Key Concepts Flashcards
If unencrypted files were intercepted, which arm of the CIA triad would be breached or violated?
Confidentiality, because the files weren’t
Encrypted.
If the CIA triad is too restrictive to describe an entire situation, what model should you use?
Pakerian hexad
What is symmetric cryptography?
(AKA: Symmetric key cryptography)
Uses a single key to both encrypt the plaintext and decrypt the ciphertext.
They key must be shared between the sender and receiver and anyone with the key can decipher the text.
Name a chief weakness of symmetrical cryptography.
The key must be shared between sender and recipient. If an attacker gets the key, they can potentially compromise confidentiality and integrity.
What is a block cypher?
Takes a predetermined number of bits (or binary digits which are either a 1 or a 0), known as a block, and encrypts that block. Blocks typically have 64 bits but can be higher or lower.
What is a stream cipher?
Encrypts each bit in the plaintext message one bit at a time.
What two types of ciphers does symmetric cryptography make use of?
Block and stream ciphers
What type of cipher is most frequently used in symmetrical cryptography?
Block ciphers.
What kind of encryption is DES?
Symmetric
What kind of encryption is 3DES?
Symmetric
What kind of encryption is AES?
Symmetric
What is DES
Block cipher using a 56 bit key.
What is AES
Symmetrical cipher using 3 different ciphers: one with a 128 bit key, one with a 192 bit key, and one with a 256 bit key. All of which encrypt blocks of 128 bits.
What kind of encryption is Twofish?
Symmetric block cipher
What kind of encryption is Serpent?
Symmetric block cipher
What kind of encryption is Blowfish?
Symmetric block cipher
What kind of encryption is Cast5?
Symmetric block cipher
What kind of encryption is RC6?
Symmetric block cipher
What kind of encryption is IDEA
Symmetric block cipher
What kind of encryption is RC4
Symmetric stream cipher
What kind of encryption is ORYX?
Symmetric stream cipher
What kind of encryption is SEAL?
Symmetric stream cipher
What is asymmetric key cryptography?
Uses two keys: a public key and a private key.
You use the public key to encrypt the data and the private key to decrypt the data. Anyone can access the public key, only the host can access the private key.
What is the main advantage asymmetric cryptography has over symmetric cryptography?
You don’t need to distribute the key.
What kind of encryption is RSA?
Asymmetric
What kind of encryption is used in Secure Sockets Layer (SSL) protocol?
RSA asymmetric key algorhithm.
SSL
Secure sockets layer protocol
ECC
Elliptic curve cryptography
What is elliptic curve cryptography ECC?
A class of cryptographic algorithms. Can use short keys while maintaining a higher cryptographic strength than many other types of algorithms.
What kind of encryption does SHA-2 use
Elliptic curve cryptography (ECC) (Asymmetric)
SHA-2
Secure hash algorhithm 2
ECDSA
Elliptic curve digital signature algorhithm.
What kind of encryption is ElGamal?
Asymmetric algorithm
What kind of encryption is Diffie-Hellman?
Asymmetric algorithm
What kind of encryption is Digital signature standard (DSS)
Asymmetric algorithm
DSS
Digital signature standard
What kind of encryption does Pretty good privacy (PGP) use?
Asymmetric cryptography
What kind of encryption does Transport Layer Security TLS use?
Asymmetric cryptography
TLS
Transport Layer Security
ITAR
International traffic in arms regulations
What are the 3 types of modern cryptography?
Symmetrical
Asymmetrical
Hash
MD5
Message-direct 5
What kind of encryption is MD5
Hash
What kind of encryption is Sha-3
Hash
What is a digital signature?
Allows you to sign a message so that others can detect any changes to the message after you’ve sent it, ensure that the message was legitimately sent by the expected party, and prevent the sender from denying that they sent the message.
How would you digitally sign a message?
Sender generates a hash of the message then uses their private key to encrypt the hash. The sender then sends this digital signature along with the message, usually by appending it to the message itself.
When the message arrives at the receiving end, the receiver uses the public key corresponding to the senders private key to decrypt the digital signature thus restoring the original hash of the message. Receiver can then verify the message’s integrity by hashing the message again and comparing the two hashes.
What is a digital certificate?
Created by taking the public key and identifying information such as name and address and having them signed by a trusted entity that handles digital certificates called a certificate authority.
Name a well known certificate authority.
VeriSign
PKI
Public key infrastructure
Name 3 free or open source encryption products
VeraCrypt
BitLocker
dm-crypt (Linux only)
What are the two types of compliance?
Regulatory and industry compliance
What is regulatory compliance?
Adherence to the laws specific to the industry in which you’re operating.
What is industry compliance?
Adherence to the regulations that aren’t mandated by law but that can nonetheless have severe impacts on your ability to conduct business.
PCI DSS
Payment card industry data security standard