Encryption & PKI Flashcards

Question

Blowfish

Answer 1

A freely available 64-bit block symmetric key cipher algorithm that uses a variable key length Faster than AES in some cases like AES-256

Answer 2

A third party that maintains a backup copy of private keys

Answer 3

Message Digest 5 * Hashing function used to provide integrity * Creates 128-bit hashes (aka checksums) * Considered cracked/deprecated

Answer 4

A type of symmetric encryption that encrypts data one block at a time often in 64-bit blocks. It is usually more secure but is also slower than stream ciphers.

Answer 5

Technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination

Answer 6

A symmetric key block cipher similar to Blowfish consisting of a block size of 128 bits and key sizes up to 256 bits

Answer 7

Counter-Mode * An encryption mode of operation that combines an IV with a counter. * The combined result is used to encrypt blocks. * Effectively turns a block cypher into a stream cipher * The counter can be any function that produces a sequence guaranteed not to repeat for a long time. * The increment-by-one counter is the simplest and most popular.

Answer 8

RACE Integrity Primitives Evaluation Message Digest Hash function used for integrity 4 versions that create fixed size hashes: * RIPEMD-128 * RIPEMD-160 * RIPEMD-256 * RIPEMD-320 RIPEMD-160 is the most common but RIPEMD not as widely used as other hash functions like MD5, SHA, and HMAC

Answer 9

Data that has been encoded and is unreadable

Answer 10

The value that results from hashing encryption. Also known as hash value or message digest

Answer 11

Canonical Encoding Rules A base format for PKI certificates. They are binary encoded files. Compare with **DER**

Answer 12

Electronic Code Book * Simplest encryption mode * Text divided into plain-text blocks * Each block is encrypted using the same key * Encryption method has significant weakness and is easy to break * Deprecated

Answer 13

Combination of cryptographic algorithms that provide several layers of security for TLS connections When 2 systems connect, they identify cypher suite acceptable to both and then use protocols within suite Protocols provide 3 primary crypto solns: 1. Encryption-data confidentiality 2. Authentication via certificates 3. Integrity using msg authentication code (MAC)

Answer 14

Certificate Authority An entity that manages, issues, and signs digital certificates and the associated public/private key pairs. It is critical part of **PKI**.

Answer 15

Distinguised Encoding Rules * A base format for PKI certificates.They are BASE64 ASCII encoded files. * Compare with **CER**

Answer 16

A specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption

Answer 17

Method of encryption in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key "Units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, etc.

Answer 18

An arbitrary number used only once in a cryptographic communication often to prevent replay attacks

Answer 19

A security technique that converts data from plain-text form into coded (or cipher-text) form so that only authorized parties with the necessary decryption information can decode and read the data

Answer 20

Triple Digital Encryption Standard * Symmetric block cipher * Originally designed to replace DES * Encrypts in 64-bit blocks * Applies the DES cipher algorithm each data block 3 times creating 3 independent * Deprecated by NIST in 2017 for new apps and disallowed for all apps 2023 * Still used in some applications when legacy hardware doesn't support AES

Answer 21

A technique that essentially hides or camouflages code or other information so that it is harder to read by unauthorized users

Answer 22

Pseudo Random Number Generator An algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers.

Answer 23

A two-way encryption scheme that uses paired private and public keys.

Answer 24

A linked path of verification and validation to ensure the validity of a digital certificate' issuer.

Answer 25

Cryptography concept that indicates that ciphertext is significantly different than plaintext

Answer 26

Perfect Forward Secrecy A feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised.

Answer 27

Any software or hardware solution that implements one or more cryptographic concepts such as different encryption and decryption algorithm

Answer 28

An encrypted hash of a message Encrypted with senders private key and decrypted with sender's public key Provides: * authentication * non-repudiation * integrity

Answer 29

An algorithm used to encrypt or decrypt data.

Answer 30

Pretty Good Privacy * Encryption program that provides cryptographic privacy and authentication for data communication. * PGP is used for signing encrypting and decrypting texts, e-mails, files, directories, and whole disk partitions * Increases the security of e-mail communications

Answer 31

Any certificate authority below the root CA in the hierarchy

Answer 32

Galois/Counter Mode * A mode of operation used for encryption. * It combines the counter mode (CTM) with hashing techniques for data authenticity and confidentiality.

