Final Exam
revocation
(n.) an act or instance of calling back, an annulment, cancellation
Unresponsiveness
A Trojan is any program that masquerades as a useful program while hiding its malicious intent. The masquerading nature of a Trojan encourages users to download and run the program. _________________ of applications to normal commands is one telltale sign of a Trojan infection.
digital signature
A ___________ binds a message or data to a specific entity. This is not a digitized signature, which is an image of an electronically reproduced signature
vernam
A ___________ cipher creates a bit stream of 0s and 1s, which, combined with plaintext, using the exclusive OR (XOR) function.
port-scanning tool
A ___________ enables an attacker to discover and identify hosts on a network
transposition
A _____________ cipher does not alter the characters in a message. Instead, it rearranges them using a complex pattern and requires that the receiver unscramble them following the reverse pattern.
Advanced Encryption Standard (AES)
A block cipher created in the late 1990s that uses a 128-bit block size and a 128-, 192-, or 256-bit key size. Practically uncrackable.
RC2
A block cipher that processes blocks of 64 bits. it is a drop in replacement for DES
block cipher
A cipher that manipulates an entire block of plaintext at one time.
transposition ciphers
A cipher that rearranges the order of existing characters in a message in a certain way (e.g., a route cipher)
most common
A clue to cryptanalysts that a cipher is a transposition cipher is when it uses the _______________ letters in the alphabet.
product ciphers
A combination of transposition and substitution ciphers
Key Distribution Center (KDC)
A component of the Kerberos system for authentication that manages the secure distribution of keys.
nonrepudiation
A contractual stipulation to ensure that ebusiness participants do not deny their online actions
blockchain
A digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly
email bomb
A hacker technique that floods the email account of the victim with useless emails.
bcrypt
A key stretching algorithm. It is used to protect passwords. Bcrypt salts passwords with additional bits before encrypting them with Blowfish. This thwarts rainbow table attacks.
out-of-band key exchange
A less sophisticated way to exchange keys than an in-band key exchange is called a ________________ which means that a physical currier delivers the key. Uses might be... the military because it is expensive.
algorithm
A mathematical process or formula for performing some kind of math functon
entropy
A measure of disorder or randomness.
Triple DES (3DES), 112, 168
A more-secure variant of DES that repeatedly encodes the message using three separate DES keys. Has ______ to ____ bits of key space
pharming
A phishing attack that automatically redirects the user to a fake site.
pinning
A security mechanism used by some web sites to prevent web site impersonation. Web sites provide clients with a list of public key hashes. Clients store the list and use it to validate the web site.
adware
A software program that delivers advertising content in a manner that is unexpected and unwanted by the user.
byte (or bit)
A stream cipher encrypts one _________ at a time, whereas a block cipher encrypts an entire block of data at a time
stealth virus
A virus that attempts to avoid detection by masking itself from applications. Also called an armored virus.
polymorphic virus
A virus that changes its virus signature (the binary pattern that makes the virus identifiable) every time it infects a new file. This makes it more difficult for antivirus programs to detect the virus. It also changes its own code or periodically rewrites itself to avoid detection
slow virus, fileless
A virus that counters the ability of antivirus programs to detect changes in infected files, slowing down the detection of the virus. Also known as a __________ virus.
retro virus
A virus that waits until all possible backup media are infected too, so that it is not possible to restore the system to an uninfected state.
sneakernet
A way of exchanging data between computers that are not connected on a network. The term was coined before the widespread use of networks, when data was copied from a computer to a removable storage device, carried to another computer, then copied from the storage device onto the second computer.
firewalls, timestamping, single sign-on, identity, identify management, mobile device security
Access control tools include ______, _____________, ____________, _______________, and _____________.
D
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? A. Rivest-Shamir-Adelman (RSA) B. Message digest algorithm (MD5) C. Blowfish D. Diffie-Hellman
Asymmetric Key Cryptography
Also known as the public key cryptography, this method uses two keys: a public key and a private key
Wired Equivalent Privacy (WEP)
An IEEE 802.11 security protocol designed to ensure that only authorized parties can view transmitted wireless information. WEP has significant vulnerabilities and is not considered secure.
RC4
An RC stream cipher that will accept keys up to 128 bits in length. used by internet browsers to provide an SSL connection
databases
An SQL code injection attacks applications that depend on data stored in _____________. SQL statements are inserted into an input field and are executed by the application. SQL injection attacks allow attackers to disclose and modify data, violate data integrity, or even destroy data and manipulate the database server.
stream cipher
An algorithm that takes one character and replaces it with one character.
entropy value
An algorithm with a very low predictability having high randomness, or _____________.
LDAP injection
An application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input.
quantum cryptography
An asymmetric cryptography that attempts to use the unusual and unique behavior of microscopic objects to enable users to securely develop and share keys.
Smurf attack
An attack that broadcasts a ping (ICMP) request to computers yet changes the address so that all responses are sent to the victim.
Cross-Site Scripting (XSS)
An attack that injects client-side scripts into a Web application server to direct attacks at clients.
phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
SQL injection
An attack that targets SQL servers by injecting commands to be manipulated by the database.
reuse, man-in-the-middle
Any time a user resubmits the same key multiple times, called key ________, the possibility exists for a n attacker to intercept a transmission in a ____________________ attack. the most secure keys are used only once.
A
Arturo discovers a virus on his system that resides only in the computer's memory and not in a file. What type of virus has he discovered? A. Slow virus B. Retro virus C. Cross-platform virus D. Multipartite virus
XML injection
Attack method where malicious XML is passed as input to exploit a vulnerability in the target app.
reconnaissance and probing, gaining access, maintaining access, covering your tracks
Attack phases:
tokens, smart cards, biometrics, passwords, password recovery
Authentication tools include ______________, _____________, _________________, _______________, and _________________
confidentiality
Before the digital computer, ______________ was ensured by encrypting a message, which meant the sender made sure it was secure as long as the opponent did not have the key and could not find a shortcut to solve it, whereas integrity was often incidental.
confidentiality, integrity, authentication, nonrepudiation
Before the digital computer, classic computing addressed the four basic goals of encryption _______________, _______________, __________, and ______________
authentication, asymmetric key
Before the digital computer, if a forger obtained encryption equipment, a fake message could appear legitimate. Thus, encryption required _______________. Authentication proving the identity of a sender was possible if both sender and receiver had the same codebook and exchanged elements of it. However, exchanging information in that manner compromised its contents; thus, ___________________ cryptography was the invention needed to prove who wrote a message.
C
Bob is developing a web application that depends on a backend database. What type of attack could a malicious individual use to send commands through his web application to the database? A. Cross-site scripting (XSS) B. Extensible Markup Language (XML) injection C. Structured Query Language (SQL) injection D. Lightweight Directory Access Protocol (LDAP) injection
A
Bob is sending a message to Alice. He wants to ensure that nobody can read the content of the message while it is in transit. What goal of cryptography is Bob attempting to achieve? A. Confidentiality B. Integrity C. Authentication D. Nonrepudiation
ephemeral
Both DHE and ECDHE use an __________ key
multipartite
Both types of boot record infectors commonly load instructions that can bypass the ROM-based system services, affects the opening and closing of files. If the virus also executes other malicious code to cover its tracks, it is a ______________ virus.
keyspace
By making the ____________ large enough, the cost of brute-force attacks become too high
Secure Sockets Layer, Transport Layer Security
Common examples of transport encryption protocols include __________________________ and _______________________, which are commonly used to create secure connections between web servers and browsers, and SSH
Chosen Plaintext Attack (CPA)
Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.
Ciphertext-only attack
Cryptanalysis attack where the attacker is assumed to have access only to a set of ciphertexts.
known plaintext attack
Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext.
lightweight cryptography
Cryptographic algorithms with reduced compute requirements that are suitable for use in resource-constrained environments, such as battery-powered devices.
lucifer
DSE was originally developed as the _____________ algorithm. operates on a 64 bit block
XKMS
Defines services to manage heterogeneous PKI operations via XML
asymmetric key
Digital signatures require _____________ cryptography.
Homomorphic Encryption
Enables processing of encrypted data without the need to decrypt the data. It allows the cloud customer to upload data to a cloud service provider for processing without the requirement to decipher the data first.
Homepage hijacking
Exploiting a browser vulnerability to reset the homepage Covertly installing a browser helper object (BHO) Trojan program
light weight
GOST, CLEFIA, Trivium are _________ cryptography algorithms.
D
Hacking groups create _______ to launch attacks whereby they infect vulnerable machines with agents that perform various functions at the command of the controller. A. logic bombs B. honeypots C. ransomware D. botnets
DES, 128-bit
IDEA is like _______ but it has _______ key
perfect forward secrecy
In DHE and ECDHE, each new key exchange uses new asymmetric keys, each communication session's setup process is unique. Therefore, if a current session's key is compromised by an attacker, none of the previous session keys are at risk, this property is called _________________
encrypted information
Information in scrambled form (ciphertext)
unencrypted information
Information in understandable form (plaintext or cleartext)
command injection
Injecting and executing commands to execute on a server.
Confidentiality, Privacy, Integrity, Authorization, Access Control
Internal security objectives:
IPSec
Internet Protocol Security. Used to encrypt traffic on the wire and can operate in both tunnel mode and transport mode. It uses tunnel mode for VPN traffic. IPsec is built into IPv6, but can also work with IPv4 and it includes both AH and ESP. AH provides authentication and integrity, and ESP provides confidentiality, integrity, and authentication. IPsec uses port 500 for IKE with VPN connections.
ISAKMP
Internet Security Association and Key Management Protocol
D
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose? A. Wired Equivalent Privacy (WEP) B. Wi-Fi Protected Access (WPA) C. Wi-Fi Protected Access version 2 (WPA2) D. Wi-Fi Protected Access version 3 (WPA3)
paper, digital media, hardware
Key distribution techniques
in-band key
Key is sent with the encrypted file.
field theory
Lewin's system using the concept of fields of force to explain behavior in terms of one's field of social influences
D
Lin installed a time-management utility that she downloaded from the Internet. Now several applications are not responding to normal commands. What type of malware did she likely encounter? A. Virus B. Worm C. Ransomware D. Trojan horse
assembly language
Malware developers often write and compile viruses using high level languages like C+ or C++. In contrast, they often use ________________ to write boot record infectors.
distributed denial-of-service (DDoS) attack
Many computers collaborate to shut down a target, usually by keeping it busy or overwhelming it with incoming requests.
MD5
Message Digest 5. A hashing function used to provide integrity. MD5 uses 128 bits. A hash is simply a number created by applying the algorithm to a file or message at different times. The hashes are compared to each other to verify that integrity has been maintained.
key management
Most challenging task in cryptography, pertains to creating, maintaining, distributing, and destroying it
template
One of the most effective ways to damage documents is to infect a ______ or shared document that many other documents reference
Ceasar, 25, key word mixed alphabet
One of the simplest substitution ciphers is the ______________ cipher. There are ________ potential keys for this cipher because the last key maps characters back onto themselves. The type of cipher is the ____________ cipher consisting of key words.
IP spoofing, packets
One popular technique for DoS attacks is called a SYN flood. In a SYN flood, the attacker uses ____________ to send a large number of __________ requesting connections to the victim computer.
NT LAN Manager
One solution that uses authentication and security protocols with cryptography at the core is Microsoft's ____________ (NTLM) are (NTLMv2)
Potentially Unwanted Programs
PUPs stands for
PGP/GPG
Pretty Good Privacy. Free software that lets you send encrypted e-mails (you must have recipient's PUBLIC key). To have someone send encrypted e-mail to you, give them your PUBLIC key.
symmetric key
Private key ciphers are also called _______ ciphers.
SHA-1
Produces a 160-bit hash value and is used in DSS
scrambles
Regarding the objective to promote privacy and confidentiality, cryptography ______________ information so that only someone with the right cipher and key can read it
Authentication (non-PKI), Access control/authorization, assessment/audit, security management products, perimeter/network security/availability, content filtering, encryption, administration/education, outsources services/consultants
Security implementations for businesses: (9 in total)
anonymity, timestamping, revocation, ownership, high resiliency, supporting obfuscation
Security measure protocols that benefit everybody:
B
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity? A. Message authentication B. Digital signature C. Receipt and confirmation D. Nonrepudiation
Message authentication, signature, receipt and confirmation, nonrepudiation
Security objectives in a business relationship:
worm
Self-replicating, self-contained program designed to carry out some unauthorized activity on a victim's computer. Worms can spread themselves from one computer to another without any assistance from victims. usually probes network-attached computers to exploit specific vulnerabilities
out-of-band communication
Signal that are sent between two parties or two device that are sent via a path or method different from that of the primary communication between the two parties or devices
fileless viruses
Slow viruses, also called ____________, counter the ability of antivirus programs to detect changes in infected files. This class of virus resides in only the computer's memory and not in a file, so antivirus software has a harder time detecting it.
Structured Attacks
Sophisticated hacking techniques to identify, penetrate, probe, and carry out malicious activities.
spim
Spam over Internet Messaging
Diffie-Hellman Ephemeral
The Diffie-Hellman algorithm is the basis for several common key exchange protocols including _________________ (DHE)
unclassified
The U.S. government currently has no standard for creating cryptographic keys for ___________ applications
Communications Security Material (CMS)
The U.S> Navy uses a unique distribution system called the ______________________ system
insecure
The WEP algorithm is cryptographically ________ and should no longer be used. WPA and its successor WPA2 are both strong, secure wireless encryption protocols. WPA3 is the newest and most secure protocol of the four listed here.
Munitions Control Act of 1950
The ___________ specifically classified cryptographic ciphers and equipment as Class 13B munitions, which made them tools of warfare and subject to export control and government oversight.
Data encryption standard, 56-bit, 16
The _______________________ (DES) is a product cipher. it has a ________ key, consisting of _____ iterations.
Chosen Ciphertext Attack (CCA)
The attacker has the ability to decrypt chosen portions of the ciphertext message and use the decrypted portion of the message to discover the key.
keyspace
The entire range of values that can be used to construct an individual key.
intended use, transit, rest
The first question to ask when evaluating a cipher is its __________. are you securing data in _________ or at ________
value
The goal of cryptography is not to make ciphertext undecipherable but rather to make the cost or time required to decrypt it without the key exceed the ______ of the protected information.
deep crack
The keyspace of the DES was searched in 1998 by a special computer called the _________
Rivest-Shamir-Adelman (RSA) and Digital signature algorithm (DSA)
The most common digital signature algorithms used are the
n(n-1))/2
The number of key pairs required for n corresponndents being ________________.
hash
The output of one algorithm is called a __________
stapling
The process of appending a digitally signed OCSP response to a certificate. It reduces the overall OCSP traffic sent to a CA.
decryption
The process of converting a ciphertext into plaintext.
key distribution
The process of securely transporting an encryption key from the key generator to the key user, without disclosing the key to any unauthorized user.
in-band key exchange
The symmetric approach to exchanging keys uses the same communications channel as the data and is called an ____________
cross-platform viruses
These are less prevalent but can still be potent threats. There have been a number of documented viruses that target multiple operating systems (Apple Macintosh HyperCard viruses, for instance). If those platforms also run Windows emulation software, they become as susceptible to Windows viruses as a native Windows computer.
repetition, long, only once
To make sure a substitution cipher stays secure, you must do three things: 1. ensure the key is a random sequence without __________. 2. ensure that it is as ______ as the encrypted information. 3. use it _____.
transit, rest
Today's two primary uses of cryptography in information systems: To protect data in __________ and in _______
True
True or False? A backdoor is a hidden way to bypass access controls and allow access to a system or resource.
False
True or False? A block cipher encrypts one byte (or bit) at a time, whereas a stream cipher encrypts an entire block of data at a time.
False
True or False? A port-scanning tool enables an attacker to escalate privileges on a network server.
False
True or False? A private key cipher is also called an asymmetric key cipher.
True
True or False? An algorithm is a repeatable process that produces the same result when it receives the same input.
True
True or False? Attacks against confidentiality and privacy, data integrity, and availability of services are all ways malicious code can threaten businesses.
False
True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications.
True
True or False? Unlike viruses, worms do not require a host program to survive and replicate.
encrypt, Decrypt
Two main approaches to securing communications: __________ each message before it is sent. __________ the messages as they are transmitted or received.
symmetric
Using the Diffie-Hellman algorithm, the sender and receiver use asymmetric encryption to securely exchange symmetric keys. After the initial key exchange, each party can then use _________ encryption to encrypt and decrypt data.
signature pattern
Virus action produces a ______________ which anti-virus/anti-malware programs look for.
settings
WLANs convenience reduced security because consumers never bother to turn on the security _______
asymmetric, sessions.
What Diffie and Hellman had introduced, therefore, was a secure method of exchanging symmetric keys using their ______________ techniques. The most common use for this algorithm is to secure communications between two parties, to do that today, network applications establish ____________.
ciphertext-only attack (COA), known-plaintext attack (KPA), chosen-plaintext attack, chosen-ciphertext attack
What are the 4 basic forms of cryptography attack?
inverses, easy, infeasible, inverses
What are the four properties of asymmetric key ciphers? 1. two associated algorithms that are ________ of each other exist. 2. Each of these two algorithms is _____ to compute. 3. It is computationally ______ to derive the second algorithm from the first. 4. Given some random input, you can generate associated key pairs that are ________ of each other.
A
What type of system is intentionally exposed to attackers in an attempt to lure them out? A. Honeypot B. Bastion host C. Web server D. Database server
binary, digits, bits, qubits
Whereas conventional computing uses ___________________, ______________, or _____________ that can represent only a single value at a time; quantum computing leverages the properties of photons to implement ____________ (otherwise known as a quantum bit)
B
Which of the following is a type of denial of service (DoS) attack? A. Logic bomb B. Synchronize (SYN) flood C. Cross-site scripting (XSS) D. Structured Query Language (SQL) injection
B
Which of the following is not true of hash functions? A. Hash functions help detect forgeries by computing a checksum of a message and then combining it with a cryptographic function so that the result is tamperproof. B. The hashes produced by a specific hash function may vary in size. C. A hash is a checksum designed so that no one can forge a message in a way that will result in the same hash as a legitimate message. D. The output from the message digest algorithm (MD5) or the Secure Hash Algorithm (SHA) hash provides input for an asymmetric key algorithm that uses a private key as input.
C
Which type of cipher works by rearranging the characters in a message? A. Substitution B. Steganographic C. Transposition D. Asymmetric
complexity
You can increase the __________ of a key word mixed alphabet cipher by allowing any letter to uniquely map to another letter.
Hashes
________ are usually of a known fixed size based on the algorithm used.
Blowfish
__________ is a 64-bit block cipher that can use variable-length keys (from 32 bits to 448 bits);
macro virus
___________ infects document files that can record macros and insert their own commands so when a user shares the document, the malware spreads.
digital media, hardware
___________ key distribution might be through a DVD while _______ key distribution might be through a USB flash drive.
integrity
____________ ensures that no one, not even the sender, can change a message after it is transmitted.
Confidentiality
____________ keeps information secret from unauthorized users. Cryptography makes information unintelligible to anyone who does not know the encryption cipher and the proper key. Only authorized users, or an effective cryptanalysis, can decipher the content of an encrypted message
Honeypots
_____________ are sacrificial hosts and services deployed at the edges of a network to act as bait for potential hacking attacks and to provide a controlled environment for when such attacks occur. Typically, you configure these systems to appear real.
CAST algorithm
______________ is a substitution-permutation algorithm similar to DES... but it is public
boot record infectors
_______________ enables the virus to take control and execute before the computer can load most protective controls.
Ownership
_________________: grant the entity the legal right to use or transfer a resource to others.
computer virus
____________________ is an executable program that attaches itself to, or infects, other executable programs and then replicates to infect other programs
direct attacks, real time
_____________________ might be unstructured, could be a script kiddie using hacker tools to uncover vulnerabilities or conduct random exploits. Could also be structured and professional... The key characteristic they happen in _________
Master Boot Record infectors
______________________ moves or destroys the original Master Boot Record of a boot device, replacing it with viral code, after which it can gain control from the bootstrap program and perform its hostile mission.
wireless
________________________ security tools encrypt data to protect them in transit and to limit access to authorized people.
Diffie-Hellman Ephemeral (DHE), Elliptic Curve DHE
___________________________ uses modular arithmetic to generate keys, and ______________________ (ECDHE) uses algebraic curves to generate keys.
denial of service attack
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources
checksum
a data transmission control that uses a hash of a file to verify accuracy
digital signature
a means of electronically signing a document with data that cannot be forged
spear phishing
a phishing expedition in which the emails are carefully designed to target a particular person or organization
cookie
a small text file that a web server stores on your computer
ransomware
a type of malicious software designed to block access to a computer system until a sum of money is paid.
companion virus
a virus that creates a new program that runs in place of an expected program of the same name
AES
advanced encryption standard, a symmetric 128-bit block data encryption technique. Suggested for unclassified government docs, but not a standard for the U.S> government
vulnerability-assessment scanners, penetration-testing tools, forensic software, log analyzers
assessment and auditing tools include __________, ___________, ___________, and ___________
money, fame, beliefs, anger, cyberwarfare
attacker motivations:
theoretically
breaking a quantum cryptography cipher is ____________ impossible
is not
checksum ____________ (is/is not) practical for detecting malicious changes in data.
application, OS, network infrastructure defenses
critical defense zones:
plaintext, key, algorithm, math
cryptoanalysis objectives: 1. derive the ________ of the target message. 2. determine the ______ used to encrypt a target message 3. determine the ________ used in a particular algorithm. 4. Solve the general ______ problem underlying the cryptography.
hashes, checksums
cryptography can enforce integrity with ___________ or ________________, which are one-way calculations of information that yield a result that is usually much smaller than the original message and is difficult to duplicate.
multipartite virus
designed to infect multiple file types in an effort to fool the antivirus software that is looking for it
certificate authority
digital signatures verify a person's identity or that person's association with a message and requires a _________________ (CA) that can vouch for the validity of a credential.
line encryption, database security, VPNs, PKI, and crypto accelerators
encryption tools include:
ANSI x9.17
for financial institutions based on hierarchy of keys: - data keys (DKs) to encrypt data (session) - key keys (KKs) to encrypt data keys (master)
Denial of availability, data modification, data export (exfiltration), launch point
four main purposed of an attack
indirect
internet worms or viruses are preprogrammed and generally execute an _________ attack.
encryption
is the process of scrambling plaintext into cyphertext
Privacy/confidentiality, entity authentication/identification, message authentication, signature authorization, validation, access control, certification, timestamping, witnessing, receipt, confirmation, ownership, anonymity, nonrepudiation, revocation
list the information security objectives (15 total)
Privacy/confidentiality, entity authentication/identification, message authentication, signature authorization, access control, certification, timestamping, witnessing, ownership, anonymity, nonrepudiation
list the information security objectives that are enabled through cryptography (encryption) [12 total]
Remote Access Tool (RAT)
malicious program that provides remote command and control, a trojan
keystroke loggers
monitor and record keystrokes and can be software or hardware devices
Caesar, key word mixed alphabet, vernam
name the three main substitute ciphers
botnets
networks of computers that have been appropriated by hackers without the knowledge of their owners
substitution ciphers
one letter is used for another. In English, "e" and "t" are the most frequently occurring letters. You figure out where they are. Break this cipher with frequency analysis.
defense in depth
practice of layering defenses into zones to increase the overall protection level and provide more reaction time to respond to incidents
rootkit
program that hides in a computer and allows someone from a remote location to take full control of the computer
security management, configuration, patch testing
security management products include tools for enterprise ___________, ___________, and _________
application
snmp tools are ____________ layers protocols
spyware
software that enables a user to obtain covert information about another's computer activities by transmitting data covertly from their hard drive.
malware
software that is intended to damage or disable computers and computer systems.
asymmetric algorithms
symmetric encryption algorithms are almost always faster than _____________________ that have similar security guarantees.
exponential
the Rivest-Shamir-Adelman (RSA) is a _____________ cipher
obfuscation
the action of making something obscure, unclear, or unintelligible
LUHN, ANSI x4.13
the algorithm for validating a credit card number is called the __________ formula based on ______________
steganography
the art and science of hiding information by embedding messages within other, seemingly harmless messages
Cryptography
the art of protecting information by transforming it into an unreadable format, called cipher text
digital computer
the birth of the ________________ made complex ciphers feasible
symmetric key cryptography
the sender and receiver use the same key for encryption and decryption
cryptanalysis
the study and practice of finding weaknesses in ciphers
system infectors, file infectors, data infectors
three primary types of viruses:
spam
unwanted e-mail (usually of a commercial nature sent out in bulk)
cryptographic key
used by an algorithm to transform plaintext into ciphertext or ciphertext into plaintext
public key cryptography
uses two keys: A public key the sender uses to create encrypted messages, and a mathematically related private key that the receiver can use to decrypt messages encrypted by that public key. meaning people do not have to wait for out-of-band keys in an envelope.
file infectors
viruses that attack and modify executable programs
plaintext or key, find the key
you can break ciphers in two ways: 1. analyzing the ciphertext to find the ___________. 2. analyzing the ciphertext and its associated plaintext to _____________.