I think easier desk Flashcards
Invented by the Hebrew. Single substitution monoalphabetic cipher that substitutes each letter with it’s reverse (a and z, b and y, etc).
Atbash Cipher
Monoalphabetic cipher where letters are shifted one or more letters in either direction.
Caesar Cipher
Monoalphabetic cipher that shifts characters 13 characters. A would become N, B would become O, etc.
ROT 13. Stands for Rotate 13.
Was a staff with papyrus or letter wrapped around it so edges would line up. There would be a stream of characters which would show you your message. When unwound it would be a random string of characters. Would need an identical size staff on other end for other individuals to decode message.
Scytale Cipher
Doing something like +1, -2, +3 and shifting each character a different amount to the left or right. For example, doing +1, -2, +3 with dog would results in emj.
Multi-Alphabet Substitution Cipher
A disk you rotated to encrypt/decrypt. Similar technologies were used in the Enigma machine.
Cipher Disks
Created by Leon Alberti. Considered the forefather of modern encryption.
Cipher Disks
Invented by Giovan Battista Bellaso in middle 1553.
Vigenere Cipher. Vigenere created a stronger version of the cipher.
Combining/Weaving Caesar cipher. Not cracked until late 1800s. It is a cipher square with A to Z across all the columns and rows. You then use a keyword to encrypt the message. For example, if the message is cat, and the keyword is horse, you would look up where c and h intersect on the table (which is j), then where a and o intersect (o) and t and r (k). Cat would then be encrypted as jok.
Vigenere Cipher
Uses a 5x5 table and a key word. Rest of the alphabet is placed on table in alphabetic order, skipping letters used in the keyword. You break up the message into two character chunks and return a single character value. If the letters appear on the same row of your table, replace them with the letters to the right. If it is on the same column, replace them with the letters below.
Playfair Cipher
Invented by Charles Wheatstone in mid 1800s.
Playfair Cipher. Lord Playfair pushed use of it.
Invented by Colonel Fritz Nebel in 1918.
ADFGVX Cipher
It is a 6x6 grid with ______ at the top of each column and beginning of each row. The 26 letters and numbers 0-10 are placed randomly on the table. You then replace each character of your message with two characters which are represented by the column followed by the row each character is present in.
ADFGVX Cipher
Invented between World Wars, used by Germans and Japanese.
Enigma Machine
Data could be transmitted both via radio or printed on paper. Designed so that when a key was pressed, the cipher text for that plain text was different each time. Was a multi-alphabet cipher with 26 possible alphabets.
Enigma Machine
We can expose everything but the private key and the data can still be secure.
Kerckhoff’s Principle
Issue with Symmetric Encryption
There’s only one key, and it’s difficult to only have both parties who need the key to have it.
Base 2 system instead of base 10 system.
Binary Math
If both numbers have a one in the same place, then the resultant number is a one. If not then it is a zero
1st number - 1100
2nd number - 0100
————————–
Result - 0100
Binary AND
Checks to see if there is a one in either or both numbers in the same place. If so, the resultant number is one, if not, it is zero.
1st number - 1100
2nd number - 0100
————————–
Result - 1100
Binary OR
Checks to see if there is a one in either number in the same place. If so, the resultant number is one, if not, it is zero.
1st number - 1100
2nd number - 0100
————————–
Result - 1000
Binary XOR (Exclusive OR) ⊕
XORing the plain text with the key.
Substitution
Swapping blocks of text.
Transposition
Making the relationship between a key and the ciphertext as complex as possible.
Confusion
Each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.
Diffusion
The concept that if one bit of data changes, the cipher text will all completely change as well.
Avalanche
An algorithm for the key that calculates the subkeys for each round that the encryption goes through.
Key Schedule
Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.
Hybrid Encryption
Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.
Hybrid Encryption
Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.
Hybrid Encryption
Symmetric Algorithms
DES, 3DES, DESX, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA
A technique used to increase the security of block ciphers. It consists of steps that combine the data with portions of the key (most commonly using a simple XOR) before the first round and after the last round of encryption.
Whitening
Data fills up a block (typically 64 or 128 bits) and that block is encrypted as a whole.
Block Cipher
Which is faster- block or stream ciphers?
stream ciphers
Chunk data into evenly sized blocks. The two chunks are typically called L0 and R0 (left 0 and right 0)
Feistel Network
Symmetric algorithm. One of the most widely deployed algorithms in the world, even though it is no longer recommended or considered secure.
DES
DES
64 bit key (56 bits + 8 bits party), 64 bit block sizes.
3DES- type and how
Symmetric algorithm. Does DES 3 times, doing one of the following: 1st key encrypts, 2nd key decrypts, 3rd key encrypts, or one key encrypts/decrypts/encrypts, or 1st key encrypts, 2nd key decrypts, and 1st key encrypts again.
DESX- type and how
Symmetric algorithm. 64 bit key is appended to data, XOR it, and then apply the DES algorithm.
Symmetric algorithm. FIPS 197 was used to announce. Uses a substitution/permutation matrix instead of a Feistel cipher.
AES
AES- key size, rounds, and block size
Key size is either 128, 192 and 256 bits. 10 rounds for 128 bits, 12 for 192 bits, 14 for 256 bit keys. Block size is 128 bit for each key size.
Blowfish Type- Designed by- Rounds- Key Size- Block Size-
Symmetric algorithm. Designed in 1993 by Bruce Schneier. 16 round Feistel cipher working with 64 bit blocks. Key size ranges from 32 to 448 bits.
Designed as a replacement for DES.
Blowfish
Serpent Type- Designed by- Rounds- Key Size- Block Size-
Symmetric algorithm. Designed by Ross Anderson, Eli Biham, and Lars Knudsen. Has a block size of 128 bits. Key size is 128, 192, or 256 bits. Uses a substitution-permutation network instead of Feistel cipher. Uses 32 rounds working with a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. Designed so all operations can be done in parallel.
Twofish Type- Designed by- Key Size- Block Size-
Symmetric algorithm. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Uses a block size of 128 bits and key sizes of 128, 192, or 256 bits. It is a Feistel cipher.
Skipjack Type- Designed by- Key Size- Rounds-
Symmetric algorithm. Designed by NSA for the clipper chip - a chip with built in encryption. The decryption key was kept in key escrow in case law enforcement needed to decrypt data without the owner’s cooperation, making it highly controversial. Uses an 80 bit key to encrypt/decrypt 64 bit data blocks. It is an unbalanced Feistel network with 32 rounds.
IDEA Type- Designed by- Key Size- Rounds-
Symmetric algorithm. Designed by James Massey and Xuejia Lai. Operates on 64 bit blocks and has a 128 bit key. Consists of 8 identical transformations each round and an output transformation.
CAST-128 Type- Designed by- Key Size- Rounds-
Symmetric algorithm. Created in 1996 by Carlisle Adams and Stafford Tavares. Operates on 64 bit blocks and has a key size of 40-128 bits. Typically used in GPG and PGP. Encryption is either 12 or 16 rounds.
CAST-256 Type- Designed by- Key Size- Rounds-
Designed by Carlisle Adams, Stafford Tavares, Howard Heys, and Michael Wiener. Operates on 128 bit blocks and has a key size of 128, 160, 192, 224 or 256 bits. Encryption has 48 rounds.
Data that is hidden inside of a common carrier.
Steganography
What is chosen to hide data as they are typically padding or other parts that do not affect what the data is hidden in.
Least Significant Bit
The data to be covertly communicated.
Payload
The signal/stream/file itself that we’re hiding the payload inside of.
Carrier
Statistical analysis on number of unique colors and color number pairs in the picture and you look for least significant bits and manipulation of data in those bits, typically inside of whitespace.
RQP (Raw Quick Pair)
Doing a calculation/comparison and looking at the number of overall bits and the info in those bits and then calculate the theoretical amount of information in the file and compare it to the actual information in the file The delta between the two is then used to compare the file bits to attempt to find the hidden information.
Chi Square
Confidential, not published, used for secret and top secret government communications. We have no knowledge of them other than what’s on this list is used by the government to securely communicate.
Suite A Algorithms
Commercially available and used in all modern software in one way or another that are recommended by the NSA.
