Cryptography Flashcards

1
Q

DES

A

Data Encryption Standard - symmetric cryptosystem, older and obsolete.
-Uses an algorithm called Lucifer, which in the DES implementation, has a 64-bit key size.
-8 bits are for computational overhead, so true key size is 56 bits.
-Any blocks less than 64 bits in size are padded
- 5 different block cipher modes of operation
-16 rounds of encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

DES ECB

A

Electronic Code Book - a given piece of plaintext will always produce the same piece of ciphertext. Very predictable, easily broken

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DES CBC

A

Cipher block chaining - much stronger encryption by XORing the previous block to the block being encrypted, the first block acts as an initialization vector (IV). Every block of plaintext will have a different ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

DES CFB

A

Cipher feedback mode - plaintext is XORed into the IV after each round, similar to CBC mode.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

DES OFB

A

Output feedback - similar to CFB mode, takes the result of the previous encryption of the IV and key before the plaintext is XORed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DES CTR

A

Counter mode - uses a random 64-bit block as the first IV, then increments a specified number or counter for every subsequent block of plaintext. Best performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

3DES or TDES

A

Triple DES (Data Encryption standard) - symmetric, better, later iteration of DES. Uses three distinct iterations of encryptions on plaintext. DES uses single 56-bit keys, 3DES uses three 56-bit keys.
-Thus, 3DES has a 168-bit key
-Same modes as DES, repeats them 3 times with 3 different keys
-Suffers from some of the same weaknesses as DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AES

A

Advanced Encryption Standard - symmetric block cipher
-block sizes of 128 bits
-key sizes of 128, 192, and 256 bits
-10 rounds for 128-bit keys, 12 rounds for 192-bit keys, 14 rounds for 256-bit keys
-Has different modes, similar to DES.
Attacks on AES are usually side-channel attacks, which target a faulty implementation rather than the cryptosystem itself
- tends to use the lower-latency Galois/Counter Mode
-Sometimes called Rijndael

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AES GCM

A

AES Galois/Counter Mode - starts with CTR mode, adds a special data type known as a Galois field to add integrity. Authenticated encryption mode. Low latency, good performance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Blowfish

A

Symmetric Block Cipher - accepts 64-bit blocks, wide range of variable key links, from 32-bits to 448 bits.
-16 rounds of encryption, just like DES.
-widely implemented, considered a good choice and strong
-public domain, free to use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Twofish

A

Symmetric block algorithm, uses 128-block size
-128-bit, 192-bit, or 256-bit keys
-Like DES, uses 16 rounds of encryption
-Successor to Blowfish
-Public domain, freely available to use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

RC4

A

Rivest Cipher 4 - symmetric streaming algorithm, not block.
-One round of encryption
-Can use key sizes from 40 to 2048 bits in length
-Very fast protocol, as all streaming ciphers are
-Key stream (stream of pseudorandom bits injected into encryption) which is combined with plaintext using XOR to encrypt it into ciphertext
-Most popularly used in wireless encryption with WEP, which is obsolete and cryptographically broken protocol
Can be found in versions of SSL/TLS
-some documented weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RSA

A

Asymmetric algorithm, enables creation of a public-private key pair
Generates keys based on the mathematical problem of the difficulty of factoring two very large prime numbers (each up to several hundred digits in length)
-One round of encryption
-Key sizes from 1024 to 4096 bits
-very secure, but keys of smaller sizes have been broken, based on faulty implementations of RSA though.
-de facto asymmetric algorithm used in PK cryptography implementations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Diffie-Hellman (DH)

A

Asymmetric cryptosystem, DH protocols enable asymmetric key exchange to give both sides of a conversation a single symmetric key. a non-secure channel can establish secure comms
-Faster connection compared to RSA. RSA has great security, requires a lot of computation. DH = speed!
-uses discrete logarithms, modulo arithmetic, and prime numbers to generate key pairs
-part of key exchange process requires each side to generate a temporary, ephemeral key (Diffie-Hellman Ephemeral) (DHE)
-relies on pseudorandom number generation to create ephemeral keys, which in most cases relies on aspects of the underlying system like dates, MAC address of the NIC, other seemingly random information, but these aren’t random. However, alternatives exist.
-Can use a larger modulus. DH Groups have preset moduluses. Group 1, 2, 5, 14, 768, 1024, 1546, and 2048 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Elliptic-Curve Diffie-Hellman Ephemeral

A
  • skips pseudorandom number generation and instead uses ephemeral keys calculated using elliptic-curve cryptography. Has groups. Group 19, 20, 21, 25-bits, 384-bits, and 521-bit elliptic curves
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PGP/GPG

A

Pretty Good Privacy - Asymmetric cryptography application/protocol suite. Can use both asymmetric and symmetric keys. bulk encryption, data at rest encryption (file and FDE, full disk encryption), key pair generation, and key exchange.
-PGP uses a web of trust, rather than a public key infrastructure
Commercialized, proprietary, but it has an open-source equivalent, Gnu Privacy Guard (GPG)
Comply with the OpenPGP standard, an IETF standard published asd RFC 4880

17
Q

ECC

A

Elliptic-curve cryptography, asymmetric cryptographic method based on problems involving the algebraic structure of elliptic curves over finite fields
- special uses involving mobile devices, low computational power and memory usage, widely implemented in smartphones and low-power mobile devices
-smaller key sizes, but are harder to break. Largest known ECC key broken is 112-bits, but a 768-bit key has been broken with RSA.

18
Q

ElGamal

A

Asymmetric algorithm that can be used for digital signatures and general encryption
partially based on Diffie-Hellman key exchange algorithms. Uses mathematical problems related to computing discrete logarithms
Used in hybrid cryptosystems, encrypts a small symmetric key and a faster scheme encrypts the message
Widely used in open standards, including PGP and GPG
US Gov’t’s Digital Signature Algorithm (DSA)

19
Q

MD5

A

Message Digest 5 - hashing algorithm
-generates a 128-bit hash, 32 hexadecimal characters long
-replaces MD4
-has weaknesses, researchers have demonstrated collisions many times
many low-security situations stilluse it
-part of other cryptographic methods, including EAP (extensible authentication protocol), as part of its EAP-MD5 implementation
128-bit has, 32 hexadecimal characters regardless of text length

20
Q

SHA

A

Secure Hash Algorithm -initially released as SHA-0, several iterations now, including SHA-1, SHA-2, and SHA-3
SHA-1 - 160-bits, 40-character hashes. A contemporary of MD5 with similar flaws
SHA-2 - made up of two algorithms, SHA-256 and SHA-512, each has minor versions including SHA-224 and SHA-384
SHA-3 uses a hash function called Keccak that makes it different internally than SHA-1 and SHA-2.
Has 40-character hashes
SHA-3, implementation of the Keccak hashing function. the best version.
Developed by the NSA

21
Q

RIPEMD

A

RACE Integrity Primitives Evaluation Message Digest - hashing algorithm not often seen in practical implementation. Developed in an open-standard type of environment
Comes in 128- 160-, 256-, and 320-bit versions. Not in widespread use.
RIPEMD-160 is the most common iteration

22
Q

HMAC

A

Hash-based Message Authentication Code - used in conjunction with a symmetric key to authenticate and verify message integrity
-can use either MD5 or SHA series of hashing algorithms (HMAC-MD5 or HMAC-SHA1/2/3)
-produces a hash value, the Message Authentication Code (MAC)
HMAC uses a secret (symmetric) key with the hashing process, so a given message produces a unique hash using that symmetric key