Security (w7-8) Flashcards
3 Key goals of cryptography
Confidentiality, Data Integrety and Authentication
Key points on symmetric encryption
Both parties have shared key, is fast compared to asymmetric encryption, key needs to be hidden somehow, as is a vulnerability
Substitution Cipher - Ceaser Cipher?
Substitution is replaceing letters with another letter to genereate ciphertext. Ceaser Cipher is shift the alphabet by fixed number of lettters, easily reverssed, so not very safe
Transposition Cipher - Rail Fence Cipher?
Transposition - re-arrange position of letters without altering their value. Rail-Fence key is kniwing the amount of rows.
Product Cipher
combonation of different types of ciphers
Unconditionally secure vs Computationally secure
Uncondition means ciphertext does not contain enough information to figure out the original text. Computational secure means cost to break the information exceeds the value of the information, or the time needed to break the information exceeds the useful lifetime of the informatiopn
One Time Pad, what is it?
random key, as long as the message, xor the binaary as cipher
What is frequency analysis?
if “a” always encodes to “f”, then it is easy to reverse. e ~13%, t~9%.
if two parties have a shared secret, how can they authenticate each other, without showing the secret?
A sends B large number, B sends it back encrytped with the secret. A verifies. B sends A large number, A sends it back encypted with the secret. B verifies.
why is a larger key more exponentially secure?
Larger key = more possible options = more time to brute force the key
WHat is a hashkey and what is it used for
hash keys are codes that represent a file of data. changing a single letter in a file should change the hash key. use on file received, to verify no change has occurred on it.
Is assymmetric encryption commonly used to encrypt application data?
No, usually symmetric encryption is used as it is faster
How does a site with a certificate prove that the certificate has been given to him by a CA?
site sends hash of digital signature of CA encrypted with private key, user uses sites public key to decrypt. Only private key has power to crypt data in such a way that the public key is the only one which can decrypt the data.
When is TLS generally implemented within a TCP connection
typically immediatly upon connection establishment
In the client hello part of TLS handshake, what info is conveyed to the server
Highest TLS version supported, supported cipher functions, and random value