Encryption Flashcards
Acronyms
HSM
HARDWARE SECURITY MODULE - This is a special device that stores and manages cryptographic keys securely. It’s like a super-safe vault for your secret codes.
RSA
RIVEST-SHAMIR-ADLEMAN - A public-key crypto system encryption method that leverages the mathematical properties of large prime numbers to facilitate secure key exchange, create digital signatures, and encrypt data. (not symmetric)
RC4
RIVEST CIPHER 4 - A fast encryption algorithm commonly used to secure web traffic. However, it has some known vulnerabilities, so it’s not recommended for new applications. (not asymmetric)
TPM
TRUST PLATFORM MODULE - This is a chip on your computer that helps with security features like encryption and secure boot. It’s like a built-in security guard for your computer.
PKCS
PUBLIC-KEY CRYPTOGRAPHY STANDARDS - These are a set of standards for public-key cryptography, which is the technology behind things like digital signatures and encryption.
DES
DATA ENCRYPTION STANDARD - An older and less secure encryption method. It was widely used but has been superseded by stronger algorithms like AES. (not asymmetric )
3DES
TRIPLE DATA ENCRYPTION STANDARD - It’s like using the same encryption (DES) three times for extra security. This makes it much harder to crack compared to using DES once.
AES
ADVANCED ENCRYPTION STANDARD - The current go-to encryption standard. It’s considered very strong and is used to protect sensitive data everywhere, also considered stronger than 3DES. (not asymmetric )
AES-256
ADVANCED ENCRYPTION STANDARD WITH A 256-BIT KEY LENGTH - AES-256 is a symmetric-key encryption algorithm that uses a 256-bit key to encrypt and decrypt data securely. It is part of the AES family, which includes AES-128, AES-192, and AES-256, differing primarily in key length and security strength. AES-256 is the strongest and most secure variant, widely used in military, government, and commercial applications.
IDEA INTERNATIONAL DATA ENCRYPTION ALGORITHM
A block cipher encryption algorithm (largely replaced by AES) was once popular but is now less commonly used. (not asymmetric)
CCMP
COUNTER MODE WITH CIPHER BLOCK CHAINING MESSAGE AUTHENTICATION CODE PROTOCOL - CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is a security protocol used in Wi-Fi networks to provide confidentiality, integrity, and authentication. It is built on AES (Advanced Encryption Standard) and is the default encryption method for WPA2 (Wi-Fi Protected Access 2).
ECC
ELLIPTIC CURVE CRYPTOGRAPHY - Uses complex mathematical curves for encryption. cryptographic solution would be best suited for low-power devices, such as IoT devices, embedded systems, and mobile devices. (not symmetric)
ECDHE
ELLIPTIC CURVE DIFFIE-HELLMAN EPHEMERAL - A key exchange method that uses ECC and generates new keys for each session, enhancing security and efficiency.
DHE
DIFFIE-HELLMAN EPHEMERAL - A key exchange method that generates new keys for each session, making it more secure than static key exchanges. (not symmetric)
PFS
PERFECT FORWARD SECRECY - A solution designed to strengthen the security of session keys, Its a property of some encryption protocols that ensures past communication remains secure even if the current session keys are compromised.
ECB
ELECTRONIC CODEBOOK - ECB (Electronic Codebook) is a simple and basic mode of operation for block ciphers, such as AES or DES. It encrypts each block of plaintext independently using the same key, making it one of the least secure encryption modes.
GPG
GNU PRIVACY GUARD - It’s a powerful tool for encrypting and decrypting emails and files. Think of it as a super-strong digital lock and key.
PSK
PRE-SHARED KEY - A secret key that is shared between two devices or entities to authenticate and establish a secure connection.
KEK
KEY ENCRYPTION KEY - A key used to encrypt other keys. This is a common technique in cryptography to manage and protect keys.
SHA
SECURE HASH ALGORITHM - A family of cryptographic hash functions that create unique “fingerprints” for data. These are widely used to verify file integrity and in digital signatures to ensure authenticity.
MD5
MESSAGE DIGEST 5 - A cryptographic hash function that produces a 128-bit hash value, often used for file checksums. However, it’s no longer secure for cryptographic purposes due to vulnerabilities.
CRC
CYCLIC REDUNDANCY CHECK - A method for detecting accidental changes or errors in data. It’s commonly used in networks and storage to ensure transmitted or stored data remains intact.
CFB
CIPHER FEEDBACK - An encryption mode that converts block ciphers into stream ciphers by processing data in smaller chunks enabling the encryption of individual bits or bytes of data. It’s often used when flexibility and real-time encryption are needed.
GCM
GALOIS/COUNTER MODE - An encryption mode that combines CTM for encryption with an authentication mechanism to ensure both data confidentiality and integrity. It’s widely used in secure communication protocols like TLS.
CBC
CIPHER BLOCK CHAINING - An encryption mode where each data block is combined with the previous encrypted block, refers to a block cipher mode that works by chaining the ciphertext blocks together, such that each ciphertext block depends on the previous block, This makes it much more secure than ECB, as patterns in data are concealed.
CTM
COUNTER MODE - An encryption mode that turns block ciphers into stream ciphers by combining the data with an incrementing counter. It’s efficient and doesn’t repeat patterns.
XOR EXCLUSIVE OR
A logical operation that compares two inputs and outputs true if they are different. It’s a fundamental operation commonly used in the context of cybersecurity, particularly in encryption and obfuscation techniques and mixing data and keys.
HTTPS
HYPERTEXT TRANSFER PROTOCOL SECURE - A secure version of HTTP that encrypts data between a web browser and a website using SSL/TLS. It protects sensitive information like passwords and credit card details from being intercepted by attackers. Look for the padlock icon in the browser to know a site is using HTTPS.
STARTTLS
This tells your email program to switch to a secure connection for sending or receiving emails. It’s like putting on a helmet before riding a bike—it adds an extra layer of protection.
IKE
INTERNET KEY EXCHANGE - Internet Key Exchange (IKE) is a protocol used to establish secure and authenticated communication channels in IPSec (Internet Protocol Security). It enables two parties to negotiate encryption keys, authenticate each other, and establish a secure tunnel over an untrusted network (such as the internet).
IV
INITIALISATION VECTOR - A random value used with encryption to ensure that the same plaintext doesn’t always result in the same ciphertext. This helps prevent patterns from being discovered by attackers.
PFX
PERSONAL INFORMATION EXCHANGE - A file format (.pfx) used to store a private key with its associated certificate in one encrypted file. It’s mainly used for securely transferring certificates and private keys.
S/MIME
SECURE/MULTIPURPOSE INTERNET MAIL EXTENSIONS - A protocol that encrypts and digitally signs emails to ensure they stay private and unaltered. It helps verify the sender and protect email contents from being read by unauthorised people.
