Lesson 3 - Cryptographic Solutions Flashcards
AES
Advanced Encryption Standard
- a specification used to encrypt and protect electronic data. It is a symmetric encryption algorithm. It is used majorly as a replacement for the Data Encryption Standard (DES).
RSA
Rivest-Shamir-Adleman
- algorithm is a public-key cryptosystem that uses a pair of keys (a public key and a private key) to secure digital communication and transactions over insecure networks.
ECC
Elliptic Curve Cryptography
- a public-key cryptosystem based on the algebraic structure of elliptic curves over finite fields
SHA
Secure Hashing Algorithm
- A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.
MD5
Message Digest Algorithm #5
- A cryptographic hash function producing a 128-bit output.
PKCS
Public Key Cryptographic Standard
- A framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
DSA
Digital Signature Algorithm
- a cryptographic method used to create and verify digital signatures, ensuring the authenticity and integrity of digital messages or documents, similar to a handwritten signature but with enhanced security.
ECDSA
Elliptical Curve Digital Signature Algorithm
- a cryptographic algorithm used to create and verify digital signatures based on elliptic curve cryptography, offering efficient and secure authentication
FIPS
Federal Information Processing Standards
PKI
Public Key Infrastructure
- A framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
CA
Certificate Authority
- A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
CSR
Certificate Signing Request
- A Base64 ASCII file that a subject sends to a CA to get a certificate.
FDQN
Fully Qualified Domain Name
- the complete and unique address of a server or host on the internet, including the hostname and domain name, used to locate and access resources within the Domain Name System (DNS).
CN
Common Name
- An X500 attribute expressing a host or username, also used as the subject identifier for a digital certificate.
SAN
Subject Alternative Name
- A field in a digital certificate allowing a host to be identified by multiple host names/subdomains.
CRL
Certification Revocation List
- A list of certificates that were revoked before their expiration date.
OCSP
Online Certificate Status Protocol
- Allows clients to request the status of a digital certificate, to check whether it is revoked.
KMS
Key Management System
- In PKI, procedures and tools that centralizes generation and storage of cryptographic keys.
KMPI
Key Management Interoperability Protocol
- a standardized communication protocol, developed by OASIS, designed to enable interoperability between key management systems and cryptographic applications, simplifying key management and enhancing data security
PRNG
Pseudo Random Number Generator
- The process by which an algorithm produces numbers that approximate randomness without being truly random.
TRNG
True Random Number Generator
- A method of generating random values by sampling physical phenomena that has a high rate of entropy.
TPM
Trusted Platform Module
- Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.
HSM
Hardware Security Module
- An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.
TEE
Trusted Execution Environment
- a secure, isolated area within a processor that protects the confidentiality and integrity of code and data executed within it, ensuring sensitive information remains secure even if the main system is compromised.
KEK
Key Encryption Key
- a cryptographic key used to encrypt and protect other keys, ensuring secure storage and transmission
DEK
Data Encryption Key
FDE
Full Disk Encryption
- refers to a product that encrypts the whole contents of a storage device, including metadata areas not normally accessible using ordinary OS file explorer tools.
TDE
Transparent Data Encryption
- a security feature that encrypts data at rest (on disk) without requiring changes to applications, ensuring that even if storage media is compromised, the data remains protected
WPA
Wi-Fi Protected Access
- securing traffic sent over a wireless network.
IPSec
Internet Protocol Security
- securing traffic sent between two endpoints over a public or untrusted transport network. This is referred to as virtual private networking (VPN).
TLS
Transport Layer Security
- securing application data, such as web or email data, sent over a public or untrusted network.
HMAC
Hash-based Message Authentication Code
- A method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key.
PFS
Perfect Forward Secrecy
- A characteristic of transport encryption that ensures if a key is compromised, the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.
D-H
Diffie-Hellman
- A cryptographic technique that provides secure key exchange.
DHE
Diffie-Hellman Ephemeral
- a method of digital encryption that securely exchanges cryptographic keys between two parties over a public channel without their conversation being transmitted over the internet.
ECDHE
Elliptical Curve DHE
- a key exchange algorithm that allows two parties to establish a shared secret over an insecure communication channel
- Perfect Forward Secrecy (PFS) is now more usually implemented as Elliptic Curve DHE (ECDHE)
PBKDF2
Password-Based Key Derivation Function 2
- a cryptographic key derivation function designed to securely derive encryption keys from passwords, making them resistant to brute-force attacks by slowing down the password cracking process.