ECES Practice
Digital Certificate
A digital document that contains a public key and some information to allow your system to verify where that key came from. Uesd for web servers, Cisco Secure phones, E-Commerce.
The technique of moving a given letter a fixed number of spaces to the right or left is called what? +Single substitution +Multi substitution +Bit shifting +Confusion
Single Substitution Single substitution moves one letter a fixed number of spaces to the left or right.
Which of the following uses an 80 bit key on 64 bit blocks? +Skipjack +Twofish +AES +DES
Skipjack uses 64 bit blocks with 80 bit keys.
Symmetric Stream Ciphers
Sometimes called a state cipher. Random key is XORed with stream of plain text.
Steganography
The art and science of writing hidden messages so that no one suspects the existence of the message, a type of security through obscurity. Message can be hidden in picture or audio file for example. Uses least significant bits in a file to store data.
Payload (Steganography Terms)
The data to be covertly communicated, the message you wish to hide.
Digital Signatures
Encryption of a message digest with the sender's private key. Provides: - Authentication - Integrity - Non-repudation
Hierarchical Trust Model
Certificate Authority is at the top Intermediate CAs are the next level Users are the bottom level
Single Authority Trust Model
Certificate Authority is at the top Users are directly below the CA
K4
It should be impossible for an attacker to calculate or guess from an inner state of the generator any previous numbers in the sequence or any previous inner generator states.
Birthday Attack
Name used to refer to a class of brute force attacks against hashes. Attempts to find a collision.
NSA Suite B Cryptography Algorithms
- AES w/ key sizes of 128 and 256bits - For traffic, AES should be used w/ the Galois/Counter Mode (GCM) mode of operation - symmetric encryption - Elliptic-Curve Digital Signature Algorithm (ECDSA) - digital signatures - Elliptic-Curve Diffie-Hellman (ECDH) - key agreement - Secure Hash Algorithm 2 (SHA-256 and SHA-384) - message digest
Update and Patch Vulnerabilities (Digital Certificate Management)
- Person who can recover keys from the keystore on behalf of a user - Highly trusted person - Issue recovery agent ·EFS recovery agent certificate ·Key recovery agent cert
Common Cryptography Mistakes
- Using a standard modulus in RSA (modulus e=216+1=65537) - Using seeds for symmetric algorithms that are not random enough - Hard coded cryptographic secrets/elements - Using too short of a key - Re-using keys - Unsecure Key Escrow - Unsecure cryptographic mode (ECB mode) - Proprietary cryptographic algorithms
Elliptic Curve Variations
-Elliptic Curve Diffe-Hellman (used for key exchange) -Elliptic Curve Digital Signature Algorith (ECDSA) -Elliptic Curve MQV key agreement protocol
The three types of random number generators
-Table look-up -Hardware -Algorithmic (software) - this category is most often used in cryptography and produces a pseudo random number.
X.509 Certificate File Extensions
.pem .cer, .crt., .der .p7b, .p7c .p12 .pfx
What size block does FORK256 use? 64 256 128 512
512 FORK-256 was introduced at the 2005 NIST Hash workshop and published the following year.[6] FORK-256 uses 512-bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256-bit block through four branches that divides each 512 block into sixteen 32-bit words that are further encrypted and rearranged
Which of the following is not a key size used by AES? +512 bits +128 bits +256 bits +192 bits
512 bits For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
International Data Encryption Algorithm (IDEA)
A block cipher designed as a replacement for DES. Designed by James Massey and Xuejia Lai in 1991. 64bit blocks and a 128bit key. Uses a series of eight identical transformations.
Realm (Components of Kerberos System)
A boundary within an organization. Each realm has its own AS and TGS.
Distinguishing Algorithm (Cryptanalysis Success)
A cryptanalysis success where the attacker can distinguish the cipher from a random permutation.
Total Break (Cryptanalysis Success)
A cryptanalysis success where the attacker deduces the secret key.
Global Deduction (Cryptanalysis Success)
A cryptanalysis success where the attacker discovers a functionally equivalent algorithm for encryption and decryption, but without key learning.
Fortuna
A group of PRNGs that has many options for whoever implements the algorithm. Consists of three parts: -A generator -An entropy accumulator -A seed file
Certificate Revocation List (CRL)
A list of certificates that have been revoked.
Entropy
A measure of the uncertainty associated with a random variable.
Ciphertext-only and related-key Attack
A method for cracking modern cryptography. Attacker only has access to a collection of cipher texts. Much more likely than known plain text, but also more difficult. The attack is completely successful if the corresponding plain texts can be deduced or, even better, the key. The ability to gain any information about the underlying plain text is considered a success.
Chosen Plaintext Attack
A method for cracking modern cryptography. The attacker obtains the cipher texts corresponding to a set of plain texts of own choosing. Allows the attacker to attempt to derive the key. Difficult but not impossible.
Kasiski
A method if attacking polyalphabetic substitution ciphers. Can be used to deduce the length of the keyword used in the polyalphabetic substitution cipher. Developed in 1863 by Friedrich *******.
Steganalysis - Raw Quick Pair
A method to analyze an image to detect hidden messages. Based on statistics of the number of unique colors and close-color pairs in a 24bit image. Analyzes the pairs of colors created by LSB embedding. Countermeasure- Maintaining the color palette w/o creating new colors.
Which of the following is not required for a hash? Variable length input, fixed length output Minimum key length of 256 bits Few collisions Non reversible
A minimum key length of 256 Its not required, but its NIST recommended.
TLS (Transport Layer Security)
A protocol for encrypting transmissions. A client and server negotiate a connection by using a handshaking procedure. The server sends back its identification as a X.509 certificate. The client contacts the CA to confirm the validity of the certificate before proceeding. This protocol also supports secure bilateral connection mode.
Menezes-Qu-Vanstone (MQV)
A protocol for key aggreement based on Diffie-Hellman. Created in 1995. Incorporated into the public key standard IEEE P1363.
Online Certificate Status Protocol (OCSP)
A real time protocol for verifying certificates (and a newer method than CRL)
K2
A sequence of numbers which is indistinguishable from true random according to statistical tests.
K1
A sequence of random numbers with a low probability of containing identical consecutive elements.
