Cryptography & PKI Flashcards
(109 cards)
1
Q
Define Cipher Text
A
Text that has been encrypted for confidentiallity
2
Q
Define Plain Text
A
Readable text for human comprehension
3
Q
Define Symmetric Encryption
A
Encryption using a shared secret key, typically used for bulk encryption
4
Q
Define Asymmetric Encrytpion
A
Encryption using a key pair consisting of a private and a public key
5
Q
Goals of Cryptology
A
Confidentiality
Integrity
Authentication
Non-Repudiation
6
Q
Define a Code
A
Substitutes one word or phrase for another
7
Q
Define a Cipher
A
A mathematical algorithm for encryption
8
Q
Types of Ciphers
A
Stream verses Block
Substitution verses Transposition
9
Q
Define a Stream Cipher
A
Encrypts a single character at a time
10
Q
Define a Block Cipher
A
Encrypts a chunk of text at a time
11
Q
Define a Substitution Cipher
A
Encrypts by changing individual characters
12
Q
Define a Transposition Cipher
A
Encrypts by scrambling letters
13
Q
Define XOR
A
Exclusive Or;
True when only one input of two or more are true
14
Q
Explain the Confusion Principle
A
Hide connection between cipher and key, can be used in stream and block ciphers
15
Q
Explain the Diffusion Principle
A
Any change in input creates 50% or greater change in output
16
Q
Explain the Obfuscation Principle
A
Action taken to make something unclear, unintelligible, or obscure
17
Q
One-Time Pad Criteria
A
2 identical pads
Equal length
Single Use
18
Q
Explain Security through Obscurity
A
Security reliant upon secrecy,
Generally disparaged
19
Q
5 Stages of NIST Crypto Lifecycle
A
Initiation Develop and Acquire Implement and Assess Operate and Maintain Sunset; stop, destroy, or archive
20
Q
DES Key Facts
A
Symmetric
64 bit blocks
56 bit key
Insecure
21
Q
3DES Key Facts
A
Symmetric 64 bit blocks 168 bit key (112 effective key length) Secure utilizing 3 separate keys Used in IPsec
22
Q
AES Key Facts
A
Symmetric 128 bit blocks 128, 192, or 256 bit key Secure Uses Rijndael block Cipher
23
Q
Blowfish Key Facts
A
Symmetric
64 bit blocks
32-448 bit key
Secure (at larger key sizes)
24
Q
Twofish Key Facts
A
Symmetric
128 bit block
128, 192, or 256 bit key
Secure (more complex and faster then Blowfish)
25
RC4 Key Facts
```
Symmetric
Stream cipher
40-2048 bit key
Not secure/most common
Used in WEP and SSL
```
26
Cipher Block Modes
ECB
CBC
CR
GCM
27
Describe ECB Mode
Electronic Codebook;
| Utilize same encryption key for each block
28
Describe CBC Mode
Cipher Block Chaining;
| Use previous cipher block as key for subsequent blocks
29
Describe CR Mode
Counter Mode;
Uses nonce plus a counter for encryption key.
Counter increases for each block
30
Describe GCM
Galois Counter Mode;
| Adds authentication ability to CR
31
Define Stegonography
Hiding data in large files
32
RSA Key Facts
Asymmetric
1024-4096 bit key
Digital certificate with key distribution
Secure
33
Define PGP/GnuPG
Pretty Good Privacy;
Encrypt with random shared key (symmetric)
Encrypt random key with public key (asymmetric)
GnuPG is open source version
34
Define Perfect Forward Secrecy
Nodes work independent of one another so that no node knows both final source and destination
35
Key Exchange Methods
Out-of-band
| In-Band
36
Explain the Diffie-Hellman Process
Select common number and share
Choose secret number and compute results
Share results
Use shared results to create shared secret
37
Define DH Group 1
768 bit group
| Insecure
38
Define DH Group 2
1024 big group
| Insecure
39
Define DH Group 5
1536 bit group
| Insecure
40
Define DH Group 14
2048 bit group
| Secure
41
Define DH Group 20
384 bit elliptic curve
| Secure
42
Define DH Group 21
521 bit elliptic curve
| Secure
43
Define DH Group 24
2048 bit group
256 bit subgroup
Secure
44
Purpose of Key Escrow
Government access to keys pending court orders
| Key storage backups (debatable)
45
Define Key Stretching
Increase strength of passwords by increasing length and/or complexity
46
Key Stretching Methods
Salting
| Hashing
47
Define Password/Key Salting
Add value to a key to increase length
48
Define Password/Key Hashing
Adds time with additional math
49
Key Stretching Functions
PBKDF2
| Bcrypt
50
Define PBKDF2
Password Based Key Derivation Function v2;
Uses salt and hash
Minimum of 4000 iterations
51
Define Bcrypt
Key stretching utilizing Blowfish algorithm
52
Factors of a Good Hash
One way, not reversible
Collision Resistant
Small input change creates large output change
53
Define a Collision
Two separate inputs create the same hashed output
54
MD5 Key Facts
Message Digest 5
128 bit hash
Not secure
55
SHA1 Key Facts
Secure Hash Algorithm
160 bit hash
Not secure
56
SHA2 Key Facts
Secure Hash Algorithm 2
224, 256, 384, 512 bit hashes
Secure
57
SHA3 Key Facts
Secure Hash Algorithm 3
Produce hash at any fixed input length
Secure?
