Cryptography (CRY) Flashcards
Algorithm
mathematical function that determines the cryptographic operations
Asymmetric
encryption system using a pair of mathematically related unequal keys
Asymmetric Cryptography
Sender and receiver have public and private keys.
Public to encrypt a message, private to decrypt
Slower than symmetric, secret key (100 to 1000)
Asynchronous
encrypt/decrypt request are processed in queues.
Birthday attack
statistical probabilities of a collision are more likely than one thinks
Black Boxing
manipulates toll-free line voltage to phone for free
Block Cipher
Segregating plaintext into blocks and applying identical encryption algorithm and key
Blowfish
By Bruce Schneider key lengths 32 to 448 bits, used on Linux systems that use bcrypt (DES alternative)
Confidentiality Symmetric, Algorithm
Blue Boxing
tone simulation that mimics telephone co. system and allows long distance call authorization
Brute Force
with enough computing power trying all possible combinations
Caesar cipher
mono-alphabetic substitution cipher
CBC Cipher Block Chaining
blocks of 64 bits with 64bits initialization vector. Errors will propagate
Certificate Authority
PKI, entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Certificate revocation list (CRL)
a temporary public file to inform others of a compromised digital certificate
Certification authority
a trusted issuer of digital certificates
CFB
Cipher Feedback: stream cipher where the cipher text is used as feedback into key generation. errors will propagate
Checksum
a mathematical tool for verifying no unintentional changes have been made
Cipher
cryptographically transformation that operates on characters or bits. DES, word scramble, shift letters
Cipher text
scrambled form of the message or data
Clustering
situation wherein plain text messages generates identical cipher text messages using the same algorithm but with different crypto-variables or keys
Code
substitution at the word or phrase level
Codes
cryptographic transformation that operates at the level of words or phrases. Example: “wedding” means “attack”
Collisions
outputs within a given function are the same result
Concatenation
joining two pieces of text -
Confidentiality Asymmetric Algorithms
RSA (Rivest, Shamir, Adelman) - Factoring large primes
Elliptic Curve Cryptosystem - Logs, discrete logs
Diffie-Hellman for key exchange
El Gamal
Confidentiality Asymmetric Strengths
Confidentiality
Authentication
Non-repudiation
Key management easier
Access control
Integrity
Confidentiality Asymmetric Weaknesses
More processor-intensive than symmetric encryption
Still need to protect private key
Confidentiality Symmetric Algorithms
AES (Extended AES, Rijndael)
RC4
DES - Brute force can break it, but not flawed. Types Lucifer, Feistle Cipher, Triple DES.
Confidentiality Symmetric Strengths
Confidentiality protection
Speed
Bulk encryption - large files efficiency
Availability of free algorithms
Confidentiality Symmetric Weaknesses
Key management
Scalability issues
Shared keys - No authentication or non-repudiation, Forgery by receiver is possible
Confusion
mixing the key values during repeated rounds of encryption, make the relationship between ciphertext and key as complex as possible
relationship between the plaintext and the key is so complicated that an attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key
Cross certification
two certificate authorities that trust each other
Cryptanalysis
code breaking, practice of defeating the protective properties of cryptography.
Cryptographic Algorithm
Step by step procedure to encipher plaintext and decipher cipher text
Cryptography
code making
Cryptography Goals
Confidentiality
Integrity
Proof of origin
Non-repudiation
Protect data at rest
Protect data in transit
Cryptology
The study of cryptography and cryptanalysis
We think about Confidentiality, Integrity, and key exchange
Cryptology - CRY
cryptography + cryptanalysis
Cryptology implementation
IPSec
TLS
Cryptosystem
set of transformations from a message space to cipher space
Cryptovariable
key
CTR
Counter: secure long messages
Decipher
descrambling the encrypted message with the corresponding key
Dictionary attack
try a list of words in passwords or encryption keys
Diffie Hellman Key exchange
switching secret keys over an insecure medium without exposing the keys
Not encryption
Technically - Large prime generation, Groups
Diffusion
mix location of plaintext throughout ciphertext, change of a single bit should drastically change hash, dissipate pattern
a change in the plaintext results in multiple changes spread throughout the ciphertext
Digital certificate
a electronic attestation of identity by a certificate authority
Digital Signature
Asymmetric encryption of a hash of message
DSA
Digital Signature Algorithm – the US Government
Equivalent of the RSA algorithm
Dumpster Diving
going through someone’s trash to find useful or confidential info –it is legal but unethical in nature
ECB
Electronic Code Book - right block/left block pairing 1-1. Replication occurs. Secure short messages.
One of the Block modes of symmetric ciphers
ECC
Elliptic Curve Cryptosystem: mathematical properties of elliptical curves, IT REQUIRES FEWER RESOURCES THAN RSA. Used in low power systems (mobile phones etc.)
el Gamal
Works with discrete logarithms, based on
Diffie Hellman
Encipher
act of scrambling the cleartext message by using a key.
End-to-end encryption
Encrypted information that is sent from point of origin to destination. In symmetric encryption this means both having the same identical key for the session
Ephemeral keys
cryptographic keys that are generated for each execution of a key establishment process. SYN-Session Key
Exclusive OR
Boolean operation that performs binary addition
Hash function
one way encryption, for integrity purposes
Hybrid Cryptography
z-Uses both asymmetrical and symmetrical encryption:
asymmetrical for key exchange
symmetrical for the bulk - thus it is fast
example: SSL, PGP, IPSEC S/MIME
IDEA
International Data Encryption Algorithm
64 bit plaintext and 128 key length with confusion and diffusion used in PGP software patented requires licenses fees/free noncom.
Information Theory
Claude Elmwood Shannon
Integrity - How do we know about change?
