Cryptography Flashcards Preview

Security + > Cryptography > Flashcards

Flashcards in Cryptography Deck (38):
1

Hashing

Number derived from performing a calculation on data.

Provides integrity assurances that data has not been modified.

2

Encryption

Scrambles, or ciphers, data to make it unreadable if intercepted. Encryption normally includes an algorithm and a key.

Encryption protects the
confidentiality of data.

3

Digital signatures

A digital signature is an encrypted hash
of a message, encrypted with the sender’s private key. Provide authentication, non-repudiation, and integrity

4

Message Digest 5 (MD5)

Hashing algorithm that produces a 128-bit hash

5

Secure Hash Algorithm (SHA)

Hashing algorithm.
SHA-0,
SHA-1: 160-bit
SHA-2: 224, 256, 348, 512 bit
SHA-3: 224, 256, 348, 512 bit

6

Hash-based Message Authentication Code
(HMAC)

Hashing algorithm.
Uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.

7

Symmetric encryption

Uses the same key to encrypt and decrypt data.
-AES
-DES
-3DES
-RC4
-Blowfish/Twofish
-One-Time Pad

8

Asymmetric encryption

Two keys in a matched pair to encrypt and decrypt data—a public key and a private key
-RSA
-Diffie-Hellman
-ECC

9

block cipher

Encrypts data in specific-sized blocks

10

stream ciphers

Encrypt data as a stream of bits

11

Advanced Encryption Standard (AES)

Symmetric block cipher encrypts data
in 128-bit blocks.
key sizes of 128 bits, 192 bits, or 256 bits

12

Data Encryption Standard (DES)

Encrypts data in 64-bit blocks.
56-bit key

13

3DES (pronounced as “Triple DES”)

Symmetric block cipher. encrypts data in 64-bit blocks.
key sizes of 56 bits, 112 bits, or 168 bits

14

RC4 (Rivest Cipher)

Symmetric stream cipher

15

Blowfish and Twofish

Strong symmetric block cipher

16

public key encrypts

Matching private key can decrypt

17

private key encrypts

Public key can decrypt

18

RSA

Asymmetric encryption method using both a public key and a private key in a
matched pair

19

Static Versus Ephemeral Keys

Static keys are semipermanent and stay the same over a long period of time. In contrast, ephemeral keys have
very short lifetimes and are recreated for each session.

20

Elliptic curve cryptography (ECC)

Asymmetric encryption method used with small wireless devices. graphs points on the curve to create keys

21

Diffie-Hellman

Asymmetric encryption method.
Key exchange algorithm used to privately share a symmetric key between two parties.
Diffie-Hellman Ephemeral (DHE) generating different keys for each session.

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)ephemeral keys generated
using ECC

22

Steganography

Hides data inside other data.

23

Email digital signatures

The sender’s private key encrypts (or signs).
The sender’s public key decrypts.

24

Email encryption

The recipient’s public key encrypts.
The recipient’s private key decrypts.

25

Web site encryption

The web site’s public key encrypts (a symmetric key).
The web site’s private key decrypts (a symmetric key).
The symmetric key encrypts data in the web site session.

26

Signing Email with Digital Signatures

Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft
Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what
happens when she clicks the button:
1. The application hashes the message.
2. The application retrieves Lisa’s private key and encrypts the hash using this private key.
3. The application sends both the encrypted hash and the unencrypted message to Bart.
When Bart’s system receives the message, it verifies the digital signature using the following
steps:
1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some
situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain
environments, Bart’s system can automatically retrieve Lisa’s certificate from a network
location.
2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.
3. The application calculates the hash on the received message.
4. The application compares the decrypted hash with the calculated hash.

27

Encrypting Email

Imagine that Lisa wants to send an encrypted message to Bart. The following steps provide a
simplified explanation of the process if only asymmetric encryption is used:
1. Lisa retrieves a copy of Bart’s certificate that contains his public key.
2. Lisa encrypts the email with Bart’s public key.
3. Lisa sends the encrypted email to Bart.
4. Bart decrypts the email with his private key.

28

Encrypting Email with Asymmetric and Symmetric Encryption

the process of sending the encrypted message
and encrypted session key, and identifies how the recipient can decrypt the data:
1. Lisa identifies a symmetric key to encrypt her email. For this example, assume it’s a
simplistic symmetric key of 53, though a symmetric algorithm like AES would use 128-bit or
larger keys.
2. Lisa encrypts the email contents with the symmetric key of 53.
3. Lisa retrieves a copy of Bart’s certificate that contains his public key.
4. She uses Bart’s public key to encrypt the symmetric key of 53.
5. Lisa sends the encrypted email and the encrypted symmetric key to Bart.
6. Bart decrypts the symmetric key with his private key.
7. He then decrypts the email with the decrypted symmetric key.

29

Encrypting HTTPS Traffic with SSL or TLS

Simplified handshake process used with HTTPS
1. The client begins the process by requesting an HTTPS session. This could be by entering an
HTTPS address in the URL or by clicking on an HTTPS link.
2. The server responds by sending the server’s certificate. The certificate includes the server’s
public key. The matching private key is on the server and only accessible by the server.
3. The client creates a symmetric key and encrypts it with the server’s public key.
As an example, imagine that the symmetric key is 53 (though in reality it would be much more
complex). The client encrypts the session key of 53 using the web server’s public key
creating ciphertext of UcaNP@$$.
This symmetric key will be used to encrypt data in the HTTPS session, so it is sometimes
called a session key.
4. The client sends the encrypted session key (UcaNP@$$) to the web server. Only the server’s
private key can decrypt this. If attackers intercept the encrypted key, they won’t be able to
decrypt it because they don’t have access to the server’s private key.
5. The server receives the encrypted session key and decrypts it with the server’s private key.
At this point, both the client and the server know the session key.
6. All of the session data is encrypted with this symmetric key using symmetric encryption.

30

Key Stretching/Salting

Salt the passwords with additional random bits to make them even more complex. Bcrypt. PBKDF2.

31

Public Key Infrastructure (PKI)

Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates

32

Certificate Authority

Issues, manages, validates, and revokes
certificates

33

Certificate Trust Paths and Trust Models

A large trust chain works like this:
-The root CA issues certificates to intermediate CAs.
-Intermediate CAs issue certificates to child CAs.
-Child CAs issue certificates to devices or end users.

34

Self-Signed Certificates

Possible to create a CA and use self-signed certificates.
Certificates issued by this CA will not be trusted by default. If a user connects to this
web server and establishes an HTTPS session, the web browser will show an error.

35

Transport Encryption

Secure Shell (SSH)
HTTPS (SSL/TLS methods)

36

IPsec

IPsec - Uses HMAC for authentication and integrity
use either AES or 3DES for encryption with Encapsulating Security Payload (ESP).
When IPsec uses ESP, it encrypts the entire packet, including the original IP header, and creates an additional IP header.

37

Secure Sockets Layer (SSL)

encryption protocol used to encrypt Internet traffic.
Requires certificates issued by certificate authorities (CAs)!!

38

Transport Layer Security (TLS)

encryption protocol used to encrypt Internet traffic.
Requires certificates issued by certificate authorities (CAs)!!