Cyptography and Society Flashcards
What is modern cryptography
the study of mathematical techniques for security digital information, systems and distributed computations against adversarial attacks
What is Casesars cipher
one of the oldest recorded ciphers, does this by shifting letters backwards and forwards
What is security by obscurity
improving security by keeping the algorithm secret
Define Kerchoffs’ principle
the cypher method must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience
Define the sufficient key-space principle
any secure encryption scheme must have a key space that is sufficiently large to make an exhaustive-search attract infeasible. There should be a large amount of combinations
What is the mono-alphabetic substitution cipher
it defines a map from each letter to some letter of the alphabet, where the map is arbitrary, instead of a fixed shift
What can cryptography be
symmetric or asymmetric
What is the key distribution problem
if the key is compromised they would have to create a new one again, it is overall slow and not scalable; how are they going to stop the spread of the keys
What is asymmetric cryptography
There is a public key and private key, they share the public key to encrypt it and the only way to decrypt is via the private key
What is a way a message can be encrypted via asymmetric cryptography
RSA
How is asymmetric cryptography different to symmetric
it has authentication, integrity and accountability (non-repudiation
What is a digital certificate
A certificate authority can issue a digital certificate to prove the ownership of a public key
What does cryptography rely on
the lack of an efficient factorization algorithm
How can attack cryptography
Buteforce (e.g. try all combinations, side channel attack
differential cryptanalysis)
What were the issues with the heartbleed bug
it would bring up previous requests and therefore private information, as it would request more data and it would provide data from memory of previous users
What did the DROWN attack stand for
Decrypting RSA with Obsolete and Weakened encryption
What caused the DROWN attack
SSLv2 an obsolete version of SSL that has been deprecated due to having several security flaws
What was another factor caused by the DROWN attack
the hacking of one server coul allow the hacker to gain access to the other severs that may not have the software issue as they gain access the private key
What percentage of HTTPS severs still allows SSLv2
17%
What is HTTP
Hypertext transfer protocol - not encrypted
What is HTTPS
Hypertext transfer protocol secure - encrypted
How does the onion router work
already encrypted traffic moving from node to node with each different node removing one of the layers of encryption revealing its next destination not where it is going to end up
What have TOR networks been used for
Selling drugs, pornography securely
What is end to end encryption
Messages and files are encrypted before they leave the device and are only decrypted when they reach their destination.
- IT has been argued that now end to end encyrption is being used to hide criminal activity - Some companies are chooseing to pan end to end encyrption
What is Zimmermann’s law
The natural flow of technology tends to move in a direction of making surveillance easier and the ability of computers to track us doubles every eighteen months
