2.8 Summarize the basics of cryptographic concepts

Question 1

Summarize DIGITAL SIGNATURES

Answer 1

PKI systems incorporate digital signatures to authenticate the source of a message. Digital signatures essentially hash the data to show integrity and non-repudiation.

Question 2

Summarize KEY LENGTH

Answer 2

This refers to the number of bits in the key; the longer the key, the more secure or harder time for the hacker to try and break the key. Although, with the improvements in computing power today, longer keys don’t always guarantee a stronger key.

Question 3

Summarize KEY STRETCHING

Answer 3

Key stretching hash the password more than once and some key stretching functions can even hash a single password more than 10,000 times to derive the password.

Two popular key derivation functions are: PBKDF2(faster) and bcrypt(stronger).

Question 4

Summarize SALTING

Answer 4

A salt is an arbitrary value, usually created by the application or operating system storing passwords and these salts are added to the end of a password before it is hashed. It makes the password stronger and it will stop a rainbow table attack.

Question 5

Summarize HASHING

Answer 5

Hashing provides integrity in the CIA triad of security by creating unique numbers for data and originators of information. Hashing helps verify that data came from a specific source.

Question 6

Summarize KEY EXCHANGE

Answer 6

Key exchange refers to the process used to exchange keys between users who send a message and those who receive it.

Question 7

Summarize ELLIPTIC-CURVE CRYPTOGRAPHY(ECC)

Answer 7

ECC is an asymmetric method of cryptography based on problems involving the algebraic structure of elliptic curves over finite fields. ECC is useful in low-power devices like phones, for example.

Question 8

Summarize PERFECT FORWARD SECRECY

Answer 8

It means to protect a cryptosystem from one key giving away some secret that makes it easier to crack. It kind of means to use a key once and throw it away.

Question 9

Summarize QUANTUM COMMUNICATIONS

Answer 9

Quantum communications has established connections between quantum computers over fiber-optic lines that regularly transact business using quantum key distribution(QKD).

Question 10

Summarize QUANTUM COMPUTING

Answer 10

This theorizes that these quantum computers can easily crack most modern cryptosystems, like RSA and Diffie-Hellman.

Question 11

Summarize POST-QUANTUM

Answer 11

This speculates cryptographic algorithms that can withstand any attack using quantum computers. It’ll be years though before we can create this kind of stuff that take cryptography to the next level.

Question 12

Summarize EPHEMERAL

Answer 12

An ephemeral key is a temporary key that is used in only one exchange and then discarded.

Question 13

Summarize AUTHENTICATED MODE OF OPERATION

Answer 13

Authenticated modes of operation are the most common way because they authenticate and encrypt messages.

Question 14

Summarize UNAUTHENTICATED MODE OF OPERATION

Answer 14

In an unauthenticated mode of operation, the message is still encrypted, but an attacker can use an attack called a chosen ciphertext attack to intercept, modify, and, eventually decrypt messages. This is bad.

Question 15

Summarize COUNTER MODE OF OPERATION

Answer 15

In DES, counter(CTR) mode uses a random 64-bit block as the first IV, then increments a specified number or counter for every subsequent block of plaintext. CTR mode offers the best performance.

AES uses Galois/Counter Mode(GCM) which is counter mode, but adds a special data type known as a Galois field to add integrity.

Question 16

Summarize BLOCKCHAIN

Answer 16

Blockchain radically disrupts this model, creating a decentralized, peer-to-peer system for secure interaction between buyer and seller. Here are the details. Bitcoin and blockchain rely on public key infrastructure (PKI) cryptosystems to ensure safe storage of the currency and the transactions as well.

Question 17

Summarize BLOCKCHAIN PUBLIC LEDGERS

Answer 17

Blockchain provides the peer-to-peer record—public ledger, in bitcoin speak—of all the transactions among people using bitcoin.

