Class 13 Cryptography
Message Digest 5 (MD5)
A 128-bit cryptographic hash function; still used, even though its weaknesses make finding collisions practical with only moderate computing power. It is most useful for file integrity checking.
Data Encryption Standard (DES)
A NIST standard for protecting sensitive but unclassified data; it was later replaced because the increased processing power of computers made it possible to break DES encryption.
RC5
A block cipher created by Ronald L. Rivest that can operate on different block sizes: 32, 64, and 128 bits. The key size can reach 2048 bits.
International Data Encryption Algorithm (IDEA)
A block cipher that operates on 64-bit blocks of plaintext and uses a 128-bit key; used in PGP encryption software.
Blowfish
A block cipher that operates on 64-bit blocks of plaintext, but its key length can be as large as 448 bits.
Advanced Encryption Standard (AES)
A block cipher that uses a 128-bit block size and a 128-, 192-, or 256-bit key size. AES-256, part of the NSA's Suite B set of cryptographic algorithms, is one of the only commercial algorithms validated as strong enough to protect classified information. Replaced DES.
substitution cipher
A cipher that maps each letter of the alphabet to a different letter. The biblical Book of Jeremiah was written by using a substitution cipher called Atbash.
certificate
A digital document that verifies whether two parties exchanging data over the Internet are really who they claim to be. Each certificate has a unique serial number and must follow the X.509 standard.
cryptanalysis
A field of study devoted to breaking encryption algorithms
SSL/TLS downgrade attack
A form of cryptographic attack that attempts to make a system abandon a high-quality mode of operation in favor of an older, lower-quality mode, such as downgrading from an encrypted connection to an unencrypted connection.
Hashing algorithm
A function that takes a variable-length string or message and produces a fixed-length hash value, also called a message digest.
cipher
A key that maps each letter or number to a different letter or number.
rainbow table
A lookup table of password hash values that enables certain programs to crack passwords much faster than with brute-force methods.
encryption algorithm
A mathematical formula or method for converting plaintext into ciphertext. Program works with a key, algorithm strength and key's secrecy matters. But most importantly the key.
HTTP Strict Transport Security (HSTS)
A policy mechanism used to protect websites against man-in-the-middle attacks. HSTS allows webservers to force web browsers to use HTTPS connections instead of HTTP.
Secure Multipurpose Internet Mail Extension (S/MIME)
A public key encryption standard for encrypting and digitally signing email. It can also encrypt emails containing attachments and use PKI certificates for authentication.
key
A sequence of random bits used in an encryption algorithm to transform plaintext into ciphertext, or vice versa.
keyspace
A sequence of random bits used in an encryption algorithm to transform plaintext into ciphertext, or vice versa.
Triple Data Encryption Standard (3DES)
A standard developed to address the vulnerabilities of DES; it improves security, but encrypting and decrypting data take longer.
RC4
A stream cipher created by Ronald L. Rivest that's used in WEP wireless encryption.
public key infrastructure (PKI)
A structure consisting of programs, protocols, and security policies. PKI uses public key cryptography to protect data traversing the Internet.
cryptosystem
A suite of cryptographic algorithms needed to implement a specific security service. A cryptosystem usually consists of three algorithms: one for key generation, one for encryption, and one for decryption.
Block ciphers
A symmetric algorithm that encrypts data in blocks of bits. These blocks are used as input to mathematical functions that perform substitution and transposition of the bits, making it difficult for someone to reverse-engineer the mathematical functions that were used.
Stream ciphers
A symmetric algorithm that operates on plaintext one bit at a time.
Certificate authority
A third party, such as VeriSign, that vouches for a company's authenticity and issues a certificate binding a public key to a recipient's private key.
main-in-the-middle attack
An attack in which attackers place themselves between the victim computer and another host computer, and then intercept messages sent from the victim to host and pretend to be the host computer.
mathematical attack
An attack in which properties of encryption attacked by using mathematical computations. Categories of this attack include cipher textonly attack, known plaintext attack, chosen plaintext attack, chosen-ciphertext attack, and side-channel attack.
replay attack
An attack in which the attacker captures data and attempts to resubmit the data so that a device, such as a workstation or router, thinks a legitimate connection is in effect.
dictionary attack
An attack in which the attacker runs a password-cracking program that uses a dictionary of known words or passwords as a input file against the attacked system's password file.
brute-force attack
An attack in which the attacker uses software that attempts every possible combination of characters to guess passwords.
Birthdays attacks
An attack used to find the same hash value for two different inputs and reveal mathematical weaknesses in a hashing algorithm
symmetric algorithms
An encryption algorithm that uses only one key to encrypt and decrypt data. The recipient of a message encrypted with a key must have a copy of the same key to decrypt the message.
asymmetric algorithm
An encryption methodology using two keys that are mathematically related; also referred to as public key cryptography.
data at rest
Any data not moving through a network or being used by the OS; usually refers to data on storage media.
Encryption vs Hashing
Encryption scrambles data that can be decoded with key. Intent to pass the information to another party, and the recipient will use keys to decipher the data. (at rest and motion) Hashing also scrambles data, but the intent to prove its authenticity. Admin can check on hash data to determine contents haven't been touched or altered while in storage. No decipher key exists. (data at rest)
public key
In a key pair, the key that can be known by the public; it works with a private key in asymmetric key cryptography, which is also known as public key cryptography.
private key
In a key pair, the secret key used in an asymmetric algorithm that's known only by the key owner and is never shared. Even if the public key that encrypted a message is known, the owner's private key can't be determined.
salt
In cryptography, random data used as additional input to a one-way cryptographic function. Salts help safeguard passwords in storage.
OpenPGP
Internet public key encryption standard for PGP message; can use AES, IDEA, RSA, DSA, and SHA algorithms for encrypting, authenticating, verifying message, integrity, and managing keys. GNUPrivacyGuard and OpenPGP commerical version
public key cryptography
Known as asymmetric key cryptography, an asymmetric algorithm that uses two mathematically related keys.
digital signature
Method of signing messages using asymmetric encryption. Ensures authentication and non repudiation.
Secure Hash Algorithm 1 (SHA-1)
NIST standard hashing algorithm that's much stronger than MD5 but has demonstrated weaknesses. For sensitive applications, NIST recommends not using SHA-1, and federal agencies are replacing it with longer digest versions, collectively called SHA-2.
plaintext
Readable text that hasn't been encrypted; also called cleartext.
Non-repudiation
The process of ensuring that the sender and receiver can't deny sending or receiving the message; this function is available in asymmetric algorithms but no symmetric algorithms.
ciphertext
Plaintext (readable text) that has been encrypted (bunch of random letters and numbers)
Authentication
Process of verifying that the sender or receiver (or both) is who they claim to be; this function is available in asymmetric algorithms but not symmetric algorithms.
Data Encryption Algorithm (DEA)
The encryption algorithm used in the DES standard; a symmetric algorithm that uses 56 bits for encryption. See also Data Encryption Standard (DES)
message digest
The fixed-length value that a hashing algorithm produces; used to verify that data or messages haven't been changed.
steganography
The method of hiding data in plain view in pictures, graphics, or text.
