Randomizing Cryptography 6.1 Flashcards

1
Q

Cryptographic Nonce

A

Means, “for the nonce”, or, for the time being. It’s only used once. It’s a random, or pseudo-random number. Something that can’t be reasonably guessed. Used during login process. Server gives nonce, calculate your password hash using the nonce. Each password has sent to the host will be different, so replay attacks can not work.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Initialization Vectors

A

It’s a type of nonce that is used for randomizing an encryption scheme. The more random the better. It’s used in encryption cyphers, WEP, and older SSL implementations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Salt

A

This is a nonce that is most commonly associated with password randomization. It makes the password hash unpredictable. Password storage should always be salted. Each user gets a different salt. If the password database is breached, you can’t correlate any passwords. Even users with the same password have different hashes stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly