Cryptography
- Cryptography - Secure Hash Algorithm
(SHA) A one-way hash algorithm designed to ensure the integrity of a message.
- Cryptography - Birthday Attack(Cryptanalysis Methods)
Statistical probabilities of a collision are more likely than one thinks (367 people...)
- Cryptography - certificate revocation list (CRL)
A repository that lists revoked digital certificates.
- Cryptography - HSM (hardware security module)
A software or appliance stand-alone used to enhance security and commonly used with PKI systems.
- Cryptography - salt
Bits added to a hash to make it resistant to rainbow table attacks.
- Cryptography - Advanced Encryption Standard (AES)
replaced DES as the current standard, and it uses the Rijndael algorithm. AES was developed by Joan Daemen and Vincent Rijmen. AES is the current product used by U.S. governmental agencies. It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
- Cryptography - rainbow table
A table of precomputed hashes used to guess passwords by searching for the hash of a password.
- Cryptography - BitLocker
A Windows feature that encrypts an entire drive - full disk encryption. 128-bit encryption.
- Cryptography - trusted platform module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
- Cryptography - cryptographic hash
A function that is one-way (nonreversible), has a fixed length output, and is collision resistant.
- Cryptography - key recovery agent
A highly trusted person responsible for recovering lost or damaged digital certificates. This is an excellent place to implement separation of duties so that no one person can independently access the key escrow account.
- Cryptography - Pretty Good Privacy (PGP)
A method of encrypting and decrypting e-mail messages. It can also be used to encrypt a digital signature. PGP uses both symmetrical and asymmetrical systems as a part of its process; it is this serial combination of processes that makes it so competent.
- Cryptography - Key registration
A process of providing certificates to users, and a registration authority (RA) typically handles this function when the load must be lifted from a certificate authority (CA).
- Cryptography - Transport Layer Security (TLS)
A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet.
- Cryptography - Secure Sockets Layer (SSL)
A protocol for managing the security of message transmissions on the Internet. (TCP based machines)
- Cryptography - PRNG
A pseudo-random number generator is an algorithm used to generate a number that is sufficiently random for cryptographic purposes.
- Cryptography - Know the principles of a symmetric algorithm
A symmetric algorithm requires that receivers of the message use the same private key. Symmetric algorithms can be extremely secure. This method is widely implemented in governmental applications.
- Cryptography - Key stretching
A technique that strengthens potentially weak cryptographic keys, such as passwords or passphrases created by people, against brute force attacks.
- Cryptography - Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement? A. Key escrow B. Key archival C. Key renewal D. Certificate rollover
A. A key escrow should be used.
- Cryptography - As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage? A. Environmental controls B. Physical security C. Hardened servers D. Administrative controls
A. Environmental controls would be the least important issue
- Cryptography - You are responsible for e-commerce security at your company. You want to use the most widely implemented asymmetric algorithm available today. Which of the following is the most widely used asymmetric algorithm today? A. RSA B. AES C. 3DES D. SHA
A. RSA is the most widely used asymmetric cipher today, though ECC is quickly becoming more widely used.
- Cryptography - Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols? A. TLS B. SSH C. RSH D. X.509
A. TLS is the replacement for SSL.
- Cryptography - During a training session, you want to impress upon users the serious nature of security and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use? A. NSA B. NIST C. IEEE D. ITU
A. The National Security Administration is responsible for cryptography in the U.S. government, even though those standards by then become NIST standards.
- Cryptography - Which organization can be used to identify an individual for certificate issue in a PKI environment? A. RA B. LRA C. PKE D. SHA
A. The Registration Authority identifies an individual for issuing a certificate by a Certificate Authority.
- Cryptography - What document describes how a CA issues certificates and for what they are used? A. Certificate policies B. Certificate practices C. Revocation authority D. CRL
A. The certificate policy describes how a certificate can be used.
- Cryptography - What is the primary organization for maintaining certificates called? A. CA B. RA C. LRA D. CRL
A. This is a certificate authority
- Cryptography - Which of the following is similar to Blowfish but works on 128-bit blocks? A. Twofish B. IDEA C. CCITT D. AES
A. Twofish.
- Cryptography - Online Certificate Status Protocol (OCSP)
An Internet protocol that obtains the revocation status of an X.509 digital certificate.
- Cryptography - Elliptic Curve Cryptography
An algorithm that uses elliptic curves instead of prime numbers to compute keys. There are many variations of Elliptic Curve, including: Elliptic Curve Diffie-Hellman (ECC-DH) Elliptic Curve Digital Signature Algorithm (ECC-DSA)
- Cryptography - downgrade attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
- Cryptography - rainbow table
An attacker uses a table that contains all possible passwords already in a hash format. Popular password cracking tools, such as OphCrack
- Cryptography - Challenge Handshake Authentication Protocol (CHAP)
An authentication protocol that periodically reauthenticates.
