Cryptography Flashcards
RIPEMD
Hashing algorithm that is based on MD4, collisions were found so it now exists in versions of 160-bits, 256-bits, and 320-bits.
SHA1
SHA (Secure Hash Algorithm): Hashing algorithm, one-way 160-bit hash value with encryption protocol. Standard hash algorithm today, went from SHA-1 (160-bit digest, deprecated) to SHA-2
NTLM
creates a 128-bit fixed output
MD-5
MD5 (Message-Digest Algorithm v5): Hashing algorithm, 128-bit hash with strong security, collision was found in 1996 so it is not used as much nowadays.
AES
AES (Advanced Encryption Standard): Symmetric, block cipher with 128-bit blocks, key sizes of 128-bit, 192-bit and 256-bit.
DES
DES (Data Encryption Standard): Symmetric, was common until replaced by AES, the block cipher is 64-bit and the key is 56-bit (very small), this means it can easily be brute forced.
RC4
Symmetric, part of the original WEP standard with key sizes of 40-bit to 2048-bit. Deprecated from biased output.(predictable IV)
RSA
RSA (Rivest, Shamir, Adleman): First practical use of public key cryptography, uses large prime numbers as the basis for encryption. Can generate key pairs used. In email encryption
DSA
DSA (Digital Signature Algorithm): Standard for digital signatures
Twofish
Twofish: Symmetric, uses a very complex key structure up to 256-bits but still similar to predecessor, works using 128-bit blocks. Again, not limited by patents.
Blowfish
Blowfish: Symmetric, fast and has variable key-lengths from 1-bit to 448-bits, uses 64-bit block cipher. Not limited by patents.
DHE
Diffie-Hellman: An asymmetric standard for exchanging keys. Primarily used to send private keys over public (unsecured) networks.
TPM
A Trusted Platform Module (TPM) is a hardware chip on a motherboard and provides a local secure boot process. A TPM includes an encryption key burned into the CPU, which provides a hardware root of trust. stores cryptographic keys used for encryption.
A TPM supports secure boot and attestation processes.
HSM
Hardware security module. A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption.
Decryptor
Devices used to create separate SSL (or TLS) sessions. They allow other security devices to examine encrypted traffic sent to and from the Internet.
SSL/TLS accelerator
Devices used to handle TLS traffic. Servers can off-load TLS traffic to improve performance.
3DES
DES: Symmetric, very secure and upgrade over DES with three separate keys and three passes over data. Not used in modern day either.
ECC
Elliptic curve cryptography (ECC): Asymmetric, uses smaller key sizes and curve algorithms to secure data, useful in portable devices because it uses less CPU power.
PGP
Pretty Good Privacy (PGP) is a method used to secure email communication.communication. It can encrypt, decrypt, and digitally sign email.Just like S/MIME, PGP uses both asymmetric and symmetric encryption.
GPG
GPG (GNU Privacy Guard): A free, open-source version of OpenPGP that provides equivalent encryption and authentication services.
remote attestation
A remote attestation process works like the secure boot process. However, instead of checking the boot files against the report stored in the TPM, it uses a separate system. when the TPM is configured, it captures the signatures of key files, but sends this report to a remote system.
S/MIME
Secure/Multipurpose Internet Mail Extensions(S/MIME) is one of the most popular standards used to digitally sign and encrypt email. Most email applications that support encryption and digital signatures use S/MIME standards.S/MIME uses RSA for asymmetric encryption and AES for symmetric encryption.
ECB
The Electronic Codebook (ECB) mode of operation is the simplest cipher mode mentioned in this section. Algorithms that use ECB divide the plaintext into blocks and then encrypt each block using the same key.The Electronic Codebook (ECB) mode of operation is deprecated and should not be used.
(CBC)
Counter Block Chain mode is used by some symmetric block ciphers. It uses an IV for randomization when encrypting the first block. It then combines each subsequent block with the previous block using an XOR operation. (less efficient than some other modes)
(CTM/CTR/CM)
Counter mode effectively converts a block cipher into a stream cipher. It combines an IV with a counter and uses the result to encrypt eachplaintext block. Each block uses the same IV, but CTM combines it with the counter value, resulting in a different encryption key for each block.
GCM
Galois/Counter Mode (GCM) is a mode of operation used by many block ciphers. It combines the Counter mode of operation with the Galois mode of authentication. Note thatit doesn’t authenticate users or systems, but instead provides data authenticity (integrity) and confidentiality.
PGP/GPG
Pretty Good Privacy (PGP) is a method used to secure email communication. It can encrypt, decrypt, and digitally sign email.GNU Privacy Guard (GPG) is free software that is based on the OpenPGP standard.Each of the PGP versions uses the RSA algorithm and public and private keys for encryption and decryption. Just like S/MIME, PGP uses both asymmetric and symmetric encryption.
SHA 2
SHA-2 improved SHA-1 to overcome potential weaknesses. It includes four versions. SHA-256 creates 256-bit hashes and SHA-512 creates 512-bit hashes. SHA-224 (224-bit hashes) and SHA-384 (384-bit hashes) create truncated versions of SHA-256 and SHA- 512, respectively.
MD4
It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits.
