Cryptographic Solutions Flashcards
Steps to create a digital certificate
- Create a key pair using your chosen encryption algorithm.
- Generate a Certificate Signing Request (CSR), containing the public key and identification information.
- Submit the CSR to a Certificate Authority (CA).
- The CA verifies the requester’s identity.
- Once verified, the CA transfers the public key and identity to an x.509 certificate.
- The CA signs the certificate with its private key and returns it to the requester.
- The requester can share the certificate for secure communication.
- Third parties can verify the certificate’s validity by checking the CA’s digital signature.
What is encryption?
Process of converting ordinary information (plaintext) into an unintelligible form (ciphertext)
Describe the 3 states of data
Data at rest: data being archived, sitting in a hard drive device or storage device.
Data in transit moves across the network, resides inside RAM, or moves to and from the processor.
Data in use: undergoing a current constant state of change, data in the processor.
What is a symmetric algorithm?
Symmetric algorithms use the same key for both encryption and decryption.
What is an asymmetric algorithm?
Asymmetric algorithms use a pair of keys, a public key for encryption and a private key for decryption.
What is the difference between a stream cipher and a block cipher algorithm?
Stream ciphers convert one symbol of plaintext directly into a symbol of ciphertext. Block ciphers encrypt a group of plaintext symbols as one block. Simple substitution is an example of a stream cipher. Stream ciphers are good for securing real-time communication data streams like streaming audio or video. Stream ciphers tend to be symmetric algorithms.
Name the most common symmetric algorithms
DES, 3DE, IDEA, AES, Blowfish, Twofish, Rivest Ciphers (RC4, RC5, RC6). RC4 is the only stream cipher. AES (Advance Encryption Standard) is the strongest.
Name the most common asymmetric algorithms
Diffie-Hellman: Used for key exchange inside of creating a VPN tunnel establishment as part of IPSec.
RSA (Rivest-Shamir-Adleman): relies on the mathematical difficulty of factoring large prime numbers.
Elliptic Curve Cryptography (ECC): most commonly used for mobile devices and low-power computing devices.
Define hashing
Hashing is a one-way cryptographic solution that takes an input and produces a unique message digest as its output.
Name hashing algorithms
MD5, SHA Family, RIPEMD, HMAC.
Name two common hashing attacks
Pass the hash attack
Birthday attack
Define “Pass the hash attack”
A hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying hash of a user’s password instead of requiring the associate plaintext password.
Define “Birthday attack”
An attacker is able to generate a collision. (sends two different messages through a hash algorithm and it results in two identical digests)
How can we increase the strength of a hash?
Use hashes with long output digest, like choosing SHA-256 over MD5.
Key stretching: applying multiple rounds of hashing to a password to make it more computationally expensive to crack.
Salting: adding additional random data to a password before hashing it. To prevent rainbow attacks.
Nonce (number used once): Nonce: A random number used to prevent attacks and ensure the uniqueness of the password. To prevent replay attacks.
What is the Public Key Infrastructure (PKI)?
Framework for managing digital keys and certificates that facilitates secure data transfer, authentication, and encrypted communications over networks. PKI uses public key cryptography.