- Cryptography - symmetric cipher
Any cryptographic algorithm that uses the same key to encrypt and decrypt. DES, AES, and Blowfish are examples.
- Cryptography - Be able to describe the process of asymmetric algorithms
Asymmetric algorithms use a two-key method of encryption. The message is encrypted using the public key and decrypted using a second key or private key. The key is derived from the same algorithm.
- Cryptography - Asymmetric algorithms: Diffie- Hellman Key agreement. ElGamal Transmitting digital signatures and key exchanges. Elliptic Curve(ECC) An option to RSA that uses less computing power than RSA and is popular in smaller devices like smartphones. RSA The most commonly used public key algorithm, RSA is used for encryption and digital signatures.
Asymmetric algorithms: Diffie- Hellman Key agreement. ElGamal Transmitting digital signatures and key exchanges. Elliptic Curve(ECC) An option to RSA that uses less computing power than RSA and is popular in smaller devices like smartphones. RSA The most commonly used public key algorithm, RSA is used for encryption and digital signatures.
- Cryptography - You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process? A. Network security B. Key transmission C. Certificate revocation D. Private key security
B. Key transmission is a concern
- Cryptography - Which of the following does not apply to a hashing algorithm? A. One-way B. Long key size C. Variable-length input with fixed-length output D. Collision resistance
B. long key sizes are not applicable to hashing algorithms
- Cryptography - Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate? A. CRA B. CYA C. CRL D. PKI
C. A Certificate Revocation List should be used.
- Cryptography - You need to encrypt your hard drive. Which of the following is the best choice? A. DES B. RSA C. AES D. SHA
C. For a hard drive, you want a symmetric cipher and AES is more secure than DES.
- Cryptography - You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym? A. WBS B. X.509 C. RFC D. IEEE
C. The Request for Comment is how you propose a new standard.
- Cryptography - Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true? A. In order to be used, suspended keys must be revoked. B. Suspended keys don't expire. C. Suspended keys can be reactivated. D. Suspending keys is a bad practice.
C. The key will have to be re-activated.
- Cryptography - MAC is an acronym for what as it relates to cryptography? A. Media access control B. Mandatory access control C. Message authentication code D. Multiple advisory committees
C. This is a Message Authentication Code.
- Cryptography - asymmetric cipher
Cryptographic algorithms that use two different keys one key to encrypt and another to decrypt. Also called public key cryptography.
- Cryptography - John is concerned about message integrity. He wants to ensure that message integrity cannot be compromised no matter what the threat. What would best help him accomplish this goal? A. SHA2 B. MD5 C. AES D. MAC
D. A message authentication code will reveal any tampering, accidental or intentional.
- Cryptography - The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified? A. CA B. CP C. CRC D. OCSP
D. Online Certificate Status Protocol is done in real time.
- Cryptography - Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice? A. MD5 B. IPSEC C. TLS D. PGP
D. PGP is an excellent choice for email security.
- Cryptography - Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide? A. Integrity B. Confidentiality C. Authentication D. Nonrepudiation
D. This is nonrepudiation
- Cryptography - LANMAN
Local area network manager. Older authentication protocol used to provide backward compatibility to Windows 9x clients. LANMAN passwords are easily cracked due to how they are stored.
- Cryptography - FYI: Atbash is another ancient substitution cipher. A becomes Z, B becomes Y, C becomes X, and so forth.
FYI: Atbash is another ancient substitution cipher. A becomes Z, B becomes Y, C becomes X, and so forth.
- Cryptography - FYI: One very common substitution cipher is ROT13, and it is also one commonly asked about on the Security+ exam. This simple algorithm rotates every letter 13 places in the alphabet.
FYI: One very common substitution cipher is ROT13, and it is also one commonly asked about on the Security+ exam. This simple algorithm rotates every letter 13 places in the alphabet.
- Cryptography - FYI: Symmetric methods use either a block or stream cipher. with a block cipher, the algorithm works on chunks of data, encrypting one and then moving to the next. With a stream cipher, the data is encrypted one bit, or byte, at a time.
FYI: Symmetric methods use either a block or stream cipher. with a block cipher, the algorithm works on chunks of data, encrypting one and then moving to the next. With a stream cipher, the data is encrypted one bit, or byte, at a time.
- Cryptography - FYI: The Enigma machine was essentially a typewriter that implemented a multi-alphabet substitution cipher. When each key was hit, a different substitution alphabet was used. The Enigma machine used 26 different substitution alphabets. Prior to computers, this was extremely hard to break.
FYI: The Enigma machine was essentially a typewriter that implemented a multi-alphabet substitution cipher. When each key was hit, a different substitution alphabet was used. The Enigma machine used 26 different substitution alphabets. Prior to computers, this was extremely hard to break.
- Cryptography - FYI: The study of cryptographic algorithms is called cryptography. The study of how to break cryptographic algorithms is called cryptanalysis. The two subjects taken together are generally referred to as cryptology. All of these disciplines require a strong mathematics background, particularly in number theory.
FYI: The study of cryptographic algorithms is called cryptography. The study of how to break cryptographic algorithms is called cryptanalysis. The two subjects taken together are generally referred to as cryptology. All of these disciplines require a strong mathematics background, particularly in number theory.
- Cryptography - FYI: When to Encrypt - The first is when the data is simply stored—for example, on a hard drive. This is referred to as data at rest. The second is when data is being transmitted from point A to point B. This is called data in transit. Finally, should data be encrypted when it is actually being used? This is referred to as data in use.
FYI: When to Encrypt - The first is when the data is simply stored—for example, on a hard drive. This is referred to as data at rest. The second is when data is being transmitted from point A to point B. This is called data in transit. Finally, should data be encrypted when it is actually being used? This is referred to as data in use.
- Cryptography - HMAC
Hash-based Message Authentication Code. An HMAC is a fixed length string of bits similar to other hashing algorithms such as MD5 and SHA-1, but it also uses a secret key to add some randomness to the result.
- Cryptography - Be able to describe the process of a hashing algorithm
Hashing algorithms are used to generate a fixed-length value mathematically from a message. The most common hashing standards for cryptographic applications are the SHA and MD algorithms
- Cryptography - Message Digest Algorithm
MD2, MD4, "MD5-128 bit hash value". MD5 does not have strong collision resistance, and thus it is no longer recommended for use. SHA (1 or 2) are the recommended alternatives.
- Cryptography - NOTE: A substitution cipher is a type of coding or ciphering system that changes one character or symbol into another. Substitution ciphers are not adequate for modern uses, and a computer would crack one almost instantly.
NOTE: A substitution cipher is a type of coding or ciphering system that changes one character or symbol into another. Substitution ciphers are not adequate for modern uses, and a computer would crack one almost instantly.
- Cryptography - NOTE: Confidentiality, integrity, and availability are the three most important concepts in security.
NOTE: Confidentiality, integrity, and availability are the three most important concepts in security.
- Cryptography - NOTE: Many people, even many textbooks, tend to use the terms cryptography and cryptology interchangeably.
NOTE: Many people, even many textbooks, tend to use the terms cryptography and cryptology interchangeably.
- Cryptography - NOTE: Steganography can also be used to accomplish electronic watermarking. Mapmakers and artists have used watermarking for years to protect copyrights
NOTE: Steganography can also be used to accomplish electronic watermarking. Mapmakers and artists have used watermarking for years to protect copyrights
- Cryptography - NOTE: Think of TLS as an updated version of SSL. TLS is based on SSL, and it is intended to supersede it.
NOTE: Think of TLS as an updated version of SSL. TLS is based on SSL, and it is intended to supersede it.
- Cryptography - NTLM
New Technology LANMAN. Authentication protocol intended to improve LANMAN. The LANMAN protocol stores passwords using a hash of the password by first dividing the password into two seven-character blocks, and then converting all lowercase letters to uppercase. This makes LANMAN easy to crack. NTLM stores passwords in LANMAN format for backward compatibility, unless the passwords are greater than fifteen characters. NTLMv1 is older and has known vulnerabilities. NTLMv2 is newer and secure.
- Cryptography - Understand the process used in PKI
PKI is an encryption system that uses a variety of technologies to provide confidentiality, integrity, authentication, and nonrepudiation. PKI uses certificates issued from a CA to provide this capability as well as encryption. PKI is being widely implemented in organizations worldwide.
- Cryptography - TIP: A few basic facts to know about symmetric cryptography for the test are that symmetric cryptographic algorithms are always faster than asymmetric, and they can be just as secure with a smaller key size. For example, RSA (an asymmetric algorithm) uses keys of a minimum length of 2,048 bits, whereas AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.
