Cryptography and Hashing Flashcards
What is data at rest?
Inactive data that is archived such as data on a hard drive
What is data in transit?
Data crossing the network or data that resides in memory
What is data in use?
Data that is undergoing constant change
What is symmetric encryption?
Encryption in which both the sender and receiver must know the same secret using a private key
AES - Symmetric or Asymmetric?
Symmetric
DES - Symmetric or Asymmetric?
Symmetric
3DES - Symmetric or Asymmetric?
Symmetric
IDEA - Symmetric or Asymmetric?
Symmetric
Blowfish - Symmetric or Asymmetric?
Symmetric
RC4, RC5, RC6 - Symmetric or Asymmetric?
Symmetric
What is a drawback of symmetric encryption?
Key distribution - the more people you share the encrypted info with, the greater distribution of the secret key
What is Asymmetric encryption?
Encryption where different keys are used encrypt and decrypt data - a private key and a public key
What is an advantage symmetric encryption has over asymmetric?
It is faster since it only uses one shared secret key
What is hybrid implementation?
Combining symmetric and asymmetric encryption. Uses asymmetric to encrypt a private key and uses symmetric to secure the bulk of the data transfer
What is stream cipher?
Utilizes a keystream generator to encrypt data bit by bit
What is block cipher?
Cipher method that breaks the input into blocks of data and performs the encryption on each block. Easier to implement and more secure
Diffe-Hellman - symmetric or asymmetric ?
Asymmetric
RSA - symmetric or asymmetric ?
Asymmetric
ECC - symmetric or asymmetric ?
Asymmetric
What is a digital signature?
Provides integrity by hashing a message and encrypting it with sender’s private key
What is PGP
Pretty good privacy - encryption program primarily for emails using IDEA algorithm
What is GPG
GNU privacy guard - updated version of PGP that uses AES algorithm for encryption
What is the Diffe-Hellman algorithm used for ?
- Key exhchange/distribution over an insecure network
- Establish VPN tunnel using IPsec protocol
Most secure symmetric algorithm?
AES
What is key management?
How an organization will generate, exchange, store and use encryption keys
What is a good way to protect encryption keys?
Periodically change them like passwords
What is a one time pad?
A stream cipher that encrypts plain text with a secret random key (key stream) that is the same length as the plaintext input. No pattern or mathematical formula
What is the draw back of a one time pad?
There is no such thing as a truly random number in computers. Everything is dictated by algorithm or mathematical formula
What is PRNG?
Pseudo Random Number Generator - simulated random number stream generated by a computer that is used in cryptography, video games etc
What is Hashing?
One way cryptographic function that takes an input and produces a unique value which is used to confirm the integrity of a file. Can be viewed as the digital finger print of a file