Encryption / Cryptography Flashcards
Describe how HMAC works
In cryptography, a keyed-hash message authentication code (HMAC) is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
Hash-based message authentication code (HMAC) provides the server and the client each with a private key that is known only to that specific server and that specific client. The client creates a unique HMAC, or hash, per request to the server by hashing the request data with the private keys and sending it as part of a request. What makes HMAC more secure than Message Authentication Code (MAC) is that the key and the message are hashed in separate steps.
Cryptographically speaking, what is the main method of building a shared secret over a public medium?
Diffie-helman
In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?
You encrypt with the other person’s public key, and you sign with your own private.
What is Perfect Forward Secrecy?
Is a feature of specific key agreement protocols that give assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.
For HTTPS, the long-term secret is the private key of the server. A unique session key is generated for every session a user generates, so a compromised key will not affect any data other than the data exchanged in the specific session protected by that particular key. But this is not sufficient for PFS.
It protects past communications. Even if the long-term key is compromised, past encrypted communication and sessions recorded in the past cannot be decrypted.
If someone steals the server’s private key can they decrypt all previous content sent to that server?
Forward Secrecy.
This prevents an attacker from decrypting captured data that was sent to a server in the past, even if the server’s private key was stolen. A different key is used for each message sent.
What’s the difference between Diffie-Hellman and RSA?
Diffie-Hellman is a key-exchange protocol, and RSA is an encryption/signing protocol. Make sure they can elaborate on the actual difference, which is that one requires you to have key material beforehand (RSA), while the other does not (DH).
What’s the difference between encoding, encryption, and hashing?
Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.
What is an IV used for in encryption?
An IV is used to initiate encryption by providing an additional (third) input in addition to the cleartext and the key. In general you want IVs that are random and unpredictable, which are used only once for each message. The goal is to ensure that two messages encrypted with the same key do not result in the same ciphertext.
What are block and stream ciphers? What are the differences, and when would you use one vs. the other?
Block-based encryption algorithms work on a block of cleartext at a time, and are best used for situations where you know how large the message will be, e.g., for a file. Stream ciphers work on single units of cleartext, such as a bit or a byte, and they’re best used when you’re not sure how long the message will be.
What are some examples of symmetric encryption algorithms?
DES, RCx, Blowfish, Rijndael (AES)
What are some examples of asymmetric encryption algorithms?
Diffie Hellman, RSA, EC, El Gamal, DSAC
What are some common block cipher modes?
ECB and CBC.
What’s the main difference in security between ECB and CBC?
ECB just does a one-to-one lookup for encryption, without using an IV, which makes it fairly easy to attack using a chosen-plaintext attack. CBC uses an IV for the first block and then propagates the XOR of the previous block onto subsequent ones. The difference in results can be remarkable.
What is salting, and why is it used?
A salt is a randomly generated value that is added as another input to a one-way hash function. It is usually used when hashing a password. A unique salt is generated per password. The salt and hash are then stored instead of keeping the password in plaintext. The salt is used so that the same value/password does not result in the same hash.
They defend against rainbow tables. They make the size of the tables too large to launch a successful attack.
If you had to both encrypt and compress data during transmission, which would you do first, and why?
First compress and then encrypt.
Compression works by reducing redundancy.
There’s no difference in the security provided.
