Lesson 5 - Basic Cryptography Concepts Flashcards
Plaintext (or cleartext)
an unencrypted message.
Ciphertext
an encrypted message.
Cipher
the process (or algorithm) used to encrypt and decrypt a message.
Cryptanalysis
the art of cracking cryptographic systems.
Hashing
A cryptographic hashing algorithm produces a fixed-length string from an input plaintext that can be of any length. The output can be referred to as a checksum, message digest, or hash,
Secure Hash Algorithm (SHA)
considered the strongest algorithm. SHA-256, which produces a 256-bit digest.
Message Digest Algorithm #5 (MD5)
produces a 128-bit digest. MD5 is not considered to be quite as safe for use as SHA-256, but it might be required for compatibility between security products.
A symmetric cipher
is one in which encryption and decryption are both performed by the same secret key. Also used for confidentiality.
Two types of symmetric encryption:
stream ciphers and block ciphers.
Stream cipher
each byte or bit of data in the plaintext is encrypted one at a time.
Block cipher
the plaintext is divided into equal-size blocks (usually 128-bit).
Advanced Encryption Standard (AES)
is the default symmetric encryption cipher for most products. Basic AES has a key size of 128 bits, but the most widely used variant is AES256, with a 256-bit key.
asymmetric cipher
operations are performed by two different but related public and private keys in a key pair.
asymmetric encryption is mostly used for authentication and non-repudiation and for key agreement and exchange.
Asymmetric encryption is often referred to as public key cryptography.
Elliptic curve cryptography (ECC)
is another type of trapdoor function that can be used in public key cryptography ciphers.
The principal advantage of ECC over RSA’s algorithm is that there are no known “shortcuts” to cracking the cipher or the math that underpins it, regardless of key length.
Consequently, ECC used with a key size of 256 bits is very approximately comparable to RSA with a key size of 2048 bits.
digital signature
is a hash that is then encrypted using a private key.
public key infrastructure (PKI)
The process of issuing and verifying certificates
This risk from RSA key exchange is mitigated by:
perfect forward secrecy (PFS).
PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server’s private key.
Cipher Block Chaining (CBC) mode
applies an initialization vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext.
Counter mode makes the AES algorithm work as a stream cipher.
Counter mode applies an IV plus an incrementing counter value to the key to generate a keystream. The keystream is then XOR’ed to the data in the plaintext blocks
AEAD
Authenticated Encryption with Additional Data
In an AEAD scheme, the associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream.
Cryptographic primitive
a single hash function, symmetric cipher or asymmetric cipher. It uses multiple cryptographic primitives such as within a cipher suite.
basic hash function
A basic hash function can also be used with a shared secret to create a message authentication code (MAC), which prevents a man-in-the-middle tampering with the checksum.
Entropy
is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming language or data structure
Nonce
the principal characteristic of a nonce is that it is never reused (“number used once”) within the same scope (that is, with the same key value).