Lesson 5 - Basic Cryptography Concepts Flashcards
Plaintext (or cleartext)
an unencrypted message.
Ciphertext
an encrypted message.
Cipher
the process (or algorithm) used to encrypt and decrypt a message.
Cryptanalysis
the art of cracking cryptographic systems.
Hashing
A cryptographic hashing algorithm produces a fixed-length string from an input plaintext that can be of any length. The output can be referred to as a checksum, message digest, or hash,
Secure Hash Algorithm (SHA)
considered the strongest algorithm. SHA-256, which produces a 256-bit digest.
Message Digest Algorithm #5 (MD5)
produces a 128-bit digest. MD5 is not considered to be quite as safe for use as SHA-256, but it might be required for compatibility between security products.
A symmetric cipher
is one in which encryption and decryption are both performed by the same secret key. Also used for confidentiality.
Two types of symmetric encryption:
stream ciphers and block ciphers.
Stream cipher
each byte or bit of data in the plaintext is encrypted one at a time.
Block cipher
the plaintext is divided into equal-size blocks (usually 128-bit).
Advanced Encryption Standard (AES)
is the default symmetric encryption cipher for most products. Basic AES has a key size of 128 bits, but the most widely used variant is AES256, with a 256-bit key.
asymmetric cipher
operations are performed by two different but related public and private keys in a key pair.
asymmetric encryption is mostly used for authentication and non-repudiation and for key agreement and exchange.
Asymmetric encryption is often referred to as public key cryptography.
Elliptic curve cryptography (ECC)
is another type of trapdoor function that can be used in public key cryptography ciphers.
The principal advantage of ECC over RSA’s algorithm is that there are no known “shortcuts” to cracking the cipher or the math that underpins it, regardless of key length.
Consequently, ECC used with a key size of 256 bits is very approximately comparable to RSA with a key size of 2048 bits.
digital signature
is a hash that is then encrypted using a private key.
public key infrastructure (PKI)
The process of issuing and verifying certificates
This risk from RSA key exchange is mitigated by:
perfect forward secrecy (PFS).
PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server’s private key.
Cipher Block Chaining (CBC) mode
applies an initialization vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext.
Counter mode makes the AES algorithm work as a stream cipher.
Counter mode applies an IV plus an incrementing counter value to the key to generate a keystream. The keystream is then XOR’ed to the data in the plaintext blocks
AEAD
Authenticated Encryption with Additional Data
In an AEAD scheme, the associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream.
Cryptographic primitive
a single hash function, symmetric cipher or asymmetric cipher. It uses multiple cryptographic primitives such as within a cipher suite.
basic hash function
A basic hash function can also be used with a shared secret to create a message authentication code (MAC), which prevents a man-in-the-middle tampering with the checksum.
Entropy
is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming language or data structure
Nonce
the principal characteristic of a nonce is that it is never reused (“number used once”) within the same scope (that is, with the same key value).
Initialization vector (IV)
the principal characteristic of an IV is that it be random (or pseudo-random).
Salt
this is also a random or pseudo-random number or string. The term salt is used specifically in conjunction with hashing password values.
Salt means that an attacker cannot use pre-computed tables of hashes.
longevity
is the consideration of how long data must be kept secure.
A downgrade attack
can be used to facilitate a man-in-the-middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.
Key stretching
takes a key that’s generated from a user password and repeatedly converts it to a longer and more random key
A birthday attack
is a type of brute force attack aimed at exploiting collisions in hash functions.
collision
is where a function produces the same hash value for two different plaintexts. This type of attack can be used for the purpose of forging a digital signature.
Quantum
refers to computers that use properties of quantum mechanics to significantly out-perform classical computers at certain tasks.
cryptographic agility
refers to an organization’s ability to update the specific algorithms used across a range of security products without affecting the business workflows that those products support
Homomorphic encryption
is principally used to share privacy-sensitive data sets.
Blockchain
is a concept in which an expanding list of transactional records is secured using cryptography
Steganography (literally meaning “hidden writing”)
is a technique for obscuring the presence of a message.