58
RIPEMD Key Facts
RACE Integrity Primitive Message Digest
128, 160, 256, and 320 bit hashes
Secure greater then 128 bit
59
Define HMAC
Hash-Based Message Authentication Code;
| Compares hashes to verify integrity
60
NIST Approved DSSs
DSA
RSA
ECDSA
61
X.509 Digital Certification Process
Create key pair
CSR
CA validates ID
CA encrypts Certificate with CA's private key
62
Certificate Revocation Methods
CRL
| OCSP
63
Define Certificate Stapling
Time stamped certificates with expiration
64
Define Certificate Chaining
Transitive trust between CAs, internal CA trusted by 3rd party CA leading to chain of trust
65
Purpose of OIDs
Object Identifiers, can be used to trace certificate origins
66
Define Certificate Pinning
Ties cert to subject for a period of time
67
Certificate Types
```
Root
Wildcard
Code Signing
Machine/Computer
SAN
DV
OV
EV
```
68
Explain a Root Certificate
Protected highest level of CA with private keys, often taken offline except when needed
69
Define a Wildcard Certificate
Match entire domains up to one layer deep
70
Define a DV
Domain Validation;
| lowest level of validation
71
Define a OV
Organizational Validation;
| Verify business name
72
Define an EV
Extended Validation;
Extensive investigation
Sometimes portrayed as a green locked icon to the left of a browser's search bar
73
DER File Usage and Extensions
Distinguished Encoding Rules (binary format, largely used by Java Platform);
.der
.crt
.cer
74
PEM File Usage and Extensions
```
Privacy Enhanced Mail (ASCII format, largely Linux/Unix systems);
.pem
.crt
.key
.cer
```
75
PFX File Usage and Extensions
```
Personal Information Exchange;
(binary format, used by Microsoft systems)
.pfx
.p12
(ASCII format, provide Cert chain)
.p7b
.p7c
```
76
Knowledge Based Attack Types
Frequency/pattern
Known plain text
Chosen plain text
77
Define DRM
Digital Rights Management;
| Watermarking protected content/protecting with encryption
78
Explain Low Power Effect on Encryption
May limit key space
79
Explain Encryption Effect on Latency
May bottleneck network traffic
80
Explain Cryptographic Resiliance
A cipher/algorithm's resistance to attacks
81
Define Kerckhoff's Principle
Security of algorithm depends on secrecy of the key
82
Define Access Recertification
Auditing of account access privileges and permissions for alignment with security policies
83
Define a Nonce
A random or pseudo random number used one time to prevent replay attacks
84
DSA Key Facts
Digital Signature Algorithm
| Similar to RSA but used for authentication only
85
Define ECDSA
Elliptic Curve Digital Signature Algorithm
86
Out-of-Band Key Exchange Methods
In person
Over the phone
Via courier
DH
87
In-Band Key Exchange Methods
Over the network using encryption with recipients public key
88
Common SSL Certificate Errors
SSL Certificate Not Trusted
Name Mismatch
Mixed Content
Expired SSL Certificate
89
Describe SSL Certificate Not Trusted Error and Remediation
Browser does not recognize CA. Remediate by purchasing and installing certificate from trusted CA.
90
Describe Name Mismatch Certificate Error and Remediation
Domain name does not match URL. Double check URL for accuracy and possibly upgrade to dedicated IP address.
91
Describe Mixed Content Error and Remediation
Website displays mixed HTTP and HTTPS content. Identify mixed content and adjust source code (if possible).
92
Describe Expired SSL Certificate and Remediation
Certificate no longer valid with CA. Renew the certificate.
93
Define SAN Certificate
Subject Alternate Name; allows multiple host names to be protected by a single certificate (also called Unified Communications Certificate, UCC)
94
Define a Atbash Cipher
Cipher text is alphabetically inverted plain text
95
Define a Caesar Cipher
Cipher text is rotated X places from plain text
96
Define ROT13
Cipher text is rotated 13 places from plain text
97
Define S/MIME and purpose
Secure Multipurpose Internet Mail Extensions, encrypt emails
98
Define DH Group 16
4096 bit MODP
99
Define DH Group 17
6144 bit MODP
100
Define DH Group 18
8192 bit MODP
101
Define DH Group 19
256 bit Elliptic Curve
102
Define DH Group 15
3072 bit MODP
103
Non-Variable Block Ciphers
```
DES
RC2
Blowfish
Twofish
SkipJack
IDEA
```
104
RC5 Key Facts
Symmetric block cipher
| 0-2048 bits
105
DH alternative
El Gamal
106
Define a CSP
Cryptographic Service Provider, generates key pairs for the client
107
Benefit of Centralized Key Management Solutions
Key escrow
108
Define a Registration Authority
Validates information contained within certificate requests
109
Define a CPS
Certificate Practice Statement; an organizations certificate issuing policy
