Security+ Cryptography
Symmetric cryptography
uses a single key for both encryption and decryption of the same data.
RSA
Asymmetric RSA uses this is public-key cryptography system, where you have a public key and a private key to be able to encrypt information, decrypt that data, and even digitally sign information. This is based on an idea on finding the product of two extremely large, prime numbers. Uses a minimum of 1024-bit keys. Also 2048 & 4096-bit keys.
Blowfish
Blowfish was created in 1993 by Bruce Schneier, a very well-renowned security expert. It's a 64-bit block cipher, and it can have a variable length key, anywhere from 1 bit up to 448 bits.
key stretching
But you can make a weak key stronger by performing multiple processes to the same key. For instance, you could take and hash a password, and then you can hash the hash of that password, and then hash the hash of the hash of that password and so on. This is called key stretching, or key strengthening
Data Encryption Standard
DES and Triple DES, and you'll occasionally see Triple DES abbreviated as 3DES. This stands for the Data Encryption Standard. This became part of what they called the FIPS standard, or the Federal Information Processing Standards.
DES
DES was a 64-bit block cipher that used a 56-bit key, and that's a very important part of this. DES is a very, very small key to be able to use this.
Diffie-Hellman key exchange
Diffie-Hellman key exchange. This is the idea of being able to send keys across the network, but still be ensured that nobody's going to be able to use those keys to decrypt your private information. one important consideration here is this was really designed to transfer keys across the network. It's not, by itself, a method of encrypting or authenticating people's communications over the network. This is something that simply allows us to send keys from one end to the other and still protect that key and the method that's going to be used for encrypting data using those keys.
Ephemeral Diffie-Hellman
Ephemeral Diffie-Hellman, which means those keys will only be used for a short period of time. You'll commonly see that written as EDH or DHE, and it's combined with the elliptic curve cryptography to be able to do the encryption
HMAC
Hash-based Message Authentication Code, or HMAC, is one where you take a secret key and you combine it with the hashing process so that on the other side, you can apply the same key to it and see if the person who sent it really was the person you were expecting. commonly seen, actually, in IPsec. It's commonly seen in TLS, which is the big brother now, the new version of SSL. And it's a simple process to simply add this key to a very standard set of paddings and implement that within the message to create the hash
PBKDF2
PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or HMAC to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.
PGP/GPG
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications
RIPEMD
RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of cryptographic hash functions developed in Leuven, Belgium, by Hans Dobbertin, Antoon Bosselaers and Bart Preneel at the COSIC research group at the Katholieke Universiteit Leuven, and first published in 1996.
SHA-1
SHA-1: A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
SHA-2
SHA-2: A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words. There are also truncated versions of each standard, known as SHA-224, SHA-384, SHA-512/224 and SHA-512/256. These were also designed by the NSA.
Common Elements within a certificate
Serial number, Issuer, Validity dates, Subject, Public key, and usage.
Advanced Encryption Standard
The Advanced Encryption Standard or AES is a symmetric block cipher used by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data.
MD5
The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number. MD5 has been utilized in a wide variety of cryptographic applications, and is also commonly used to verify data integrity.
Secure Hash Algorithm
The Secure Hash Algorithm is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS)
TOTP
Time-based One-time Password Algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It has been adopted as Internet Engineering Task Force standard RFC 6238,[1] is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two factor authentication systems.
Triple DES
Triple DES takes that same idea of DES and really does the same encryption three times, and in each case, you could be using three different keys every time. You could be using one key on the first pass, a different key on the second pass, and then, back to the first key on the third pass.
Twofish
Twofish came after Blowfish. It is the successor to Blowfish. It uses a 128-bit block size, and it can have key sizes up to 256 bits.
block cipher
block cipher. As the name implies, a block cipher is taking a fixed group of information and encrypting that fixed block all at one time. And usually, these blocks are 64 bits long. They're 128 bits long. They're a size that is predetermined so that you're able to keep it the same when you're scripting and decrypting.
stream cipher
stream cipher. And just as the block cipher was only used was symmetric encryption, stream ciphers are only used with symmetric encryption. The encryption is done, instead of entire blocks at a time, in a stream, it's done one bit or one byte at a time. It's all being done as the data is streaming by.
Asymmetric encryption
uses two keys: One to encrypt and one to decrypt. Requires a PKI to issues certificates.