Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

TM112: Block 3 > Part 3, Cryptography: The secret of keeping secrets > Flashcards

Part 3, Cryptography: The secret of keeping secrets Flashcards

1
Q

the faking of these is mitigated by using digital certificates instead

A

how has the faking of

digital signatures

been mitigated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Both server and browser turn the pre master secret into a master secret by using the time stamp and random data that was produced by the server in previous steps
  2. Both browser and server use the master secret to create identical symmetric session keys. When the browser has finished creating its key it will notify the server that it is ready to start exchanging confidential data using the agreed symmetric encryption method
A

in two steps what happens during

the generating a symmetric key

part of an SSL/TLS connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Handshake
  2. Verification
  3. The pre master secret
  4. Generating a symmetric key
A

when a browser wishes to have secure communications with a server using

SSL/TLS

what are the four overview steps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is

Encryption / encipherment

A

this is the process of turning plaintext into ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. this is a ‘one way operation’. meaning it is easy to produce but practically impossible to reverse the operation
  2. the change of a single bit will produce a wildly different result. meaning the integrity of data can easily be confirmed
A

name two beneficial characteristics of

hashing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is the

comparison of key lengths

between symmetric encryption and asymmetric encryption

A

Symmetric encryption rarely uses key lengths above 256 bits. But in contrast asymmetric key lengths are frequently 1024, 2048, 4096.

The use of a larger key length here does not imply more security over symmetric encryption. The reason lies in the mathematics and so its hard to compare the two relative to each other in this way

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

describe in 7 steps the process of

salting

A
  1. User creates a password ‘hello’
  2. The computer storing the password then generates a salt ‘7456’
  3. The salt is added to the front or end of the original password ‘hello7456’
  4. The salted password is then hashed
  5. The salt and the hashed password will then be encrypted
  6. The hashed password will then be saved in a database along with the salt
  7. When retrieving the password the users password is combined with the decrypted salt and then hashed this is then compared with the hash in the database
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. this is fast and can be performed in hardware or software
  2. It uses smaller keys which means its quicker to generate and use symmetric keys
  3. It is well suited to encrypt data of any size even if the final size is unknown such as a live video call
A

name three advantages that

symmetric encryption

has

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

when was it recommended by the US government to start using

Triple DES (3DES)

A

the use of this encryption algorithm was recommended in 1999

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

this will take plaintext and a key as inputs and will output ciphertext

A

what are the inputs and outputs of an

encryption function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

this replaced DES

A

which encryption algorithm did

Advanced encryption standard (AES)

go on to replace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

this is a key which can be shared with anyone you wish to share

encrypted messages with

it is the only key that can decrypt messages that were encrypted by the corresponding private key

A

what is a

public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Issuer information - who issued the certificate
  2. Date information - in what time line is the certificate valid
  3. Subject information - who was the certificate issued to and what are their contact details (location, email, website)
  4. Public key information
    1. what asymmetric algorithm produced the public key
    2. the public key itself
    3. Acceptable use of the certificate (for digital signatures or encryption)
  5. Digital signature information
    1. details of the algorithm used to create the digital signature
    2. A digital signature belonging to the issuer of the certificate
  6. Thumbprint / fingerprint - this is a hash of the certificates content
A

what will you find inside a digital certificate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is the full name for the hashing algorithm

SHA

A

what is the accronym used for

secure hash algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

when was

Data encryption standard (DES)

populary used and what gave it its popularity

A

this was used between 1976 and 1999 its popularity came from:

  1. support from government and industry
  2. Its strong encryption
  3. Its ability to encrypt large amounts of data at great speed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

this was used between 1976 and 1999 its popularity came from:

  1. support from government and industry
  2. Its strong encryption
  3. Its ability to encrypt large amounts of data at great speed
A

when was

Data encryption standard (DES)

populary used and what gave it its popularity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what is a

digital signature

A

A feature of asymmetric cryptography is that it allows you to sign a document before sending it

since only the public key that is registered with the private key can decrypt this it must have come from the sender

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

name two beneficial characteristics of

hashing

A
  1. this is a ‘one way operation’. meaning it is easy to produce but practically impossible to reverse the operation
  2. the change of a single bit will produce a wildly different result. meaning the integrity of data can easily be confirmed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

in four steps what happens during

the handshake

of a SSL/TLS connection

A
  1. The browser sends to the server a hello message followed by a timestamp and a random piece of data
  2. The browser sends a list of asymmetric and symmetric encryption algorithms it knows as well as hashing algorithms
  3. The server responds with a hello message followed by a timestamp and a random piece of data. It then selects the best asymmetric cipher, symmetric cipher and hashing algorithm from the list it received. The server then lets the browser know its choices
  4. The handshake is concluded by the server sending the browser its digital certificate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

what is a

certificate authority (CA)

A

this is a trusted third party that issues digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

what is a

cipher

A

this is the algorithm responsible for turning plaintext into cyphertext and vice versa by using a set of one or more keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. this was discovered by james ellis in 1973 and kept secret by the british until 1997

in 1976 two groups In the us rediscovered this:

  1. whitfield diffie and martin hellman published a paper describing it
  2. Ron rivest, adi shamir, leonard adleman rediscovered the algorithm the british were using
A

when was

asymmetric encryption

discovered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

At the end of the secure session between browser and server both will say goodbye and delete the pre master secret they hold as well as the symmetric key. If any new session is required after this a new handshake and key generation will be needed

A

what happens at the end of a secure

SSL/TLS session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

how has the faking of

digital signatures

been mitigated

A

the faking of these is mitigated by using digital certificates instead

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
name three advantages that **session keys** bring in terms of protecting data
1. A new key is generated for each session. If the key is discovered the next session will be using a different key making it secure again 2. Using different keys mitigates an attacker finding similarities between different ciphertexts and ultimately finding the key 3. When keys are deleted they cannot be stolen by hackers
26
what **key lengths** do modern encryption algorithms use
these will use sizes of 128, 1024, 2048 bits
27
what happens at the end of a secure SSL/TLS session
At the end of the secure session between browser and server both will say goodbye and delete the pre master secret they hold as well as the symmetric key. If any new session is required after this a new handshake and key generation will be needed
28
this is data that has been encrypted
what is ## Footnote **ciphertext**
29
this will be issued to an individual or an organisation by a ## Footnote **certificate authority (CA)**
who can issue an individual or an organisation a ## Footnote **digital certificate**
30
these will use sizes of 128, 1024, 2048 bits
what **key lengths** do modern encryption algorithms use
31
how does asymmetric encryption overcome the ## Footnote **key distribution problem**
It overcomes this obstacle by having each party generate their own keys known as the public key and the private key which together form a key pair
32
why does SSL/TLS decide on a hashing algorithm
A hashing algorithm is agreed as every transfer of confidential data will be hashed and checked for integrity. That is it has not been modified or corrupted during transfer
33
1. Remotely - the individual or organisation proves their identity using business registrations or credit records 2. In person via a **notary** - the applicant would have to bring with them proof of identification such as an identity card or passport _note_ **Notary** - is a qualified lawyer
which two ways can an individual or organisation prove there identity to a **certificate authority (CA)** in order to be issued a **digital certificate**
34
1. The browser sends to the server a hello message followed by a timestamp and a random piece of data 2. The browser sends a list of asymmetric and symmetric encryption algorithms it knows as well as hashing algorithms 3. The server responds with a hello message followed by a timestamp and a random piece of data. It then selects the best asymmetric cipher, symmetric cipher and hashing algorithm from the list it received. The server then lets the browser know its choices 4. The handshake is concluded by the server sending the browser its digital certificate
in four steps what happens during **the handshake** of a SSL/TLS connection
35
1. is a piece of hardware such as a usb stick 2. stores encryption keys 3. can encrypt and decrypt data 4. keys cannot be exported in a usable manner, meaning that the only way to have access to the keys it holds is to actually posses this piece of hardware
describe four features of a ## Footnote **Hardware security module (HSM)**
36
This became the encryption algorithm to use mainly because of the backing of government and a large organisation. The government agency involved was the national security agency and the organisation IBM. Ibm gave there algorithm to the NSA for review upon review the NSA changed the key length from 64 bits to 56. originally IBM wanted a 128 bit key but at the time building a microprocessor to perform the calculations was not possible
describe the birth of **Data encryption standard (DES)**
37
The end of this came about because of the shortness of its key length. 1. a competition organised by RSA security in which the first to break this would be given $10,000. it was then broken in 96 days. 2. The following year a computer called deep crack which cost $250,000 and built by electronic frontier foundation broke this in less than 3 days. 3. Two years later this could be broken in 22 hours. Clearly it was the end for this encryption algorithm
describe the death of **Data encryption standard (DES)**
38
what is a ## Footnote **key pair**
this is the private key and public key that correspond with each other
39
It overcomes this obstacle by having each party generate their own keys known as the public key and the private key which together form a key pair
how does asymmetric encryption overcome the ## Footnote **key distribution problem**
40
these two hashing algorithms can no longer be considered secure since collissions have been succsefully found this means two pieces of data could be seen as identical when they are in fact not
why is **message digest algorithm 5 (MD5)** **and** **secure hash algorithm 1 (SHA-1)** no longer considered secure
41
this is a string of bits used for encryption and decryption
what is a ## Footnote **key**
42
the hash size in bits of these are ## Footnote **1. 160** **2. up to 512** **3. up to 512**
what is the hash size in bits of ## Footnote **1. secure hash algorithm 1 (SHA-1)** **2. secure hash algorithm 2 (SHA-2)** **3. secure hash algorithm 3 (SHA-3)**
43
what is a ## Footnote **private key**
this is a key that is kept by the owner and should never be shared it is the only key that can decrypt messages encrypted with the assosiated public key
44
1. The plaintext is broken into 64 bit blocks 2. Each block is divided into two 3. One half is then scrambled using an algorithm known as the f-function which stretches, mixes and substitutes bits within the original 32 bits 4. The two halfs are then recombined swapped and the previous process repeated 16 times until the final cyphertext is produced 5. Decryption is performed by reversing the operation using the same key
describe in 5 steps an overview of how **Data encryption standard (DES)** works
45