Principal (Components of Kerberos System)
A server or client that Kerberos can assign tickets to.
How the NSA classifies cryptography
Also classified as Type 1, 2, 3, or 4, with 1 being the highest ranking.
Asymmetric Cryptography
AKA public key cryptography. Slower than symmetric key cryptography. Developed to overcome weaknesses in symmetric cryptography. Uses a public and a private key.
Yarrow
Algorith that was created by Bruce Schneier, John Kelsey, and Niels Ferguson. No longer recommended, Fortuna is recommended instead. Consists of four parts: -Entropy Accumulator -Generation Mechanism -Reseed Mechanism -Reseed Control
Mono-Alphabet Substitution Cipher
Algorithms that simply substitute one character of cipher text for one character of plain text, these are the most primitive algorithms
Advanced Encryption Standard (AES)
Also known as Rijndael block cipher. Chosen as a replacement for DES in 2001. Designated as FIPS197. Can have three different key sizes; 128, 192, and 256. All three operate on a block size of 128 bits. Not based on a Feistel network. Operates on a 4x4 column-major order matrix of bytes called the state.
Server-based Certificate Validation Protocol (SCVP)
An Internet protocol for determining the path between a X.509 digital certificate and a trusted root (Delegated Path Discovery) and the validation of that path (Delegated Path Validation) according to a particular validation policy.
Binary AND
Asks if there is a one in both the first and second number. Numbers are compared one digit at a time. Example: Number A 1101 Number B 0110 returns a result of Number C 0100
Binary OR
Asks if there is a one in the first number, or the second, or in both numbers. Each place is compared one at a time. Example: Number A 1101 Number B 1001 returns a result of Number C 1101
What type of encryption uses different keys to encrypt and decrypt the message? +Secure +Asymmetric +Private key +Symmetric
Asymmetric Asymmetric cryptography, also known as public key cryptography, uses public and private keys to encrypt and decrypt data.
Which of the following is a substitution cipher used by ancient Hebrew scholars? +Scytale +Vigenere +Caesar +Atbash
Atbash Atbash is a monoalphabetic substitution cipher originally used to encode the Hebrew alphabet. It can be modified for use with any known writing system with a standard collating order.
Challenge-Handshake Authentication Protocol (CHAP)
Authenticator sends a "challenge" message to the peer after link establishment. Peer responds with a value using a "one-way hash" function. Authenticator checks the response against its own calculation of the hash value. Authenticator sends new challenges to the peer at random intervals.
Some products Blowfish is used in:
BCrypt, CryptoDisk, DriveCrypt, Password Safe, Password Wallet, Backup for Workgroups, Crashplan
WPA2
Based on IEEE 802.11i and provides: - Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames. - Optional use of Pairwise Master Key (PMK) caching and opportunistic PMK caching. (caches results of 802.1x authentications to improve access time) - Optional use of pre-authentication that allows WPA2 wireless client to authenticate with other wireless access points in range.
Two types of symmetric algorithms
Block Ciphers and Stream Ciphers
A ______ refers to a situation where two different inputs yield the same output. Collision Transposition Convergence Substitution
Collision
The process wherein the ciphertext block is encrypted then the ciphertext produced is XOR'd back with the plaintext to produce the current ciphertext block is called what? +Output feedback (OFB) +Cipher feedback (CFB) +Electronic codebook (ECB) +Cipher-block chaining (CBC)
Cipher Feedback Cipher feedback takes the previous cipher output and mixes it with plaintext for the next cipher.
This process is done by having each block of plaintext XORed with the previous ciphertext block before being encrypted. +Cipher-block chaining (CBC) +Output feedback (OFB) +Electronic codebook (ECB) +Cipher feedback (CFB)
Cipher block chaining In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted.
Steganalysis - Chi-Square Analysis
Calculates the average LSB and builds a table of frequencies and Pair of Values. Performs a test on the two tables. It measures the theoretical vs. calculated population difference.
PPTP VPN
Can use two different methods of of authenticating the user: EAP and CHAP
How symmetric algorithm encryption is expressed mathematically
C=E(k,p) Cipher Text (C) is equal to the encryption function (E) with the key (k) and plain text (p) being passed as parameters to that function.
If you wished to see a list of revoked certificates from a CA, where would you look? RA RFC CA CRL
CRL Cert revo lsit
What is contained in a CRL? Keys for AES Keys for RSA Revoked certificates New certificates
CRL = Certificate revocation list. CRLs show revoked certs.
Trusted Third Party (TTP)
Certificate, a digital representation of the information that identifies you as a relevant entity.
Substitution
Changing some part of the plain text for some matching part of cipher text. Historical algorithms typically use this.
Lehmer Random Number Generator
Created by D. H. Lehmer. It is a classic example of a Linear congruential generator. A PRNG type of linear congruential generator (LCG) that operates in multiplicative group of integers modulo n. The basic algorithm is Xi+1=(aXi + c) mod m, with 0 ≤ Xi ≤ m
Friedrich Kasiski
First person to carry out a successful attack on a Vigenere cipher
Which of the following is not an asymmetric system? +SSL +DES +PGP +RSA
DES The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although now considered insecure, it was highly influential in the advancement of modern cryptography.
PGP Certificates
Defines it own format. A single certificate can contain multiple signatures. Includes: Version Number Certificate holder's public key Certificate holder's information Digital signature of certificate owner Certificates validity period Preferred symmetric encryption algorithm for the key
i
Denotes imaginary numbers. These are numbers whose square is a negative. √-1 = 1i
N
Denotes the natural numbers. 1, 2, 3, etc.
A _________ is a digital representation of information that identifies you as a relevant entity by a trusted third party? +Ownership stamp +Digest +Digital Signature +Hash
Digital Signature A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents
Cipher-Block Chaining (CBC)
Each block of plaintext is XORed with the previous cipher text block before being encrypted. This creates significantly more randomness in the final cipher text. More secure than electronic codebook mode.
ECB Mode
Encryption of the same plain text with the same key results in the same cipher text. Use of an IV that is XORed with the first block of plain text solves this problem.
Caesar Cipher
Every letter is simply shifted a fixed number of places to the left or to the right
A _____ is a function that takes a variable-size input m and returns a fixed-size string. +Hash +Symmetric cipher +Feistel +Asymmetric cipher
Hash A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.