Question 18

Summarize CIPHER STREAMS

Answer 18

Streaming algorithms operate on individual bits, one bit at a time. Streaming algorithms don’t work on blocks of text; instead, they look at each individual bit and perform a mathematical operation on that bit and then move on to the next bit. Streaming algorithms tend to work much faster than block algorithms and are used in cryptographic methods that support fast communications requirements, such as wireless technologies.

Question 19

Summarize CIPHER BLOCKS

Answer 19

A block algorithm operates on a predefined size of a group of bits, known as a block. Different block algorithms use different block sizes, but typical sizes are 16-, 64-, and 128-bit blocks.

Question 20

Summarize SYMMETRIC VS. ASYMMETRIC

Answer 20

Asymmetric cryptography uses two separate keys—a key pair—for secure communication. Data encrypted with one key requires the other key in the key pair for decryption.

Symmetric cryptography uses a single key that both encrypts and decrypts data. All parties that require access to a piece of encrypted data know that key. If someone encrypts a file or sends a secure message to another person, both persons must have the key used to encrypt the data to decrypt it.

Question 21

Summarize LIGHTWEIGHT CRYPTOGRAPHY

Answer 21

Low-powered IoT devices rely on lightweight cryptographic algorithms that don’t offer as much security as heavier ones—because they need to function using much lower computing power. Worse, because of their static nature, the IoT devices cannot upgrade to more secure protocols in the future.

Question 22

Summarize STEGANOGRAPHY

Answer 22

steganography—the science of hiding information in other data. Steganography tools enable you to encrypt data within image, video, and audio files.

Question 23

Summarize HOMOMORPHIC ENCRYPTION

Answer 23

Homomorphic encryption enables manipulation of encrypted data—without decrypting—that then applies to that data when it’s decrypted. Private, encrypted data can be outsourced to the cloud without compromising the privacy of that data. It means researchers can run analytical scans on encrypted data, get amazing amounts of information, and never compromise the private records of individuals.

Question 24

Summarize common use cases with LOW POWER DEVICES

Answer 24

Expect a question on common use cases involving low-power devices, such as smartphones, on the exam. ECC provides the answer.

Question 25

Summarize common use cases with LOW LATENCY

Answer 25

Symmetric key cryptography is both low latency (quick to respond) and good at handling large amounts of data, such as storage or transmission of large files. Symmetric keys require minimal computational overhead. Since only one key is involved, in communications limited to only two parties, symmetric key cryptography works great.

Question 26

Summarize common use cases with HIGH RESILIENCY

Answer 26

Higher resiliency helps to make sure that cryptosystems hold up longer when they are being cracked by attackers.

Question 27

Summarize common use cases with SUPPORTING CONFIDENTIALITY

Answer 27

The CompTIA Security+ SY0-601 objectives use specific wording on this topic. So a common use case for cryptography is supporting confidentiality.

Question 28

Summarize common use cases with SUPPORTING INTEGRITY

Answer 28

The CompTIA Security+ SY0-601 objectives use specific wording on this topic. So a common use case for cryptography is supporting integrity. PKI clearly accomplishes this goal.

Question 29

Summarize common use cases with SUPPORTING OBFUSCATION

Answer 29

Look for questions on the CompTIA Security+ exam that ask you to recognize common use cases of cryptography supporting obfuscation.

Question 30

Summarize common use cases with SUPPORTING AUTHENTICATION

Answer 30

The CompTIA Security+ SY0-601 objectives use specific wording on this topic. So a common use case for cryptography is supporting authentication. Certificates clearly accomplish this goal.

Question 31

Summarize common use cases with SUPPORTING NON-REPUDIATION

Answer 31

The CompTIA Security+ SY0-601 objectives use specific wording on this topic. So a common use case for cryptography is supporting non-repudiation. PKI clearly accomplishes this goal.

Question 32

Summarize limitations on RESOURCE VS. SECURITY CONSTRAINTS

Answer 32

Finally, resource vs. security constraints boils down to the relationship between how much computing power goes into the system and the security of the system. Higher key lengths offer more security but require more computing power to deal with.