what is the hash size in bits of ## Footnote **1. secure hash algorithm 1 (SHA-1)** **2. secure hash algorithm 2 (SHA-2)** **3. secure hash algorithm 3 (SHA-3)**
the hash size in bits of these are ## Footnote **1. 160** **2. up to 512** **3. up to 512**
46
what are the inputs and outputs of a ## Footnote **decryption function**
this will take ciphertext and a key as its inputs and will output plaintext
47
this works by applying the DES algorithm 3 times and with two or three different keys as follows: 1. The first pass uses the first key in the bundle 2. The second pass re encrypts the output of the first pass using a second key 3. The third pass re encrypts the output of the second pass reusing the first key or a third key from the bundle
how does ## Footnote **Triple DES (3DES)** work
48
when a browser wishes to have secure communications with a server using **SSL/TLS** what are the four overview steps
1. **Handshake** 2. **Verification** 3. **The pre master secret** 4. **Generating a symmetric key**
49
give an overview description of the solutions that **Digital certificates (public-key certificates)** bring
Digital certificates are a solution to ensuring that a published public key was indeed published by the person associated with that public key. This brings a guarantee of authenticity when using a digital certificate when compared to using a public key from a key server which can easily be faked.
50
what are these two points refering to 1. They could meet but if someone knew about the meeting the key could be stolen or copied. This could also be impractical 2. You could send the key to whom needs it but it could be stolen or copied in transit
what are two points that make the **key distribution problem** exists
51
this is any data such as text, pictures or video that is readable by a human
what is ## Footnote **plaintext**
52
1. a new certificate is created for the applicant containing their public key 2. the **certificate authority (CA)** signs the new digital certificate creating a digital signature (proving to anyone using the certificate that it does indeed originate from the CA) 3. the certificates contents is hashed and stored as a thumbprint with the certificate (proving to anyone that uses the certificate that it can be trusted as long as the hashes match)
what happens once the **certificate authority (CA)** is satisfied that the applicant is who they say they are
53
describe the birth of **Data encryption standard (DES)**
This became the encryption algorithm to use mainly because of the backing of government and a large organisation. The government agency involved was the national security agency and the organisation IBM. Ibm gave there algorithm to the NSA for review upon review the NSA changed the key length from 64 bits to 56. originally IBM wanted a 128 bit key but at the time building a microprocessor to perform the calculations was not possible
54
what will you find inside a digital certificate
1. **Issuer information** - who issued the certificate 2. **Date information** - in what time line is the certificate valid 3. **Subject information** - who was the certificate issued to and what are their contact details (location, email, website) 4. **Public key information** 1. what asymmetric algorithm produced the public key 2. the public key itself 3. Acceptable use of the certificate (for digital signatures or encryption) 5. Digital signature information 1. details of the algorithm used to create the digital signature 2. A digital signature belonging to the issuer of the certificate 6. **Thumbprint / fingerprint** - this is a hash of the certificates content
55
how many versions are there of ## Footnote **secure hash algorithm (SHA)**
there are 3 versions of this hashing algorithm
56
this will take ciphertext and a key as its inputs and will output plaintext
what are the inputs and outputs of a ## Footnote **decryption function**
57
1. The browser uses the time stamp and the random piece of data it produced to create a **pre master secret** 2. The browser then extracts the servers public key from the servers certificate and uses the public key to encrypt the pre master secret 3. The encrypted pre master secret is then sent to the server. The server then decrypts the pre master secret using its private key. The browser and the server now both have a copy of the pre master secret
in three steps what happens during **the pre master secret generation** of an SSL/TLS connection
58
describe the death of **Data encryption standard (DES)**
The end of this came about because of the shortness of its key length. 1. a competition organised by RSA security in which the first to break this would be given $10,000. it was then broken in 96 days. 2. The following year a computer called deep crack which cost $250,000 and built by electronic frontier foundation broke this in less than 3 days. 3. Two years later this could be broken in 22 hours. Clearly it was the end for this encryption algorithm
59
in two steps what happens during **the verification** of a SSL/TLS connection
1. The browser checks that the certificate has not expired and can be used to exchange cryptographic keys 2. The browser then hashes the certificate and compares it with the hash stored in the certificates thumbprint. If both match then the server can be trusted
60
what is the ## Footnote **key length**
this is the length of the key in bits
61
this is a symmetric cipher and uses variable key lengths of: 128, 192 and 256 bits (note. The use of the 256 bit key in theory would take longer to brute force than the age of the universe)
what type of cipher is ## Footnote **Advanced encryption standard (AES)** and what key lengths does it use
62
why is **message digest algorithm 5 (MD5)** **and** **secure hash algorithm 1 (SHA-1)** no longer considered secure
these two hashing algorithms can no longer be considered secure since collissions have been succsefully found this means two pieces of data could be seen as identical when they are in fact not
63
what type of cipher is ## Footnote **Advanced encryption standard (AES)** and what key lengths does it use
this is a symmetric cipher and uses variable key lengths of: 128, 192 and 256 bits (note. The use of the 256 bit key in theory would take longer to brute force than the age of the universe)
64
describe the birth of ## Footnote **Secure socket layer (SSL)** **and** **transport layer security (TLS)**
65
1. uses a single key that both encrypts and decrypts data 2. performs at high speed 3. suitable for large or unkown data transfers such as communications over the internet
name three features of ## Footnote **symmetric encryption**
66
which type of attack does a longer key length help mitigate
when the key length is longer it means that there are more keys that can be produced this in turn makes it harder to perform a **brute force attack** _example_ if the key length is two bits then there are 22 keys that can be created that is 4 keys. meaning a brute force attack would be extremely easy
67
what happens once the **certificate authority (CA)** is satisfied that the applicant is who they say they are
1. a new certificate is created for the applicant containing their public key 2. the **certificate authority (CA)** signs the new digital certificate creating a digital signature (proving to anyone using the certificate that it does indeed originate from the CA) 3. the certificates contents is hashed and stored as a thumbprint with the certificate (proving to anyone that uses the certificate that it can be trusted as long as the hashes match)
68
1. User creates a password ‘hello’ 2. The computer storing the password then generates a salt ‘7456’ 3. The salt is added to the front or end of the original password ‘hello7456’ 4. The salted password is then hashed 5. The salt and the hashed password will then be encrypted 6. The hashed password will then be saved in a database along with the salt 7. When retrieving the password the users password is combined with the decrypted salt and then hashed this is then compared with the hash in the database
describe in 7 steps the process of ## Footnote **salting**
69
1. The browser checks that the certificate has not expired and can be used to exchange cryptographic keys 2. The browser then hashes the certificate and compares it with the hash stored in the certificates thumbprint. If both match then the server can be trusted
in two steps what happens during **the verification** of a SSL/TLS connection
70
how can ## Footnote **digital signatures be faked**
Although signatures can be highly secure way of proving that data is auhentic and from the creator of the public key they do have a major flaw This flaw comes in the form that anyone can create a key pair and register the public key with a public key server. The disadvantage here is that personal details can be stolen and used to make it look as though the public key was created by say alice when in fact it was created by eve The problem lies that eve can now send out signatures that appear to be from alice and people will use the public key apparently created by alice and so people are tricked into believing that they are surely communicating with alice when in fact they are communicating with eve
71
in six steps describe the usage of ## Footnote **digital signatures**
1. Alice takes a hash of a document 2. Alice then uses her private key to encrypt the hash creating a digital signature (the reason the hash is encrypted is because it is less expensive on resources) 3. Alice sends the document along with the digital signature to bob 4. Bob decrypts the digital signature with alices public key to reveal the hash of the document 5. He then runs the document through the same hash algorithm. 6. If the hashes match he can be sure the document has not changed in transit if they do not then the document cannot be trusted since it has changed since alice sent it
72
where are ## Footnote **digital certificates used**
these are automatically downloaded and checked by the OS and other software for purposes such as 1. Installing software 2. Updating software 3. Checking email accounts 4. Browsing the web
73
describe in 5 steps an overview of how **Data encryption standard (DES)** works
1. The plaintext is broken into 64 bit blocks 2. Each block is divided into two 3. One half is then scrambled using an algorithm known as the f-function which stretches, mixes and substitutes bits within the original 32 bits 4. The two halfs are then recombined swapped and the previous process repeated 16 times until the final cyphertext is produced 5. Decryption is performed by reversing the operation using the same key
74
this is Encryption that is resistant to brute force attacks and has no known weaknesses
what is ## Footnote **strong encryption**
75
name three advantages that **symmetric encryption** has
1. this is fast and can be performed in hardware or software 2. It uses smaller keys which means its quicker to generate and use symmetric keys 3. It is well suited to encrypt data of any size even if the final size is unknown such as a live video call
76
this is a **trusted third party** that issues digital certificates
what is a ## Footnote **certificate authority (CA)**
77
what is a ## Footnote **key**
this is a piece of data that determines the value of the plaintext when it is encrypted into ciphertext and vice versa
78
which two ways can an individual or organisation prove there identity to a **certificate authority (CA)** in order to be issued a **digital certificate**
1. Remotely - the individual or organisation proves their identity using business registrations or credit records 2. In person via a **notary** - the applicant would have to bring with them proof of identification such as an identity card or passport _note_ **Notary** - is a qualified lawyer
79
this is the length of the key in bits
what is the ## Footnote **key length**
80
which encryption algorithm did ## Footnote **Advanced encryption standard (AES)** go on to replace
this replaced DES
81
Digital certificates are a solution to ensuring that a published public key was indeed published by the person associated with that public key. This brings a guarantee of authenticity when using a digital certificate when compared to using a public key from a key server which can easily be faked.
give an overview description of the solutions that **Digital certificates (public-key certificates)** bring
82
in three steps what happens during **the pre master secret generation** of an SSL/TLS connection
1. The browser uses the time stamp and the random piece of data it produced to create a **pre master secret** 2. The browser then extracts the servers public key from the servers certificate and uses the public key to encrypt the pre master secret 3. The encrypted pre master secret is then sent to the server. The server then decrypts the pre master secret using its private key. The browser and the server now both have a copy of the pre master secret
83
there are 3 versions of this hashing algorithm
how many versions are there of ## Footnote **secure hash algorithm (SHA)**
84
what is ## Footnote **salting**
This is a technique used to help further secure passwords against dictionary attacks. It involves adding a random sequence of characters to either the front or end of the users original password
85
when the key length is longer it means that there are more keys that can be produced this in turn makes it harder to perform a **brute force attack** _example_ if the key length is two bits then there are 22 keys that can be created that is 4 keys. meaning a brute force attack would be extremely easy
which type of attack does a longer key length help mitigate
86
this is a piece of data that determines the value of the plaintext when it is encrypted into ciphertext and vice versa
what is a ## Footnote **key**
87
what is ## Footnote **Decryption / Decipherment**
this is the process of turning ciphertext into plaintext
88
This is the process of hashing a password and then hashing the hash and so on. The idea here is to slow down an attacker by making it slower to perform a dictionary attack or even mitigate a dictionary attack. This approach can be beneficial if passwords and their salts fell in to the wrong hands
what is ## Footnote **key stretching**
89
this is the process of turning plaintext into ciphertext
what is ## Footnote **Encryption / encipherment**
90
1. It increases the strength of DES by increasing the key lengthwithout creating a new algorithm 2. is a global standard and is expected to be safe from brute force attacks until 2030 3. is used with the chip and pin system as well as protecting user data within microsoft outlook
name three points about ## Footnote **Triple DES (3DES)**
91
in two steps what happens during **the generating a symmetric key** part of an SSL/TLS connection
1. Both server and browser turn the pre master secret into a **master secret** by using the time stamp and random data that was produced by the server in previous steps 2. Both browser and server use the master secret to create identical symmetric session keys. When the browser has finished creating its key it will notify the server that it is ready to start exchanging confidential data using the agreed symmetric encryption method
92
name three features of ## Footnote **symmetric encryption**
1. uses a single key that both encrypts and decrypts data 2. performs at high speed 3. suitable for large or unkown data transfers such as communications over the internet
93
what is the accronym used for ## Footnote **secure hash algorithm**
what is the full name for the hashing algorithm ## Footnote **SHA**
94
what is a ## Footnote **session key**
this is a symmetric encryption key that is generated as and when needed
95
when was **asymmetric encryption** discovered
1. this was discovered by james ellis in 1973 and kept secret by the british until 1997 in 1976 two groups In the us rediscovered this: 1. whitfield diffie and martin hellman published a paper describing it 2. Ron rivest, adi shamir, leonard adleman rediscovered the algorithm the british were using
96
name three points about ## Footnote **Triple DES (3DES)**
1. It increases the strength of DES by increasing the key lengthwithout creating a new algorithm 2. is a global standard and is expected to be safe from brute force attacks until 2030 3. is used with the chip and pin system as well as protecting user data within microsoft outlook
97
this is a symmetric encryption key that is generated as and when needed
what is a ## Footnote **session key**
98
describe the birth of ## Footnote **Secure socket layer (SSL)** **and** **transport layer security (TLS)**
99
the use of this encryption algorithm was recommended in 1999
when was it recommended by the US government to start using **Triple DES (3DES)**
100
how does ## Footnote **Triple DES (3DES)** work
this works by applying the DES algorithm 3 times and with two or three different keys as follows: 1. The first pass uses the first key in the bundle 2. The second pass re encrypts the output of the first pass using a second key 3. The third pass re encrypts the output of the second pass reusing the first key or a third key from the bundle
101
this is the process of turning ciphertext into plaintext
what is ## Footnote **Decryption / Decipherment**
102
describe four features of a ## Footnote **Hardware security module (HSM)**
1. is a piece of hardware such as a usb stick 2. stores encryption keys 3. can encrypt and decrypt data 4. keys cannot be exported in a usable manner, meaning that the only way to have access to the keys it holds is to actually posses this piece of hardware
103
what is ## Footnote **strong encryption**
this is Encryption that is resistant to brute force attacks and has no known weaknesses
104
Symmetric encryption rarely uses key lengths above 256 bits. But in contrast asymmetric key lengths are frequently 1024, 2048, 4096. The use of a larger key length here does not imply more security over symmetric encryption. The reason lies in the mathematics and so its hard to compare the two relative to each other in this way
what is the **comparison of key lengths** between symmetric encryption and asymmetric encryption
105
this suffers from a problem known as the **key distribution problem** the problem is how do you generate a key that must be known by two or more parties that could be in separate locations
