Flashcards in Cryptography Deck (38):
Number derived from performing a calculation on data.
Provides integrity assurances that data has not been modified.
Scrambles, or ciphers, data to make it unreadable if intercepted. Encryption normally includes an algorithm and a key.
Encryption protects the
confidentiality of data.
A digital signature is an encrypted hash
of a message, encrypted with the sender’s private key. Provide authentication, non-repudiation, and integrity
Message Digest 5 (MD5)
Hashing algorithm that produces a 128-bit hash
Secure Hash Algorithm (SHA)
SHA-2: 224, 256, 348, 512 bit
SHA-3: 224, 256, 348, 512 bit
Hash-based Message Authentication Code
Uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.
Uses the same key to encrypt and decrypt data.
Two keys in a matched pair to encrypt and decrypt data—a public key and a private key
Encrypts data in specific-sized blocks
Encrypt data as a stream of bits
Advanced Encryption Standard (AES)
Symmetric block cipher encrypts data
in 128-bit blocks.
key sizes of 128 bits, 192 bits, or 256 bits
Data Encryption Standard (DES)
Encrypts data in 64-bit blocks.
3DES (pronounced as “Triple DES”)
Symmetric block cipher. encrypts data in 64-bit blocks.
key sizes of 56 bits, 112 bits, or 168 bits
RC4 (Rivest Cipher)
Symmetric stream cipher
Blowfish and Twofish
Strong symmetric block cipher
public key encrypts
Matching private key can decrypt
private key encrypts
Public key can decrypt
Asymmetric encryption method using both a public key and a private key in a
Static Versus Ephemeral Keys
Static keys are semipermanent and stay the same over a long period of time. In contrast, ephemeral keys have
very short lifetimes and are recreated for each session.
Elliptic curve cryptography (ECC)
Asymmetric encryption method used with small wireless devices. graphs points on the curve to create keys
Asymmetric encryption method.
Key exchange algorithm used to privately share a symmetric key between two parties.
Diffie-Hellman Ephemeral (DHE) generating different keys for each session.
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)ephemeral keys generated
Hides data inside other data.
Email digital signatures
The sender’s private key encrypts (or signs).
The sender’s public key decrypts.
The recipient’s public key encrypts.
The recipient’s private key decrypts.
Web site encryption
The web site’s public key encrypts (a symmetric key).
The web site’s private key decrypts (a symmetric key).
The symmetric key encrypts data in the web site session.
Signing Email with Digital Signatures
Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft
Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what
happens when she clicks the button:
1. The application hashes the message.
2. The application retrieves Lisa’s private key and encrypts the hash using this private key.
3. The application sends both the encrypted hash and the unencrypted message to Bart.
When Bart’s system receives the message, it verifies the digital signature using the following
1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some
situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain
environments, Bart’s system can automatically retrieve Lisa’s certificate from a network
2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.
3. The application calculates the hash on the received message.
4. The application compares the decrypted hash with the calculated hash.
Imagine that Lisa wants to send an encrypted message to Bart. The following steps provide a
simplified explanation of the process if only asymmetric encryption is used:
1. Lisa retrieves a copy of Bart’s certificate that contains his public key.
2. Lisa encrypts the email with Bart’s public key.
3. Lisa sends the encrypted email to Bart.
4. Bart decrypts the email with his private key.
Encrypting Email with Asymmetric and Symmetric Encryption
the process of sending the encrypted message
and encrypted session key, and identifies how the recipient can decrypt the data:
1. Lisa identifies a symmetric key to encrypt her email. For this example, assume it’s a
simplistic symmetric key of 53, though a symmetric algorithm like AES would use 128-bit or
2. Lisa encrypts the email contents with the symmetric key of 53.
3. Lisa retrieves a copy of Bart’s certificate that contains his public key.
4. She uses Bart’s public key to encrypt the symmetric key of 53.
5. Lisa sends the encrypted email and the encrypted symmetric key to Bart.
6. Bart decrypts the symmetric key with his private key.
7. He then decrypts the email with the decrypted symmetric key.
Encrypting HTTPS Traffic with SSL or TLS
Simplified handshake process used with HTTPS
1. The client begins the process by requesting an HTTPS session. This could be by entering an
HTTPS address in the URL or by clicking on an HTTPS link.
2. The server responds by sending the server’s certificate. The certificate includes the server’s
public key. The matching private key is on the server and only accessible by the server.
3. The client creates a symmetric key and encrypts it with the server’s public key.
As an example, imagine that the symmetric key is 53 (though in reality it would be much more
complex). The client encrypts the session key of 53 using the web server’s public key
creating ciphertext of UcaNP@$$.
This symmetric key will be used to encrypt data in the HTTPS session, so it is sometimes
called a session key.
4. The client sends the encrypted session key (UcaNP@$$) to the web server. Only the server’s
private key can decrypt this. If attackers intercept the encrypted key, they won’t be able to
decrypt it because they don’t have access to the server’s private key.
5. The server receives the encrypted session key and decrypts it with the server’s private key.
At this point, both the client and the server know the session key.
6. All of the session data is encrypted with this symmetric key using symmetric encryption.
Salt the passwords with additional random bits to make them even more complex. Bcrypt. PBKDF2.
Public Key Infrastructure (PKI)
Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates
Issues, manages, validates, and revokes
Certificate Trust Paths and Trust Models
A large trust chain works like this:
-The root CA issues certificates to intermediate CAs.
-Intermediate CAs issue certificates to child CAs.
-Child CAs issue certificates to devices or end users.
Possible to create a CA and use self-signed certificates.
Certificates issued by this CA will not be trusted by default. If a user connects to this
web server and establishes an HTTPS session, the web browser will show an error.
Secure Shell (SSH)
HTTPS (SSL/TLS methods)
IPsec - Uses HMAC for authentication and integrity
use either AES or 3DES for encryption with Encapsulating Security Payload (ESP).
When IPsec uses ESP, it encrypts the entire packet, including the original IP header, and creates an additional IP header.
Secure Sockets Layer (SSL)
encryption protocol used to encrypt Internet traffic.
Requires certificates issued by certificate authorities (CAs)!!