Suite B Algorithms
Type 1
Suite B Algorithms - Juniper, Mayfly, Fast hash, Walburn, Pegasus, AES (depending on implementation)
Type 2
Suite B Algorithms - Skipjack, KEA
Type 3
Suite B Algorithms - DES, 3DES, SHA1, AES (depending on implementation)
Type 4
Suite B Algorithms - Not certified by government, but there may be public or private sector algorithms that exist on this level.
Encrypts data bit by bit. Processed in a sequential/linear progression.
Stream Cipher
Each block is encrypted independently, identical plaintext blocks are encrypted into identical ciphertext blocks. Each block is encrypted independently and only one round of encryption is done. Cannot diffuse/confuse or inject an initialization vector with this.
Electronic Code Book (ECB)
Each block of plaintext is XORed with the previous ciphertext block before being encrypted. The initial plaintext block has an IV added prior to encryption to produce a unique ciphertext value.
Cipher Block Chaining (CBC)
It’s basically CBC with the prior cipher text included as well. You take the previous plaintext and ciphertext, XOR them, and then XOR them with the next block’s plaintext.
Propagating Cipher Block Chaining (PCBC)
You start with an IV, encrypt it with your key, then XOR it with the plaintext to get cipher text. This value is then used as the starting point for the next round to encrypt with the key again before XORing it with the next block of plaintext.
Cipher Feedback (CFB)
Very similar to CFB, the only difference is that the output after the encryption is used as the IV for the next round prior to XORing it with plaintext, while CFB does the XOR prior to becoming the IV for the next round. It acts like a stream cipher since each bit is encrypted with the key individually and is then sent to act as the IV, one bit at a time for the next round.
Output Feedback (OFB)
Essentially this is ECB, but instead of plaintext encrypted with the key a nonce (a random challenge) and an incrementing counter is used. This is then XORed with the plaintext to get the cipher text. Nothing is carried over to the next round like some of the prior methods. This is a stream cipher as well.
Counter (CTR)
Digital Certificate standard template been around since 1988 and it’s the most commonly used format today.
X509 V3
Used to identify the holder when conducting electronic transactions.
Digital Certificate
When modified, they typically become invalidated. The can expire as well or be revoked for a number of reasons (private key compromised, etc).
Digital Certificate
This is one of the most common methods to distribute public keys.
Digital Certificate
4 Common Digital Certificate Fields
Certificate Information Statement, Issued to, Issued by, Valid from
11 Digital Certificate Details Fields
Version,Serial Number, Signature Algorithm, Hash Algorithm, Issuer, Valid From, Valid To, Subject, Public Key, Key Usage Statement, Friendly Name
Path for certification for Root CAs,
since they are self-signed, the only part of the path is themselves since it’s issued to itself
Path for certification for Intermediary CAs
it will show the Root CA who issued the certificate as the step above the certificate
A company that is an issuing authority that sells certificates.
Commercial CA
Certificate Extension Types
.pem, .cer/.crt/.der, .p7b, .p7c, .pk12. .pfx
Private enhanced mail - uses base 64 encoding with distinguished encoding rules enclosed between the open and close statements of begin certificate and end certificate.
.pem
Different extensions for distinguished encoding rules. Typically binary encoded.
.cer/.crt/.der
Signed data structures, typically a CRL (certificate revocation list).
PKCS#7 or PKCS standard 7 (.p7b, .p7c)
These have our actual certificate certificates. Typically the public & private keys we are dealing with. They are password protected as well.
.pk12/PKCS#12
Predecessor to .pk12
.pfx
Symmetric encryption formula
C = E(k,p)
Symmetric decryption formula
P = E(k,c)
Created the theory of the avalanche effect. Considered the founder of information theory with his paper published in 1948, A Mathematical Theory of Communication. He also wrote Communication Theory of Secrecy systems in 1949 which was on the mathematical theory of cryptography.
Claude Shannon
Different encryption keys generated the same ciphertext from the same plaintext message.
Key Clustering
Encryption or decryption is performed immediately - typically used with stream ciphers.
Synchronous
Encryption or decryption requests are processed in queues - typically used with block ciphers.
Asynchronous
A one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value.
Hash function
Random bits of data intermixed with the message that is to be hashed.
Salt
MD4 Created by Output size Block size Word Size Rounds
Hash. Created by Ronald Rivest. 128 bit output size, 512 bit block size, 32 bit word size, 3 rounds. Considered very insecure.
