Cryptography Flashcards

(11 cards)

1
Q

symmetric key, uses, features and examples

A

key used for both encryption and decryption

used for bulk data, fast and efficient but faces key distribution challenges

a and b uses shared key
a encrypts with aes using same key
b decrypts using same key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

public key, uses, features and examples

A

freely shared and used to encrypt messages, with the corresponding private key used to decrypt them

enables secure key exchange, no distribution challenges, but slow

a wants to send data to b
b sends public key to a
a encrypts using b’s key
b decrypts using his private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

message confidentiality, uses and examples

A

ensures data is not readable by unauthorized party

uses encryption (AES)

sending encrypted email

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

message integrity uses and examples

A

ensures data is not altered

uses hash functions, MACS, or digital signatures

detecting if a file was modified during transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

can we have without confidentially or integrity

A

yes but insecure:

Confidentiality without Integrity:

An attacker could modify ciphertext causing gibberish on decryption. No guarantee the message is untampered.

Integrity without Confidentiality:

A checksum ensures no changes, but the message remains readable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

cryptographic key

A

piece of data used in encryption and decryption algorithms to secure information. It determines how plaintext is transformed into ciphertext (scrambled data) and vice versa.

ensures:
confidentiality by scrambling data
authentication using verifying identities
integrity through digital signatures/macs

types:
symmetric key: single shared key
asymmetric key: public/private key pairs

example:
website uses public key that encrypts data only its private key can decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

types of attacks

A

interruption: disrupts or blocks communication or services, making resources unavailable to legitimate users. It targets availability. (Dos attac)

fabrication: inserts fake data or entities into a system, often impersonating legitimate sources. It targets authenticity. (IP spoofing)

Modification: alters data without authorisation, corrupting data and violating integrity. Targets integrity (Data tampering)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the purpose of a nonce in an authentication protocol? Use an example to explain your answer.

A

random value generated for single use in cryptographic communications.

Prevents replay attacks, ensures freshness and protects against predictability.

You enter your username (e.g., “Alice”).
The server sends back a random number (nonce), like 7429.
You take your password (e.g., “cat123”) and combine it with the nonce, creating “cat1237429”.
You send back a hashed/scrambled version (e.g., H(“cat1237429”)).
The server checks if your response matches its own calculation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

message authentication, uses and examples

A

Uses a shared secret key to generate a tag (e.g., HMAC).

Sender computes MAC = HMAC(key, message).
Receiver recomputes the MAC and verifies it matches.

Used in JWT tokens, API security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

persistent tcp

A

single TCP connection reused for multiple requests/responses

steps
Client opens TCP connection (3-way handshake).
Sends multiple requests (e.g., HTML + CSS + images).
Server sends multiple responses over the same connection.
Connection stays open (until timeout or Connection: close header).

example: modern browsers reuse TCP connections to load all resources on a webpage faster .

lower latency, better throughput

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

non persistent tcp

A

new TCP connection is opened each request/response and closed immediately

Steps:
Client opens TCP connection (3-way handshake).
Sends one request (e.g., HTTP GET for a webpage).
Server sends one response.
Connection closes (FIN/ACK).

example:
early HTTP/1.0: each image/file on webpage required a separate TCP connection

high overhead; slow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly