Cryptography Flashcards
Learn cissp
If you want confidentiality when sending email message
then Encrypt the message
If your message must maintain integrity
you must hash the message.
If your message needs authentication, integrity and/or nonrepudiation.
You should digitally sign the message.
If your message requires confidentiality, integrity, authentication, and
nonrepudiation
you should encrypt and digitally sign the message.
Which Algorithm Operates on 64-bit blocks of text has variable-length keys ranging from a relatively
insecure 32 bits to an extremely strong 448 bits.
Blowfish
The AES cipher allows the use of three key strengths
128-bit keys require 10 rounds of encryption.
192-bit keys require 12 rounds of encryption.
256-bit keys require 14 rounds of encryption.
How many version PGP is available ?
Two version
commercial version
Freeware
The commercial version uses
Key exchange ?
Encryption ?
Hashing ?
The commercial version uses
RSA for key exchange,
IDEA for encryption/decryption,
and MD5 for message digest production
The freeware version (based on the extremely similar OpenPGP standard) uses Key exchange ? Encryption ? Hashing ?
Diffie-Hellman key
exchange, the Carlisle Adams/Stafford Tavares (CAST) 128-bit encryption/decryption
algorithm, and
the SHA-1 hashing function.
S/MIME has
already been incorporated in a large number of commercial products, including these:
Microsoft Outlook and Outlook Web Access
Mozilla Thunderbird
Mac OS X Mail
The only
public key cryptographic protocol supported by S/MIME.
RSA
The protocol supports the AES
and 3DES symmetric encryption algorithms.
Common permissions restricted by document DRM solutions
Reading a file Modifying the contents of a file Removing watermarks from a file Downloading/saving a file Printing a file Taking screenshots of file content
How many types of Circuit Encryption ?
Security administrators use two types of encryption techniques to protect data traveling
over networks:
Link encryption protects
End-to-end encryption
What is Link encryption ?
Protects entire communications circuits by creating a secure tunnel
between two points using either a hardware solution or a software solution that
encrypts all traffic entering one end of the tunnel and decrypts all traffic entering the
other end of the tunnel
What is End-to-end encryption ?
End-to-end encryption protects communications between two parties (for example, a
client and a server) and is performed independently of link encryption.
Difference between link encryption and End-to-end encryption
Link encryption,
all the data, including the header, trailer, address, and routing data, is also encrypted.
Therefore, each packet has to be decrypted at each hop so it can be properly routed to the
next hop and then re-encrypted before it can be sent along its way, which slows the
routing.
End-to-end encryption does not encrypt the header, trailer, address, and routing
data, so it moves faster from point to point but is more susceptible to sniffers and
eavesdroppers.
Examples of Link encryption ?
A company with two offices connected via a
data circuit might use link encryption to protect against attackers monitoring at a
point in between the two offices.
Example of End-to-end encryption
Secure Shell (SSH) is a good example of an end-to-end encryption technique. Use of TLS to protect communications between a user and a web server.
Note
When encryption happens at the higher OSI layers, it is usually end-to-end encryption,
and if encryption is done at the lower layers of the OSI model, it is usually link
encryption.
IPsec
architecture that supports secure
communications is the Internet Protocol Security (IPsec) standard.
IPsec is a standard
architecture set forth by the Internet Engineering Task Force (IETF) for setting up a
secure channel to exchange information between two entities.
Which cryptography IPsec uses to provide encryption, access control, nonrepudiation,
and message authenticatio ?
IPsec uses public key cryptography to provide encryption, access control, nonrepudiation,
and message authentication, all using IP-based protocols. The
Use of IPsec ?
The primary use of IPsec is for
virtual private networks (VPNs), so IPsec can operate in either transport or tunnel mode.
IPsec is commonly paired with the Layer 2 Tunneling Protocol (L2TP) as L2TP/IPsec.
Wired Equivalent Privacy ?
Wired Equivalent Privacy (WEP) provides 64- and 128-bit
encryption options to protect communications within the wireless LAN. WEP is described
in IEEE 802.11 as an optional component of the wireless networking standard.
Note about WEP
In fact, the use of WEP encryption on a store network was the root
cause behind the TJX security breach that was widely publicized in 2007. Again, you
should never use WEP encryption on a wireless network.
WiFi Protected Access
WiFi Protected Access (WPA) improves on WEP encryption by
implementing the Temporal Key Integrity Protocol (TKIP), eliminating the cryptographic
weaknesses that undermined WEP. A further improvement to the technique, dubbed
WPA2, adds AES cryptography. WPA2 provides secure algorithms appropriate for use on
modern wireless networks.
Note About WAP
Remember that WPA does not provide an end-to-end security solution. It encrypts
traffic only between a mobile computer and the nearest wireless access point. Once
the traffic hits the wired network, it’s in the clear again.
Other commonly used Wireless security standard ?
Another commonly used wireless security standard, IEEE 802.1x, provides a flexible
framework for authentication and key management in wired and wireless networks.
use 802.1x, the client runs a piece of software known as the supplicant
