Cryptographic Solutions Flashcards
Symmetric Algorithm
Encryption algorithm in which both the sender and the receiver must know the same shared secret using a privately held key.
Private Key
Single Key
Asymmetric Algorithm
Encryption algorithm where different keys are used to encrypt and decrypt the data
Most common examples are Diffie-Hellman, RSA, and Elliptic Curve Cryptography (ECC)
Public Key
2 Different Keys
Stream Cipher
Utilizes keystream generator to encrypt data bit by bit using a mathematical XOR function to create ciphertext
Block Cipher
Breaks the input into fixed-length blocks of data and performs the encryption on each block
Data Encryption Standard (DES)
Symmetric Algorithm
Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using effective key strength of only 56 bits.
Triple DES (3DES)
Symmetric Algorithm
The encryption algorithm uses three separate symmetric keys to encrypt, decrypt, and then encrypt the plaintext into ciphertext to increase the strength of DES.
International Data Encryption Algorithm (IDEA)
Symmetric Algorithm
Symmetric Block Cipher uses 64-bit blocks to encrypt plaintext into ciphertext.
Advanced Encryption Standard (AES)
Symmetric Algorithm
Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into ciphertext.
Blowfish
Symmetric Algorithm
Symmetric block cipher uses 64-bit blocks and a variable-length encryption key to encrypt plaintext into cipher.
Twofish
Symmetric Algorithm
It provides the ability to use 128-bit blocks in its encryption algorithm and uses 128-bit, 192-bit, or 256-bit encryption.
RC Cipher Suite
Symmetric Algorithms
It was created by Ron Rivest, a cryptographer who’s created six algorithms under the name “RC,” which stands for The Rivest Cipher.
RC4 - Symmetric stream cipher using a variable key size from 40 bits to 2048 bits that is used in SSL and WEP.
RC5 - Symmetric block cipher that uses key sizes up to 2048 bits.
RC6 - Symmetric block cipher that was introduced as a replacement for DES but AES was the chosen instead.
Diffie-Hellman (DH)
Asymmetric Algorithm
Used to conduct key exchanges and secure key distribution over an unsecured network.
Used for key exchange inside of creating a VPN tunnel establishment as part of IPSec.
RSA (Rivest, Shamir, and Adleman)
Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers.
Can support key sizes between 1024 bites and 4096 bits.
Elliptic Curve Cryptography (ECC)
Asymmetric Algorithm
Heavily used in mobile devices and it’s based on the algebraic structure of elliptical curves over finite fields to define its keys.
ECC with a 256-bit key is just as secure as RSA with a 2048-bit key.
Hashing
A one-way cryptographic function that takes an input and produces a unique message digest as its output.
The hash digest is always the same length.
MD5
Creates a 128-bit hash value that is unique to the input value
SHA-1
Creates a 160-bit hash digest, which significantly reduces the number of collisions that occur
SHA-2
Family of has functions that contain longer hash digests.
SHA-3
A newer family of hash functions, and its hash digest can go between 224 and 512 bits.
RIPEMD (Race Integrity Primitive Evaluation Message Digest)
Comes in 160-bit and 320-bit versions
RIPEMD-160
Open-source hashing algorithm that was created as a competitor to the SHA family.
HAMC (Hash-Based Message Authentication Code)
Used to check the integrity of a message and provide some level of assurance that its authenticity is real
Digital Security Standard (DSS)
Relies on a 160-bit message created by the digital security algorithm
Pass-the-Hash Attack
A hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying has of a user’s password instead of requiring the associated plaintext password.
Mimikatz
Provides the ability to automate the process of harvesting the hashes and conducting the attack
Birthday Attack
It occurs when an attacker is able to send two different messages through a has algorithm, and it results in the same identical has digest, referred to as a collision.
Birthday Paradox
“If you have a random group of people, the chances are you are going to have two people in that group with the same birthday.”
Key Stretching
A technique that is used to mitigate a weaker key by increasing the time needed to crack it.
Salting
Adding random data into a one-way cryptographic has to help protect against password cracking techniques.
Dictionary Attack
When an attacker tries every word from a predefined list.
Brute-Force Attack
When an attacker tries every possible password combination.
Rainbow Tables
Precomputed tables for reversing cryptographic hash functions.
Nonce
Stands for “Number Used Once” is a unique, often random number that is added to the password-based authentication process.
Steganography
Concealing a message within another so that the very existence of the message is hidden.
The primary goal isn’t just to prevent unauthorized access to the data, but to prevent the suspicion that there’s any hidden data at all.
Frequently used alongside encryption for an extra layer of security.
Tokenization
Transformative technique in data protection that involves substituting sensitive data elements with non-sensitive equivalents, called tokens, which have no meaningful value.
Data Masking
It is used to protect data by ensuring that it remains recognizable but does not actually include sensitive info.
Prevalent in industries that handle vast amounts of PII.
Downgrade Attack
It aims to force a system into using a weaker or older cryptographic standard or protocol than it currently utilizes.
Collision Attack
It aims to find two different inputs that produce the same hash output.
Collisions can allow malicious actors to impersonate trusted entities, forge digital signatures, or distribute tampered data while appearing genuine.
