# CISSP (Domain 5 - Cryptography) Flashcards

4 Cryptography Goals

CAIN

- Confidentiality: no unauthorized access (encrypt with public decrypt with private)
- Authenticity: Validate source (encrypt with private decrypt with public)
- Integrity: Message not modified
- Non-repudiation: Sender can’t deny

Hash

Unique digital representation of the “thing”

Symmetric Ciphers (Algorithms)

- Share Key
- Stream/Block Ciphers (XOR/Substitution)
- Ciphered and decrypted with the same key
- Confidentiality but no non-repudiation
- Faster

*DES, 3DES, AES, IDEA, Blowfish, Twofish, RC4, RC5, RC6, CAST, SAFER, Serpent

Asymmetric Ciphers

- PKI (Public/Private key pairs)
- No normal reason to share private key
- Confidentiality, Authentication, non-repudiation

One-Time Pad Encryption

- Key is the same size as the message and only used once
- Impossible to break
- Key exchange is cumbersome

Exclusive OR (XOR)

- Binary mathematical operation applied to two bits
- Key and text turned into binary, then math is done.

+If both bits are the same, result is 0

+If both bits are different, results is 1

Cipher Text

Encrypted text

Stream Cipher (Symmetric) (FSHR)

- Faster than block cipher
- Operates on smaller units of plaintext (bits)
- Good for hardware
- Randomized key string with no repeatable patterns WEP

*Only RC4

Block Cipher (Symmetric) (DLSC)

- Divided into blocks and put through mathematical functions called Substitution Boxes (S-Boxes)
- Operates on larger units of plaintext (64 bits)
- Good for software
- Most Common

*56 Bit DES

Data Encryption Standard (DES)

DType/key/calc/blocks

- Used for sensitive and unclassified data
- *56 bit key with 8 for parity (SBOX)
- *16 rounds of calculations
- *64 bit Blocks

2 Modes for Block Ciphers

CE

- *Cipher Block Chaining: XOR before cipher (Errors)

- Electronic Code Book: Same ciphertext for plaintext

3 Modes of Stream Block Ciphers

COC

- *Cipher Feedback Mode (CFB): Prev ciphertext used to encrypt next block (Errors)
- Output Feedback Mode (OFB): Output of prev block calc is used as imput for next block
- Counter Mode (CRT): AES encryption, IVs are successive values

Triple DES

EC

- Encrypts messages three times with multiple keys

- 48 rounds of computation (256 times stronger)

Advanced Encryption Standard (AES)

RA/BS/KS

- Rijndael Algorithm
- Block Symmetric Encryption Algorithm (Block size 128/192/256)
- Key size of 128/192/256 (Variable)

Calculating the Number of Necessary Keys for Symmetric Encryption (Formula)

Keys = N(N - 1) / 2

3 Symmetric Key Cryptography Issues

DEC

- Distinct key needed for each couple communicating
- The more the key is used to encrypt large amounts of data, the more the key is exposed
- Can’t be used for digital signatures

3 Symmetric Key Cryptography Weaknesses

KD/S/LS

- Key Distribution: secure mechanism needed to deliver keys
- Scalability: Each pair of users needs a unique pair of keys
- Limited Security: No non-repudiation, only confidentiality

Diffie-Hellman

etype/ri,sr,ssk/agr/no/based/vuln

- Asymmetric PK
- Random input, share result, shared session key
- Allows users to agree on a symmetric key over a non-secure medium
- Does not provide data encryption or digital signatures
- Security based on discrete logarithms in a finite field
- Vulnerable to MITM attacks

RSA

type/ds,kd,e/ksize/lpn

- Asymmetric PK
- Digital Signatures, Key distribution, encryption
- Min 1024 key size
- Large prime numbers