Atbash Cipher
Hebrew cipher which substitutes the first letter of the alphabet for the last, and the second letter for the second-to-last, in other words, it simply reverses the alphabet.
Steganophony
Hiding messages in sound files. Can be done via LSB and Echo Hiding
Video Steganography
Hiding messages in video files. Can be done via Discrete Cosine Transform
Prime Number Theorem
If a random number N is selected, the chance of it being prime is approx. 1/ln(N), where ln(N) denotes the natural logarithm of N.
Binary XOR (exclusive OR)
Important because it reversible. Asks if there is a 1 in one of the numbers but not both. Each place is compared one at a time. To reverse XOR your result back with your second number and you will get the first number. Example: Number A 1101 Number B 0110 returns a result of Number C 1011
If you use substitution alone, what weakness is present in the resulting cipher text? +It maintains letter and word frequency. +It is easily broken with modern computers. +It is the same length as the original text +It is too simple.
It maintains letter and word frequency. Changing the letters used and not changing anything else allows patterns to be discovered.
Steganography Details
In every file, there are a certain number of bits per unit of the file. For example, an image file in Windows is 24bits per pixel. With Least Certificate Bit (LSB) replacement, some bits can be replaced without altering the file much.
Cipher Feedback (CFB)
In this mode the previous cipher text block is encrypted, the cipher text is XORed back with the plain text to produce the current cipher text block, essentially it loops back on itself increasing the randomness of the cipher text.
3DES
Interim replacement for DES. Performs DES three times with three different 56bit keys.
Which of the following is generally true about block sizes? +Block size is irrelevant to security +Block sizes must be more than 256 bits to be secure +Larger block sizes increase security +Smaller block sizes increase security
Larger Block sizes increase security Larger block sizes do increase security, however at the cost of processing power and encryption time.
Facts about the Feistel Function
Larger Block sizes increases security, Larger key size increases security, if the round function is secure then more rounds increase security
Internet Protocol Security (IPSec) VPN
Latest of the three VPN protocols Encrypts not only the packet data, but also the header information Has protection against unauthorized re-transmission of packets
A number that is used only one time then discarded is called what? IV Nonce Salt Chain
Nonce
What does the OCSP protocol provide? Encryption VPN connectivity Hashing Revoked certificates
ONline certificate status protocol Revoked certs.
Mersenne Twistter pseudorandom function
Originally not suitable for cryptography but permutations of it are. Created by Makoto Matsumoto and Takuji Nishimura. Has a very large period, greater than many other generators.
Steganography Implementations
QuickStego - easy to use but limited Invisible Secrets - robust, has free and commercial versions MP3Stego - MP3 files Stealth File 4 - Sound files, video files, and image files Snow - Hides data in whitespace StegVideo - Hides data in a video sequence
RIPEMD-160
RACE Integrity Primitives Evaluation Message Digest is a 160bit hash algorithm created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. Also has 128, 256, and 320bit versions which replace the original version because of collision issues. Doesn't follow any standard security policies or guidelines.
Which of the following is a stream cipher that uses variable length key from 1 to 256 bytes? DESx AES RC4 DES
RC4 RC4 is a stream cipher that uses variable key lengths from 1 to 256 bytes
In 1977 researchers and MIT described what asymmetric algorithm? EC AES RSA DH
RSA
The most widely used asymmetric encryption algorithm is what? +Caesar Cipher +Vigenere +RSA +DES
RSA The RSA encryption algorithm is one of the most widely used public key encryption algorithms that have ever been invented. It was created by the three scientists Ronald Rivest, Adi Shamir, and Leonard Adleman in 1977, and today it is increasingly being used in the network area.
What is a salt? Random bits intermixed with a hash to increase randomness and reduce collisions. Key whitening Key rotation Random bits intermixed with a symmetric cipher to increase randomness and make it more secure.
Random bits intermixed with a hash to increase randomness and reduce collisions.
Salt
Random bits that are used as one of the inputs to a hash. Complicates dictionary attacks.
Key
Random bits used to encrypt a message
Cryptanalysis Resources
Regardless of technique used, there are always three present: Time - number of primitive operations which must be performed Memory - Amount of storage required for the attack Data - the quantity of plain texts and cipher texts required.
Cryptography
Science of altering communication so that it cannot be understood without a key
Book Ciphers
Sender and receiver agree on a particular book, coordinates are then used to locate words of an intended message in the book
Authentication Server (AS) - (Components of Kerberos System)
Server that authorizes the principal and connects them to the Ticket Granting Server.
Three phases of key life cycle (Digital Certificate Management)
Setup and initialization Administration Cancellation
Steganographic File Systems
Stores data in seemingly random files. Proposed by Ross Anderson, Roger Needham, and Adi Shamir. Also something about 'vectors' and 'decrypt all lower levels'. Sorry. I was tired when making this card.
Two things all modern block cipher algorithms use
Substitution and Transposition
This is how transposition is done in symmetric key cryptography
Swapping blocks of text
Serpent
Symmetric key block cipher, created by Ross Anderson, Eli Biham, and Lars Knudsen. Block size of 128bits. Can have key sizes 128, 192, or 256bits. Uses 32 rounds working with a block of four 32bit words.
Session key (Components of Kerberos System)
Temporary encryption key.
NSA Suite A Cryptography Algorithms
That's CLASSIFIED!
Brute Force
Trying every possible key to break a cipher. For many types of encryption this is completely impractical because of the amount of time it would take to try every possible key.
List of popular symmetric block cipher algorithms
The Feistel Network, DES, 3DES, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA, CAST, TEA, SHARK
The greatest weakness with symmetric algorithms is _____. +The problem of key exchange +The problem of generating keys +They are slower than asymmetric +They are less secure than asymmetric
The Problem of Key exchange The biggest problem with symmetric key encryption is that you need to have a way to get the key to the party with whom you are sharing data.
What is X.509? The standard for PGP certificates The standard for digital certificates The standard for FIPS 186 The standard for encrypting email
The Standard for digital certificates
Algorithm
The mathematical process used to alter a message and make it unintelligible to any but the intended party
Frequency Analysis
The most basic tool for breaking most classical ciphers. Not effective against modern ciphers.
