity. Can be a chip or integrated into the CPU
example:
Imagine you have a laptop with a TPM chip. This TPM helps ensure that when you turn on your laptop, only trusted software loads, and it also helps encrypt the data on your hard drive. The security benefits are specific to that laptop.
HSM
Hardware Security Module (HSM)
An HSM is a dedicated hardware device designed to protect and manage digital keys, perform encryption and decryption.
Where a TPM is designed to validate the security of a discrete computing platform such as a desktop computer or laptop, an HSM provides either centralized key storage
example:
Now, think of a bank that uses an HSM. The HSM securely stores and manages encryption keys used by various bank applications and servers to encrypt transactions and customer data. It can serve multiple systems, providing centralized security, and can even be moved to different locations if needed.
Data at rest
is the state when the data is in some sort of persistent storage media.
Data in transit
is the state when data is transmitted over a network.
Data in use
is the state when data is present in volatile memory, such as system RAM or CPU registers and cache.
DBMS
Database Management System (DBMS)
is software that provides a systematic way to create, retrieve, update, and manage data in databases. It serves as an interface between end users and the database
TDE
Transparent Data Encryption (TDE)
is a technology used to encrypt databases to protect sensitive data at rest.
Transport/communication encryption
protects data-in-motion.
WPA
Wi-Fi Protected Access (WPA) —securing traffic sent over a wireless network.
IPsec
Internet Protocol Security (IPsec) —securing traffic sent between two endpoints over a public or untrusted transport network. This is referred to as virtual private networking (VPN).
TLS
Transport Layer Security (TLS) —securing application data, such as web or email data, sent over a public or untrusted network.
HMAC
Hash-based Message Authentication Code (HMAC)
It ensures that the message has not been altered and verifies the sender’s authenticity
PFS
Perfect Forward Secrecy (PFS)
A characteristic of transport encryption that ensures if a key is compromised, the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.
ephemeral session keys
In cryptography, a key that is used within the context of a single session only.
Salt
A salt is a random value added to data (typically passwords) before hashing.
User Registration:
User chooses a password: password123
System generates a random salt: 1a2b3c4d
Combined value: password1231a2b3c4d
Hash of combined value: h4shv4lu3
Stored in database: 1a2b3c4d (salt) and h4shv4lu3 (hash)
User Login:
User enters password: password123
System retrieves stored salt: 1a2b3c4d
Combined value: password1231a2b3c4d
Hash of combined value: h4shv4lu3
System compares this hash with the stored hash: h4shv4lu3
If they match, access is granted.
Steganography
Steganography involves embedding a secret message within another medium, such as a text, image, audio file, or video, so that the presence of the message is hidden.
Tokenization
Tokenization is a data security technique where sensitive data is replaced with a non-sensitive equivalent, known as a token.
“Data masking and tokenization are used for de-identification”
Credit Card Processing:
Sensitive Data: Credit card number 1234-5678-9012-3456.
Token Generation: The credit card number is replaced with a token like abcd-efgh-ijkl-mnop.
Storage: The token abcd-efgh-ijkl-mnop is stored in the production database. The original credit card number and the token are stored in the token vault.
A small development company just set up a web server and must ensure a secure customer connection. Regarding digital certificates, what is a file containing the information that the subject wants to use in the certificate, including its public key?
A.CA
B.CSR
C.CRL
D.PKI
B
The Certificate Signing Request (CSR) is a file containing the information that the subject wants to use in the certificate, including its public key.
What is the process used to encrypt and decrypt a message?
A.Cryptanalysis
B.Plaintext
C.Ciphertext
D.Algorithm
D
An algorithm refers to the operations that transform plaintext into ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types of algorithms.
A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up?
A.Public key infrastructure
B.Certificate authority
C.Cryptanalysis
D.Typosquatting
A
Public key infrastructure (PKI) refers to a framework of Certificate Authorities (CAs), digital certificates, software, services, and other cryptographic components deployed to validate subject identities.
