Flashcards in Cryptography Deck (38):

1

## Hashing

###
Number derived from performing a calculation on data.

Provides integrity assurances that data has not been modified.

2

## Encryption

###
Scrambles, or ciphers, data to make it unreadable if intercepted. Encryption normally includes an algorithm and a key.

Encryption protects the

confidentiality of data.

3

## Digital signatures

###
A digital signature is an encrypted hash

of a message, encrypted with the sender’s private key. Provide authentication, non-repudiation, and integrity

4

## Message Digest 5 (MD5)

### Hashing algorithm that produces a 128-bit hash

5

## Secure Hash Algorithm (SHA)

###
Hashing algorithm.

SHA-0,

SHA-1: 160-bit

SHA-2: 224, 256, 348, 512 bit

SHA-3: 224, 256, 348, 512 bit

6

##
Hash-based Message Authentication Code

(HMAC)

###
Hashing algorithm.

Uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.

7

## Symmetric encryption

###
Uses the same key to encrypt and decrypt data.

-AES

-DES

-3DES

-RC4

-Blowfish/Twofish

-One-Time Pad

8

## Asymmetric encryption

###
Two keys in a matched pair to encrypt and decrypt data—a public key and a private key

-RSA

-Diffie-Hellman

-ECC

9

## block cipher

### Encrypts data in specific-sized blocks

10

## stream ciphers

### Encrypt data as a stream of bits

11

## Advanced Encryption Standard (AES)

###
Symmetric block cipher encrypts data

in 128-bit blocks.

key sizes of 128 bits, 192 bits, or 256 bits

12

## Data Encryption Standard (DES)

###
Encrypts data in 64-bit blocks.

56-bit key

13

## 3DES (pronounced as “Triple DES”)

###
Symmetric block cipher. encrypts data in 64-bit blocks.

key sizes of 56 bits, 112 bits, or 168 bits

14

## RC4 (Rivest Cipher)

### Symmetric stream cipher

15

## Blowfish and Twofish

### Strong symmetric block cipher

16

## public key encrypts

### Matching private key can decrypt

17

## private key encrypts

### Public key can decrypt

18

## RSA

###
Asymmetric encryption method using both a public key and a private key in a

matched pair

19

## Static Versus Ephemeral Keys

###
Static keys are semipermanent and stay the same over a long period of time. In contrast, ephemeral keys have

very short lifetimes and are recreated for each session.

20

## Elliptic curve cryptography (ECC)

### Asymmetric encryption method used with small wireless devices. graphs points on the curve to create keys

21

## Diffie-Hellman

###
Asymmetric encryption method.

Key exchange algorithm used to privately share a symmetric key between two parties.

Diffie-Hellman Ephemeral (DHE) generating different keys for each session.

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)ephemeral keys generated

using ECC

22

## Steganography

### Hides data inside other data.

23

## Email digital signatures

###
The sender’s private key encrypts (or signs).

The sender’s public key decrypts.

24

## Email encryption

###
The recipient’s public key encrypts.

The recipient’s private key decrypts.

25

## Web site encryption

###
The web site’s public key encrypts (a symmetric key).

The web site’s private key decrypts (a symmetric key).

The symmetric key encrypts data in the web site session.

26

## Signing Email with Digital Signatures

###
Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft

Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what

happens when she clicks the button:

1. The application hashes the message.

2. The application retrieves Lisa’s private key and encrypts the hash using this private key.

3. The application sends both the encrypted hash and the unencrypted message to Bart.

When Bart’s system receives the message, it verifies the digital signature using the following

steps:

1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some

situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain

environments, Bart’s system can automatically retrieve Lisa’s certificate from a network

location.

2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.

3. The application calculates the hash on the received message.

4. The application compares the decrypted hash with the calculated hash.

27

## Encrypting Email

###
Imagine that Lisa wants to send an encrypted message to Bart. The following steps provide a

simplified explanation of the process if only asymmetric encryption is used:

1. Lisa retrieves a copy of Bart’s certificate that contains his public key.

2. Lisa encrypts the email with Bart’s public key.

3. Lisa sends the encrypted email to Bart.

4. Bart decrypts the email with his private key.

28

## Encrypting Email with Asymmetric and Symmetric Encryption

###
the process of sending the encrypted message

and encrypted session key, and identifies how the recipient can decrypt the data:

1. Lisa identifies a symmetric key to encrypt her email. For this example, assume it’s a

simplistic symmetric key of 53, though a symmetric algorithm like AES would use 128-bit or

larger keys.

2. Lisa encrypts the email contents with the symmetric key of 53.

3. Lisa retrieves a copy of Bart’s certificate that contains his public key.

4. She uses Bart’s public key to encrypt the symmetric key of 53.

5. Lisa sends the encrypted email and the encrypted symmetric key to Bart.

6. Bart decrypts the symmetric key with his private key.

7. He then decrypts the email with the decrypted symmetric key.

29

## Encrypting HTTPS Traffic with SSL or TLS

###
Simplified handshake process used with HTTPS

1. The client begins the process by requesting an HTTPS session. This could be by entering an

HTTPS address in the URL or by clicking on an HTTPS link.

2. The server responds by sending the server’s certificate. The certificate includes the server’s

public key. The matching private key is on the server and only accessible by the server.

3. The client creates a symmetric key and encrypts it with the server’s public key.

As an example, imagine that the symmetric key is 53 (though in reality it would be much more

complex). The client encrypts the session key of 53 using the web server’s public key

creating ciphertext of UcaNP@$$.

This symmetric key will be used to encrypt data in the HTTPS session, so it is sometimes

called a session key.

4. The client sends the encrypted session key (UcaNP@$$) to the web server. Only the server’s

private key can decrypt this. If attackers intercept the encrypted key, they won’t be able to

decrypt it because they don’t have access to the server’s private key.

5. The server receives the encrypted session key and decrypts it with the server’s private key.

At this point, both the client and the server know the session key.

6. All of the session data is encrypted with this symmetric key using symmetric encryption.

30

## Key Stretching/Salting

### Salt the passwords with additional random bits to make them even more complex. Bcrypt. PBKDF2.

31

## Public Key Infrastructure (PKI)

### Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates

32

## Certificate Authority

###
Issues, manages, validates, and revokes

certificates

33

## Certificate Trust Paths and Trust Models

###
A large trust chain works like this:

-The root CA issues certificates to intermediate CAs.

-Intermediate CAs issue certificates to child CAs.

-Child CAs issue certificates to devices or end users.

34

## Self-Signed Certificates

###
Possible to create a CA and use self-signed certificates.

Certificates issued by this CA will not be trusted by default. If a user connects to this

web server and establishes an HTTPS session, the web browser will show an error.

35

## Transport Encryption

###
Secure Shell (SSH)

HTTPS (SSL/TLS methods)

36

## IPsec

###
IPsec - Uses HMAC for authentication and integrity

use either AES or 3DES for encryption with Encapsulating Security Payload (ESP).

When IPsec uses ESP, it encrypts the entire packet, including the original IP header, and creates an additional IP header.

37

## Secure Sockets Layer (SSL)

###
encryption protocol used to encrypt Internet traffic.

Requires certificates issued by certificate authorities (CAs)!!

38