Cryptographic Systems Flashcards

1
Q

Cryptology

A

Is the science of making and breaking secret codes. The development and use of codes is called cryptography, and breaking codes is called crypt-analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Encryption Standard (DES)

A
  • is a cipher/ a method of encrypting information
  • DES is now considered to be insecure for many applications: chiefly due to the 56-bit key size being too small. Can be broken in as few as 24 hours.
  • is believed to be practically secure in the form of triple DES
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Advanced Encryption Standard (AES)

A
  • successor of DES
  • Is a symmetric cipher defined in federal information processing (FIPS) standard number 197 in 2001
  • NSA approves 128-bit for SECRET and 192-bit AES for TOP SECRET
  • AES has a fixed block size of 128, 192, or 256 bits (those are the 3 approved key lengths)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

3 Approved AES key lengths

A

128 bit
192 bit
256 bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Triple DES / 3DES

A
  • 3des is 256 times stronger than DES
  • It takes a 64-bit block of data and then performs 3 DES operations in sequence, encrypt, decrypt, encrypt
  • requires additional processing time
  • can use 1,2, or 3 different keys (1 key = DES)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Software-optimized Encryption Algorithm (SEAL)

A

Is an alternative algorithm to software based DES, 3DES, and AES

  • Is a stream cipher that uses a 160-bit encryption key
  • Because it is a stream cipher, data to be encrypted is continuously encrypted and therefore much faster than block ciphers
  • longer initialization phase during which a large set of tables is created using SHA
  • SEAL has a lower impact on CPU compared to other software-based algorithms
  • SEAL support was added to cisco IOS release 12.3(7)T
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RC Algorithms

A
Rc algorithms are widely deployed in many networking applications because of their favorable speed and variable key-length capabilities
Several Variations of RC algorithms:
-RC2
-RC4
-RC5
-RC6
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

RC2

A

Variable key-size block cipher that was designed as a “drop-in” replacement for DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

RC4

A
  • Worlds most widely used stream cipher.
  • Variable key-size stream cipher that is often used in file encryption products and for secure communications, such as within SSL
  • It is not considered a one-time pad, because the key is not random
  • The cipher can be expected to run very quickly in software and is considered secure, although it can be implemented insecurely, as in Wired Equivalent Privacy (WEP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RC5

A

a fast block cipher that has a variable block size and key size. RC5 can be used as a drop-in replacement for DES if the block size is set to 64-bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RC6

A

RC6 was an AES finalist. a 128-bit to 256-bit block cipher that was designed by rivest, sidney, and yin and is based on RC5.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Bulk Data Encryption - symmentric keys

A
  • The best encryption method for bulk encryption is AES
  • AES provides good security and speed and versatility across a variety of computer platforms.
  • RSA keys are large numbers that are only suitable for short messages
  • DES can be brute forced
  • 3DES can take a long time (3 times as long as DES)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Symmetric Encryption Algorithm examples (3)

A
  1. DES
  2. 3DES
  3. AES
    Symmetric encryption requires a much larger key size to achieve the same level of protection as asymmetric encryption.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Stream Cipher

A

A stream cipher converts one symbol of plaintext directly to a symbol of ciphertext

  • Stream ciphers encrypt plaintext one byte or one bit at a time
  • Can be much faster than block ciphers, and generally do not increase the message size
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Block Ciphers

A

Encrypt a group of plaintext symbols as one block
- most modern symmetric encryption algorithms are block ciphers
-block sizes vary, 64=des 128=aes
-Block ciphers transform a fixed-length block of plaintext into a common block of ciphertext of 64 or 128 bits
-

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Stream Encryption Advantages

A
  • Speed of transformation: algorithms are linear in time and constant in space
  • low error propagation: an error in encrypting one symbol likely will not affect subsequent symbols
17
Q

Stream Encryption Disadvantages

A

Low Diffusion: All information of plaintext symbols is contained in a single ciphertext symbol
Susceptibility to insertions/modifications: and active interceptor who breaks the algorithm might insert spurious text that looks authentic

18
Q

Block Encryption Advantages

A

High diffusion: information from one plaintext symbol is diffused into several ciphertext symbols.

Immunity to tampering: difficult to insert symbols without detection

19
Q

Block Encryption Disadvantages

A

Slowness of encryption: an entire block must be accumulated before encryption / decryption can begin

Error propagation: An error in one symbol may corrupt the entire block.

