2.8 Summarize the basics of cryptographic concepts.

Question 1

Non-repudiation

Answer 1

Verify who sent the information

Question 2

Authentication

Answer 2

Verify a user

Question 3

integrity

Answer 3

verify the files was not edited or tampered with

Question 4

Plaintext

Answer 4

An unencrypted message

Question 5

Ciphertext

Answer 5

An encrypted message

Question 6

Cipher

Answer 6

The algorithm used to encrypt or decrypt the message

Question 7

Cryptanalysis

Answer 7

art of cracking encryption.

Question 8

Cryptographic keys

Answer 8

Add the key to the cypher to encrypt
larger keys are more secure
some encryption methods use one key

Question 9

what is the process of making a weak jey stronger by performing multiple processes on it. Like hashing a password and then hashing the hash,

Answer 9

Key stretching or key strengthening.

Question 10

bcrypt

Answer 10

generates hashes from passwords
An extension to Unix crypt library
Uses blowfish cipher to perform multiple rounds of hashing

Question 11

PBKDF2

Answer 11

Password-based key derivation function 2
- part of RSA public key cryptography standards (PKCS #5, RFC 2898

Question 12

Lightweight Cryptography

Answer 12

Usually used by IoT devices, since traditional cryptography requires a powerful CPU and lots of time, an IoT device does not have either.
NIST is leading an effort to create new standards on this and keep costs low for IoT devices.

Question 13

HE

Answer 13

Homomorphic Encryption -
- You can perform calculations of data while it is encrypted.
- You can perform the work directly on the encrypted data
- The encrypted data can only be viewed with the private key

Question 14

Symmetric encryption

Answer 14

It uses a single shared key to encrypt and decrypt. If the key is exposed, you will need a new key.
Very Fast to use.
Does not scale well. It can be challenging to distribute.
128-bit or larger are common
These keys get larger a time goes on

Question 15

Asymmetric encryption

Answer 15

Often referred to as public key cryptography.
Uses two or more mathematically related keys.

Private key - Kept private. No one else can see it.

Public key - Anyone can see this key. You should share it.

Once the public key has encrypted the data, it can only be decrypted using the private key pair.

Larger keys than symmetric keys.
Complex calculations of prime numbers
Common to see key lengths of 3072 or larger

Question 16

How does the Key pair get generated?

Answer 16

• Builds both public and private key at the same time
  Lots of randomization
  Large prime numbers and lots of math

Question 17

How can you create a symmetric key without sending the symmetric key over the network?

Answer 17

You use the asymmetric keys that you created to create a symmetric key. You would exchange public keys with the person you want to talk to and then use the other person’s public key and combine it with your private key to create a symmetric key.

Bobs private key + Sues public key
Sues private key + Bobs public key

Both of these create the same symmetric key, which can then be used to communicate.

Question 18

ECC

Answer 18

Elliptic Curve cryptography
Instead of numbers, use curves.
- uses smaller keys than non-ECC asymmetric encryption
- Smaller storage and transmission requirements
- Perfect for mobile devices and IoT devices

Question 19

Hash

Answer 19

Represents data as a short string of text, sometimes referred to as a message digest, a fingerprint.
This is a one-way trip; you cannot recover the original message from the digest
Perfect for strong passwords
Perfect for verifying downloads and verifying file integrity.
Can be a digital signature - authentication, non-repudiation, and integrity
Will not have a collision

Question 20

Sha256

Answer 20

Hashing algorithm
256 bits/ 64 hex

Question 21

When a hash of two different inputs creates the same outputs

Answer 21

A collision.
MD5 has a collision found in 1996
Don’t use MD5 to hash.

Question 22

Digital signatures

Answer 22

Prove the message was not changed (Integrity)
Prove the source of the message (Authentication)
Make sure the signature is not fake. (non-repudiation)
Signed with the private key.
Verified by using the public key.

Question 23

Out-of-band key exchange

Answer 23

Sends it out side of the internet.
Telephone, courier, person, etc.

Question 24

In-band key exchange

Answer 24

it’s on the network
protect key with additional encryption
Use asymmetric encryption to deliver a symmetric key.

Question 25

PFS

Answer 25

Perfect forward secrecy
Used in SSL/TLS when communicating to a web server.
Does not use the servers private RSA key
Uses Elliptic curve or Diffie hellman ephemeral (ECDHE)- used to transfer data in 1 session.
The session keys aren’t kept around.
Requires more computing power
not all servers choose to use PFS
Browser must support PFS

Question 26

Steganography

Answer 26

Hiding information in an image
Storing information in audio files
Can do the same thing in a video file.
Security through obscurity

Question 27

Obfuscation

Answer 27

Process of making something unclear
Commonly used in source code.

Question 28

stream ciphers

Answer 28

encryption is done one byte or bit at a time
high speed, low hardware complexity
Used with symmetric encryption typically
Not commonly used with asymmetric encryption
The starting state should never be the same
- key is often combined with an initialization vector (IV)

Question 29

Block Ciphers

Answer 29

Encrypts fixed length groups at one time often in 64bit or 128 bit block
Pads added to short blocks
Each block is encrypted or decrypted independently
Symmetric encryption
- similar to stream ciphers
block cipher modes of operations:
- Avoids patterns in the encryption
- Many different modes to choose from

Question 30

ECB

Answer 30

Electronic codebook
A block cipher mode of operation
The simplest encryption mode
too simple for most use cases
Each block is encrypted with the same key
- identical plaintext blocks create identical ciphertext blocks

Question 31

CDC

Answer 31

cipher block chaining, cipher block mode
Adds randomizations which gets around problem with ECB.
Easy to implement
Each plaintext block is XORED with previous ciphertext block
uses IV for the first block

Question 32

CTR

Answer 32

Counter
Block cipher mode uses an incremental counter to add randomization.

Question 33

blockchain

Answer 33

a distributed ledger
keeps tracks of transactions
Everyone on the block chain network maintain the ledger

Question 34

3DES

Answer 34

3DES uses 64-bit blocks and a 56-bit key, but the plaintext is encrypted three times using different subkeys. 3DES is also a block cipher. Symmetric keys.

Question 35

RC4

Answer 35

Stream cipher.