what is a problem that **symmetric encryption** suffers from
106
1. Alice takes a hash of a document 2. Alice then uses her private key to encrypt the hash creating a digital signature (the reason the hash is encrypted is because it is less expensive on resources) 3. Alice sends the document along with the digital signature to bob 4. Bob decrypts the digital signature with alices public key to reveal the hash of the document 5. He then runs the document through the same hash algorithm. 6. If the hashes match he can be sure the document has not changed in transit if they do not then the document cannot be trusted since it has changed since alice sent it
in six steps describe the usage of ## Footnote **digital signatures**
107
these are automatically downloaded and checked by the OS and other software for purposes such as 1. Installing software 2. Updating software 3. Checking email accounts 4. Browsing the web
where are ## Footnote **digital certificates used**
108
what is ## Footnote **key stretching**
This is the process of hashing a password and then hashing the hash and so on. The idea here is to slow down an attacker by making it slower to perform a dictionary attack or even mitigate a dictionary attack. This approach can be beneficial if passwords and their salts fell in to the wrong hands
109
Although signatures can be highly secure way of proving that data is auhentic and from the creator of the public key they do have a major flaw This flaw comes in the form that anyone can create a key pair and register the public key with a public key server. The disadvantage here is that personal details can be stolen and used to make it look as though the public key was created by say alice when in fact it was created by eve The problem lies that eve can now send out signatures that appear to be from alice and people will use the public key apparently created by alice and so people are tricked into believing that they are surely communicating with alice when in fact they are communicating with eve
how can ## Footnote **digital signatures be faked**
110
what are two points that make the **key distribution problem** exists
what are these two points refering to 1. They could meet but if someone knew about the meeting the key could be stolen or copied. This could also be impractical 2. You could send the key to whom needs it but it could be stolen or copied in transit
111
what is the full name of the hashing algorithm ## Footnote **MD5**
what is the accronym for ## Footnote **message digest algorithm 5**
112
what is ## Footnote **plaintext**
this is any data such as text, pictures or video that is readable by a human
113
who can issue an individual or an organisation a ## Footnote **digital certificate**
this will be issued to an individual or an organisation by a ## Footnote **certificate authority (CA)**
114
this is the private key and public key that correspond with each other
what is a ## Footnote **key pair**
115
what is a problem that **symmetric encryption** suffers from
this suffers from a problem known as the **key distribution problem** the problem is how do you generate a key that must be known by two or more parties that could be in separate locations
116
A hashing algorithm is agreed as every transfer of confidential data will be hashed and checked for integrity. That is it has not been modified or corrupted during transfer
why does SSL/TLS decide on a hashing algorithm
117
what is a ## Footnote **public key**
this is a key which can be shared with anyone you wish to share encrypted messages with it is the only key that can decrypt messages that were encrypted by the corresponding private key
118
what is a ## Footnote **key**
this is a string of bits used for encryption and decryption
119
name four methods of ## Footnote **protecting encryption keys**
1. Storing keys in a file called a **key chain** 2. Stored keys within computer hardware 3. Stored keys on **hardware security modules (HSMs)** 4. Generate keys only when they are needed and delete as soon as they are not (**session keys)**
120
This is a technique used to help further secure passwords against dictionary attacks. It involves adding a random sequence of characters to either the front or end of the users original password
what is ## Footnote **salting**
121
what are the inputs and outputs of an ## Footnote **encryption function**
this will take plaintext and a key as inputs and will output ciphertext
122
1. A new key is generated for each session. If the key is discovered the next session will be using a different key making it secure again 2. Using different keys mitigates an attacker finding similarities between different ciphertexts and ultimately finding the key 3. When keys are deleted they cannot be stolen by hackers
name three advantages that **session keys** bring in terms of protecting data
123
1. Storing keys in a file called a **key chain** 2. Stored keys within computer hardware 3. Stored keys on **hardware security modules (HSMs)** 4. Generate keys only when they are needed and delete as soon as they are not (**session keys)**
name four methods of ## Footnote **protecting encryption keys**
124
what is ## Footnote **ciphertext**
this is data that has been encrypted
125
what is the accronym for ## Footnote **message digest algorithm 5**
what is the full name of the hashing algorithm ## Footnote **MD5**
126
this is the algorithm responsible for turning plaintext into cyphertext and vice versa by using a set of one or more keys
what is a ## Footnote **cipher**
127
A feature of asymmetric cryptography is that it allows you to sign a document before sending it since only the public key that is registered with the private key can decrypt this it must have come from the sender
what is a ## Footnote **digital signature**
128
this is a key that is kept by the owner and should never be shared it is the only key that can decrypt messages encrypted with the assosiated public key
what is a ## Footnote **private key**

TM112: Block 3 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions