Cryptography Flashcards
IPsec SA
Security assocation: simplex connection used to negotiate ESP or AH
difference between hashing and encrypting?
Hash is a one way function; Encryption assumes someone will decrypt
substitution
replaces one character for another (providing confusion)
modular math
26 letters in alphabet. Therefore, Y + C = B - or - 25 + 3 = 28 or 26 remainder 2 and 2 = B
scytale
parchment wrapped around a rod, written on, then unwrapped
triple DES
applies single DES three times per block; slow and complex
RC5
symmetric, 0 to 2040 bit key, 32, 64, 128 bit blocks
linear cryptanalysis
plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key
IPsec
Internet protocol security: suite of protocols that provide a cryptographic layer to both IPv4 and IPv6; used to establish VPNs; overly complex with multiple overlapping parts
ECC
elliptic curve cryptography: leverages one-way function that uses discrete logarithms as applied to elliptic curves; strong; less computational resources; used in low power devices
AH
authentication header: provides authentication and integrity (no confidentiality); protects against replay attacks
CFB
cipher feedback: stream cipher; like CBC only is a stream mode using feedback (chaining in stream mode); uses initialization vector; errors propogate
differential cryptanalysis
seeks to find the difference between related plaintexts that are encrypted
escrowed encryption
thrid-party organization holds a copy of the public/private key pari
permutation
aka transposition; provides diffusion by rearrnagin the characters of the plaintest, anagram-style
known plaintext
knowing the plaintext and cipher text allows you to figure out the key
key escrow
a copy is retained by a third-pary org, often for the purposes of law enforcement
ciphertext
encrypted message
Single DES
encrypts 64 bits blocks of data with 56 bit key using 16 rounds of encryption
HAVAL
hash of variable length: hash algorithm that craets message digests of 128, 160, 192, 224, 256 bit in length using 3,4, or 5 rounds
CA
certifiate authorities: issues digital certificates
rainbow tables
precomputed compliation of plaintexta dn matching ciphertexts; greatly speed up many tpes of password cracks
5 modes of DES
- ECB (Electronic Code book) 2. CBC (cipher block chaining) 3. CFB (Cipher feedback) 4. OFB (output feedback) 5. CTR (counter mode)
polyalphabetic cipher
uses multiple alphabets
S/MIME
secure Multipurpose Internet mail extensions: provides a standard way to formal e-mail (leverageing PKI)
factoring
figuring out which two prime numbers multiplied provides an answer
collisions
when two documents hash to the same value
key clustering
occurs when two symmetric keys applied to the same plaintext produce the same ciphertext
algorithm
set of instructions
monoalphabetic cipher
uses one alphabet
CTR
Counter: like OFB; stream cipher; uses a counteruses initialization vector; errors don’t propogate
secure hash algorithm
a series of hash algorithms; weak collision avoidance
IDEA
international data encryption algorithm: symmetric block cipher designed to replace DES; 128 bit key, 64 bit block; slow
CBC
cipher block chaining: block cipher; XORs previous encrypted block of ciphertext to next block of plaintext;uses initialization vector; errors propogate
HMAC
hashed Message Authentication Code: combines a shared secret key with hashing; IPsec uses HMAC; two partices must pre-share secret key
blowfish
symmetric, 32 to 448 bit keys; 64 bit block; open algorithm
Diffie-Hellman
asymmetric pioneers; uses discrete logarithms to provide security, uses one-way factoring