MD5 Created by Output size Block size Word Size Rounds
Hash. Created by Ronald Rivest. Replaced MD4. 128 bit output size, 512 bit block size, 32 bit word size, 64 rounds.
Infamously compromised by Flame malware in 2012.
MD5
SHA-1 Created by Output size Block size Word Size Rounds
Secure Hashing Algorithm. Designed by NSA. 160 bit output size, 512 bit block size, 40 bit word size, 80 rounds.
SHA-1 Created by Output size Block size Word Size Rounds
Secure Hashing Algorithm. Designed by NSA. 160 bit output size, 512 bit block size, 40 bit word size, 80 rounds.
SHA-224/SHA-256 Created by Output size Block size Word Size Rounds
Secure Hashing Algorithm. Designed by NSA. 224/256 bit output size, 512 bit block size, 56 bit word size, 64 rounds.
SHA-384, SHA-512, SHA-512/224, SHA-512/256 Created by Output size Block size Word Size Rounds
Secure Hashing Algorithm. Designed by NSA. 384/512/224/256 bit output size, 1024 bit block size, 64 bit word size, 80 rounds.
SHA-3 Created by Output size Block size Word Size Rounds
Secure Hashing Algorithm. Designed by NSA. 224/256/384/512 bit output size, up to 1600 bit block size, 64 bit word size, 24 rounds.
TIGER Created by Output size Block size Word Size Rounds
Hash. Created by Ross Anderson and Eli Baham. 192/160/128 bit output size, 512 bit block size, 53 bit word size, 24 rounds.
RIPEMD Created by Output size Block size Word Size Rounds
Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128 bit output size, 512 bit block size, 32 bit word size, 48 rounds.
In 2004, a collision was discovered.
RIPEMD
RIPEMD-128/256 Created by Output size Block size Word Size Rounds
Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128/256 bit output size, 512 bit block size, 32 bit word size, 64 rounds.
Created by RIPEMD-160 Output size Block size Word Size Rounds
Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 160 bit output size, 512 bit block size, 32 bit word size, 80 rounds.
Created by RIPEMD-320 Output size Block size Word Size Rounds
Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 320 bit output size, 512 bit block size, 32 bit word size, 80 rounds.
A single key is used to encrypt and decrypt.
Symmetric Encryption
Two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. Has both a public key to be shared and a private key that is held onto by the owner that should remain private. If the public key encrypts, only the private key can decrypt and vice versa.
Asymmetric Encryption
Provide authentication of a sender and integrity of a sender’s message. A message is input into a hash function. Then that hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature. Created by signing with the sender’s private key. Typically used in e-mail.
Digital Signature
An entity trusted by one or more users as an authority in a network that issues revokes, and manages digital certificates.
Certificate Authority (CA)
Typically only issues certificates to subordinate CA’s - typically kept offline so they do not get compromised.
Root CA
Issues certificates to users & computers on behalf of the root CA.
Subordinate CA
Used to proxy the certificate requests on behalf of the user and validate whether or not they are legitimate instead of having the user go directly to the CA.
Registration Authority
Tied to an LDAP provider. It is a CA that has a domain controller
Enterprise CA
A CA installed outside of the directory (LDAP) service. It is on a server not connected to an LDAP provider.
Standalone CA
The input provided to the cryptosystem. The information we want to provide confidentiality protections for. The unencrypted version of the data we want to protect
Plaintext or cleartext
The output of the cryptography process or cryptosystem. The encrypted version of the plaintext.
Cipher text or cryptogram
This represents the entire cryptographic operation. This includes the algorithm, key, and key management functions.
Cryptosystem
The process of taking plaintext, running it through the cryptosystem, and producing cipher text on the backend.
Encryption
The process of taking cipher text, running it through the cryptosystem, and producing plaintext on the backend.
Decryption
The input that controls the operation of the cryptographic algorithm. The variable that we never want to show the bad actor.
Key or Cryptovariable
Not being able to deny that you did something. You have authoritative proof someone did something.
Nonrepudiation
The mathematical formulas or process that is used in encryption.
Algorithm
Study of techniques for attempting to defeat cryptographic techniques and information security services.
Cryptanalysis
The science that deals with hidden, disguised, or encrypted communications.
Cryptology
Occurs when a hash function generates the same output for different inputs.
