Correct Usage of Security Mechanisms & Applied Cryptography Flashcards
RTTFM
Read The Fucking Manual
Requirements of a Secure Connectrion
It is:
Encrypted
Authenticated
Tamper-proof
Secure Connection: Encryption How?
Public key crypto or session keys
Secure Connection: Authentication How?
Cryptographic certificates
Secure Connection: Tamper-proof How?
Message Authentication Codes (MAC)
Best practice protocol for secure connection
Transport Layer Security (TLS)
Encyption
Transforming meaningful data into seemingly meaningless gibberish with the possibility of transforming it back
Symmetric Encryption
Same key for decryption and encryption
Chasllenge of Symmetric Encryption
Distribution of keys with other parties securely
Public-Key Encryption/ Assymmetric Encription
Uses a public key to encrypt data and private key to decrypt data
Hybrid Encryption
Asymetric Encryption to distribute symmetric key/session key and from there use symmetric encryption
Message Authentication Codes (MAC)
Computes a hash for a message using a symmetric key
Types of MACs
CMAC: MACs based on block cyphers
HMAC: MACs based on Hashing algorithms
Combinations of Ciphers and MACs
Encrypt-then-MAC: First encrypt plaintext, then MAC the resulting ciphertext, then append it to the ciphertext. Most secure
Encrypt && MAC: Encrypt and MAC the plaintext and append the MAC to the ciphertext
MAC-then-Encrypt: MAC the plaintext, then encrypt both the tag and the plaintext
Digital Signatures
Hash message and add hash
Use private key to encrypt hash
Person with public key can decrypt hash and compute the message hash
If hash match, it confirms identity of sender and integrity of message
