Cryptography Flashcards
What is the difference between symmetric and asymmetric encryption?
Symmetric involves the sharing of an encrypted message and a single private key, which is used to decrypt all messages in that stream.
Asymmetric instead uses a public and a private key. A sender uses the recipient’s public key to encrypt the message, then sends it along the stream. The recipient can then use their own private key to decrypt the message.
Kerchoff’s Law
A cipher must not rely on the secrecy of said cipher.
Sufficient Key-Space Principle
Any security scheme must have a key space that is large enough to not be reliably brute-forced.
Moore’s Law
The number of transistors on a microchip doubles each year.
What are the three methods to ‘break’ cryptography?
Brute force
Trying every possible combination to crack the cipher.
Differential cryptanalysis
Decrypting small parts and seeing if it makes sense.
Side-channel attack
Using external data like speed and temperature to piece together the password.
What is Zimmermann’s Law?
“The ability of computers to track us doubles every eighteen months.”
Who can see your message if you’re using HTTP?
Everyone who intercepts your transmission can see your message.
Who can see your message if you’re using HTTPS?
Only the recipient (the web server) can see your message.
Who can see your message if you’re using HTTPS + TOR?
Nobody can see your message until it has passed through the TOR relays, which hide your location.
What is Heartbleed?
A method to get more data than intended by requesting a content length greater than intended.
e.g. “Send this 500-letter word “bird” if you are there”; Server sends “bird” followed by the next 496 characters in memory
What is DROWN?
An exploit used against SSLv2-enabled servers, which allows the attacker to obtain secure private keys.
A server is vulnerable if it allows both TLS and SSLv2 connections or if it shares a public key with a server allowing SSLv2 connections.
What is a digital signature?
How is a digital signature generated?
A digital signature is generated using a combination of a private key and a message or document. The process typically involves the following steps:
- The sender generates a hash of the message or document they want to sign. A hash is a unique representation of the content, and it ensures that the document has not been altered during transmission.
- The sender encrypts the hash using their private key. This creates a digital signature that can only be decrypted using the sender’s public key.
- The sender sends the message or document and the digital signature to the recipient.
- The recipient uses the sender’s public key to decrypt the digital signature and verify that it matches the hash of the received message or document. This ensures that the message or document was not altered in transit and that it was indeed sent by the owner of the private key.
- If the digital signature is valid, the recipient can trust that the message or document is authentic and has not been tampered with.
What is a hash?
A hash is a string of characters that is the result of running an input through a hash function.
What is a hash function?
A hash function is a mathematical algorithm which takes an input and returns a fixed-size string of characters, called the hash. The input can be of any size, but the output (or hash value) is always the same size.
One of the main characteristics of a hash function is that it is a one-way function, which means that it is easy to compute the hash value of an input, but it is very difficult to recreate the input from the hash value, making it ideal for storing passwords or other sensitive data.
