Cryptographic Solutions Flashcards
Symmetric vs Asymmetric Encryption
Symmetric Encryption
Uses a single key for both encryption and decryption
Often referred to as private key encryption
Requires both sender and receiver to share the same
secret key
Offers confidentiality but lacks non-repudiation
Challenges with key distribution in large-scale usage
More people mean more sharing of the keys
Asymmetric Encryption
Uses two separate keys
Public key for encryption
Private key for decryption
Often called “Public Key Cryptography”
No need for shared secret keys
Commonly used algorithms include Diffie-Hellman, RSA,
and Elliptic Curve Cryptography (ECC)
Slower compared to symmetric encryption but solves
key distribution challenges
Define cryptography & encryption
Cryptography
Practice and study of writing and solving codes
Encryption to hide information’s true meaning
Encryption
Converts plaintext to ciphertext
Provides data protection at rest, in transit, and in use
Symmetric Algorithms
DES
Triple DES
IDEA
AES
Blowfish
Twofish
Rivest Cipher
Asymmetric Algorithms
Diffie-Hellman
RSA
Elliptic Curve Cryptography
Hashing
Converts data into fixed-size string (digest) using hash functions
Algorithms
MD5
SHA Family
RIPEMD
HMAC
Public Key Infrastructure (PKI)
Framework managing digital keys and certificates for secure data transfer
Digital Certificates
Electronic credentials verifying entity identity for secure communications
Blockchain
Decentralized, immutable ledger ensuring data integrity and transparency
Encryption tools
TPM
HSM
Key Management Systems
Secure Enclave
Obfuscation
Steganography
Tokenization
Data Masking
Three types of Cryptographic Attacks
Downgrade Attacks
Collision Attacks
Quantum Computing Threats
Hybrid Approach
Combines both symmetric and asymmetric encryption
for optimal benefits
Asymmetric encryption used to encrypt and share a
secret key
Symmetric encryption used for bulk data transfer,
leveraging the shared secret key
Offers security and efficiency
Stream Cipher
Encrypts data bit-by-bit or byte-by-byte in a continuous
stream
Uses a keystream generator and exclusive XOR function
for encryption
Suitable for real-time communication data streams like
audio and video
Often used in symmetric algorithms
Block Cipher and its advantages
Breaks input data into fixed-size blocks before
encryption
Usually 64, 128, or 256 bits at a time
Padding added to smaller data blocks to fit the fixed
block size
Advantages include ease of implementation and
security
Can be implemented in software, whereas stream
ciphers are often used in hardware solutions
Sysmmetric algorition - DES (Data Encryption Standard)
Uses a 64-bit key (56 effective bits due to parity)
Encrypts data in 64-bit blocks through 16 rounds of
transposition and substitution
Widely used from the 1970s to the early 2000s
Sysmmetric algorition - Triple DES (3DES)
Utilizes three 56-bit keys
Encrypts data with the first key, decrypts with the
second key, and encrypts again with the third key
Provides 112-bit key strength but is slower than DES
Sysmmetric algorition - IDEA (International Data Encryption Algorithm)
A symmetric block cipher with a 64-bit block size
Uses a 128-bit key, faster and more secure than DES
Not as widely used as AES
Sysmmetric algorition - AES (Advanced Encryption Standard)
Replaced DES and 3DES as the US government
encryption standard
Supports 128-bit, 192-bit, or 256-bit keys and matching
block sizes
Widely adopted and considered the encryption
standard for sensitive unclassified information
Sysmmetric algorition - Blowfish
A block cipher with key sizes ranging from 32 to 448
bits
Developed as a DES replacement but not widely
adopted
Sysmmetric algorition - Twofish
A block cipher supporting 128-bit block size and key
sizes of 128, 192, or 256 bits
Open source and available for use
Sysmmetric algorition - RC Cipher Suite (RC4, RC5, RC6)
Created by cryptographer, Ron Rivest
RC4 is a stream cipher with variable key sizes from 40
to 2048 bits, used in SSL and WEP
RC5 is a block cipher with key sizes up to 2048 bits
RC6, based on RC5, was considered as a DES
replacement
Note: When working with encryption, identify if it’s symmetric or asymmetric and whether it’s a block or stream cipher
Asymmetric Algorithms - key
Public Key Cryptography
No shared secret key required
Uses a key pair
Public key for encryption
Private key for decryption
Provides confidentiality, integrity, authentication, and
non-repudiation
Confidentiality with Public Key
Encrypt data using the receiver’s public key
Only the recipient with the corresponding private key
can decrypt it
Non-Repudiation with Private Key
Encrypt data using the sender’s private key
Anyone with access to the sender’s public key can verify
the sender’s identity
Integrity and Authentication with Digital Signature
Create a hash digest of the message
Encrypt the hash digest with the sender’s private key
Digital Signature
A hash digest of a message encrypted with the sender’s
private key to let the recipient know the document was
created and sent by the person claiming to have sent it
Encrypt the message with the receiver’s public key
Ensures message integrity, non-repudiation, and confidentiality
Asymmetric Algorithms - Diffie-Hellman
Used for key exchange and secure key distribution
Vulnerable to man-in-the-middle attacks, requires
authentication
Commonly used in VPN tunnel establishment (IPSec)
Asymmetric Algorithms - RSA (Ron Rivest, Adi Shamir, Leonard Adleman)
Used for key exchange, encryption, and digital
signatures
Relies on the mathematical difficulty of factoring large
prime numbers
Supports key sizes from 1024 to 4096 bits
Widely used in organizations and multi-factor
authentication
Asymmetric Algorithms - Elliptic Curve Cryptography (ECC)
Efficient and secure, uses algebraic structure of
elliptical curves
Commonly used in mobile devices and low-power
computing
Six times more efficient than RSA for equivalent
security
Variants include
ECDH (Elliptic Curve Diffie-Hellman)
ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)
ECDSA (Elliptic Curve Digital Signature Algorithm)
Three types of Asymmetric Algorithims
1: Diffie-Hellman
2: RSA (Ron Rivest, Adi Shamir, Leonard Adleman)
3: Elliptic Curve Cryptography (ECC)