Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Security+ > Cryptography > Flashcards

Cryptography Flashcards

1
Q

MD5

A

MD5

  • Hashing algorithm
  • 128-bit hash
  • Cracked
  • Used to verify integrity of files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SHA

-Types

A

SHA
Secure Hash Algorithm
-Integrity
-SHA-1: 160-bit hash
-SHA-2: 256 bit most popular, up to 512-bit hash
-SHA-3: same sizes as SHA-2 (up to 512-bit hash). Non-NSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

HMAC

  • What is it
  • What does it provide
  • What uses it
A 
HMAC
Hash-Based Message Authentication Code
-Integrity and authenticity
-Combine hash plus secret key (ic, HMAC-MD5,HMAC-SHA1)
-Integrity and authenticity
-IPSec and TLS use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RIPEMD

A

RIPEMP

  • Family of hashing functions
  • For integrity
  • RIPEMPD-128 (not secure)
  • RIPEMD-160: 160-bit hash
  • RIPEMD-256
  • RIPEMD-320
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Key Stretching

  • What is it
  • What can it prevent
  • Specific techniques
A

Key Stretching

  • Make a weak key stronger
  • Add salt with additional random bits
  • Repeatedly hashing
  • Can thwart brute force and rainbow table attacks
  • bcrypt and PBKDF2 are key-stretching techniques
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

bcrypt

  • What is it
  • What does it do
  • What does it result in
  • Where is it used
A

bcrypt

  • Key-stretching technique for passwords
  • Salts, then encrypts with Blowfish
  • Can repeat multiple times
  • Result is 60 character string
  • Used in linux
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PBKDF2

  • What is it
  • What does it do
  • What does it result in
  • Where is it used
A 
PDKDF2
Password Based Key Derivation Function 2
-Key-stretching technique for passwords
-Salts of at least 64 bits
-Hash with HMAC
-May repeat a million times
-Results in 128, 256, 512 bit hash
-Used in WPA2, iOS, Cisco
-May be weaker than bcrypt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ECB

A 
ECB
Electronic Code Book
-A cypher mode
-Simplest encryption mode
-Each block encrypted with same key (same plaintext block creates same ciphertext)
-Deprecated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CBC

A 
CBC
Cipher Block Chaining
-A cypher mode
-Each plaintext block XOR'ed with previous ciphertext block
-Initialization vector for first block
-Adds randomization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CTR

A

CTR

  • Counter Mode
  • A cypher mode
  • Converts block cypher into stream cypher
  • Combines IV with counter so every block gets different encryption key
  • Encrypts successive values of counter
  • Widely used and respected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

GCM

-What uses it?

A 
GCM
Galois/Counter Mode
-A cypher mode
-Encryption with authentication
-Counter mode plus Galois authentication
-Commonly used with in packetized data (wireless, IPSec, SSH, TLS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Elliptic Curve Cryptography (ECC)

  • What is it
  • What is it used for
A

Elliptic Curve Cryptography (ECC)

  • Asymmetric encryption algorithm
  • Encryption, digital signatures, pseudo-random generators
  • Less processing power, good for wireless devices
  • Deprecated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Stream Cipher

A

Stream Cipher

  • Used with symmetric encryption (not asymmetric)
  • One bit or byte at a time
  • High speed, low hardware complexity
  • Starting state should never be the same - combine key with IV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Block Cipher

A

Block Cipher

  • Symmetric encryption
  • Encrypt fixed-length groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Digital Signature

  • What does it provide
  • Which keys are used by sender and receiver
  • Steps to send/receive digital signature
A

Digital Signature

  • Integrity
  • Authentication
  • Non-repudiation
  • Sender uses sender’s private key
  • Recipient uses sender’s public key

Steps

  • Sender creates hash of message
  • Sender encrypts hash with sender’s private key
  • Sender sends encrypted has and plaintext
  • Recipient decrypts hash with sender’s public key
  • Recipient hashes plaintext and compares to decrypted hash
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PFS

