Chapter 2- Cryptography

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Output Feedback (OFB)

A DES mode that is very similar to CFB mode, but instead of the previous block's ciphertext being the next block's IV, it takes the result of the previous encryption of the IV and key before the plaintext is XORed.

Twofish

A block cipher that operates on 128-bit blocks of data and is capable of using cryptographic keys sizes 128, 192, 256 bits in length and performs 16 rounds of encryption.

Pretty Good Privacy (PGP)

A cryptography application and protocol suite used in asymmetric cryptography. (used in e-mail)

Certificate Signing Request (CSR)

A message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.

Substitution Cipher

A method of encryption and decryption in which each letter in the alphabet is replaced by another.

Galois/Counter Mode (GCM)

A mode that starts with CTR mode, but adds a special data type known as a Galois field to add integrity. Used by AES.

codebook

A predefined dictionary that translates codes to their plaintext messages and back.

D-H group

A preset modulus of a specific size: Group 1- 768 bit modulus Group 2- 1024 bit modulus Group 5- 1536 bit modulus Group 14- 2048 bit modulus

key exchange

A process, typically using Diffie-Hellman algorithms, which assists in the creation and secure exchange of symmetric keys, typically session keys used for one communications session only.

Certificate Revocation List (CRL)

A repository that lists revoked digital certificates.

Secure Hash Algorithm (SHA)

A secure hash algorithm that creates hash values of longer lengths than Message Digest (MD) algorithms.

Public Key Cryptography Standards (PKCS)

A set of voluntary standards created by RSA security and industry security leaders.

Advanced Encryption Standard (AES)

A symmetric cipher that can use block sizes of 128 bits, with key sizes of 128, 192, and 256 bits. 10 rounds- 128 bits, 12 rounds- 192 bits, and 14 rounds- 256 bits.

Diffie-Hellman Ephemeral or ephemeral key

A temporary key that is used only once before it is discarded.

Wired Equivalent Privacy (WEP)

An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.

block algorithm

An algorithm that operates on a predefined size of a group of bits, known as a block. (16, 64, 128 bit)

streaming algorithms

An algorithm that operates on individual bits, one bit at a time. Tend to work much faster than block algorithms.

Elliptic Curve Cryptography (ECC)

An asymmetric method of cryptography based upon problems involving the algebraic structure of elliptic curves over finite fields. ECC has many uses, including variations that apply both to encryption and digital signatures. (mobile devices)

dictionary attack

Attempt to break a password by trying all possible words compared to the programs dictionary file.

Online Certificate Status Protocol (OCSP)

Automated method of maintaining revoked certificates within a PKI.

ElGamal

Based partially on Diffie-Helmann, can be used for both general encryption and digital signature. The algorithm is comprised of 3 parts: the key generator, the encryption algorithm, and the decryption algorithm. This was made publicly available. (US Government's Digitial Signature Algorithm is based on this.)

session key

Created and used for a single communication session, cannot be reused. New key is generated every time communication is made.

What are the symmetric key cryptosystems?

DES, 3DES, AES, Blowfish, Twofish, RC4

An offline attack is done against what type of data?

Data-at-Rest

An online attack is executed against what type of data?

Data-in-transit

Data Encryption Standard (DES) five different cipher modes

ECB, CBC, CFB, OFB, CTR

Symmetric Cryptography

Encryption that uses a single key to encrypt and decrypt a message.

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

Ephemeral key exchange that skips pseudo-random number generation and instead uses ephemeral keys calculated using elliptic curve cryptography, Group 19- 25 bit elliptic curve Group 20- 384 bit elliptic curve Group 21- 521 bit elliptic curve

Out-of-band key exchange

Involves the use of a separate, independent channel, such as snail mail, USB stick, or even a different network connection, to send the key to the authorized users.

Four types of Hashing Algorithms

MD5, SHA, RIPEMD, HMAC

hierarchical trust model

Multiple CAs deployed throughout a single organization. CAs are subordinate to a single root CA within the organization.

web-of-trust model

Not typically used in a PKI. You'll most often see this type of model used in smaller groups or organizations, typically in those that allow individual users to generate their own public and private key pairs.

cross-trust model

Often found between two different organizations. In this trust model, organizations typically have their own certificate authorities and issuing servers and they must trust each others certificates so that their personnel can authenticate to access resources in each others security domains.

Data Encryption Standard (DES)

Older encryption standard that used a 56-bit key and a 64-bit block size using a summetric block algorithm; based upon the Lucifer algorithm.

Cipher Block Chaining (CBC)

Producing much stronger encryptions by XORing(repeating) the previous block to the next block inside itself.

What are the Asymmetric Key Cryptosystems?

RSA, Diffie-Hellman, PGP/GPG, ECC, ElGamal

Vigenere Cipher

Rotates the Caesar cipher offset used to encrypt each new letter in a text utilizing ROT0-25 in a table.

Cipher Feedback (CFB)

Similar to CBC, except the plaintext is XORed into the IV after each round.

Kerckhoff's Principle

States that the algorithm should not be the secret part of the cryptographic process or method used; the key should be kept secret, not the algorithm.

root CA server

The certificate server at the top of the hierarchy of servers in a large company that manage a certificate needs.

Certificate Authority (CA)

The entity that issues and controls the digital certificates.

key generation

The process of creating a public and private key pair, which is then issued to an individual, based upon his or her confirmed identity.

key exchange

The process used to exchange keys between users who send a message and those who receive it.

brute force attack

The simplest and least-efficient type of attack, attempts to derive a password or key by inspecting either ciphertext or a hash and then trying every possible combination of key or hash until it can decrypt the plaintext or generate a match.

Hybrid Cryptography

Using both symmetric and asymmetric cryptography together in order to make up for each type's disadvantages and leverage each type's advantages.

Spoofing

When someone pretends to be someone else with the intent of obtaining unauthorized data.

WPA-PSK

Wi-Fi Protected Access Pre-Shared Key

Recovery Agent

a designated person or entity who has the auhority to recover lost keys or data in the event the person holding the keys is not available.

digital signature

a hash value encrypted with the private key and that accompanies the public key

RIPEMD (RACE Integrity Primitives Evaluation Message Digest)

a hashing algorithm not often seen in practical implementation, developed in an open-standard type of environment, as opposed to SHA.

Floating Point Operation Per Second (FLOPS)

a measure of computer performance, useful in fields of scientific calculations that make heavy use of floating-point calculations.

Hybrid Attack

a password attack that is a combination of dictionary and brute force attacks which adds numbers and special characters to a dictionary word in an attempt to crack a password

Non-repudiation

a person cannot deny that they took a specific action.

Counter (CTR)

a random 64 bit block as the first IV, then increments a specified number or counter for every subsequent block of plaintext.

code

a representation of an entire phrase or sentence

River Cipher 4 (RC4)

a streaming (wireless) symmetric algorithm, uses only one round of encryption, using key sizes 40-2048bits in length.

Diffie-Hellman key exchange

an asymmetric standard for exchanging keys. primarily used to send private keys over public networks.

digital certificate

an electronic file specifically formatted using industry standards that contains identifying information. Stores a public key with digital signature, personal information about the resource and second digital signature from a third party you both trust.

Key

an indicated number to shift the variable of the algorithm for the final cryptosystem

Initialization Vector (IV)

arbitrary number

Blowfish

block cipher that accepts 64 bit blocks and has a wide range of variable key links, from 32 bit-448bits, performs 16 rounds of encryption.

Transposition Cipher

changes the order of characters in a message using some predetermined method that both the sender and recipient know.

Public Key Infrastructure (PKI)

combine symmetric and asymmetric key cryptographic methods with hashing to create robust and secure systems.

Decryption

converting ciphertext back to plaintext

data in-transit

data currently in transport (being transmitted or received from one person or host to another)

Data in process

data currently in use by a computing device, and not at rest or in transit. (RAM, CPU, Operating System and Applications)

Data at rest

data that resides in storage (not currently accessed, transmitted or received, nor used by the computer)

modes

defined methods that determines how a plaintext block is input and changed to produce ciphertext.

Application-Specific Integrated Circuit (ASIC)

device that work hundreds or even thousands of times faster than a CPU. (Bitcoin Miner)

confusion

every character in a key is used to make the ciphertext more random looking.

key escrow

grant knowledge or copies of keys to a third party.

Message Authentication Code (MAC)

hash value used to ensure both integrity and authenticity of a message

Hashing

helps varify that data came from a specific source and that the date did not change from what was sent./ can not be decrypted or reversed, just compared.

shifts

in binary moving the ciphertext left or right by four digits

2 methods of key exchange

in-band and out-of-band

Cryptovariable

key that defines how many letters to shift

3DES (Triple DES)

like DES encryption process, except it uses three 56-bit keys and repeats is three times for each key. (like having a 168-bit key)

Algorithm

mathematical constructs that define how to transform plaintext into ciphertext, as well as how to reverse that process during decryption.

plaintext

normal text that has not been encrypted

Hydra

online dictionary attack password cracker

Electronic Code Book (ECB)

plaintext blocks of 64 bits are manipulated to produce ciphertext. Predictable in it will always produce identical plaintext to the same ciphertext.

Ciphertext

plaintext that was transformed into unreadable gibberish using encryption

Message Digest 5 (MD5)

produces a 128-bit message digest, consisting of 32 hexadecimal characters, regardless of the length of the input text.

Rounds

repeating the shift iteration multiple time, making it harder to encrypt/decrypt.

cipher

represents text on a character-by-character basis

ROT13 cipher/shift cipher

rotates every letter 13 places in the alphabet

eXclusive function (XOR)

the most commonly used binary math function used in cryptography by comparing two bits to determine difference. (0's=false, 1's=true)

Encryption

the process of converting plaintext information into ciphertext information.

Cryptography

the science of encrypting and decrypting communications to make them unintelligible for all but the intended recipient

Cryptanalysis

the study of breaking encryption, the opposite of cryptography.

reversible process

to reverse the process to return the data from an encrypted to an unencrypted state.

password cracker or password recovery tool

tool used to read a ciphertext or hash and try to extract the plaintext key or password. Examples are: Linux attacker use Jack the Ripper or Hashcat Windows attackers use Cain & Abel

collision

two different pieces of plaintext produce the same hash. should never happen.

Cryptosystem

use algorithms and keys as basic components to stir up the binary data, and also implement them in ways that enable the encryption/decryption to be faster, more efficient, or stronger. (a four bit key, XOR, four digit left shift of the ciphertext, the XOR/left shift iteration repeated in five rounds.)

HMAC (Hash-Based Message Authentication Code)

used in conjuction with a symmetric key both to authenticate and verify the integrity of the message, uses either MD5 or SHA.

RSA

used to create and use a public-private key pair, factored mathematically from two very large numbers. Uses one round of encryption and ranges from 1024 to 4096 bits.

Asymmetric Key Cryptography

uses a "key pair"-two separate keys- for secure communication.

public key cryptography

uses two mathematically related keys in a pair, a public key and a private key. What one key encrypts, only the other key in the pair may decrypt, and vice versa.

In-band key exchange

using the same communications channel you are using to send the message to send the key.

Registration Authority (RA)

verifies user identities and then passes the informaiton on to the actual CA for certificate generation.


Kaugnay na mga set ng pag-aaral

Module 1 - Le Guide alimentaire canadien

View Set

Schritte 2 Neu - Lektion 13: Adjektive - Gegenteile

View Set

Psych Testing & Measurement (Ch. 4-6)

View Set

Chapter 7 & 8 Process technology safety

View Set

CTS 1120 - Final Exam (Multiple Choice)

View Set

Psychology Chapter 9a Learning Curve

View Set