Collision
Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Key space
The time and effort required to break a security measure.
Work factor
A non-secret binary vector used as the first input algorithm for encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance.
Initialization Vector
The action of changing a message into another format through the use of code.
Encoding
The reverse process from encoding - converting the encoded message back into its plaintext format.
Decoding
Swapping/shifting of blocks of text.
Transposition/permutation
Changing some part of the plaintext to a different value.
Substitution
Substitution and permutation, most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process.
SP network
Where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext.
Where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext.
Avalanche effect
Use asymmetric key pairs and combines software, encryption and services to provide a means of protecting security of business communication and transactions.
PKI
Are in place by the RSA to ensure uniform certificate management throughout the internet.
PKCS
A trusted organization that identifies you as a relevant entity.
Trusted Third Party
An entity trusted by one or more users to manage certificates.
Certificate Authority
List of certificates issued by the CA that are no longer valid. Distributed either by pull or push model.
CRL
The measure of uncertainty associated with a random variable.
Shannon’s Entropy
It is impossible to compress the data that we’re thinking about. It’s impossible to compress the data such that the code rate is less than the entropy of the source without information being lost.
Shannon’s source coding theorem
Looking about the numbers that are relatively prime to the number or co-prime to the number associated with that number. For example, for 7, there are 6 numbers that are coprime to 7 (6,5,4,3,2 and 1). For all prime numbers, it would be the prime number minus 1 that would get you the totient.
Euler’s totient
The remainder from a division operation (5 mod 2 = 1, 5 % 2 = 1).
Modulus operator
The next number is derived from adding together the prior two numbers (1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89).
Fibonacci Sequence
“How likely would it be for any two people in a room of 23 to share the same birthday?”
22+21+20+19+18+17+16+15+14+13+12+11+10+9+8+7+6+5+4+3+2+1 = 253, the total number of combinations with 23 people. This is approximately a 50% chance for a match(square root of 365 is approximately 23). The probability reaches 100% at 367 people (since there’s 366 days in leap years), but with just 70 people, you are at over a 99.9% chance for a match.
Birthday Problem
A class of brute force attacks based on the birthday paradox. If you have an encryption algorithm with a key space of 32 bits (4,294,967,295 possible keys), you would only have to generate 65,535 keys to have a 50% probability of a match. A 100% match would need to produce all 4,294,967,295 keys. This essentially means that a small subset of numbers has a high probability of getting a match.
Birthday Attack
Algorithms that can create long runs of numbers with good random properties, but eventually the sequence will repeat.
Pseudo Random Number Generators
The German Office for Information Security (BSI) has established 4 criteria for the quality of random number generators:
K1: A sequence of random numbers with a low probability of containing identical numbers.
K2: A sequence of numbers which is indistinguishable from “true random” numbers according to statistical tests.
K3: It should be impossible for any attacker to calculate, or otherwise guess, from any given subsequence, any previous or future values in the sequence.
K4: It should be impossible for any attacker to calculate, or otherwise guess from the inner state of the generator, any previous values in the sequence or any previous inner generator states.
To be suitable for cryptography, any PRNG should meet ______ standards.
K3 or K4
The first publicly described asymmetric algorithm. A cryptographic protocol that allows two parties to establish a shared key over an insecure channel. Often used to allow parties to exchange a symmetric key through some unsecure medium, such as the Internet.
Diffie-Helmann
RSA
Developed by-
Based on-
Key sizes-
Developed in 1977 by three mathematicians, Ron Rivest, Adi Shamir, and Len Adleman. Based on the practical difficulty of factoring the product of two large prime numbers. Key sizes are typically 1024 - 4096 bits.
A protocol used for key agreement that is based on Diffie-Helmann. It is incorporated in the public key standard IEEE P1363.
Menezes-Qu-Vanstone
Described in U.S. patent 5,231,668 filed July 26, 1991 and attributed to David W. Kravitz. Adopted by the U.S. Government in 1993 with FIPS 186.
Digital Signature Algorithm
based on the fact that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is difficult to the point of being impractical to do so
Elliptic Curve Cryptography
It is used in PGP implementations and GNU Privacy Guard software. The algorithm is comprised of 3 parts: the key generator, the encryption algorithm, and the decryption algorithm. This was made publicly available.
