Cryptography Flashcards
IPsec SA
Security assocation: simplex connection used to negotiate ESP or AH
difference between hashing and encrypting?
Hash is a one way function; Encryption assumes someone will decrypt
substitution
replaces one character for another (providing confusion)
modular math
26 letters in alphabet. Therefore, Y + C = B - or - 25 + 3 = 28 or 26 remainder 2 and 2 = B
scytale
parchment wrapped around a rod, written on, then unwrapped
triple DES
applies single DES three times per block; slow and complex
RC5
symmetric, 0 to 2040 bit key, 32, 64, 128 bit blocks
linear cryptanalysis
plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key
IPsec
Internet protocol security: suite of protocols that provide a cryptographic layer to both IPv4 and IPv6; used to establish VPNs; overly complex with multiple overlapping parts
ECC
elliptic curve cryptography: leverages one-way function that uses discrete logarithms as applied to elliptic curves; strong; less computational resources; used in low power devices
AH
authentication header: provides authentication and integrity (no confidentiality); protects against replay attacks
CFB
cipher feedback: stream cipher; like CBC only is a stream mode using feedback (chaining in stream mode); uses initialization vector; errors propogate
differential cryptanalysis
seeks to find the difference between related plaintexts that are encrypted
escrowed encryption
thrid-party organization holds a copy of the public/private key pari
permutation
aka transposition; provides diffusion by rearrnagin the characters of the plaintest, anagram-style
known plaintext
knowing the plaintext and cipher text allows you to figure out the key
key escrow
a copy is retained by a third-pary org, often for the purposes of law enforcement
ciphertext
encrypted message
Single DES
encrypts 64 bits blocks of data with 56 bit key using 16 rounds of encryption
HAVAL
hash of variable length: hash algorithm that craets message digests of 128, 160, 192, 224, 256 bit in length using 3,4, or 5 rounds
CA
certifiate authorities: issues digital certificates
rainbow tables
precomputed compliation of plaintexta dn matching ciphertexts; greatly speed up many tpes of password cracks
5 modes of DES
- ECB (Electronic Code book) 2. CBC (cipher block chaining) 3. CFB (Cipher feedback) 4. OFB (output feedback) 5. CTR (counter mode)
polyalphabetic cipher
uses multiple alphabets
S/MIME
secure Multipurpose Internet mail extensions: provides a standard way to formal e-mail (leverageing PKI)
factoring
figuring out which two prime numbers multiplied provides an answer
collisions
when two documents hash to the same value
key clustering
occurs when two symmetric keys applied to the same plaintext produce the same ciphertext
algorithm
set of instructions
monoalphabetic cipher
uses one alphabet
CTR
Counter: like OFB; stream cipher; uses a counteruses initialization vector; errors don’t propogate
secure hash algorithm
a series of hash algorithms; weak collision avoidance
IDEA
international data encryption algorithm: symmetric block cipher designed to replace DES; 128 bit key, 64 bit block; slow
CBC
cipher block chaining: block cipher; XORs previous encrypted block of ciphertext to next block of plaintext;uses initialization vector; errors propogate
HMAC
hashed Message Authentication Code: combines a shared secret key with hashing; IPsec uses HMAC; two partices must pre-share secret key
blowfish
symmetric, 32 to 448 bit keys; 64 bit block; open algorithm
Diffie-Hellman
asymmetric pioneers; uses discrete logarithms to provide security, uses one-way factoring
steganography
science of hidden communication; hides info inside of other files such as images
cryptology
science of secure communications; encompasses both cryptography and cryptanalysis
SSL
secure sockets layer: brings power of PKI to the web
social engineering
it is what it is
twofish
symmetric, 128 to 256 bit key, 128 bit block
IPSec protocols
AH and ESP
key storage
organization that issued the publi/private key pairs retains a copy
PGP
pretty good privacy: brought asymmetric encryption to the masses; uses a web of trust model to authenticate digital certificates
OFB
output feedback: stream cipher; uses the previous ciphertxt as the subkey before it is XORd; uses initialization vector; errors don’t propogate
COCOM
coordinating committee for multilateral expert controls: in effect from ‘47 to ‘94
PKI
