BOOK Chapter 19 Cryptography

does DES three times with three different keys

3DES

file encryption software for Windows used for secure file transfer, batch file encryption, and encrypted backups.

Advanced Encryption Package 2017

symmetric-key algorithm: both encryption and decryption are performed using the same key. It is an iterated block cipher that works by repeating the defined steps multiple times. It has a 128-bit block size, with key sizes of 128, 192, and 256 bits, respectively, for 128, 192, and 256

Advanced Encryption Standard (AES)

involves both a public key and a private key. The public key is publicly available, but the sender keeps the private key as a secret

Asymmetric encryption

simplifies the encoding and decoding of text data. It compresses, encrypts, and converts plain text data to text format, which the user can then copy to the clipboard or save as a text file

BCTextEncoder

name used to refer to a class of brute-force attacks against cryptographic hashes that makes the brute forcing easier. The birthday attack depends on this paradox. This paradox is the probability that two or more people in a group of 23 share the same birthday is greater than 1⁄2.

Birthday Attack

data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers

BitLockerDrive Encryption

type of symmetric block cipher algorithm, designed to replace DES or IDEA algorithms. It uses a same secret key to encrypt and decrypt data. This algorithm splits the data into a block length of 64-bit size and produces a key ranging from length 32 bits to 448 bits

Blowfish

trusted entities that issue digital certificates. The digital certificate certifies the possession of the public key by the subject (user, company, or system) specified in the certificate

Certification Authorities (CA)

authentication mechanism used by Point to Point protocol (PPP) servers in order to authenticate or validate the identity of remote clients or network hosts

Challenge-Handshake Authentication Protocol (CHAP)

algorithm (a series of well-defined steps) for performing encryption and decryption.

Cipher

offers a range of PKI digital certificates with strong SSL encryption available 128/256 with SGC (Server-Gated Cryptography). It ensures standards of confidentiality, system reliability, and pertinent business practices as independent audits

Comodo

develops e-learning programs in the area of cryptography and cryptanalysis. It consists of e-learning software (CT1, CT2, JCT, and CTO)

CrypTool

study of ciphers, cipher text, or cryptosystems with the ability to identify vulnerabilities in them that allows to extract plaintext cryptographic key or algorithm used to encrypt the plaintext is unknown

Cryptanalysis

practice of concealing information by converting plain text (readable format) into cipher text (unreadable format) using a key or encryption scheme

Cryptography

cryptographic vulnerability that allows attackers to obtain encryption keys used to secure VPNs and web sessions

DUHK (Dont use hard coded keys) Attack

standard for data encryption that uses a secret key for both encryption and decryption (symmetric cryptosystem). This uses a 64-bit secret key of which 56 bits are generated randomly and other 8 bits help in error detection

Data Encryption Standard (DES)

application that provides a range of encryption and decryption tools

Decrypto

A cryptographic protocol that allows two parties to establish a shared key over an insecure channel

Diffie-Hellman

uses asymmetric cryptography to simulate the security properties of a signature in digital, rather than written form. This is a cryptographic means of authentication

Digital Signature

Federal Information Processing Standard for digital signatures. The NIST proposed the this for use in the Digital Signature Standard (DSS), adopted as FIPS 186. This helps in the generation and verification of digital signatures for sensitive and unclassified applications. It creates a 320-bit digital signature but with 512-1024 bit security.

Digital Signature Algorithm (DSA)

technology, which protects the confidentiality of the data stored on disk by converting it into an unreadable code using disk encryption software or hardware, thus preventing unauthorized users from accessing it

Disk Encryption

Challenge-Handshake Authentication Protocol (CHAP)

Extensible Authentication Protocol (EAP)

study of the frequency of letters or groups of letters in a ciphertext

Frequency Analysis

offer a complete range of certificates that comply with CA/Browser Forum guidelines

GoDaddy

statutory obligation of individuals and organizations to disclose their cryptographic keys to government agencies

Government Access to Keys (GAK)

allows users to calculate MD5, SHA1 or CRC32 checksum of files.

Hash Calculator

performed by finding two different input messages that result into same hash output

Hash Collision Attack

utility helps to calculate a hash from a given text or from a file stored on the device. In this application, the available hash functions are: Adler-32, CRC-32, Haval-128, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, SHA-256, SHA-384, SHA-512, Tiger and Whirlpool. It allows copying the calculated hash to the clipboard to reuse it elsewhere.