A

PFS
Prefect Forward Secrecy
-Ephemeral keys (good for one session)
-Elliptic Curve or Diffie-Hellman ephemeral

17
Q

AES

  • What is it
  • What uses it
  • Is it good
A 
AES
Advanced Encryption Standard
-Symmetric encryption algorithm
-128-bit block cipher
-128, 192, 256-bit keys
-Used in WPA2
-Strong, fast, efficient
18
Q

DES

  • What is it
  • What uses it
  • Is it good
A 
DES
Data Encryption Standard
-Symmetric encryption algorithm
-64-bit block cypher
-56-bit key (small)
-Nothing today uses
-Not good. Easily brute forced
19
Q

3DES

  • What is it
  • What uses it
  • Is it good
A 
3DES
Triple DES
-Symmetric encryption algorithm
-DES encryption three times with three different keys
-Nothing today uses
-Not good anymore
-Superseded by AES
20
Q

RC4

  • What is it
  • What uses it
  • Is it good
A 
RC4
Rivest Cipher 4
-Symmetric encryption algorithm
-Symmetric stream cipher
-Was used in WEP and SSL
-Cracked; Not used anymore
21
Q

Blowfish

  • What is it
  • What uses it
  • Is it good
  • Block size
  • Key size
A

Blowfish

  • Symmetric encryption algorithm
  • 64-bit block cipher
  • Key up to 448 bits
  • Open source: Not limited by patents
  • No way to break 16 rounds of encryption
  • Faster than AES due to smaller block size
  • strong
22
Q

Twofish

  • What is it
  • What uses it
  • Is it good
  • Block size
  • Key size
A

Twofish

  • Symmetric block encryption algorithm
  • Successor to Blowfish
  • 128-bit block size
  • Key up to 256 bits
  • Open source: not limited by pattents
23
Q

Diffie-Hellman

A

Diffie-Hellman

  • Key exchange method for asymmetric keys
  • Does not encrypt or authenticate
  • Privately share symmetric key
  • RSA uses for static keys
  • Used for Perfect Forward Secrecy (PFS)
  • Ephemeral DH (EDH or DHE)
  • Combine with Elliptical Curve (ECDHE)
24
Q

RSA

A

RSA

  • Asymmetric encryption with public/private key
  • Static keys
  • Public domain
  • Encrypt email: recipient’s public key encrypts symmetric key; recipient’s private key decrypts
25
DSA
``` DSA Digital Signature Algorithm -Asymmetric encryption -Modifies Diffie-Hellman -Can combine with Elliptical Curve (ECDSA) -Fast and efficient digital signatures ```
26
S/MIME | -What does it use (two things)?
S/MIME Secure Email -RSA for asymmetric encryption -AES for symmetric encryption
27
CSR
CSR | Certificate Signing Request
28
CRL
CRL | Certificate Revocation List
29
Certificate Stapling
Certificate Stapling - Haver certificate holder verify their own certificate's status so client doesn't have to ask - Appends signed OCSP status to certificate
30
Public Key Pinning
Public Key Pinning | -Web server sends list of public key hashes that clients can use to validate certificates
31
PGP
PGP Pretty Good Privacy -Asymmetric encryption
32
CER
``` CER Canonical Encoding Rules -Format for PKI certificates -ASCII -P7B is common format used to share public keys ```
33
DER
``` DER Distinguished Encoding Rules -Format for PKI certificates -Base64 binary encoded -P12 is common format used to hold encrypted private keys ```
34
OCSP
OCSP Online Certificate Status Protocol -Alternative to CRL -Client queries CA for status in real-time -stapling makes it so clients don't have to keep querying CA
35
ECDSA
ECDSA | Elliptical Curve Digital Signature Algorithm
36
IDEA
IDEA International Data Encryption Algorithm -Broken -symmetric-key block cipher

Security+ (20 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions