Cryptography Flashcards
Cipher text
encrypted text that you cannot read
Encryption/Decryption Algorithm
the process of encrypting/decrypting plain text to cipher text
Symmetric Algorithm
uses the same key to encrypt and decrypt
Asymmetric Algorithm
one key for encryption, and another key for decryption
Data Encryption Standard (DES)
key size 56 bit - symmetric algorithm
Triple DES
same as DES but using it 3 times to make the algorithm more secure
Advanced Encryption Standard (AES)
key size 128 bit - symmetric
RSA (Rivest-Shamir-Adleman)
asymmetric cryptographic algorithm with a key size 1024, 2048, 3072, 4096
Why not use Asymmetric Algorithm for everything instead of Symmetric?
the resources that you need to handle asymmetric keys is much more (CPU pwer). The speed for asymmetric algorithm is much slower than symmetric algorithm
Hash Algorithm
a one-way algorithm (once you encrypt your message you can not decrypt it)
What is a Digest or Digital Fingerprint?
the result of a hashing algorithm. Also can be called a hash file.
What is the purpose of hashing?
just for the integrity of the message
What are some common hash algorithms?
MD5, SHA, SHA-2, RIPEMD
Hashed Message Authentication Code (HMAC)
cryptographic authentication technique that uses a hash function and a secret key. verify that data is correct and authentic with shared secrets.
Works by first sharing a private key. Then, generating a hash of the private key and message/file together as one hash. Then, sending it to end user. End user then hashes that file with their shared private key included, and compares that hash to the hash that the sender sent.
Digital Signature
hashing the message and then encrypting the hash using a private key and providing the end user with the public key so that they can decrypt the hash and rehash the message to compare with the sender hash.
What is the difference between a Digital Signature and HMAC?
HMAC uses symmetric encryption and a Digital Signature uses asymmetric encryption
Certificate Authority (CA)
3rd party that provides certificates to users to confirm that they are actually them. they also keep track of the status and can revoke the digital certificate
Intermediate Certificate Authority
certificate authorities that are placed between a root CA to issue certificates on its behalf. The intermediate CA is also responsible for verifying the identity of the entity requesting the certificate and issuing the certificate.
How does a Digital Certificate work?
user generates a public-private key pair, creates a Certificate Signing Request (CSR) which contains their public key and other identifying information. The user sends the CSR to the CA which then verifies the user’s identity and encrypts the CSR with its private key to create a digital certificate (which contains the user’s public key and additional info about the user and the CA). The CA then sends the signed digital certificate back to the user.
How does a server or user verify a Digital Certificate?
by checking its validity, the CA’s signature, and ensuring the CA is trusted. Then extracting the public key from the CA and use it to decrypt the hash that was encrypted in the digital certificate. then compare the hash with the hash that was received earlier.
Registration Authority (RA)
subordinate entities that are designed to handle some intermediate CAs tasks such as : identify and authenticate requesters, and then passes it to intermediate CAs.
Certificate Repository (CR)
Publicly accessible centralized database of digital certificates. Can be used to view certificate status
What are the 2 types of certificate revocation technologies?
Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP)
Certificate Revocation List (CRL)
a list of revoked digital certificates that is maintained by the CA. It contains a list of revoked certificates along with their serial numbers and other relevant information.