Answer 33

Key-stretching algorithm used to protect passwords Salts passwords with additional bits before encrypting them with Blowfish Thwarts rainbow table attacks

Answer 34

Unencrypted readable data that is not meant to be encrypted

Answer 35

Public Key Infrastructure A group of technologies for digital certificates. It is used perform functions with digital certificates: * request * create * manage * store * distribute * revoke

Answer 36

Diffie-Hellman A cryptographic protocol that provides for secure key exchange over a public channel.

Answer 37

Cipher Block Chaining A mode of operation used for encryption that effectively converts a block cipher into a stream cipher. It uses an **initialization vector (IV)** for the first block and each subsequent block is combined with the previous block. Less efficient than other modes due to potential pipeline delay.

Answer 38

A technique that strengthens potentially weak cryptographic keys such as passwords or passphrases created by people against brute force attacks

Answer 39

* Use PKCS #12 format * DER-based (binary) * Commonly used to hold certificates with the private key

Answer 40

The top-most CA in the hierarchy and consequently the most trusted authority in the hierarchy

Answer 41

Secure Hash Algorithm * Hash algorithm modeled after MD5 and considered the stronger of the two. * Has multiple versions: * SHA-1: 160-bit hashes * SHA2: 224-, 256-, 384-, or 512-bit hashes * SHA3: 224-, 256-, 384-, or 512-bit hashes

Answer 42

* Electronic document used to prove ownership of a public key. * Contains: * Name of certificate holder * The holder's public key * Digital signature of certificate authority * Using public key cryptography its authenticity can be verified to ensure that the software or website you are using is legitimate.

Answer 43

A single CA or group of CAs that work together to issue digital certificates.

Answer 44

Rivest Cipher Version 4/Ron's Code V.4 * Symmetric stream cipher developed by Ronald Rivest * Can use between 40 - 2048 bits * Crackable

Answer 45

A cryptographic technique that makes ciphertext change drastically upon even the slightest changes in the plaintext input

Answer 46

Rivest Shamir & Adleman * An asymmetric algorithm used to encrypt data and digitally sign transmissions * Used to protect email and other data transmitted over the internet * Uses static keys

Answer 47

A process or function that transforms plaintext into ciphertext that cannot be directly decrypted

Answer 48

Recovery Agent Someone allowed entry into cryptographic protocol who is authorized to recover a certificate on behalf of an end user. The role of key recovery agents can involve sensitive data so only highly trusted individuals should be assigned to this role.

Answer 49

Subject Alternative Name Certificate type used for multiple domains that have different names but are owned by the same organization

Answer 50

Simple Certificate Enrollment Protocol Protocol designed to make the request and issuing of digital certificates as simple as possible for any standard network user

Answer 51

Advanced Encryption Standard * A strong symmetric block cipher that encrypts data in 128-bit blocks. * Designed to replace DES. * Fast, efficient, and strong * Uses key sizes of: * 128 bits * 192 bits * 256 bits (not as fast as Blowfish) * Approved encryption standard for government agencies including NSA.

Answer 52

Elliptic Curve Diffie-Hellman Ephemeral * Cryptographic protocol that is based on the Diffie Hellman protocol for key exchange * Provides for secure key exchange over a public network by using ephemeral keys and elliptic curve cryptography. * Ephemeral cryptographic keys are newly generated for each key exchange session.

Answer 53

Password-based Key Derivation Function 2 Key stretching technique that adds additional bits to a password as salt. It helps prevent brute force and rainbow table attacks.

Answer 54

Registration Authority Assist CAs with the verification of users' identities prior to issuing digital certificates Doesn't directly issue certificates but plays important role in the certification process, allowing CAs to remotely validate user identities

Answer 55

A linked path of verification and validation to ensure the validity of a digital certificate's issuer

Answer 56

A method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks.

Answer 57

* Only method of encryption has ever been mathematically proven to offer perfect security * Pad of numbers can only be used once and must then be disposed of afterward * Also known as Vernam Cipher