20
Q

Message Digest 5 (MD5)

A
  • is a widely used cryptographic hash function with a 128-bit hash value
  • As an Internet standard (RFC 1321), MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files
  • An MD5 hash is typically expressed as a 32-character hexadecimal number.
  • In 1996, a flaw was found with the design of MD5; while it was not a clearly fatal weakness, cryptographers began recommending the use of other algorithms, such as SHA-1 (which has since been found vulnerable itself)
21
Q

Secure Hash Algorithm (SHA1, SHA2)

A

The Sha hash functions are five cryptographic hash functions designed by the NSA and published by the NIST
-The five algorithms are denoted SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512
the latter 4 variants are somtimes collectivly called SHA-2
-SHA-1 produces a message digest that is 160 bits long, the number in the other 4 variants denote the bit length of the digest they produce.
-SHA-1 is employed in several widely used security applications and protocols: TLS, SSL, PGP, SSH, S/MIME, and IPsec
-considered to be the successor to MD5

22
Q

SHA-3

A

winner of a contest IN 2007 afteR SHA-2 has vulnerability worries
- known as keccak

23
Q

MD5 vs. SHA

A
  • Longer hash values = more secure
  • MD5 and SHA-1 are based on previous version of the message digest algorithm
  • sha-1 involves 80 steps, and MD5 involves 64 steps
  • when choosing a hashing algorithm, use SHA-256 or higher
24
Q

HMAC

A

is a message authentication code (MAC) that is calculated using a hash function and a secret key

  • hash functions are the basis of the protection mechanism of HMACs
  • the output of the hash function now depends on the input data and the secret key
  • authenticity is guarenteed because only the sender and the reciever know the secret key
  • The above characteristic defeats man-in-the-middle attacks and provides authentication of the data origin
25
Q

Asymmetric Key Algorithms

A
  • also called public-key algorithms are designed so that the key that is used for encryption is different from the key that is used for decryption
  • the decryption key cannot, in any reasonable amount of time, be calculated from the encryption key and vice versa
26
Q

4 asymmetric key algorithms

A
  1. Internet key exchange (IKE)
  2. Secure Socket Layer (SSL)
  3. Secure Shell (SSH)
  4. Pretty good privacy (PGP)
27
Q

well known asymmetric key algorithms

A
  • Diffie-hellman
  • Digital signature standard (dss)
  • Rsa encryption algorithms
  • Elgamal
  • Elliptical curve techniques
28
Q

Two main criteria to be considered when selecting an encryption algorithm:

A
  1. the algorithm is trusted by the cryptographic community
  2. The algorithm adequately protects against brute-force attacks

other: the algorithm supports variable and long key lengths and scalability

29
Q

Diffie-Hellman Key Exchange

A

Both sides Create a public and private key, send public key to other side. use both public and private keys to generate a value (both sides will have same value) public key decrypts, private key encrypts. Not good for large amounts of data so after confirming each other with these public keys one side creates a symmetrical key that is shared and then data is transmitted while being symmetrically encrypted.

30
Q

Digital Signature security Services

A

Authenticity of digitally signed data: digital signatures authenticate a source, proving that a certain party has seen and signed the data in question.

Integrity of digitally signed data: Digital signatures guarantee that the data has not changed from the time it was signed

Nonrepudiation of the transaction: the recipient can take the data to a third party and the third party accepts the digital signature as a proof that this data exchange did take place. the signing party cannot repudiate that it has signed the data.

31
Q

Digital Signature Situations

A
  • to provide a unique proof of data source, which can only be generated by a single party, such as contract signing in e-commerce environments
  • to authenticate a user by using the private key of the user and the signature it generates
  • to prove the authenticity and integrity of PKI certificates
  • to provide nonrepudiation using a secure timestamp and a trusted time source
32
Q

Asymmetrical Encryption Algorithms and key lengths

A
Diffie-Hellman - 512,1024, 2048
Digital signature standard (DSS) and Digital Signature Algorith (DSA) - 512 to 1024
RSA encryption algorithms - 512 to 2048
ElGamal - 512 to 1024
Elliptical curve techniques - 160
33
Q

PKI

A

is a set of technical, organizational, and legal components that are needed to establish a system that enables large-scale use of public key cryptography to provide authenticity, confidentiality, integrity, and nonrepudiation services.
The PKI framework consists of the hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates.

34
Q

PKI Certificates

A

Used for various purposes in a network. Certificates are public information. They contain the binding between the names and public keys of entities and are usually published in a centralized directory so that other PKI users can easily access them.

35
Q

PKI Certificate Authority (CA)

A

A trusted third-party entity that issues certificates. The certificate of a user is always signed by a CA. Every CA also has a certificate containing its public key, signed by itself. This is called a CA certificate or, more properly, a self-signed CA certificate.