TIP: A few basic facts to know about symmetric cryptography for the test are that symmetric cryptographic algorithms are always faster than asymmetric, and they can be just as secure with a smaller key size. For example, RSA (an asymmetric algorithm) uses keys of a minimum length of 2,048 bits, whereas AES (a symmetric algorithm) uses key sizes of 128, 192, or 256 bits.
- Cryptography - TIP: On the Security+ exam, if you are asked about an algorithm for exchanging keys over an insecure medium, unless the context is IPsec, the answer is always Diffie-Hellman.
TIP: On the Security+ exam, if you are asked about an algorithm for exchanging keys over an insecure medium, unless the context is IPsec, the answer is always Diffie-Hellman.
- Cryptography - Know the primary objectives for using cryptographic systems
The main objectives for these systems are confidentiality, integrity, authentication, and nonrepudiation. Digital signatures can be used to verify the integrity and provide nonrepudiation of a message.
- Cryptography - X.509
The most widely accepted format for digital certificates as defined by the International Telecommunication Union (ITU).
- Cryptography - Known Plain Text (Cryptanalysis Methods)
This attack relies on the attacker having pairs of known plain text along with the corresponding cipher text. This gives the attacker a place to start attempting to derive the key.
- Cryptography - Brute Force (Cryptanalysis Methods)
This method simply involves trying every possible key.
- Cryptography - Protected Extensible Authentication Protocol (PEAP)
This protocol encrypts the authentication process with an authenticated TLS tunnel. PEAP was developed by a consortium including Cisco, Microsoft, and RSA Security. It was first included in Microsoft Windows XP.
- Cryptography - EAP-TTLS (Tunneled Transport Layer Security)
This protocol extends TLS. It was first supported natively in Windows with Windows 8. There are currently two versions of EAP-TTLS: EAP-TTLS v0 and EAP-TTLSv1.
- Cryptography - Extensible Authentication Protocol - Transport Layer Security
This protocol utilizes TLS in order to secure the authentication process. Most implementations of EAP-TLS utilize X.509 digital certificates to authenticate the users.
- Cryptography - EAP - FAST or Flexible Authentication via Secure Tunneling
This protocol was proposed by Cisco as a replacement for the original EAP. EAP-FAST establishes a TLS tunnel for authentication, but it does so using a Protected Access Credential (PAC).
- Cryptography - collision
When two different inputs into a cryptographic hash produce the same output, this is known as a collision.
- Cryptography - Frequency Analysis (Cryptanalysis Methods)
involves looking at the blocks of an encrypted message to determine if any common patterns exist.
- Cryptography - Symmetric algorithms
require both the sender and receiver of an encrypted message to have the same key and processing algorithms. It is referred to as a secret key or private key
- Cryptography - RIPEMD (RACE Integrity Primitives Evaluation Message Digest)
based on MD4
- Cryptography - National Security Agency (NSA)
responsible for creating codes, breaking codes, and coding systems for the U.S. government. The NSA was chartered in 1952. It tries to keep a low profile; for many years, the government didn't publicly acknowledge its existence
- Cryptography - Extensible Authentication Protocol (EAP)
framework frequently used in wireless networks and point-to-point connections.
- Cryptography - Triple-DES Triple-DES (3DES)
is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications
- Cryptography - Bcrypt and PBKDF2
key stretching techniques that help prevent brute force and rainbow table attacks. Both salt the passwords with additional bits.
- Cryptography - Related Key Attack (Cryptanalysis Methods)
like a chosen plain-text attack, except the attacker can obtain cipher texts encrypted under two different keys. This is actually a useful attack if you can obtain the plain text and matching cipher text
- Cryptography - replay attack
makes a copy of the transmission for use at a later time
- Cryptography - Access controls
methods, processes, and mechanisms of preventing unauthorized access systems.
- Cryptography - Nonrepudiation
prevents one party from denying actions that they carried out.
- Cryptography - GOST
processes a variable-length message into a fixed length output of 256 bits
- Cryptography - Salt
refers to the addition of bits at key locations, either before or after the hash.
- Cryptography - Chosen Plain Text (Cryptanalysis Methods)
the attacker obtains the cipher texts corresponding to a set of plain texts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key.
- Cryptography - Steganography
the process of hiding a message in a medium such as a digital image, audio file, or other file.
- Cryptography - Key escrow
the process of storing a copy of an encryption key in a secure location
- Cryptography - Collision
two different inputs to a hashing algorithm produce the same output. Modern hashing algorithms are designed to make this less likely.
- Cryptography - Authentication
verifying the identity of the person or device attempting to access the system
- Cryptography - Lightweight Extensible Authentication protocol (LEAP)
was developed by Cisco and has been used extensively in wireless communications.