Cryptography Concepts 6.1 Flashcards
Cryptography
Provides confidentiality - Hidden messages
Authentication and access control - “I know it’s you”
Non-repudiation - You said it, you can’t deny it
Integrity - Tamper-proof
Cryptography Terms
Plaintext - Unencrypted message (in the clear)
Cyphertext - An encrypted message
Cipher - The algorithm used to encrypt and/or decrypt
Cryptanalysis - The art of cracking encryption. Researchers are constantly trying to find weaknesses in ciphers. A mathematically flawed cipher is bad for everyone.
Cryptographic Keys
Keys - Add the key to the cypher to encrypt. Larger keys are generally more secure.
Some encryption methods only use one key. Others use more than one key.
Confusion
Encryption is based on confusion and diffusion. You need both.
Confusion - The encrypted data is drastically different than the plaintext. The process should be non-linear, with no discernible patterns.
Diffusion
Change a single character of the input, and many characters change in the output.
Security Through Obscurity
Security should exist, even if the attackers knows everything about the system. Secrecy of the design shouldn’t be the main method of security. Encryption key would be the only unknown.
Substitution cipher’s don’t work because once the cipher is figured out, it’s completely un-usable.
Random Numbers
Cryptography relines on randomness. It’s used to generate keys, salt hashes, and much more.
App Development and Cryptography
Developers don’t need to be cryptographers. They write to an App Programming Interface (API). The API library does all the heavy lifting. They send plaintext into the box and get ciphertext back, no extra programming required.
The Windows software library is the Cryptographic Service Provider (CSP). The Microsoft CryptoAPI is the bridge between the application and the CSP.