ElGamal
CA provides certificates to both users and machines. There are security risks since that root CA could have its certificates compromised or exposed directly. Typically a self-signed certificate
1 Tier Hierarchy
The subordinate CA issues tickets to computers & users on behalf of the Root CA to protect it from compromise/exposure. The RA does validation & authentication for certificate requests prior to issuance. The LDAP provider is used for authentication of the requestor who is requesting issuance of a certificate.
2 Tier Hierarchy
The root CA is offline, so are the intermediate CA(s). The Issuing CA is a tertiary CA that issues tickets to computers and users on behalf of the subordinate CAs, which are in turn doing it on behalf of the root CA.
3 Tier Hierarchy
Every server can talk to one another and extend trust to one another as well. If one of the paths were to be broken, there would be other paths available to reach the other server through the ________
Web of Trust
Provides certificate validation in real time and will let you know if it is valid or has been revoked.
OCSP
SCVP
Server Certificate Validation Protocol - RFC 5055
Determining the path between a X.509 digital certificate and a trusted root.
Delegated Path Discovery
The validation of the that path according to a particular validation policy.
Delegated Path Validation
Classes of Certificates- general certificate meant for individuals, usually used for digitally signing/securing e-mail
Class 1
Classes of Certificates- for organizations where you have to prove identities
Class 2
Classes of Certificates- for server and software signing identification.
Class 3
Classes of Certificates- Online business transactions between companies.
Class 4
Classes of Certificates- Private organizations or governmental agencies. Used between governmental agencies.
Class 5
Certificate Initialization -
Registration, Key Pair Generation, Certificate Generation, Certificate Dissemination
Certificate Administration -
Key Storage, Certificate Retrieval and Validate, Backup and Escrow, Recovery
Certificate Cancellation/History -
Expiration, Renewal, Revocation, Suspension, Destruction
A part of the Certificate Life Cycle that is present throughout all 3 of the steps: Certificate Initialization, Certificate Administration, and Certificate Cancellation/History. Provides updates/patching to protect the root CAs/intermediary CAs/RAs
Updating/Patching Vulnerabilities
Extending trust to an unknown third party. Allows binding of two unrelated companies together and allow them to share resources between each other.
Federation Trust
If A trusts B, and B trusts C, A would trust C.
Transitive Trust
Used to authenticate users, but is no longer used because the information was sent in cleartext.
PAP
PAP with encryption for the usernames/passwords that are transmitted.
S-PAP
Calculates a hash, shares the hash with the client system, the hash is periodically validated to ensure nothing has changed.
CHAP
Kerberos- Does the authentication and creates the Ticket Granting Ticket that is used as proof to request a ST(service ticket or secondary ticket) when requesting access to individual resources. A new ST would need to be requested for each different session and service that access is requested to.
KDC
Kerberos. Contains the identity of the client, the session key, the timestamp and the checksum. Encrypted with the server’s key.
Ticket
Kerberos. Ticket that is granted during the authentication process.
Ticket Granting Ticket
Kerberos. Temporary encryption key.
Session Key
Created by Philip Zimmermann in the 1990s. Sold to Symantec. A piece of software to allow the average person to encrypt and decrypt easily. It uses certificates. Typically used to encrypt e-mail.
PGP
Could have been better if the IV was a bigger size. RC4 is used which is a very strong algorithm. The problem is the 40 bit key and 24 bit IV are both very small which made it able to be cracked. Not considered secure and not recommended for use.
WEP
Replaced RC4 with TKIP and 128 bit keys. New keys are generated with each packet. However it was not implemented correctly which led to it being cracked.
WPA
Uses AES and CCMP for security. It is much stronger and the preferred non-enterprise method for wireless security.
WPA2
Has all the features of WPA2 but allows for the use of RADIUS servers (AAA - Authentication, Access Control, Auditing)
WPA2 Enterprise
A framework that allows for creation of different ways to provide authentication, such as smart cards.
EAP
Used for secure transactions on the World Wide Web/Internet, created by Netscape in the mid-1990s
SSL
SSL Four step process:
1) Web browser asks the server for validation.
2) The website responds with its SSL certificate.
3) The web browser checks the certificate against a CA to see if it is trustworthy/legitimate.
4) The server sends back a digitally signed acknowledgement and a session is started.
Successor to SSL.
TLS
TLS 7 Step Process
1) The client and server agree on parameters used to establish the connection’s security.
2) Client connects to a TLS-enabled server requesting a secure connection and presents a list of encryption and hash functions it can support.
3) The server picks the strongest encryption and hash function from this list that it also supports and notifies the client of the chosen algorithms.
4) The server sends back its identification in the form of a standard X.509 digital certificate.
5) The clients may contact the CA that issued the certificate to confirm validity before proceeding.
6) From the random number, both parties generate key material for encryption/decryption.
7) In order to generate the session keys used for the secure connection, the client encrypts a random number with the server’s public key and sends the result to the server. The server then decrypts the number with its private key.
A way to communicate over a public network privately.
VPN
Works at layer 2 (data link) layer of OSI model. Provides both authentication and encryption. EAP or CHAP is used to provide the authentication. Can only use over a traditional Ethernet network.
PPTP
PPTP combined with L2F (Layer 2 Forwarding) (Cisco proprietary protocol) - Uses EAP, CHAP, MS-CHAP, PAP, or S-PAP for authentication. IPSec is used to provide encryption.
L2TP
Encrypts not only the packet, but the header information as well. It also has protection against unauthorized retransmission of packets.
IPSec
Can be used to establish VPN using a web browser.
TLS/SSL
Allows you to encrypt files/folders on Windows based computers.
Encrypted File System
Whole drive encryption, uses TPM to store credentials/keys/certificates for encryption. If you do not have a TPM, a USB drive can be used instead.
BitLocker
Windows command line encryption utility. Displays or alters encryption of directories and files on NTFS partitions. Also used to backup the EFS key using cipher /r:file (where file is the name of the recovery key).
Cipher
A type of frequency analysis used to attack polyalphabetic substitution ciphers. It’s used to try to discover patterns and use that information to decrypt the cipher.
Kasiski Method
Allows manipulation of a cryptosystem by choosing a block of text, and getting the ciphertext as output to see how things are enciphered.
Chosen Plaintext Attack
Analysis is done on the ciphertext to try to detect patterns that can be used to break the encryption. A lot more difficult than chosen plaintext attacks.
Ciphertext Only Attack
Two chosen plaintext attacks run in parallel, but you are using two different but related keys. You would have two streams of text being encrypted into ciphertext by these two keys. Commonly used against wireless network encryption.
Related Key Attack
A known plaintext attack (an attack that has access to the plaintext). Uses a linear approximation (similar to Minesweeper). You are learning where things are and how slight changes lead to deciphering the encryption. You are essentially changing one bit of the known plaintext and comparing the result against the known plaintext to be able to analyze the differences between the two ciphertexts. This will allow you to potentially recover the key, one bit at a time.
Linear Cryptanalysis
Used in symmetric cryptography only. It is a specific targeted approach to try to break symmetric key cryptography. Examines the differences in input and how it affects the output. Essentially you are reviewing the avalanche effect and trying to reverse engineer it.
Differential Cryptanalysis
Uses lots of sets of plaintext that are similar with slight modifications. These are encrypted and then the variations are analyzed to determine if there’s anything that can be zeroed in on.
Integral Cryptanalysis
The private key for encryption has been uncovered.
Total Break
The attacker discovers an equivalent algorithm for encryption and decryption, but we don’t get the key. Basically, we would figure out the encryption type but not get the key.
Global Deduction
The attacker discovers additional plaintext/ciphertext that were not previously known. This can be used to deduce some of the supporting elements outside of the actual key, but you do not get the actual key itself.
Local (Instance) Deduction
We gain information or an understanding about plaintext or ciphertext that was not previously known. Similar to Local Deduction but you have not uncovered additional plaintext or ciphertext, just information regarding them.
Information Deduction
We can understand the cipher from some sort of random permutation based on information you find.
Distinguishing Algorithm
Precalculated hashes of all available passwords within a certain character space. Typically used to crack hashes.
Rainbow Tables
Time (amount of time needed to perform the number of calculations to crack encryption), Memory (the amount of storage required to perform the attack), and Data (the amount of plaintext/ciphertext required for the attack).
3 Cryptanalysis Resources