public key infrastructure: leverages all three forms of encryption to provide and manage digital certificates
hash function
one-way encryuption using an algorithm and no key; no way to reverse the encryption
work factor
describes how long it will take to break a cryptosystem
vigenere cipher
polyalphabetic cipher
one-way function
math that is easy one way, but hard another. Ie 7 to the 13th power is easy to figure. 96,889,010,407 is 7 to what power is much, much harder
purple
stepping-switch device built with phone sitch hardware; later models were red and jade
chaining
seeds previous encrypted block into th enext block to be encrypted; destroys patterns in ciphertext
Wassenaar Arrengement
successor to COCOM; initiated in 1996; relaxed many restrictions on exporting cryptography
diffusion
order of the plaintext should be diffused or dispersed in the ciphertext
ORA
organizational registration authorities: authenticate the ID of a certificate holder before issuing a certificate to them
clipper chip
used skipjack algorithm; symmetrick cipher with 80 bit key; used in EES
symmetric encryption
Encryption that uses 1 key to encrypt and decrypt; aka “secret” key encryption; strengths include speed and cryptographic strength per bit of key
DES
data encryption standard: describes data encryption algortihm; federal standard symmetric cipher; 64 bit block, 56 bit key
plaintext
unencrypted message
Jefferson disks
sort of an early cipher disk, but not really used much
side-channel
use physical data to break a cryptosystem
ISAKMP
manages the SA creation process
AES
advanced encryption standard: 128 bit, 192 bit, 256 bit keys, 128 bit blocks; open algorithm, free to use
RC6
symmetric 128, 192, 256 bit key, 128 bit blocks
cipher disk
two concentric disks each with alphabet around perimeter; allows mono and poly alphabetic encryption
ElGamal
asymmetric algorithm using one way factoring
protocol governance
describes the process of selecting the right mothod (cipher) and implementation for the right job
birthday attack
used to create hash collisions
IKE
Internet Key exchange: negotiates the algorithm selection process for Ipsec
ECB
electronic code book: block cipher; simplest and weakest form of DES; no initialization vector or chaining; errors don’t propogate
SPI
security parameter Index: identifies each simplex SA connection
three types of modern encryption
symmetric, asymmetric, hashing
codebooks
assign codewords for important things
assymmetric encryption
encryption that uses 2 keys; if you encrypt with one, you may decrypt with the other
TLS
transport layer security: successor to SSL
confusion
relationship between the plaintext and ciphertext should be as confused or reandom as possible
MAC
message authentication code: hash function that uses a key; provides integrity and authenticity
5 components of PKI
- Certification authorities issue/revoke certs 2. Organization registration authorities vouch for binding between public keys and cert holder ID 3. cert holders that are issues certs and can sign digital docs 4. clietns that validate digital signatures and their cert paths from a know public key 5. repositories that store and make availabe certs and cert revocation lists
caesar cipher
simple rotation cipher
cryptanalysis
science of breaking encrypted messages (recovering their meaning)
book cipher
uses whole words from a well-known bok such as a dictionary; agree on page, line, word offset and source
cryptography
creates messages whoe meaning is hidden; can provide confidentiality and intregrity; can also provide authentication and non-repudiation
MD5
message Digest 5: 128 bit hash based on any input length
digital signatures
provide non-repudiation
brute force
generates the entire keyspace; effective attack against all key-based ciphers except one-time pad; only provably unbreakable form of crypto
known key
means the cryptanalyst knows something about the key, not cecessarily knows the key
implmentation attacks
exploit a mistake made while implementation a service, application, or system
CRL
certificate revocation list: list of certificates that have been revoked
ESP
encapsulating security payload: provides confidentiality by encypting packet data; may also provide authentication and integrity
XOR
exclusive Or: two bits are are the same, answer is true; if two bits are different, answer is false
meet-in-the-middle
encrypts on one side, decrypts on the other and meets in the middle
