PKI and Cryptographic Applications Flashcards

1
Q

Understand the key types used in asymmetric cryptography

A

Public keys are freely shared among communicating parties, whereas private keys are kept secret. To encrypt a message, use the recipient’s public key. To decrypt a message, use your own private key. To sign a message, use your own private key. To validate a signature, use the sender’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Be familiar with the three major public key cryptosystems

A

RSA is the most famous public key cryptosystem; it was developed by Rivest, Shamir, and Adleman in 1977. It depends on the difficulty of factoring the product of prime numbers. ElGamal is an extension of the Diffie–Hellman key exchange algorithm that depends on modular arithmetic. The elliptic curve algorithm depends on the elliptic curve discrete logarithm problem and provides more security than other algorithms when both are used with keys of the same length.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Know the fundamental requirements of a hash function

A

Good hash functions have five requirements. They must allow input of any length, provide fixed-length output, make it relatively easy to compute the hash function for any input, provide one-way functionality, and be collision-resistant.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Be familiar with the major hashing algorithms

A

The successors to the Secure Hash Algorithm (SHA), SHA-2 and SHA-3, make up the government standard message digest function. SHA-2 supports variable-length message digests, ranging up to 512 bits. SHA-3 improves upon the security of SHA-2 and supports the same hash lengths.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Know how cryptographic salts improve the security of password hashing

A

When straightforward hashing is used to store passwords in a password file, attackers may use rainbow tables of precomputed values to identify commonly used passwords. Adding salts to the passwords before hashing them reduces the effectiveness of rainbow table attacks. Common password hashing algorithms that use key stretching to further increase the difficulty of attack include PBKDF2, bcrypt, and scrypt.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Understand how digital signatures are generated and verified

A

To digitally sign a message, first use a hashing function to generate a message digest; then encrypt the digest with your private key. To verify the digital signature on a message, decrypt the signature with the sender’s public key and then compare the message digest to one you generate yourself. If they match, the message is authentic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Understand the public key infrastructure (PKI)

A

In the public key infrastructure, certificate authorities (CAs) generate digital certificates containing the public keys of system users. Users then distribute these certificates to people with whom they want to communicate. Certificate recipients verify a certificate using the CA’s public key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Know the common applications of cryptography to secure email

A

The emerging standard for encrypted messages is the S/MIME protocol. Another popular email security tool is Phil Zimmerman’s Pretty Good Privacy (PGP). Most users of email encryption rely on having this technology built into their email client or their web-based email service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Know the common applications of cryptography to secure web activity

A

The de facto standard for secure web traffic is the use of HTTP over Transport Layer Security (TLS). This approach relies on hybrid cryptography using asymmetric cryptography to exchange an ephemeral session key, which is then used to carry on symmetric cryptography for the remainder of the session.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Know the common applications of cryptography to secure networking

A

The IPsec protocol standard provides a common framework for encrypting network traffic and is built into a number of common operating systems. In IPsec transport mode, packet contents are encrypted for peer-to-peer communication. In tunnel mode, the entire packet, including header information, is encrypted for gateway-to-gateway communications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Be able to describe IPsec

A

IPsec is a security architecture framework that supports secure communication over IP. IPsec establishes a secure channel in either transport mode or tunnel mode. It can be used to establish direct communication between computers or to set up a VPN between networks. IPsec uses two protocols: Authentication Header (AH) and Encapsulating Security Payload (ESP).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Be able to explain common cryptographic attacks

A

Ciphertext-only attacks require access only to the ciphertext of a message. One example of a ciphertext-only attack is the bruteforce attack, which attempts to randomly find the correct cryptographic key. Frequency analysis, another ciphertext-only attack, counts characters in the ciphertext to reverse substitution ciphers. Known plaintext, chosen ciphertext, and chosen plaintext attacks require the attacker to have some extra information in addition to the ciphertext. The man-in-the-middle attack fools both parties into communicating with the attacker instead of directly with each other. The birthday attack is an attempt to find collisions in hash functions. The replay attack is an attempt to reuse authentication requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly