Cryptographic Solutions

Question 1

What is Salting? (加盐是什么？)

Answer 1

• Add random data (“salt”) to the password before hashing.
• Even if two people have the same password, their hashes will be completely different.
• 🧂密码撒上一把独特的盐，让黑客的对照表失效！

Question 2

Why is Salting important? (加盐为什么重要？)

Answer 2

• Prevents Rainbow Table attacks! 🌈
• Makes each password hash unique and unpredictable.
• 加盐 = 密码穿上隐身斗篷，防止一眼被破解！🧙‍♂️

Question 3

What is Key Stretching? (密钥拉伸是什么？)

Answer 3

• Make a simple password much harder to crack by repeatedly hashing it many times.
• 重复加工，让黑客的破解电脑跑到冒烟🔥！

Question 4

Why is Key Stretching important? (密钥拉伸为什么重要？)

Answer 4

• Slows down brute-force attacks. 🛡️
• Strengthens weak passwords by making guessing extremely slow.
• 小锁变金库！🔒➔🏦💪

Question 5

What is a Nonce? (Nonce是什么？)

Answer 5

• A “Number used once” – a random number that is used one time during authentication.
• 每次登录或通信，都生成一个一次性随机暗号，防止被重放！

Question 6

Why are Nonces important? (Nonce为什么重要？)

Answer 6

• Prevent replay attacks. 🔁
• Ensure every session is unique, safe, and fresh.
• Nonces = 每次出新暗号，神出鬼没！🕵️‍♂️🎭

Question 7

What is Steganography? (隐写术是什么？)

Answer 7

Hiding secret information inside ordinary files like images, audio, or video.

在普通文件中偷偷藏信息，别人看不到也不会怀疑。🌊🎨

Question 8

Why is Steganography used? (隐写术有什么用？)

Answer 8

To hide communication so even the existence of the message is secret.

不让人知道你在传秘密，隐秘程度比加密还高！🕵️‍♂️📜

Question 9

What is Tokenization? (代币化是什么？)

Answer 9

Replacing sensitive data with meaningless tokens.

把敏感数据换成无价值的代号，保护数据安全。🪙🏦

Question 10

Why is Tokenization important? (代币化为什么重要？)

Answer 10

Tokens have no value if stolen.

就算Token被偷了，黑客也拿不到真数据！🔐🛡️

Question 11

What is Data Masking? (数据掩码是什么？)

Answer 11

Hiding or changing parts of sensitive data to protect it.

把重要数据打码或者伪装，防止泄露。🎭🔏

Question 12

Why is Data Masking important? (数据掩码为什么重要？)

Answer 12

Protects sensitive information in non-production environments like testing or training.

在测试、培训等场景保护真实数据，避免泄露风险！📚🛡️

Question 13

What is PKI? (PKI是什么？)

Answer 13

Public Key Infrastructure, a system that issues and manages digital certificates.

公钥基础设施，一套负责发放、验证数字证书的体系。🪪🔒

Question 14

What does the Certificate Authority (CA) do? (CA做什么？)

Answer 14

Issues, signs, and manages digital certificates.

颁发、签署和管理数字证书，是信任链的源头。🏭

Question 15

What does the Registration Authority (RA) do? (RA做什么？)

Answer 15

Collects user identity information and sends certificate requests to CA.

收集用户信息，帮用户提交申请到CA。👮

Question 16

What is a Digital Certificate? (数字证书是什么？)

Answer 16

A digital ID that proves your identity online using public key cryptography.

你的网络身份证，证明你的身份，保障通信安全。🪪

Question 17

What is a Certificate Signing Request (CSR)? (CSR是什么？)

Answer 17

An application including your public key, submitted to CA for a certificate.

包含你的公钥的申请表，用来申请数字证书。📄

Question 18

What is a Certificate Revocation List (CRL)? (CRL是什么？)

Answer 18

A list of revoked certificates no longer trusted.

被吊销证书的黑名单。📜

Question 19

What is OCSP? (OCSP是什么？)

Answer 19

Online Certificate Status Protocol, checks in real-time if a certificate is valid.

实时在线验证证书状态的协议。🔍

Question 20

What is the “Root of Trust”? (信任根是什么？)

Answer 20

The ultimate trusted CA that anchors the entire PKI system.

PKI体系最核心、最可信任的顶级证书机构。👑