2.8 - Cryptographic Concepts Flashcards
What is plaintext in cryptography?
An unencrypted message.
What is ciphertext in cryptography?
An encrypted message.
What is a cipher in cryptography?
The algorithm used to encrypt and/or decrypt.
What is cryptanalysis in cryptography?
The art of cracking encryption.
What is a key in cryptography?
What is added to the cipher to encrypt. It is also used to decrypt.
What are some ways to help make a weak key stronger?
1) Hashing
2) Key stretching
3) Key strengthening
What is key stretching?
Hashing passwords in a key.
What is lightweight cryptography?
Cryptography that is focused on devices that have low power and low processing speed. Typically this is IoT devices.
What is Homomorphic encryption (HE)?
Encryption that allows data to be worked with while it is encrypted. Calculations and research can be done on the data without actually viewing it.
What is symmetric encryption?
Using a single, shared key to encrypt and decrypt the key. If the key gets out, it no longer is effective. It also known as the secret key algorithm.
What are some of the pros and cons of symmetric encryption?
Pros
1) Very fast
Cons
1) Doesn’t scale well
What is asymmetric encryption?
There are two (or more) mathematically related keys. There is a private key and a public key.
One of the keys is used to encrypt and the other is used to decrypt. Often, the private key is for decryption, and the public key is for encryption.
What is the private key in asymmetric encryption?
The key that is kept private. It cannot be derived from the public key.
What is the public key in asymmetric encryption?
The key that anyone can see. It cannot be derived from the private key.
How can you create a symmetric key from asymmetric keys?
Combining the private key and public key on both sides.
What are some pros and cons of asymmetric encryption?
Pros:
1) Scalable
2) More secure
Cons:
1) High power and processing
2) Not as fast
What is Elliptic curve cryptography (ECC)?
A key-based technique for encrypting data that generates security between key pairs for public key encryption by using the mathematics of elliptic curves. It uses smaller keys than non-ECC asymmetric encryption and has smaller storage and transmission requirements.
What is a hash?
Represents data as a short string of text. It acts as a message digest. Hashing is a one-way trip. It is impossible to recover the original message from the digest.
It is used to store passwords and confidential information.
It can verify a downloaded document is the same as the original and it can act as a digital signature. Different messages will not have the same hash unless there is a collision.
What is a collision in hashing?
When a hash is identical to another in a hashing algorithm. No hashing algorithm should create collisions.
What is salt is hashing?
Random data added to a password when hashing to make it harder to break the algorithm. Every salt is different. It can’t completely stop reverse engineering.
What are digital signatures?
A mathematical algorithm routinely used to validate the authenticity and integrity of a message.
The message is hashed then encrypted. When the hash is decrypted, the receiver takes the message and hashes it with the exact same algorithm to verify that it is the same value.
It is signed with the private key and verified with the public key.
What do digital signatures do?
1) Prove the message was not changed (Integrity)
2) Prove the source of the message (Authentication)
3) Make sure the signature isn’t fake (Non-
repudiation)
Between asymmetric and symmetric keys, which is often larger?
Symmetric keys are smaller (128-bit or larger)
Asymmetric keys are larger ( often 3,072 bits or more)
Larger keys are harder to brute force
What are some considerations when exchanging keys?
Keys need to be secure when sent either in-band or out-of-band. Don’t send them over the net.
If in-band, send them with additional encryption.
