Security+ Cryptography

SHA

Secure Hash Algorithm is another hashing algorithm. 224, 256, 384, 512 bits.

S/MINE

Secure/Multipurpose Internet Mail Extensions (S/MIME) is one of the most popular standards used to digitally sign and encrypt email

Non-repudiation

prevents a party from denying an action

Digital Signature

A digital signature is an encrypted hash of a message. The sender's private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender's public key. If successful, it provides authentication, non-repudiation, and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.

DES

Data Encryption Standard-is a symmetric block cipher that was widely used for many years, dating back to the 1970s. It encrypts data in 64-bit blocks.

Diffie-Hellman

Diffie-Hellman is a secure method of sharing symmetric encryption keys over a public network. ECDHE is a version of Diffie-Hellman that uses elliptic curve cryptography to generate encryption keys.

ECC

Elliptic Curve Cryptography is commonly used with small wireless devices because it doesn't take much processing power to achieve the desired security.

HMAC

Hash based message authentication code is a fixed length string of bits similar to other hashing such as MD5 and SHA-1. Uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.

HMAC-MD5

Hasing-Authenticity creates 128-bit hashes

HMAC-SHA1

Hasing-Authenticity creates 160-bit hashes

Md5

Hasing-Integrity creates 128-bit hashes

SHA-1

Hasing-Integrity creates 160-bit hashes

SHA-2

Hasing-Integrity creates 224,256,384, or 512-bit hashes

Blowfish

It encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits. Bruce Schneier (a widely respected voice in IT security) designed Blowfish as a general-purpose algorithm to replace DES.

LANMAN

LAN Manager-is a very old authentication protocol used to provide backward compatibility to Windows 95, 98, and ME clients. LANMAN has significant weaknesses with how it stores the password.

MD5

Message Digest 5 is a common hashing algorithm that produces a 128-bit has. Displayed as 32 hexadecimal characters and use numbers 0-9 and letters a-f.

NTLM

NT LAN Manager- as an improvement over LANMAN. NTLMv1 uses an MD4 hash of the user's password, and for backward compatibility it also uses the LANMAN hash if the password is 14 characters or less. Both LANMAN and MD4 are considered compromised, resulting in known vulnerabilities with NTLMv1 today. NTLMv2 uses a completely different process and uses the more secure MD5 algorithm.

PBKDF2

Password-Based Key Derivation Function 2

RIPEMD

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) is another hash function. Different versions create different size hashes. RIPEMD-160 creates 160-bit, fixed-size hashes. Other versions create hash sizes of 128 bits, 256 bits, and 320 bits.

RSA

RSA is widely used to protect data such as email and other data transmitted over the Internet. It uses both a public key and a private key in a matched pair.

Symmetric encryption

Symmetric encryption uses the same key to encrypt and decrypt data. For example, when transmitting encrypted data, symmetric encryption algorithms use the same key to encrypt and decrypt data at both ends of the transmission media. RADIUS uses symmetric encryption.

AES

The Advanced Encryption Standard is a strong symmetric block cipher that encrypts data in 128-bit blocks. AES uses 128-bit, 192-bit, or 256-bit keys.

RC4

The most commonly used version is RC4 (also called ARC4), which is a symmetric stream cipher and it can use between 40 and 2,048 bits.

Email encryption

The recipient's public key encrypts. The recipients private key decrypts.

Web site encryption

The web site's public key encrypts (a symmetric key) The web site's private key decrypts ( a symmetric key) The symmetric key encrypts data in the web site session.

3DES

Triple Data Encryption Standard- it encrypts data using the DES algorithm in three separate passes and uses multiple keys. 3DES uses key sizes of 56 bits, 112 bits, or 168 bits.

Twofish

Twofish is related to Blowfish, but it encrypts data in 128-bit blocks and it supports 128-, 192-, or 256-bit keys. It was one of the finalist algorithms evaluated by NIST for AES.

Static Asymmetric keys

are semipermanent and stay the same over a long period of time

Block ciphers

encrypt data in blocks such as 64-bit or 128-bit blocks

Stream ciphers

encrypt data one bit at a time.

Ephermal Asymmetric keys

have short lifetimes and are recreated for each session.

Digital Signatures

provide authentication, non-repudiation, and integrity. The senders private key encrypts or signs The senders public key decrypts

Asymmetric encryption

uses two keys (public and private) created as a matched pair.

Authentication

validates an identity

Hasing

verifies integrity for data such as email, downloaded files, and files stored on a disk. A hash is a number created with a hashing algorithm, and is sometimes listed as a checksum.