T4 | Encryption, Protocols and Digital Certificates Flashcards
What is Encryption?
Way of encoding data
Plaintext
Original message to be encrypted
Ciphertext
The encrypted message
Encryption
The process of plaintext-ciphertext
Key
Piece of information used to unlock it
Encryption algorithm
Method used to encrypt the plaintext
Symmetric encryption
Same key to encrypt as to decrypt (private key)
Man in the Middle Attack
Attacker sits in the middle of the conversation (directly grab it, mid transmission)
Asymmetrical encryption
Much more secure which involves 2 keys
Asymmetric encryption keys
- Public key - available to anyone who encrypts a message for recipient
- Private key - available only to recipient, used to decrypt message
Why protect stored data?
- Legal obligation for companies
2. Keep peoples data private
Storing passwords - Hashing
Will take the username/password and create a hash (when someone enters their username and password, the hash generated will be compared to the one in the database)
Protocols
Set of rules defining common methods of data communication
Protocol example
HTTP is standard protocol used to access/receive web pages
HTTPS
Secure protocol, any site that uses a data entry method should use HTTPS
How does HTTPS work?
HTTPS uses SSL/TLS certificate to verify the encryption keys and the organisation
What are SSL and TLS?
Public encryption keys
Website certificate
SSL/TLS is a digital certificate (authenticates the owner of site and public key; prove identity of website)
What does “can’t connect securely” often mean?
- Out of date certificate
2. Not connection to a secure server
How SSL/TLS and Certificates work?
- User requests SSL certificate
- Server sends valid certificate back
- Secure connection established
Wireless Encryption Protocols
- WEP (very easy to track, shouldn’t be used these days)
- WPA/WPA2 (more secure)
- WPA3 (announced in 2018, successor of WPA2)
