Cryptographic Solutions Flashcards

1
Q

DES (Data Encryption Standard)

Symetric, Block cypher

A

Widely used from the 1970s to the early 2000s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Triple DES (3DES)

Symetric, Block cypher

A

Provides 112-bit key strength but is slower than DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IDEA (International Data Encryption Algorithm)

Symetric, Block cypher

A

Not as widely used as AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AES (Advanced Encryption Standard)

Symetric, Block cypher

A

■ Replaced DES and 3DES as the US government encryption standard
■ Widely adopted and considered the encryption standard for sensitive
unclassified information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Blowfish

Symetric, Block cypher

A

Developed as a DES replacement but not widely adopted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Twofish

Symetric, Block cypher

A

Open source and available for use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RC Cipher Suite (RC4, RC5, RC6)

Symetric, Block cypher

A

■ RC4 is a stream cipher with variable key sizes from 40 to 2048 bits, used in SSL
and WEP
■ RC5 is a block cipher with key sizes up to 2048 bits
■ RC6, based on RC5, was considered as a DES replacement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Diffie-Hellman

Asymetric

A

● Used for key exchange and secure key distribution
● Vulnerable to man-in-the-middle attacks, requires authentication
● Commonly used in VPN tunnel establishment (IPSec)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RSA (Ron Rivest, Adi Shamir, Leonard Adleman)

Asymetric

A

● Used for key exchange, encryption, and digital signatures
● Relies on the mathematical difficulty of factoring large prime numbers
● Supports key sizes from 1024 to 4096 bits
● Widely used in organizations and multi-factor authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Elliptic Curve Cryptography (ECC)

Asymetric

A

● Efficient and secure, uses algebraic structure of elliptical curves
● Commonly used in mobile devices and low-power computing
● Six times more efficient than RSA for equivalent security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

MD5 (Message Digest Algorithm 5)

Hashing

A

● Limited unique values, leading to collisions
● Not recommended for security-critical applications due to vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SHA (Secure Hash Algorithm) Family

Hashing

A

● SHA-1
○ Produces a 160-bit hash digest, less prone to collisions than MD5
● SHA-2
○ Offers longer hash digests (SHA-224, SHA-256, SHA-348, SHA-512)
● SHA-3
○ Uses 224-bit to 512-bit hash digests, more secure, 120 rounds of
computations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RIPEMD (RACE Integrity Primitive Evaluation Message Digest)

Hashing

A

Open-source competitor to SHA but less popular

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

HMAC (Hash-based Message Authentication Code)

Hashing

A

Utilizes other hashing algorithms (e.g., HMAC-MD5, HMAC-SHA1,
HMAC-SHA256)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Digital Signatures

A

■ Uses a hash digest encrypted with a private key
■ Sender hashes the message and encrypts the hash with their private key
■ Recipient decrypts the digital signature using the sender’s public key
■ Verifies integrity of the message and ensures non-repudiation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Common Digital Signature Algorithms

A

■ DSA (Digital Security Algorithm)
■ RSA (Rivest-Shamir-Adleman)
● Supports digital signatures, encryption, and key distribution
● Widely used in various applications, including code signing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Common Hashing Attack

Pass the Hash

A

A hacking technique that allows the attacker to authenticate to a remote
server or service by using the underlying hash of a user’s password
instead of requiring the associated plaintext password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Common Hashing Attack

Brithday Attack

A

Occurs when two different messages result in the same hash digest
(collision)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Increasing Hash Security

Key Stretching

A

● Technique that is used to mitigate a weaker key by creating longer, more
secure keys (at least 128 bits)
● Used in systems like Wi-Fi Protected Access, Wi-Fi Protected Access
version 2, and Pretty Good Privacy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Increasing Hash Security

Salting

A

● Adds random data (salt) to passwords before hashing
● Ensures distinct hash outputs for the same password due to different
salts
● Thwarts dictionary attacks, brute-force attacks, and rainbow tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Increasing Hash Security

Nonces (Number Used Once)

A

● Adds unique, often random numbers to password-based authentication
processes
● Prevents attackers from reusing stolen authentication data
● Adds an extra layer of security against replay attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Key Escrow

A

■ Storage of cryptographic keys in a secure, third-party location (escrow)
■ Enables key retrieval in cases of key loss or for legal investigations

23
Q

Digital Certificates

A

■ Digitally signed electronic documents■ Bind a public key with a user’s identity
■ Used for individuals, servers, workstations, or devices
■ Use the X.509 Standard

24
Q

Wildcard Certificate

A

● Allows multiple subdomains to use the same certificate
● Easier management, cost-effective for subdomains
● Compromise affects all subdomains

25
Q

SAN (Subject Alternate Name) field

A

● Certificate that specifies what additional domains and IP addresses are
going to be supported
● Used when domain names don’t have the same root domain

26
Q

Single-sided certificate

A

Only requires the server to be validated

27
Q

Dual-sided certificate

A

○ Both server and user validate each other
○ Dual-sided for higher security, requires more processing power

28
Q

Self-Signed Certificates

A

● Digital certificate that is signed by the same entity whose identity it
certifies
● Provides encryption but lacks third-party trust
● Used in testing or closed systems

29
Q

Third-Party Certificates

A

● Digital certificate issued and signed by trusted certificate authorities (CAs)
● Trusted by browsers and systems
● Preferred for public-facing websites

30
Q

Root of Trust

A

● Highest level of trust in certificate validation
● Trusted third-party providers like Verisign, Google, etc.
● Forms a certification path for trust

31
Q

Certificate Authority (CA)

A

● Trusted third party that issues digital certificates
● Certificates contain CA’s information and digital signature
● Validates and manages certificates

32
Q

Registration Authority (RA)

A

● Requests identifying information from the user and forwards certificate
request up to the CA to create a digital certificate
● Collects user information for certificates
● Assists in the certificate issuance process

33
Q

Certificate Signing Request (CSR)

A

● A block of encoded text with information about the entity requesting the
certificate
● Includes the public key
● Submitted to CA for certificate issuance
● Private key remains secure with the requester

34
Q

Certificate Revocation List (CRL)

A

● Maintained by CAs
● List of all digital certificates that the certificate authority has already revoked
● Checked before validating a certificate

35
Q

Online Certificate Status Protocol (OCSP)

A

● Determines certificate revocation status or any digital certificate using the
certificate’s serial number
● Faster but less secure than CRL

36
Q

OCSP Stapling

A

● Alternative to OCSP
● Allows the certificate holder to get the OCSP record from the server at
regular intervals
● Includes OCSP record in the SSL/TLS handshake
● Speeds up the secure tunnel creation

37
Q

Public Key Pinning

A

● Allows an HTTPS website to resist impersonation attacks from users who
are trying to present fraudulent certificates
● Presents trusted public keys to browsers
● Alerts users if a fraudulent certificate is detected

38
Q

Key Escrow Agents

A

● Securely store copies of private keys
● Ensures key recovery in case of loss
● Requires strong access controls

39
Q

Key Recovery Agents

A

● Specialized type of software that allows the restoration of a lost or
corrupted key to be performed
● Acts as a backup for certificate authority keys

40
Q

Blockchain

A

■ Shared immutable ledger for transactions and asset tracking
■ Builds trust and transparency
■ Widely associated with cryptocurrencies like Bitcoin
■ Is essentially a really long series of information with each block containing
information in it

41
Q

Block Structure

A

● Chain of blocks, each containing
○ Previous block’s hash
○ Timestamp
○ Root transactions (hashes of individual transactions)
● Blocks are linked together in a chronological order

42
Q

Public Ledger

A

● Secure and anonymous record-keeping system
● Maintains participants’ identities
● Tracks cryptocurrency balances
● Records all genuine transactions in a network

43
Q

Smart Contracts

A

● Self-executing contracts with code-defined terms
● Execute actions automatically when conditions are met
● Transparent, tamper-proof, and trust-enhancing

44
Q

TPM (Trusted Platform Module)

Encryption Tools

A

● Dedicated microcontroller for hardware-level security
● Protects digital secrets through integrated cryptographic keys
● Used in BitLocker drive encryption for Windows devices
● Adds an extra layer of security against software attacks

45
Q

HSM (Hardware Security Module)

Encryption Tools

A

● Physical device for safeguarding and managing digital keys
● Ideal for mission-critical scenarios like financial transactions
● Performs encryption operations in a tamper-proof environment
● Ensures key security and regulatory compliance

46
Q

Key Management System

Encryption Tools

A

● Manages, stores, distributes, and retires cryptographic keys
● Centralized mechanism for key lifecycle management
● Crucial for securing data and preventing unauthorized access
● Automates key management tasks in complex environments

47
Q

Secure Enclaves

Encryption Tools

A

● Coprocessor integrated into the main processor of some devices
● Isolated from the main processor for secure data processing and storage
● Safeguards sensitive data like biometric information
● Enhances device security by preventing unauthorized access

48
Q

Steganography

A

● Conceals a message within another to hide its very existence
● Used alongside encryption for added security

49
Q

Tokenization

A

● Substitutes sensitive data with non-sensitive tokens
● Reduces exposure of sensitive data during transactions
● Commonly used for payment systems to comply with security standards

50
Q

Data Masking (Data Obfuscation)

A

● Disguises original data to protect sensitive information
● Common in industries handling personal data

51
Q

Downgrade Attacks

A

■ Force systems to use weaker or older cryptographic standards or protocols
■ Exploit known vulnerabilities or weaknesses in outdated versions

52
Q

Collision Attacks

A

■ Find two different inputs producing the same hash output
■ Vulnerabilities in hashing algorithms, e.g., MD5, can lead to collisions

53
Q

Post-quantum cryptography

A

A new kind of cryptographic algorithm that can be implemented using
today’s classic computers but is also impervious to attacks from future
quantum computers

54
Q

NIST selected four post-quantum cryptography standards

A

● CRYSTALS-Kyber - general encryption needs
● Digital signatures
○ CRYSTALS-Dilithium
○ FLACON
○ SPHINCS+