Hash Droid

type of message authentication code (MAC) that uses a cryptographic key along with a cryptographic hash function. It is widely used to verify the integrity of the data and authentication of a message. This algorithm includes an embedded hash function such as SHA-1 or MD5

Hash based message authentication code (HMAC)

small utility that allows to calculate the MD5 and SHA1 hashes of one or more files in the system

HashMyFiles

trusted third party that provides certification authority services for many sectors like banks, corporate, government, and healthcare

IdenTrust

open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. It supports authentication and encryption with both symmetric and asymmetric keys

Keyczar

Android is used to generate the MD5 hash of a string in security.

MD5 Hash Calculator

uses space-time trade-off; it is a birthday attack, because it exploits the mathematics behind the birthday paradox. It takes less time than an exhaustive attack. It is called a meet-in-the-middle attack, because it works by encrypting from one end and decrypting from the other end.

Meet In The Middle Attack

used in digital signature applications to compress document securely before the system signs it with a private key. The algorithms can be of variable length, but the resulting message digest is always 128 bits

Message Digest Function (MD5)

generates and checks file integrity by secure time-proven algorithms like MD5, SHA-1 and SHA-256. One can create checksums (the digital fingerprints) of files and verify their integrity in the future using this online tool

OnlineMD5

open source cryptography toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols and related cryptography standards required by them

OpenSSL

protocol used to encrypt and decrypt data that provides authentication and cryptographic privacy. It is often used for data compression, digital signing, encryption and decryption of messages, emails, files, directories, and to enhance privacy of email communications

Pretty Good Privacy (PGP)

security architecture developed to increase the confidentiality of information exchanged over the insecure Internet. It includes hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke digital certificates

Public Key Infrastructure (PKI)

type of cryptography attack where an attacker uses a rainbow table for reversing cryptographic hash functions. This attack uses the cryptanalytic time-memory trade-off technique, which requires less time than some other techniques. It uses already-calculated information stored in memory to crack the cryptography. In this attack, the attacker creates a table of all the possible passwords and their respective hash values, known as a rainbow table, in advance

Rainbow Table attack

public-key cryptosystem for Internet encryption and authentication.

Rivest Shamir Adleman (RSA)

simple, safe and easy to use notepad application that puts security first. Your notes are password protected using industry standard 256-bit AES encryption

SealNote Secure Encrypted Note

integrated solution of password manager, message (text) encryption, and file encryption

Secret Space Encryptor

generates a cryptographically secure one-way hash

Secure Hash Algorithm (SHA)

application layer protocol developed by Netscape for managing the security of a message transmission on the Internet

Secure Sockets Layer (SSL)

identity certificate signed by the same entity whose identity it certifies

Self-Signed Certificates

attacker monitors these channels (environmental factors) and tries to acquire the information useful for cryptanalysis. Environmental factor like sounds and amount of light coming from the system and timing

Side Channel Attack

These certificates contain a public key and the identity of the owner. The corresponding private key is not made publicly available, instead kept as secret by the authorized user. By issuing the certificate, the CA confirms or validates that the public key contained in the certificate belongs to the person, company, server, or other entity mentioned in the certificateq

Signed Certificates

provides solutions that allow companies and consumers to engage in communications and commerce online with confidence

Symantec

provides organizations with complete, transparent drive encryption for all data (user files, swap files, system files, hidden files, etc.) on laptops, desktops, and removable media

Symantec Drive Encryption

requires that both the sender and the receiver of the message possess the same encryption key

Symmetric encryption

RC4, RC5, RC6

Symmetric encryption algorithms

protocol used to establish a secure connection between a client and a server and ensure privacy and integrity of information during transmission.

Transport Layer Security (TLS)

128-bit block cipher. It is one of the most conceptually simple algorithm that uses a single key for both encryption and decryption for any length up to 256 bits

Twofish

software for establishing and maintaining an on-the-fly-encrypted volume (data storage device). On-the-fly encryption means that data is automatically encrypted right before it is saved and decrypted right after it is loaded, without any user intervention

VeraCrypt