Cryptography Flashcards

1
Q

MD5

A

MD5

  • Hashing algorithm
  • 128-bit hash
  • Cracked
  • Used to verify integrity of files
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SHA

-Types

A

SHA
Secure Hash Algorithm
-Integrity
-SHA-1: 160-bit hash
-SHA-2: 256 bit most popular, up to 512-bit hash
-SHA-3: same sizes as SHA-2 (up to 512-bit hash). Non-NSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

HMAC

  • What is it
  • What does it provide
  • What uses it
A
HMAC
Hash-Based Message Authentication Code
-Integrity and authenticity
-Combine hash plus secret key (ic, HMAC-MD5,HMAC-SHA1)
-Integrity and authenticity
-IPSec and TLS use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

RIPEMD

A

RIPEMP

  • Family of hashing functions
  • For integrity
  • RIPEMPD-128 (not secure)
  • RIPEMD-160: 160-bit hash
  • RIPEMD-256
  • RIPEMD-320
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Key Stretching

  • What is it
  • What can it prevent
  • Specific techniques
A

Key Stretching

  • Make a weak key stronger
  • Add salt with additional random bits
  • Repeatedly hashing
  • Can thwart brute force and rainbow table attacks
  • bcrypt and PBKDF2 are key-stretching techniques
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

bcrypt

  • What is it
  • What does it do
  • What does it result in
  • Where is it used
A

bcrypt

  • Key-stretching technique for passwords
  • Salts, then encrypts with Blowfish
  • Can repeat multiple times
  • Result is 60 character string
  • Used in linux
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

PBKDF2

  • What is it
  • What does it do
  • What does it result in
  • Where is it used
A
PDKDF2
Password Based Key Derivation Function 2
-Key-stretching technique for passwords
-Salts of at least 64 bits
-Hash with HMAC
-May repeat a million times
-Results in 128, 256, 512 bit hash
-Used in WPA2, iOS, Cisco
-May be weaker than bcrypt
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ECB

A
ECB
Electronic Code Book
-A cypher mode
-Simplest encryption mode
-Each block encrypted with same key (same plaintext block creates same ciphertext)
-Deprecated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

CBC

A
CBC
Cipher Block Chaining
-A cypher mode
-Each plaintext block XOR'ed with previous ciphertext block
-Initialization vector for first block
-Adds randomization
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

CTR

A

CTR

  • Counter Mode
  • A cypher mode
  • Converts block cypher into stream cypher
  • Combines IV with counter so every block gets different encryption key
  • Encrypts successive values of counter
  • Widely used and respected
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

GCM

-What uses it?

A
GCM
Galois/Counter Mode
-A cypher mode
-Encryption with authentication
-Counter mode plus Galois authentication
-Commonly used with in packetized data (wireless, IPSec, SSH, TLS)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Elliptic Curve Cryptography (ECC)

  • What is it
  • What is it used for
A

Elliptic Curve Cryptography (ECC)

  • Asymmetric encryption algorithm
  • Encryption, digital signatures, pseudo-random generators
  • Less processing power, good for wireless devices
  • Deprecated
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Stream Cipher

A

Stream Cipher

  • Used with symmetric encryption (not asymmetric)
  • One bit or byte at a time
  • High speed, low hardware complexity
  • Starting state should never be the same - combine key with IV
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Block Cipher

A

Block Cipher

  • Symmetric encryption
  • Encrypt fixed-length groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Digital Signature

  • What does it provide
  • Which keys are used by sender and receiver
  • Steps to send/receive digital signature
A

Digital Signature

  • Integrity
  • Authentication
  • Non-repudiation
  • Sender uses sender’s private key
  • Recipient uses sender’s public key

Steps

  • Sender creates hash of message
  • Sender encrypts hash with sender’s private key
  • Sender sends encrypted has and plaintext
  • Recipient decrypts hash with sender’s public key
  • Recipient hashes plaintext and compares to decrypted hash
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

PFS

A

PFS
Prefect Forward Secrecy
-Ephemeral keys (good for one session)
-Elliptic Curve or Diffie-Hellman ephemeral

17
Q

AES

  • What is it
  • What uses it
  • Is it good
A
AES
Advanced Encryption Standard
-Symmetric encryption algorithm
-128-bit block cipher
-128, 192, 256-bit keys
-Used in WPA2
-Strong, fast, efficient
18
Q

DES

  • What is it
  • What uses it
  • Is it good
A
DES
Data Encryption Standard
-Symmetric encryption algorithm
-64-bit block cypher
-56-bit key (small)
-Nothing today uses
-Not good. Easily brute forced
19
Q

3DES

  • What is it
  • What uses it
  • Is it good
A
3DES
Triple DES
-Symmetric encryption algorithm
-DES encryption three times with three different keys
-Nothing today uses
-Not good anymore
-Superseded by AES
20
Q

RC4

  • What is it
  • What uses it
  • Is it good
A
RC4
Rivest Cipher 4
-Symmetric encryption algorithm
-Symmetric stream cipher
-Was used in WEP and SSL
-Cracked; Not used anymore
21
Q

Blowfish

  • What is it
  • What uses it
  • Is it good
  • Block size
  • Key size
A

Blowfish

  • Symmetric encryption algorithm
  • 64-bit block cipher
  • Key up to 448 bits
  • Open source: Not limited by patents
  • No way to break 16 rounds of encryption
  • Faster than AES due to smaller block size
  • strong
22
Q

Twofish

  • What is it
  • What uses it
  • Is it good
  • Block size
  • Key size
A

Twofish

  • Symmetric block encryption algorithm
  • Successor to Blowfish
  • 128-bit block size
  • Key up to 256 bits
  • Open source: not limited by pattents
23
Q

Diffie-Hellman

A

Diffie-Hellman

  • Key exchange method for asymmetric keys
  • Does not encrypt or authenticate
  • Privately share symmetric key
  • RSA uses for static keys
  • Used for Perfect Forward Secrecy (PFS)
  • Ephemeral DH (EDH or DHE)
  • Combine with Elliptical Curve (ECDHE)
24
Q

RSA

A

RSA

  • Asymmetric encryption with public/private key
  • Static keys
  • Public domain
  • Encrypt email: recipient’s public key encrypts symmetric key; recipient’s private key decrypts
25
Q

DSA

A
DSA
Digital Signature Algorithm
-Asymmetric encryption
-Modifies Diffie-Hellman
-Can combine with Elliptical Curve (ECDSA)
-Fast and efficient digital signatures
26
Q

S/MIME

-What does it use (two things)?

A

S/MIME
Secure Email
-RSA for asymmetric encryption
-AES for symmetric encryption

27
Q

CSR

A

CSR

Certificate Signing Request

28
Q

CRL

A

CRL

Certificate Revocation List

29
Q

Certificate Stapling

A

Certificate Stapling

  • Haver certificate holder verify their own certificate’s status so client doesn’t have to ask
  • Appends signed OCSP status to certificate
30
Q

Public Key Pinning

A

Public Key Pinning

-Web server sends list of public key hashes that clients can use to validate certificates

31
Q

PGP

A

PGP
Pretty Good Privacy
-Asymmetric encryption

32
Q

CER

A
CER
Canonical Encoding Rules
-Format for PKI certificates
-ASCII
-P7B is common format used to share public keys
33
Q

DER

A
DER
Distinguished Encoding Rules
-Format for PKI certificates
-Base64 binary encoded
-P12 is common format used to hold encrypted private keys
34
Q

OCSP

A

OCSP
Online Certificate Status Protocol
-Alternative to CRL
-Client queries CA for status in real-time
-stapling makes it so clients don’t have to keep querying CA

35
Q

ECDSA

A

ECDSA

Elliptical Curve Digital Signature Algorithm

36
Q

IDEA

A

IDEA
International Data Encryption Algorithm
-Broken
-symmetric-key block cipher