CRY Flashcards
mathematical function that determines the cryptographic operations
Algorithm
encryption system using a pair of mathematically related unequal keys
Asymmetric
Sender and receiver have public and private keys.
Public to encrypt a message, private to decrypt
Slower than symmetric, secret key (100 to 1000)
Asymmetric Cryptography
encrypt/decrypt request are processed in queues.
Asynchronous
statistical probabilities of a collision are more likely than one thinks
Birthday attack
manipulates toll-free line voltage to phone for free
Black Boxing
Segregating plaintext into blocks and applying identical encryption algorithm and key
Block Cipher
By Bruce Schneider key lengths 32 to 448 bits, used on Linux systems that use bcrypt (DES alternative)
Confidentiality Symmetric, Algorithm
Blowfish
tone simulation that mimics telephone co. system and allows long distance call authorization
Blue Boxing
with enough computing power trying all possible combinations
Brute Force
mono-alphabetic substitution cipher
Caesar cipher
blocks of 64 bits with 64bits initialization vector. Errors will propagate
CBC Cipher Block Chaining
PKI, entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Certificate Authority
a temporary public file to inform others of a compromised digital certificate
Certificate revocation List (CRL)
a trusted issuer of digital certificates
Certification authority
stream cipher where the cipher text is used as feedback into key generation. errors will propagate
CFB, Cipher Feedback
a mathematical tool for verifying no unintentional changes have been made
Checksum
cryptographically transformation that operates on characters or bits. DES, word scramble, shift letters
Cipher
scrambled form of the message or data
Cipher text
situation wherein plain text messages generates identical cipher text messages using the same algorithm but with different crypto-variables or keys
Clustering
substitution at the word or phrase level
Code
cryptographic transformation that operates at the level of words or phrases. Example: “wedding” means “attack”
Codes
outputs within a given function are the same result
Collisions
joining two pieces of text -
Concatenation
RSA (Rivest, Shamir, Adelman) - Factoring large primes
Elliptic Curve Cryptosystem - Logs, discrete logs
Diffie-Hellman for key exchange
El Gamal
Confidentiality Asymmetric Algorithms
Confidentiality
Authentication
Non-repudiation
Key management easier
Access control
Integrity
Confidentiality Asymmetric Strengths
More processor-intensive than symmetric encryption
Still need to protect private key
Confidentiality Asymmetric Weaknesses
AES (Extended AES, Rijndael)
RC4
DES - Brute force can break it, but not flawed. Types Lucifer, Feistle Cipher, Triple DES.
Confidentiality Symmetric Algorithms
Confidentiality protection
Speed
Bulk encryption - large files efficiency
Availability of free algorithms
Confidentiality Symmetric Strengths
Key management
Scalability issues
Shared keys - No authentication or non-repudiation, Forgery by receiver is possible
Confidentiality Symmetric Weaknesses
mixing the key values during repeated rounds of encryption, make the relationship between ciphertext and key as complex as possible
Confusion
two certificate authorities that trust each other
Cross certification
code breaking, practice of defeating the protective properties of cryptography.
Cryptanalysis
Step by step procedure to encipher plaintext and decipher cipher text
Cryptographic Algorithm
code making
Cryptography
Confidentiality
Integrity
Proof of origin
Non-repudiation
Protect data at rest
Protect data in transit
Cryptography Goals
The study of cryptography and cryptanalysis
We think about Confidentiality, Integrity, and key exchange
Cryptology
cryptography + cryptanalysis
Cryptology - CRY
IPSec
TLS
Cryptology implementation
set of transformations from a message space to cipher space
Cryptosystem
key
Cryptovariable
secure long messages
CTR, Counter
descrambling the encrypted message with the corresponding key
Decipher
try a list of words in passwords or encryption keys
Dictionary attack
switching secret keys over an insecure medium without exposing the keys
Not encryption
Technically - Large prime generation, Groups
Diffie Hellman Key exchange
mix location of plaintext throughout ciphertext, change of a single bit should drastically change hash, dissipate pattern
Diffusion
a electronic attestation of identity by a certificate authority
Digital certificate
Asymmetric encryption of a hash of message
Digital Signature
the US Government
Equivalent of the RSA algorithm
DSA, Digital Signature Algorithm
going through someone’s trash to find useful or confidential info –it is legal but unethical in nature
Dumpster Diving
right block/left block pairing 1-1. Replication occurs. Secure short messages.
One of the Block modes of symmetric ciphers
ECB, Electronic Code Book
mathematical properties of elliptical curves, IT REQUIRES FEWER RESOURCES THAN RSA. Used in low power systems (mobile phones etc.)
ECC, Elliptic Curve Cryptosystem
Works with discrete logarithms, based on
Diffie Hellman
el Gamal
act of scrambling the cleartext message by using a key.
Encipher
Encrypted information that is sent from point of origin to destination. In symmetric encryption this means both having the same identical key for the session
End-to-end encryption
cryptographic keys that are generated for each execution of a key establishment process. SYN-Session Key
Ephemeral keys
Boolean operation that performs binary addition
Exclusive OR
one way encryption, for integrity purposes
Hash function
z-Uses both asymmetrical and symmetrical encryption:
asymmetrical for key exchange
symmetrical for the bulk - thus it is fast
example: SSL, PGP, IPSEC S/MIME
Hybrid Cryptography
64 bit plaintext and 128 key length with confusion and diffusion used in PGP software patented requires licenses fees/free noncom.
IDEA, International Data Encryption Algorithm
Claude Elmwood Shannon
Information Theory
Hash functions
Checksums - Accidental
Message Authentication Code
Integrity - How do we know about change?
randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Initialization Vector
only the key protects the encrypted information
Kerckhoff’s principle
two different keys decrypt the same cipher text
Key clustering
for PKI, to store another copy of a key
Key escrow
use with each algorithm based on the sensitivity of information transmitted, longer key the better!
Key Length
creation distribution update and deletion
Key management
Information or sequence that controls the enciphering and deciphering of messages
Key or Crypto variable
total number of keys available that may be selected by the user of a cryptosystem
Key space
a hash that has been further encrypted with a symmetric algorithm
Keyed-Hashing for Message Authentication
stacked encryption using different keys to encrypt each time
Link encryption
adversary intercepts encrypted communications, decrypts, views, encrypts, and send along to the true destination
Man-in-the-middle attack
Integrity intentional changes
MAC, Message Authentication Code
summary of a communication for the purpose of integrity
Message digest
Message digest size for hash functions
Hash of Variable Length
HAVAL 128, 160, 192, 224, 256 bits
Hash message authentication code
HMAC Variable
Message Digest
MD5 128 bits
Secure Hash Algorithm
SHA-1 160 bits
SHA2-224/SHA3-224
SHA2-256/SHA3-256
SHA2-384/SHA3-384
SHA2-512/SHA3-512
RIPE Message Digest
RIPEMD-128
RIPEMD-160
RIPEMD-256 (security equivalent to 128)
RIPEMD-320 (security equivalent to 160)
computing power will double every 18 months
Moore’s Law
for PKI, to have more than one person in charge of a sensitive function
multi-party control
impossibility of denying authenticity and identity
Non-repudiation
used in cases where the use of encryption is not necessary but yet the fact that no encryption is needed must be configured in order for the system to work. Ex. Testing, stenography
Null Cipher
stream cipher that generates the key but XOR-ing the plaintext with a key stream. No errors will propagate
OFB, Output Feedback
a running key using a random key that is never used again
One time pad
Moving letters around
Permutation/transposition
GPG; encrypt attached files
PGP
hackers who commit crimes against phone companies
Phreakers
natural or human-readable form of message
Plain text
message in clear text readable form
Plaintext
using many alphabets
Polyalphabetic
collection of business processes and technologies used for binding individuals to a digital certificate
Public Key Infrastructure (PKI)
a list of hash values, presorted to speed lookup. typically for cracking password hashes. It is a form of time-memory tradeoff, using less CPU at the cost of more storage. A control to reduce this type of attack is salting.
Rainbow Tables
Variable algorithm up 0 to 2048 bits key size
RC5
Pay phones cracking
Red boxing
performs certificate registration services on behalf of a CA. Verifies user credentials
Registration Authority
for PKI, decertify an entities certificate
Revocation
for speed, simplicity and resistance against known attacks. Variable block length and variable key lengths (128,192 and 256 bits)
Rijndael Block Cipher Algorithm
symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security, the people who developed the RSA asymmetric algorithm. Is a block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 (zero) length and 2,040 bits.
RC5, Rivest Cipher 5
works with one way math with large prime numbers (aka trap door
functions). Can be used for encryption, key exchange
and digital signatures)
RSA, Rivest, Shamir, & Adleman
an encryption method that has a key as long as the message
Running key
Someone with moderate hacking skills, gets code from the Internet.
Script kiddie
moving the alphabet intact a certain number spaces
Shift cipher (Caesar)
inference about encrypted communications
Side channel attack
process described by Claude Shannon used in most block ciphers to increase their strength
SP-network
The SP-Network is the process described by Claude Shannon used in most block ciphers to increase their strength. SP stands for substitution and permutation (transposition), and most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process.
hiding the fact that communication has occurred
Steganography
operate on one character or bit of a message (or data stream0 at a time)
Stream cipher
Examples: Caesar cipher, one-time pad
trading one for another
Substitution
encryption system using shared key/private key/single key/secret key
Symmetric
Both the receiver and the sender share a common secret key. Larger key size is safer > 128
Can be time-stamped (to counter replay attacks)
Does not provide mechanisms for authentication and non-repudiation
Symmetric Cryptography
Symmetric encryption memorization chart
Advanced Encryption Standard (AES), block size 128, key size 128, 192, 256
Rijndael, block size Variable, key size 128, 192, 256
Blowfish (often used in SSH), block size 64, key size 32-448
Data Encryption Standard (DES), block size 64, key size 56
IDEA (used in PGP), block size 64, key size 128
Rivest Cipher 4 (RC4), block size N/A (stream cipher), key size 40-2048
Rivest Cipher 5 (RC5), block size 32, 64, 128, key size 0-2040
Rivest Cipher 6 (RC6), block size 128, key size 128, 192, 256
Skipjack, block size 64, key size 80
Triple DES (3DES), block size 64, key size 112 or 168
CAST-128, block size 64, key size 40-128
CAST-256, block size 128, key size 128, 160, 192, 224, 256
Twofish, block size 128, key size 1-256
each encryption or decryption request is performed immediately
Synchronous
process of reordering plaintext to hide the message rambo = ombar
Transposition/permutation
Key lengths 256 bits blocks of 128 in 16rounds BEAT OUT BY Rijndal for AES, based on Blowfish
Two fish
cipher (one time pad): key of a random set of non-
repeating characters
Vernam
polyalphabetic substitution
Vigenere
intellectual property management technique for identifying after distribution
Watermarking
dual tone, multifrequency generator to control phone system
White box
effort/time needed to overcome a protective measure
Work factor
If you want to encrypt a confidential message, use the recipient’s public key
If you want to decrypt a confidential message sent to you
If you want to digitally sign a message you are sending to someone else
If you want to verify the signature on a message sent by someone else
