Lesson 5 - Summarizing Basic Cryptographic Concepts Flashcards
The science and practice of altering data to make it unintelligible to unauthorized parties.
Cryptography
Unencrypted data that is meant to be encrypted before it is transmitted, or the result of decryption of encrypted data.
Plaintext
Data that has been enciphered and cannot be read without the cipher key.
Ciphertext
Data that has been enciphered and cannot be read without the cipher key.
Cipher
The science, art, and practice of breaking codes and ciphers.
Cryptoanalysis
There are three main types of cryptographic algorithm with different roles to play in the assurance of the security properties.
confidentiality, integrity, availability, and non-repudiation
These types are hashing algorithms and two types of encryption ciphers.
symmetric and asymmetric
A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.
Hashing
The output of a hash function.
Checksum
A form of hashing algorithm used to prove integrity.
Hashing algorithm
A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2. The most popular variant is SHA-256, which produces a 256-bit digest.
Secure Hash Algorithm
A cryptographic hash function producing a 128-bit output.
Message Digest Algorithm
FCIV
File Check Integrity Version
In cryptography, a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.
digest
Involves replacing units (a letter or blocks of letters) in the plaintext with different ciphertext.
Substitution ciphers
A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.
Symmetric encryption
Symmetric encryption is also referred to as single key or private key or shared secret.
Symmetric encryption is very fast.
It is used for bulk encryption of large amounts of data.
Symmetric encryption is used for confidentiality and cannot be used for authentication or integrity.
Example: AES
Two types of symmetric encryption.
stream cipher and block cipher
A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.
Stream cipher
Counter (CTR) and Galois/Counter Mode (GCM) modes allow block ciphers to behave like stream ciphers.
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation
A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.
Block cipher
A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.
Advanced Encryption Standard (AES)
The range of key values available to use with a particular cipher.
Keyspace
“Key Length” - Using a longer key (256 bits rather than 128 bits, for instance) makes the encryption scheme stronger.
In which encryption cipher is operations performed by two different but related public and private keys in a key pair.
A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one.
Asymmetric encryption.
An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.
Each key is capable of reversing the operation of its pair.
Referred to as public key cryptography.
In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.
private key
During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.
public key
The public key cannot be used to decrypt the ciphertext, even though it was used to encrypt it.
Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.
RSA Algorithm
RSA key pair security depends on the difficulty of finding the prime factors of very large integers (modular exponentiation).
Mathematical ciphers that use an operation which is simple to perform one way when all of the values are known, but is difficult to reverse.
trapdoor function
An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.
Elliptic curve cryptography
A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.
digital signature
a digital signature is a hash that is then encrypted using a private key.
digital signatures do not provide any message confidentiality.
public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.
Digital Signature Algorithm (DSA)
DSA uses elliptic curve cryptography (ECC) rather than the RSA cipher.
Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.
key exchange
it is the recipient’s public key that is used to perform encryption and the recipient’s private key that is used for decryption.
The validity of the whole digital envelope can be proved using a message authentication code.
Validate the owner of the public key by issuing the subject with a certificate.
certificate authority (CA)
The certificate is signed by the CA
The process of issuing and verifying certificates.
public key infrastructure (PKI)
A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.
Perfect Forward Secrecy (PFS)
PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server’s private key.
The authenticity of the values sent by the server is proved by using a digital signature.
PFS can be implemented using either the Diffie-Hellman Ephemeral mode (DHE or EDH) or Elliptic Curve Diffie-Hellman Ephemeral mode (ECDHE) algorithms.
To use PFS, the server and client must negotiate use of a mutually supported cipher suite.
A cryptographic technique that provides secure key exchange.
Diffie-Hellman (D-H)
In cryptography, a key that is used within the context of a single session only.
ephemeral
ephemeral session keys.
A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.
Diffie-Hellman Ephemeral mode (DHE or EDH) algorithm
A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography.
Elliptic Curve Diffie-Hellman Ephemeral mode (ECDHE) algorithm
In what protocol does the requirements to both authenticate the identity of the server and to encrypt communications between the server and client need to be fulfilled by separate cryptographic products and cipher implementations.
Transport Layer Security (TLS)
Lists of cryptographic algorithms that a server and client can use to negotiate a secure connection.
cipher suite
What is used to assert the identity of the server’s public key and facilitate authentication.
A signature algorithm
What is used by the client and server to derive the same bulk encryption symmetric key.
A key exchange/agreement algorithm
Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.
mode of operation
Applies an initialization vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext and the output of the first ciphertext block is then combined with the next plaintext block using an XOR operation.
Cipher Block Chaining (CBC) Mode
CBC needs to use padding to ensure that the data to encrypt is an exact multiple of the block size.
An operation that outputs to true only if one input is true and the other input is false.
XOR
XOR is a logical operation that outputs 1 only when the inputs are 1 and 0.
An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).
Counter mode (CTM)
Counter mode (CTM) makes the AES algorithm work as a stream cipher.
Counter modes do not need to use padding. Any unused space in the last block is simply discarded.
The basic CBC and counter modes of operation are unauthenticated. While a man-in-the-middle cannot decrypt them directly without the secret key, the ciphertexts are vulnerable to arbitrary data being inserted or modified to break the encryption scheme.
chosen ciphertext attack
Proving the integrity and authenticity of a message by combining its hash with a shared secret.
message authentication code (MAC)
The associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream.
Authenticated Encryption with Additional Data (AEAD).
Example: AES-GCM or AES-CCM.
The ChaCha20-Poly1305 stream cipher has been developed as an alternative to AES.
A single hash function, symmetric cipher, or asymmetric cipher.
a cryptographic primitive
A technique that essentially “hides” or “camouflages” code or other information so that it is harder to read by unauthorized users
Obfuscation i
Attempts to protect an embedded key while preserving the functionality of the code.
white box cryptography
A measure of disorder.
Entropy.
Cryptographic systems should exhibit high entropy to better resist brute force attacks.
A symmetric stream cipher generally considered obsolete, as it does not support large key sizes and is vulnerable to several attacks.
RC4.
DES and RC4 are examples of algorithms known to have weak keys. RC4 and DES/3DES are already deprecated.
MD5 and SHA-1 have known weaknesses, but are not necessarily unsecure if compatibility is an overriding concern.
A method of generating random values by sampling physical phenomena that has a high rate of entropy.
true random number generator (TRNG)
The process by which an algorithm produces numbers that approximate randomness without being truly random.
pseudo random number generator RNG (PRNG)
A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.
downgrade attack
A technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against bruteforce attacks.
Key Stretching
Implementation of key stretching to make potentially weak input used to derive a cryptographic key, such as short passwords, less susceptible to brute force attacks.
Password-Based Key Derivation Function 2 (PBKDF2)
A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.
A birthday attack
In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.
A collision
Computers that use properties of quantum mechanics to significantly out-perform classical computers at certain tasks.
Quantum.
Quantum Computer.
A quantum computer performs processing on units called qubits (quantum bits).
A qubit can be set to 0 or 1 or an indeterminate state called a superposition, where there is a probability of it being either 1 or 0.
Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have accesss to significant quantum processing capability.
Post-Quantum
Method that allows computation of certain fields in a dataset without decrypting it.
Homomorphic encryption.
Principally used to share privacy-sensitive data sets.
A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.
Blockchain
