Chapter 7: PKI and Cryptographic Applications Flashcards
If Dylan and Alexa are using PKI, and Dylan wants to send Alexa an encrypted message, which key would he use to encrypt the message? Which key decrypts the message?
Sender encrypts using receiver’s public key
Receiver decrypts using their private key
RSA
The most famous public key cryptosystem
Based on the difficulty of factoring operations
Uses two large prime numbers (approx 200 digits each) labeled p and q, which are multiplied together
ElGamal
Public key cryptosystem that is essentially an extension of Diffie-Hellman key exchange
Major disadvantage- algorithm doubles the size of any message that it encrypts
ECC
Elliptic Curve Cryptography
Involves points on a curve, I don’t understand the math but here’s a good analogy:
“Imagine one person plays our game alone in a room for a random period of time. It is easy for him to hit the ball over and over following the rules described above. If someone walks into the room later and sees where the ball has ended up, even if they know all the rules of the game and where the ball started, they cannot determine the number of times the ball was struck to get there without running through the whole game again until the ball gets to the same point. Easy to do, hard to undo.”
Diffie-Hellman
Key exchange algorithm that allows two individuals to generate a shared secret key over an insecure communications channel.
Each party agrees on two large numbers, performs calculations on them using random integers, then exchanges the results. When they perform a calculation on the results, they should each get the same result, which can be used as the secret key.
Quantum Computing
Theory that we can use principles of quantum mechanics to replace binary 1 and 0 bits with multidimensional quantum bits called qubits
Quantum Supremacy
The potential that quantum computers may be able to solve problems that are not possible for current computers to solve, rendering popular cryptographic algorithms insecure
What are the five basic requirements for a cryptographic hash function?
The input can be of any length.
The output has a fixed length.
The hash function is relatively easy to compute for any input.
The hash function is one-way.
The hash function is collision resistant.
SHA-1
Hashing algorithm no longer considered secure
Produces a 160-bit message digest
Message digest
Another name for the output value derived from hashing function
SHA-256
SHA-2 variant
Produces a 256-bit message digest
SHA-224
SHA-2 variant
Produces a 224-bit message digest
SHA-512
SHA-2 variant
Produces a 512-bit message digest
SHA-384
SHA-2 variant
Produces a 384-bit message digest
SHA-3
Developed to serve as a replacement for SHA-2. Offers the same variants and hash lengths but uses a different algorithm. Provides same level of security, but is slower than SHA-2 so not commonly used.
MD5
Hash algorithm developed by Ronald Rivest (the R in RSA)
Uses four distinct rounds of computation to produce a 128-bit message digest
Cryptanalytic attacks demonstrated that MD5 is subject to collisions.
RIPEMD
128-bit message digest, no longer secure
RIPEMD-128
Replaced RIPEMD, also uses 128-bit message digest, also no longer secure
RIPEMD-160
Replacement for RIPEMD-128 that remains secure today
160-bit message digest
RIPEMD-256
256-bit message digest, but with equivalent security to 128
RIPEMD-320
320-bit message digest, but with equivalent security to 160
What are the two distinct goals of digital signature infrastructures?
Enforce nonrepudiation
Assure the recipient that the message was not altered in transit (whether intentionally or because of faults in the process)
If you want to encrypt a confidential message, use ____
The recipient’s public key
If you want to decrypt a confidential message sent to you, use ___
Your private key
If you want to digitally sign a message you are sending to someone else, use ____
Your private key
If you want to verify the signature on a message sent by someone else, use ___
The sender’s public key
HMAC
Hashed Message Authentication Code
To be combined with any standard hashing algorithm by using a shared secret key. This provides integrity, but does not provide nonrepudiation
Digital Signature Standard (DSS)
NIST standard that specifies that all federally approved digital signature algorithms must use the SHA-3 hashing functions
Also specifies which encryption algorithms can be used to support digital signature infrastructure