Hash functions
Checksums - Accidental
Message Authentication Code
Initialization Vector
randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Kerckhoff’s principle
only the key protects the encrypted information
Key clustering
two different keys decrypt the same cipher text
Key escrow
for PKI, to store another copy of a key
Key Length
use with each algorithm based on the sensitivity of information transmitted, longer key the better!
Key management
creation distribution update and deletion
Key or Crypto variable
Information or sequence that controls the enciphering and deciphering of messages
Key space
total number of keys available that may be selected by the user of a cryptosystem
Keyed-Hashing for Message Authentication
a hash that has been further encrypted with a symmetric algorithm
Link encryption
stacked encryption using different keys to encrypt each time
Man-in-the-middle attack
adversary intercepts encrypted communications, decrypts, views, encrypts, and send along to the true destination
Message Authentication Code
Integrity intentional changes
Message digest
summary of a communication for the purpose of integrity
Message digest size for hash functions
Hash of Variable Length
HAVAL 128, 160, 192, 224, 256 bits
Hash message authentication code
HMAC Variable
Message Digest
MD5 128 bits
Secure Hash Algorithm
SHA-1 160 bits
SHA2-224/SHA3-224
SHA2-256/SHA3-256
SHA2-384/SHA3-384
SHA2-512/SHA3-512
RIPE Message Digest
RIPEMD-128
RIPEMD-160
RIPEMD-256 (security equivalent to 128)
RIPEMD-320 (security equivalent to 160)
Moore’s Law
computing power will double every 18 months
multi-party control
for PKI, to have more than one person in charge of a sensitive function
Non-repudiation
impossibility of denying authenticity and identity
Null Cipher
used in cases where the use of encryption is not necessary but yet the fact that no encryption is needed must be configured in order for the system to work. Ex. Testing, stenography
OFB
Output Feedback: stream cipher that generates the key but XOR-ing the plaintext with a key stream. No errors will propagate
One time pad
a running key using a random key that is never used again
Use a different substitution alphabet for each letter of the plaintext message.
AKA: Vernam cipher
Permutation /transposition
Moving letters around
PGP
GPG; encrypt attached files
Phreakers
hackers who commit crimes against phone companies
Plain text
natural or human-readable form of message
Plaintext
message in clear text readable form
Polyalphabetic
using many alphabets
Public Key Infrastructure (PKI)
collection of business processes and technologies used for binding individuals to a digital certificate
Rainbow Tables
a list of hash values, presorted to speed lookup. typically for cracking password hashes. It is a form of time-memory tradeoff, using less CPU at the cost of more storage. A control to reduce this type of attack is salting.
RC5
Variable algorithm up 0 to 2048 bits key size
Red boxing
Pay phones cracking
Registration Authority
performs certificate registration services on behalf of a CA. RA verifies user credentials
Revocation
for PKI, decertify an entities certificate
Rijndael Block Cipher Algorithm
for speed, simplicity and resistance against known attacks. Variable block length and variable key lengths (128,192 and 256 bits)
Rivest Cipher 5
RC5: symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security, the people who developed the RSA asymmetric algorithm. RC5 is a block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 (zero) length and 2,040 bits.
RSA
Rivest, Shamir, & Adleman: works with one way math with large prime numbers (aka trap door
functions). Can be used for encryption, key exchange
and digital signatures)
Running key
an encryption method that has a key as long as the message
Script kiddie
Someone with moderate hacking skills, gets code from the Internet.
Shift cipher (Caesar)
moving the alphabet intact a certain number spaces
Side channel attack
inference about encrypted communications
SP-network
process described by Claude Shannon used in most block ciphers to increase their strength
Steganography
hiding the fact that communication has occurred
Stream cipher
operate on one character or bit of a message (or data stream0 at a time.
Examples: Caesar cipher, one-time pad
Substitution
trading one for another
use the encryption algorithm to replace each character or bit of the plaintext message with a different character
Symmetric
encryption system using shared key/private key/single key/secret key
Symmetric Cryptography
Both the receiver and the sender share a common secret key. Larger key size is safer > 128
Can be time-stamped (to counter replay attacks)
Does not provide mechanisms for authentication and non-repudiation
Symmetric encryption memorization chart
Advanced Encryption Standard (AES), block size 128, key size 128, 192, 256
Rijndael, block size Variable, key size 128, 192, 256
Blowfish (often used in SSH), block size 64, key size 32-448
Data Encryption Standard (DES), block size 64, key size 56
IDEA (used in PGP), block size 64, key size 128
Rivest Cipher 4 (RC4), block size N/A (stream cipher), key size 40-2048
Rivest Cipher 5 (RC5), block size 32, 64, 128, key size 0-2040
Rivest Cipher 6 (RC6), block size 128, key size 128, 192, 256
Skipjack, block size 64, key size 80
Triple DES (3DES), block size 64, key size 112 or 168
CAST-128, block size 64, key size 40-128
CAST-256, block size 128, key size 128, 160, 192, 224, 256
Twofish, block size 128, key size 1-256
Synchronous
each encryption or decryption request is performed immediately
Transposition/permutation
process of reordering plaintext to hide the message rambo = ombar
Two fish
Key lengths 256 bits blocks of 128 in 16rounds BEAT OUT BY Rijndal for AES, based on Blowfish
Vernam
cipher (one time pad): key of a random set of non-
repeating characters
Vigenere
polyalphabetic substitution
Watermarking
intellectual property management technique for identifying after distribution
White box
dual tone, multifrequency generator to control phone system
Work factor
effort/time needed to overcome a protective measure
If you want to encrypt a confidential message
Use the recipient’s public key
If you want to decrypt a confidential message sent to you
Use your private key
If you want to digitally sign a message you are sending to someone else
Use your private key
If you want to verify the signature on a message sent by someone else
Use the sender’s public key
