Chp 3 Cryptographics Flashcards
Algorithm
is the process used to encrypt and decrypt a message.
Cryptanalysis
The science, art, and practice of breaking codes and ciphers.
AES-256
Advanced Encryption Standard-
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption.
Hashing
Hashing is a process used to transform data into a fixed-size string of characters, which is typically a hash value. It’s widely used in computer science and cryptography for ensuring data integrity.
Example:
Original password: MySecurePassword123
SHA-256 Hashed Password: 6e9c2461176ac19694f59d16e4300fce0d2a39b154e42cbfa9d682b8f3082ef4
SHA
Secure Hash Algorithm-
current version is SHA-2. hash functions designed to ensure data integrity.
SHA algorithms take an input (or ‘message’) and return a fixed-size string of bytes. The output is typically called the hash value or digest. The process is deterministic, meaning the same input will always produce the same output.
MD5
Message Digest Algorithm #5-
It’s poopoo. MD5 is not considered to be quite as safe for use as SHA256, but it might be required for compatibility between security products.
Digital Signature
A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.
PKI
Public Key Infrastructure-
PKI enables secure, encrypted communication and authentication over networks such as the internet. It uses a pair of cryptographic keys: a public key and a private key.
CA
A Certificate Authority (CA) is a trusted entity that issues and manages digital certificates. These certificates are used to verify the identity of entities (like websites, individuals, and organizations) and to facilitate secure communication over networks
Digital Certificate
is essentially a wrapper for a subject’s public key. The certificate is digitally signed to prove that it was issued to the subject by a particular CA.
Root Certificate
A root certificate is a self-signed digital certificate issued by a Certificate Authority (CA).
It acts as the ultimate trust anchor in a PKI system.
CSR
Certificate Signing Request (CSR) A CSR is a block of encoded text submitted to a Certificate Authority (CA) when applying for a digital certificate.
It contains the public key and identifying information about the entity requesting the certificate.
CRL
Certificate Revocation List (CRL)
A CRL is a publicly available list maintained by a Certificate Authority.
It contains serial numbers of certificates that have been revoked and are no longer valid.
OCSP
Online Certificate Status Protocol (OCSP)
It allows clients (such as web browsers) to query a Certificate Authority’s (CA) server to determine if a certificate is still valid or has been revoked.
entropy
A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.
PRNG
Pseudo-Random Number Generator (PRNG)
A PRNG is an algorithm that produces a sequence of numbers that appears to be random but is actually deterministic.
TRNG
True Random Number Generator (TRNG)
is a device or system that generates random numbers by utilizing a physical process, rather than an algorithm. Unlike Pseudo-Random Number Generators (PRNGs), which produce numbers that appear random but are actually deterministic, TRNGs produce genuinely random numbers.
TPM
Trusted Platform Module (TPM)
It provides secure generation and storage of cryptographic keys, helping ensure platform integrity. Can be a chip or integrated into the CPU
example:
Imagine you have a laptop with a TPM chip. This TPM helps ensure that when you turn on your laptop, only trusted software loads, and it also helps encrypt the data on your hard drive. The security benefits are specific to that laptop.
HSM
Hardware Security Module (HSM)
An HSM is a dedicated hardware device designed to protect and manage digital keys, perform encryption and decryption.
Where a TPM is designed to validate the security of a discrete computing platform such as a desktop computer or laptop, an HSM provides either centralized key storage
example:
Now, think of a bank that uses an HSM. The HSM securely stores and manages encryption keys used by various bank applications and servers to encrypt transactions and customer data. It can serve multiple systems, providing centralized security, and can even be moved to different locations if needed.
Data at rest
is the state when the data is in some sort of persistent storage media.
Data in transit
is the state when data is transmitted over a network.
Data in use
is the state when data is present in volatile memory, such as system RAM or CPU registers and cache.
DBMS
Database Management System (DBMS)
is software that provides a systematic way to create, retrieve, update, and manage data in databases. It serves as an interface between end users and the database
TDE
Transparent Data Encryption (TDE)
is a technology used to encrypt databases to protect sensitive data at rest.