Obfuscation, Hashing & Digital Signatures, Blockchain Tech, Certificates

Question 1

Obfuscation

Answer 1

Process of hiding info in plain sight

Question 2

Steganography

Answer 2

Hiding info inside of an image

Question 3

Common steganography techniques include-

Answer 3

1. Network based
2. Image
3. Invisible watermarks
4. Audio
5. Video

Question 4

Tokenization, where is it common?

Answer 4

Replaces sensitive data w/ a non-sensitive place holder.
-SSN 266-12-1112 is now 691-61-8539
-Common w/ CC processing

Question 5

Data obfuscation

Answer 5

Hide some of original data
Ex: Receipt only showing last 4 digits of bank card.

Question 6

Data masking

Answer 6

protects sensitive info by replacing it with fake or randomized data

Question 7

Hash, what’s it used for?

Answer 7

Represents data as a short string of text.
Used to store passwords, verifies a downloaded document is same as original.

Question 8

Collision

Answer 8

Different input should never create the same hash

Question 9

Salt

Answer 9

Random data added to a password when hashing

Question 10

Advantages of salted hashes:

Answer 10

-Rainbow tables wont work
-Slows down brute force process

Question 11

Advantages of blockchain”

Answer 11

Keeps track of transactions.
And are verified by multiple computers on the network before it is added to the blockchain ledger.

Question 12

In blockchain, if changes occur then-

Answer 12

Those changes are distributed to everyone

Question 13

Public key certificate

Answer 13

verifies the identity of a user or device by linking their public key to their identity

Question 14

What adds ‘trust’ to digital certificates?

Answer 14

Digital signature

Question 15

PKI uses ____________ for additional trust

Answer 15

Certificate Authorities

Question 16

Root of trust

Answer 16

Inherently trusted component
-Hardware, software, firmware , or other component.

Question 17

Third party certificate authorities

Answer 17

CA is responsible for the validation of certificate requests, issuing certificates, revocation.

Question 18

Certificate signing requests (CSR)

Answer 18

1. A key pair is created
   2, Public key is sent to CA to be signed
2. CA validates request
3. CA digitally signs cert

Question 19

Private certificate authorities

Answer 19

You are your own CA

Question 20

Self-signed certificates

Answer 20

Issue your own certificates signed by your own CA

Question 21

Wildcard certificates

Answer 21

Allows a certificate to support many different domains.
Ex: .example.com can secure www.example.com, mail.example.com, and blog.example.com.

Question 22

Key revocation

Answer 22

invalidates a cryptographic key, making it unusable for encryption or decryption
Maintained by Certificate Revocation List (CRL)

Question 23

OCSP (Online Certificate Status Protocol) stapling

Answer 23

allows a web server to check the revocation status of a digital cert