X.509
The most widely used digital certificate standard. First issued July 3, 1988. It is a digital document that contains a public key signed by the trusted third party, which is known as a Certificate Authority, or CA. Relied on by S/MIME. Contains your name, info about you, and a signature of a person who issued the certificate.
Birthday Paradox
The number of people you need to have a high likelihood that two share the same birthday. The answer is 23. This is a classic math problem that relates to hashes.
CAST-128 and CAST-256
This block cipher was created by Carlisle Adams and Stafford Tavares. There are two popular versions. The 128 version can use 12 or 16 rounds working on a 64bit block with key sizes ranging from 40bits to 128bits in 8 bit increments. This version is also used in some versions of PGP.
Suite A (How the NSA classifies cryptography)
This classification of algorithms are not published. Algorithms are classified.
Suite B (How the NSA classifies cryptography)
This classification of algorithms are published.
FORK-256
This hash is in analysis phase and not in widespread use. Uses 512bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256bit block through four branches that divides each 512 block into sixteen 32bit words that are further encrypted and rearranged. Branches are used in parallel making it hard to analyze.
MD6
This hash uses a Merkle Tree like structure to allow for immense parallel computation of hashes for very long inputs. Was submitted to the NIST SHA-3 competition. In 2009 Rivest stated that this hash is not ready to be a candidate for SHA-3 because of speed issues and other concerns.
SHA-2
Two similar hash functions with different block sizes, known as SHA-256 and SHA-512. Uses 64 byte (512bit) words.
Digital Certificate Management
Two types of systems: Centralized key-management systems Decentralized key-management systems
NSA Type 3 Algorithms
Type 3 product is a device for use with Sensitive But Unclassified (SBU) information on non-national security systems. Algorithms include: DES 3DES SHA AES (some implementations of AES are type 1)
In order for User A to send User B an encrypted message that only User B can read, User A must encrypt message with which of the following keys? +User B's public key +User B's private key +User A's public key +User A's private key
USER B's Public Key Public key cryptography, or asymmetrical cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner
.cer, .crt, .der
Usually in binary DER form, but Base64-encoded certificates are common also (see .pem).
SSL/TLS VPN
VPN setup through a web browser, portal that uses SSL/TLS to secure traffic. Gives user access to the target network.
DESx
Variation of DES that uses a technique called Key Whitening. XORs a key with text before or after the round function or both.
X.509 Certificate Content
Version Certificate holder's public key Serial number Certificate's validity period Unique name of certificate issuer Digital signature of issuer Signature algorithm identifier
NSA Type 1 Algorithms
Highest level of encryption algorithms. Used for classified or sensitive U.S. government information. Includes: JUNIPER - Block Cipher MAYFLY - Asymmetric FASTHASH - Hashing WALBURN - High bandwidth link encryption PEGASUS - Satellite telemetry
A fixed-size pseudorandom number that is fed into a symmetric cipher to increase randomness is called what? IV Salt Key Chain
IV Intialization vector
BitLocker
Introduced with Windows 7. Can encrypt partitions or entire drives. Startup key only. Key information is stored on a flash drive or TPM. Uses AES with 128bit key.
Playfair Cipher
Invented by Charles Wheatstone in 1854. Encrypts two letters instead of one, this makes it more complex. Uses a 5x5 table containing a keyword. No more secure than any other older ciphers.
Cipher Disk
Invented by Leon Alberti in 1466, physical device, each turn of the disk produces a new cipher
K3
It should be impossible for an attacker to calculate any previous or future values.
Which of the following is a fundamental principle of cryptography that holds that the algorithm can be publically disclosed without damaging security? Kerkchoff's principle Babbage's principle Shamir's principle Vigenere's principle
Kerkchoffs principle
Administration Phase (Digital Certificate Management, 3 phases)
Key Storage Certificate retrieval and validation Backup or escrow Recovery
Signing with DSA
Let H be the hashing function and m the message. Generate a random value for each message k where 0<k<q. Calculate r = (gk mod p) mod q. Calculate s = (k-1 (H (m) + x*r )) mod q. If r or s = zero, then recalculate for a non-zero result (i.e pick a different K). The signature is (r,s).
Single substitution weaknesses
Literacy rates have risen since ancient times, all languages have certain word and letter frequencies, underlying word and letter frequencies lead to vulnerability to cryptanalysis
RFC 1321 describes what hash? MD5 SHA1 RIPEMD GOST
MD5
Output Feedback (OFB)
Makes a block cipher into a synchronous stream cipher, generates keystream blocks, which are then XORed with the plain text blocks to get the cipher text.
Null Ciphers
Message hidden in unrelated text. Sender and receiver have pre-arranged to use a pattern to remove certain letters from the message which leaves only the true message behind
Information Theory
Modern cryptography began in 1949 when Claude Shannon published a paper about the Mathematical Theory of Communication. This idea improved cryptography.
Rail Fence Cipher
Most widely known transposition cipher, encrypts the message by altering each letter on a different row, message must then be written down left to right and put into rows
Secure Hash Algorithm
Most widely used hash algorithm.
_____ uses at least two different shifts, changing the shift with different letters in the plain text. +Scytale +Caesar cipher +Atbash +multi-alphabet encryption
Multi-alphabet Encryption Polyalphabetic Substitution Ciphers are a lot more secure than their Monoalphabetic cousins, as they use different ciphertext alphabets in the encryption process.
Fibonacci Numbers
Named after Leonardo of Pisa who was also known a *********. Sequence of numbers are derived by adding the last two numbers to create the next number, N1 + N2 = n3. Example, 0, 1, 1, 2, 3, 5, 8, 13, 21, 35, 56. Some random number generators use this.
The Feistel Function
Named after a German physicist named Horst *******. Forms the basis for most block ciphers. Splits a block of plain text data into two parts (L0 and R0). Round function is applied to one half. Output of each round function is XORed with the other half.
Confusion
Occurs by using a complex substitution algorithm. Attempts to make the relationship between the statistical frequencies of the cipher text and the key as complex as possible.
Point-to-Point Tunneling Protocol (PPTP) - (often used for VPNs)
Oldest of the three protocols used in VPNs. Designed as a secure extension to the Point-to-Point Protocol (PPP). Adds the feature of encrypting packets and authenticating users to PPP. Works at the data link layer of the OSI model.
Vigenere Cipher
Once considered very secure, invented by Giovan Battista Bellaso in 1553. Used until early 1900's. Encrypts text by using a series of different Caesar cipher based on a keyword.
Password Authentication Protocol (PAP)
One of the most basic authentication protocols. Passwords are sent over the network in clear text. The basic authentication feature built into HTTP uses this.
MAC and HMAC (Message Authentication Mode) and (Hash Message Authentication Mode)
One uses a block cipher in in CBC mode to improve integrity. The other adds a key to a hash to improve integrity.
What is Kerchoff's principle? Both algorithm and key should be kept secret. Only the key needs to be secret, not the actual algorithm. A minimum of 15 rounds is needed for a Feistel cipher to be secure. A minimum key size of 256 bits is necessary for security.
Only the key needs to be kept secret, not the algorithim
This is a method for turning a block cipher into a stream cipher by generating a keystream block, which are then XORed with the plaintext blocks to get the ciphertext. Cipher-block chaining (CBC) Electronic codebook (ECB) Output feedback (OFB) Cipher feedback (CFB)
Output feedback A keystream is a stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message (the ciphertext). Ergo, output is the process of taking the product and combining it with the next plaintext block to create a new cipher.
Which of the following modes can be used to turn a block cipher into a stream cipher? Counter Mode (CTR) and Propagating cipher-block chaining (PCBC) Electronic codebook (ECB) and Output feedback (OFB) Propagating cipher-block chaining (PCBC) and Electronic codebook (ECB) Output feedback (OFB) and Counter Mode (CTR)
Output feedback (OFB) and Counter Mode (CTR)
How symmetric algorithm decryption is expressed mathematically
P=D(k,c) The plain text (P) is equal to the encryption function (E) with the key (k) and the cipher text (c) being passed as parameters to that function.
.p12
PKCS#12, may contain certificate(s) (public) and private keys (password protected).
.p7b, .p7c
PKCS#7 SignedData structure without data, just certificate(s) or CRL(s).
Scytale Cipher
Physical cylinder that was used to encrypt messages. Turning the cylinder produced different ciphertexts. Required a cylinder of the same diameter as the cylinder used to create the message to read the message.
Original, unencrypted information is referred to as ____. +text +plaintext +cleantext +ciphertext
Plaintext Plaintext is a term used in cryptography that refers to a message before encryption or after decryption. That is, it is a message in a form that is easily readable by humans. Encryption is the process of obscuring messages to make them unreadable in the absence special knowledge
.pfx
Predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., w/ PFX files generated in IIS).
.pem
Privacy Enhanced Mail, a Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
Setup and Initialization Phase (Digital Certificate Management, 3 phases)
Process components: Registration Key pair generation Certificate Generation Certificate Dissemination
Authenticator (Components of Kerberos System)
Proves session key was recently created. Often expires within 5 minutes.
Ticket Granting Server (TGS) - (Components of Kerberos System)
Provides tickets.
PKCS (Public Key Cryptography Standards)
Put in place by RSA to ensure uniform certificate management throughout the internet.
Encrypting File System (EFS)
Since Windows 2000, this has been used along with NTFS. Allows a simple way to encrypt and decrypt files/folders. Simply right-click, choose properties, then advanced. Encrypted files will appear in green and are tied to the user who encrypted them.
____ was designed to provide built in cryptography for the clipper chip. +3DES +GOST +Skipjack +Blowfish
Skipjack The Clipper chip used a data encryption algorithm called Skipjack to transmit information and the Diffie-Hellman key exchange-algorithm to distribute the cryptokeys between the peers.
Which of the following is an example of an unbalanced Feistel? +Twofish +Skipjack +AES +3DES
Skipjack Unbalanced Feistel ciphers use a modified structure where Lo Ro are not of equal lengths. The Skipjack cipher is an example of such a cipher
VeraCrypt
Software for maintaining an on-the-fly-encrypted volume. Data is automatically encrypted right before it is saved, then decrypted right after it is loaded, all w/o user intervention.
Steganography Detection Tools
StegSpy Stegdetect StegSecret
A process that puts a message into the least significant bits of a binary file is called what? Masking Asymmetric cryptography Symmetric cryptography Steganography
Steganography
Cipher
The algorithm(s) needed to encrypt and decrypt a message
Birthday Theorem
The number of people you would have to invite to a party so that two will have the same birthday (with high probability). √365 You need √N to have a high probability of collision. Answer is approximately 1.174 √365 to have a high probability of collision.
Euler's Totient
The number of positive integers less than or equal to n that are co-prime to n is called the ****** ******* of n. For example the number 6; 4 and 5 are co-prime with 6. Therefore, ****** *******=2. Symbolized by ϕ(n). For a prime number p, ϕ(n) is always p-1. Part of the RSA algorithm!
One Time Pad (OTP)
The only unbreakable encryption. Has a separate substitution for each character making the key as long as the text. No substitution is used more than once. Key is used one time then destroyed. Impractical for most situations.
Certificate Authority (CA)
The primary role of this is to digitally sign and publish the public key bound to a given user. It is an entity trusted by one or more users to manage certificates. Verisign is an example.
What single-key encryption means
The same key is used to both encrypt and decrypt a message
Symmetric Key Cryptography
The same key is used to encrypt and decrypt the message, faster than asymmetric but have an issue with key exchange
Carrier (Steganography Terms)
The signal, stream, or data file into which the payload is hidden.
Ticket Granting Ticket (TGT) - (Components of Kerberos System)
The ticket that is granted during the authentication process.
Channel (Steganography Terms)
The type of medium used. This may be still photos, video, or sound files.
Shiva Password Authentication Protocol (S-PAP)
This is a proprietary version of PAP. Encrypts username and password as it is sent across network.
Electronic Codebook (ECB)
This is the most basic encryption mode. The message is divided into blocks and each block is encrypted separately. A weakness of this is that the same plain text always equals the same cipher text which gives the attacker a way to begin analyzing the cipher to derive the key.
What is a TGS? A protocol for key exchange The server that grants Kerberos tickets A protocol for encryption The server that escrows keys
Ticket Granting Server in kerberos
Traits of a good Pseudorandom Number Generator (PRNG)
Uncorrelated sequences and Long period
NSA Type 2 Algorithms
Used for unclassified cryptographic equipment, assemblies, or components. Endorsed by the NSA for use in telecommunications and automated information systems for the protection of national security information. These include: Skipjack (a block cipher) KEA (Key Exchange Algorithm - Asymmetric)
Modulus Operator
Used in a number of cryptography algorithms. Simply divide A by N and return the remainder. -So 5 mod 2 = 1 -So 12 mod 5 = 2 -Sometimes symbolized as % as in 5 % 2 = 1
Ticket (Components of Kerberos System)
Used to authenticate to the server. Contains identity of client, session key, timestamp, and checksum. Encrypted with servers key.
Registration Authority (RA)
Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between the user and the CA. Receives request, authenticates it, and forwards it to the CA.
RA (Registration Authority)
Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between user and CA. Receives request, authenticates it and forwards it to the CA.
Counter (CTR)
Used to turn a block cipher into a stream cipher, much like OFB mode. Generates the next keystream block by encrypting successive values of a "counter". The counter can be any simple function that does not repeat for a long time.
Web of Trust - Trust Model
Users all trust each other
WPA - WiFi Protected Access
Uses Temporal Key Integrity Protocol (TKIP). Dynamically generates a new key for each packet.
Mersenne Primes
Uses a formula, Mn = 2n − 1 where n is a prime number, to generate primes. Works for 2, 3, 5, 7 but fails on 11 and on many other n values.
Unbalanced Feistel Cipher
Uses a modified structure where L0 and R0 are not equal lengths. This variation is used with the Skipjack algorithm.
Hash Function
Uses an H function that takes a variable size input (m) and returns a fixed size string. The value that is returned is called the **** value or the, or the h, or the digest. Can be expressed mathematically as h=H(m) Has a variable length input with fixed length output, same sized output is produced regardless of what you put into the algorithm. H(x) is one way. You can't undo it. It is also collision resistant,
PKI (Public Key Infrastructure)
Uses asymmetric key pairs and combines software, encryption and services to provide a means of protecting the security of business communication and transactions.
WPA-Personal (can be known as WPA-PSK mode)
Uses pre-shared key mode. Designed for home and small networks. Doesn't require authentication server. Each wireless device authenticates using the same 256bit key.
Self-synchronizing Stream Cipher
Uses several of the previous N cipher text digits to compute the key stream.
Type cryptography Kerberos uses and the port number
Uses symmetric cryptography and UDP port 88.
Wired Equivalent Privacy (WEP)
Uses the RC4 stream cipher to secure the data and a CRC-32 checksum for error checking. Standard version uses a 40bit key with a 24bit initialization vector to form 64bit encryption. 128bit version uses 104bit key with 24bit IV. Because RC4 is a stream cipher, the same traffic key must never be used twice. 24bit IV is not enough prevent repetition on a busy network. Vulnerable to related key attack.
Cryptanalysis
Using a method (other than brute force) to derive the key of a cipher. In some cases cryptographic techniques can be used to test the efficacy of a cryptographic algorithm. Frequently used to test hash algorithms for collisions.
Which of the following was a multi alphabet cipher widely used from the 16th century to the early 20th century? +Caesar +Vigenere +Atbash +Scytale
Vigenere What is now known as the Vigenère cipher was originally described by Giovan Battista Bellaso in his 1553 book La cifra del. Sig. Giovan Battista Bellaso. He built upon the tabula recta of Trithemius, but added a repeating "countersign" (a key) to switch cipher alphabets every letter.
Data Encryption Standard (DES)
Was the premier block cipher for many years but is now considered outdated. Was selected a the Federal Information Processing Standard (FIPS) for the U.S. in 1976. This is a Feistel Cipher with 16 rounds and a 48bit key for each round. To generate round keys a 56bit key is slit into two 28bit halves. This Feistel Cipher uses 8 s-boxes.
Kerberos
Widely used, particularly with Microsoft operating systems. Created by MIT and derives its name from the mythical three headed dog. The is a great deal of verification for the tickets and the tickets expire quickly. Client authenticates to the Authentication Server once using a long term shared secret and receives back a Ticket-Granting Server. Client can reuse this ticket to get additional tickets without reusing the shared secret. These tickets are used to prove authentication to the Service Server.
This is how the substitution portion of symmetric key cryptography is accomplished
XORing the plain text message with the key
What is the standard used by most digital certificates? +RFC 2298 +OCSP +X.509 +CRL
x.509 In cryptography, X.509 is a standard that defines the format of public key certificates.
CrypTool
Free tool that allows you to enter text and then choose a historical algorithm to encrypt the text
How SSL Works
1. The browser asks the web server to prove its identity. 2. The server sends back a copy of its SSL certificate. 3. The browser checks to see if the certificate is from a CA it trusts. 4. The server sends back a digitally signed acknowledgement and a session is started.
MD5
128bit hash specified by RFC1321. In 1996 a flaw was found in this hash function that was created by Ron Rivest in 1991 to replace an earlier, similarly named, hash function. This hash is also not collision resistant. Recommended to use SHA-1 instead. Breaks down message into 512 byte chunks, padded with 0s if needed to reach 512. Length of the message is appended as the last 64bits. Operates on a 128bit state, divided into 4 32bit words. Four nonlinear function (F) rounds.
Tiger
192bit hash function created by Ross Anderson and Eli Biham in 1995. Designed using the Merkle-Damgard construction (collision resistant hash functions). One way compression function operates on 64bit words, maintaining 3 words of state and processing 8 words of data. 24 rounds and 8 input words.
DES uses keys of what size? +56 bits +192 bits +128 bits +64 bits
56 bits DES has 2^56 total possible keys
SHA-1
A 160bit hash function that resembles earlier MD5 algorithm. Designed by the NSA to be part of the Digital Signature Algorithm.
RC4
A Symmetric Stream Cipher created by Ron Rivest in 1987. Most widely used software stream cipher. Identically used for encryption and decryption, the data stream is simply XORed with the key. Uses a variable length key from 1 to 256 bytes.
Remote Ticket Granting Server (RTGS) - (Components of Kerberos System)
A TGS (Ticket Granting Server) in a remote realm.
Instance (Local) Deduction - (Cryptanalysis Success)
A cryptanalysis success where the attacker discovers additional plain texts (or cipher texts) not previously known.
Information Deduction (Cryptanalysis Success)
A cryptanalysis success where the attacker gains some Shannon information about plain texts (or cipher texts) not previously known.
Diffie-Hellman
A cryptographic protocol that allows two parties to establish a shared key over an insecure channel. Released in 1976, developed earlier by British Intelligence Service. Used for the exchange of symmetric keys.
Kerckhoff's Principle
A cryptosystem should be secure, even if everything about the system is publicly known.
Avalanche
A desirable effect where a change to one bit leads to large change in output. This is Fiestel's take on Claude Shannon's concept of diffusion. Fiestel's ideas are important when discussing block ciphers.
Co-prime Numbers
A number that has no factors in common with another number. For example, 3 and 7 are this.
Rainbow Tables
A password cracker that works with per-calculated hashes of all passwords available withing a character space. Useful against trying to crack hashes. Best way to crack a hash is by finding a match sine they are one-way. Used by popular tools like Ophcrack.
SHA-3
A proposed hash function still in development. Will be given name in 2012 by NIST.
Key Distribution Center (KDC) - (Components of Kerberos System)
A server that provides the initial ticket and handles TGS requests. Often runs as TGS services.
CP (Certificate Policy)
A set of rules that defines how a certificate may be used.
Tiny Encryption Algorithm (TEA)
A simple algorithm that is easy to implement in code, a Feistel Cipher that uses 64 rounds. Created by David Wheeler and Roger Needham in 1994.
ROT13 Cipher
A single alphabet substitution cipher where all characters are rotated 13 characters through the alphabet.
Synchronous Stream Cipher
A stream of pseudorandom digits is generated independently. That stream is then combined with the plain text (encrypt) or the cipher text (decrypt).
FISH
A symmetric Stream Cipher published by the German engineering firm Seimans in 1993. A software based stream cipher that uses a Lagged Fibonacci generator along with concepts borrowed from shrinking generator ciphers.
Blowfish
A symmetric block cipher designed in 1993 by Bruce Schneier. Was intended as a replacement for DES. Like DES it is a 16 round Feistel working on 64bit blocks. Can have bit sizes 32bits to 448bits.
ADFVGX Cipher
A transposition cipher invented 1918 by Fritz Nebel, used a 36 letter alphabet and a modified Polybius square with a single columnar transposition
Lagged Fibonacci Generator
A type of pseudorandom number generator. If addition is used, then it is an ALFG. If multiplication is used then it is a MLFG. If XOR is used it is called a two-gap generalized feedback shift register, or GFS.
VPN
A way to use the internet to create a virtual connection between a remote user or site and a central location. Packets are encrypted making the network private. Emulates a direct network connection.
NSA Type 4 Algorithms
Algorithms that are registered by NIST but not FIPS published. Also, unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage.
CryptoBench
An app that allows you to see the output of a number of hashes. Enter the text you wish to encrypt, select an algorithm, then enter a key.
Integral Cryptanalysis
An attack that is particularly successful against block ciphers based on substitution-permutation networks. For a block size b, holds b-k bits constant and runs the other k through all 2k possibilities. For k=1, this is just deferential cryptanalysis, but with k>1 it is a new technique.
CA (Certification Authority)
An entity trusted by one or more users to manage certificates.
Prime Number
Any number whose factors are 1 and itself. Example 2, 3, 5, 7, 11, 13, 17, 23
Affine Cipher
Any single substitution alphabet ciphers where each letter in the alphabet is mapped to some numeric value, permuted with some relatively simple mathematical function, and then converted back to a letter. The formula for any basic cipher of this type is ax+b(modM), M being the size of the alphabet, so for example Caeser cipher would be 1x+3(mod26)
If a cryptanalysis uncovers a method that can derive a key for an algorithm, but is only slightly faster than brute force, what is this called? Success Complete failure Partial failure A first step
Anything faster than Brute forcing is a success
Linear Cryptanalysis
Based on finding the approximations to the action of a cipher. Commonly used on block ciphers. A known plain text attack that uses linear approximation to describe the behavior of the block cipher. Given enough pairs of of plain text and corresponding cipher text, bits of information about the key can be obtained. The more pairs of plain text and cipher text the greater chance of success.
An authentication method that periodically re-authenticates the client by establishing a hash that is then resent from the client is called ______. EAP SPAP CHAP PAP
Challenge handshake Authentication protocol
Diffusion
Changes to one character in the plain text affect multiple characters in the cipher text, unlike in historical algorithms where each plain text character only affect one cipher text character.
Which of the following most accurately defines encryption? +changing a message using complex mathematics +Applying keys to plain text +changing a message so it can only be easily read by the intended recipient +Making binary changes to a message to conceal it
Changing a message so it can only be easily read by the intended recipient The definition of encryption.
Examples of Multi-Alphabet Substitution
Cipher Disk, Vigenere Cipher
Pretty Good Privacy (PGP)
Created by Phillip Zimmerman in early 1990's. Not itself an algorithm but uses other symmetric and asymmetric algorithms. Open source software for making encryption and decryption readily usable by end users. Most often associated with email encryption. Uses certificates that contain multiple signatures but they are self-signed so they can't be validated with a CA.
SHARK
Created by Vincent Rijmen, Joan Daemen, Bart Preneel, Antoon Bosselaers, and Erik De Win. Uses a 64bit block with a 128bit key in six rounds. Shares similarities with the Rijndael cipher such as the use of S-boxes.
RSA
Created in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT. Most widely used public key cryptography algorithm. Based on relationships with prime numbers. This algorithm is secure because it is difficult to factor a large integer composed of two or more large prime factors.
ElGamal
Created in 1984 by Taher *******. Used in some PGP implementations as well as GNU Privacy Guard software. Consists of three parts: key generator, encryption algorithm, decryption algorithm. This encryption is probabilistic.
Elliptic Curve
Created in 1985 by Victor Miller, IBM. Endorsed by the NSA, schemes based on it for Suite B. Protects information classified up to top secret with 384bit keys. Based on y2 = x3 + Ax + B.
Blum Blum Shub
Created in 1986 by Lenore Blum, Manuel Blum, and Michael Shub. Format is Xn+1 = Xn2 Mod M The main difficulty of predicting the output of this is the difficulty of the "quadratic residuosity problem". As difficult as breaking the RSA public-key cryptosystem.
Naor-Reingold pseudorandom function
Created in 1997 by Moni Naor and Omer Reingold. The mathematics of this function are complex for non-mathematicians.
Z
Denotes the integers. These are whole numbers -1, 0, 1, 2 etc.
Q
Denotes the rational numbers (ratio of integers). Any number that can be expressed as a ratio of two integers 3/2, 17/4, 1/5 etc.
R
Denotes the real numbers. This includes the rational numbers as well as numbers that cannot be expressed as a ratio of two integers, for example √2
Layer 2 Tunneling Protocol (L2TP) VPN
Designed as an enhancement to PPTP Like PPTP, works at the data link layer Offers many modes of authentication: CHAP, EAP, PAP, SPAP, and MS-CHAP Can work on X.25 networks (phone) Uses IPSec for its encryption
WPA-Enterprise (can be called WPA-802.1x mode)
Designed for enterprise networks. Requires a RADIUS server for authentication. Extensible Authentication Protocol (EAP) is used for authentication. (EAP-TLS and EAP-TTLS)
Propagating Cipher-Block Chaining (PCBC)
Designed to cause small changes in the cipher text to propagate indefinitely when decrypting, as well as encrypting, a variation of the CBC mode of operation, has not been published as a federal standard.
Steganalysis
Detecting steganography and extracting the hidden information. Done with software. By analyzing changes in an images close color pairs, the steganalyst can determine if LSB was used. Close color pairs consist of two colors whose binary values differ only in the LSB.
Linear Congruential Generator
Determined by the following four integer values: m the modulus m>0 a the multiplier 0, 0<a<m c the increment 0, 0<c<m X0 the starting value 0, 0,X0<m The algorithm is : Xn + 1 = (aXn + C)mod m
SSL
Developed by Netscape and has been replaced by TLS. It was the preferred method used with secure websites (i.e. https)
Skipjack
Developed by the NSA and was designed for the clipper chip, a chip with built in encryption. Decryption key was kept in escrow for law enforcement to decrypt the data without the owner's cooperation, made this algorithm highly controversial. Uses an 80bit key to encrypt and decrypt 64bit data blocks. An unbalanced Feistel network with 32 rounds.
Which of the following is a cryptographic protocol that allows two parties to establish a shared key over an insecure channel? +Elliptic Curve +MD5 +RSA +Diffie-Hellman
Diffie-Hellman Diffie-Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
U.S. Patent 5,231,668 and FIPS 186 define what algorithm? EC RSA DSA AES
Digital Signature Algorithim
Public Key Infrastructure (PKI)
Distributes digital certificates that contain public keys. A network of trusted certificate authority servers. An arrangement that binds public keys with user identities by means of a CA.
With _____, the message is divided into blocks and each block is encrypted separately. This is the most basic mode for symmetric encryption. +Electronic codebook (ECB) +Cipher feedback (CFB) +Output feedback (OFB) +Cipher-block chaining (CBC)
ECB It is the simplest encryption scheme
Homophonic Substitution
Early attempt to make substitution ciphers more robust, masks letter frequencies, plain text letters map to multiple cipher text symbols
Enigma Machine
Electromechanical rotor-based cipher used in World War II
Which of the following equations is related to EC? Me%n y2 = x3 + Ax + B P = Cd%n Let m = (p-1)(q-1)
Elliptic curve y2 = x3 + Ax + B
What is the formula Me%n related to? Generating Mersenne primes Encrypting with EC Encrypting with RSA Decrypting with RSA
Encrypting with RSA
Steganalysis - Audio Steganalysis
Examines noise distortion in the carrier file. Noise distortion could indicate the presence of a hidden signal.
Cancellation and History Phase (Digital Certificate Management, 3 phases)
Expiration Renewal Revocation Suspension Destruction
FIPS Standards
FIPS 140: Cryptographic Modules FIPS 186: Digital Signatures FIPS 197: AES FIPS 201: Identity Verification
This algorithm was published by the German engineering firm Seimans in 1993. It is a software based stream cipher using Lagged Fibonacci generator along with a concept borrowed from the shrinking generator ciphers. Twofish RC4 FISH Blowfish
FISH Created in 1993 by Germans.
Digital Signature Algorithm (DSA)
Filed July 26, 1991 under U.S. Patent 5,231,668. Adopted by the U.S. Government in 1993 with FIPS186. Choose a hash function (traditionally SHA1). Select a key length L and N. Choose a prime number q that must be less than or equal to the hash output length. Choose a prime number p such that p-1 is a multiple of q. Choose g, this number must be a number whose multiplicitive order modulo is q. Choose a random number x, where 0<x<q. Calculate y=gx mod p. Public Key is (p, q, g, y). Private key is x.
Twofish
Finalist to replace DES. Block size of 128bits and key sizes up to 256bits, it's a Feistel cipher. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson.
Initialization Vector (IV)
Fixed size input to a cryptographic primitive that is random or pseudorandom. Called a 'nonce' if it is non-repeating and not truly random. Used along with a secret key for encryption.
Certificate Authority - Verisign - Class 1
For individuals, intended for email
Certificate Authority - Verisign - Class 4
For online business transactions between companies
Certificate Authority - Verisign - Class 2
For organizations for which proof of identity is required
Certificate Authority - Verisign - Class 5
For private organizations or governmental security
Certificate Authority - Verisign - Class 3
For servers and software signing, for which independent verification and checking of identity and authority is done by the issuing CA
Differential Cryptanalysis
Form of cryptanalysis applicable to symmetric key algorithms. The examination of differences in an input and how that affects the resultant difference in output. Originally only worked w/ chosen plain text.
GOST
Hash algortihm created by the Russians. Produces a fixed length output of 256bits. Input message is broken up into 256 bit blocks. If block is less than 256 bits then it is padded with 0s.