Chapter 8 Cryptography

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

CBC

(For example, DES, AES, Blowfish, GOST, and others) divide the plain text into blocks (often 64-bit or 128-bit) and encrypt each block, one at a time - when one block is finished encrypting, before the second block is started, the output of the first block is XOR'd with the plain text of the next block. - This causes two interesting improvements to the cipher: 1. it introduces even more diffusion. 2. it makes known plain-text attacks totally ineffective.

Two methods of key stretching

- BCRYPT -PBKDF2

common standards that use symmetric algorithms:

- Data Encryption Standard (DES) - Triple-DES (3DES) - Advance Encryption Standard (AES)

Symmetric cipher modes

- ECB (electronic code book) - CBC (cipher block chaining) - CTR/CTM (Counter mode) - GCM (Galois Counter Mode)

Two basic types X.509:

- End-Entity Certificate - CA Certificate

One-Time Pads are secure for two reasons:

- First, they use a key that is as long as a plain-text message. This means that there is no pattern in the key application for an attacker to use. - Also, one-time pad keys are used only once and then discarded.

AES

- It uses the Rijndael algorithm - is the current product used by U.S. governmental agencies. It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.

Two types of symmetric cipher issues:

- Latency - High resiliency

RC4

- Popular with wireless and WEP/WPA encryption - key sizes between 40 and 2,048 bits - used in SSL and TLS - popular for downloading BitTorrent files

programs available on the Web for doing steganography are:

- QuickStego - Invisible Secrets

Two types of ciphering methods or non mathematical cryptography:

- Substitution - Transposition

Modern cryptography is divided into three major areas:

- Symmetric cryptography - Asymmetric cryptography - Hashing algorithms

Atbash Cipher

- another ancient substitution cipher - Hebrew scribes copying the book of Jeremiah used this substitution cipher

Elliptic Curve Cryptography (ECC)

- are based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems - Is popular in smaller devices like smartphones - Less computing power

There are two primary approaches to key exchange:

- in-band key exchange - out-of-band key exchange.

3DES

- is a technological upgrade of DES - considerably harder to break than many other systems, and it's more secure than DES. It increases the key length to 168 bits (using three 56-bit DES keys).

GOST (gosudarstvennyy)

- it uses a 64-bit block and a key of 256 bits. It is a 32-round Feistel cipher

DES

- primary standard used in government and industry until it was replaced by AES. It's based on a 56-bit key, and it has several modes that offer security and integrity. - It is now considered insecure because of the small key size.

Twofish

- works on 128-bit blocks - has a complex key schedule

The five main considerations in implementing a cryptography system are as follows:

1. Confidentiality 2. Integrity 3. Authentication 4. Nonrepudiation 5. Access controls

three primary times when data might be encrypted:

1. Data at rest 2. Data in transit 3. Data in use

Three characteristics of a hash function:

1. It must be one-way: This means that it is not reversible. Once you hash something, you cannot unhash it. 2. Variable-length input produces fixed-length output: This means that whether you hash two characters or two million, the hash size is the same 3. The algorithm must have few or no collisions: This means that hashing two different inputs does not give the same output.

major reason for implementing a cryptographic system:

1. involves providing assurance that a message wasn't modified during transmission. 2. to ensure the confidentiality of the information being used.

AES (symmetric algorithm) uses key sizes of:

128, 192, or 256 bits

How many PKCS standards are there

15

RIPEMD-160 uses how many bits

160

RSA (an asymmetric algorithm) uses keys of a minimum length of:

2,048 bits

What does EAP use with IEEE standard for port-based network access control

802.1x

MAC (Message Authentication Code)

A MAC is calculated by using a symmetric cipher in cipher block chaining mode (CBC) with only the final block being produced. Essentially, the output of the CBC is being used like the output of a hashing algorithm.

Using weak implementations with cryptography

A classic example, which we will review later in this lesson, is Wireless Equivalent Privacy (WEP), which uses RC4, a good algorithm. But it was implemented improperly, making it weak.

RFC (Request for Comments)

A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.

Bcrypt

A key-derivation function based on the Blowfish cipher algorithm.

CRL (Certificate Revocation List)

A list of certificates that are no longer valid. - New replacement: OCSP (Online Certificate Status Protocol)

Key Registration

A process of providing certificates to users, and a registration authority (RA) typically handles this function when the load must be lifted from a certificate authority (CA).

self-signed certificate

A public-key certificate that was signed using the public key it contains itself. This means that although it can be used to transmit your public key, it won't be trusted by browsers

PKCS (Public Key Cryptography Standards)

A set of voluntary standards governing encryption

Your company has implemented email encryption throughout the enterprise. You are concerned that someone might lose their cryptographic key. You want to implement some mechanism for storing copies of keys and recovering them. What should you implement? A. Key escrow B. Key archival C. Key renewal D. Certificate rollover

A. A key escrow should be used.

What is the primary organization for maintaining certificates called? A. CA B. RA C. LRA D. CRL

A. This is a certificate authority.

Which of the following does not apply to a hashing algorithm? A. One-way B. Long key size C. Variable-length input with fixed-length output D. Collision resistance

A. long key sizes are not applicable to hashing algorithms.

As the head of IT for MTS, you're explaining some security concerns to a junior administrator who has just been hired. You're trying to emphasize the need to know what is important and what isn't. Which of the following is not a consideration in key storage? A. Environmental controls B. Physical security C. Hardened servers D. Administrative controls

A. Environmental controls would be the least important issue.

MAC is an acronym for what as it relates to cryptography? A. Media access control B. Mandatory access control C. Message authentication code D. Multiple advisory committees

A. Message Authentication Code

Which organization can be used to identify an individual for certificate issue in a PKI environment? A. RA B. LRA C. PKE D. SHA

A. RA

You are responsible for e-commerce security at your company. You want to use the most widely implemented asymmetric algorithm available today. Which of the following is the most widely used asymmetric algorithm today? A. RSA B. AES C. 3DES D. SHA

A. RSA

Mercury Technical Solutions has been using SSL in a business-to-business environment for a number of years. Despite the fact that there have been no compromises in security, the new IT manager wants to use stronger security than SSL can offer. Which of the following protocols is similar to SSL but offers the ability to use additional security protocols? A. TLS B. SSH C. RSH D. X.509

A. TLS is a replacement for SSL

Which of the following is similar to Blowfish but works on 128-bit blocks? A. Twofish B. IDEA C. CCITT D. AES

A. Twofish

During a training session, you want to impress upon users the serious nature of security and, in particular, cryptography. To accomplish this, you want to give them as much of an overview about the topic as possible. Which government agency should you mention is primarily responsible for establishing government standards involving cryptography for general-purpose government use? A. NSA B. NIST C. IEEE D. ITU

A. NSA The National Security Administration is responsible for cryptography in the U.S.government, even though those standards by then become NIST standards.

key recovery agent

An entity that has the ability to recover a key, key components, or plaintext messages as needed. -This is an excellent place to implement separation of duties so that no one person can independently access the key escrow account.

Cryptographic algorithms that use two different keys—one key to encrypt and another to decrypt. Also called public key cryptography.

Asymmetric algorithm

You've been brought in as a security consultant for a small bicycle manufacturing firm. Immediately, you notice that they're using a centralized key-generating process, and you make a note to dissuade them from that without delay. What problem is created by using a centralized key-generating process? A. Network security B. Key transmission C. Certificate revocation D. Private key security

B. Key transmission is a concern.

What document describes how a CA issues certificates and for what they are used? A. Revocation authority B. CRL C. Certificate policies D. Certificate practices

C. Certificate policies

Due to a breach, a certificate must be permanently revoked, and you don't want it to ever be used again. What is often used to revoke a certificate? A. CRA B. CYA C. CRL D. PKI

C. A Certificate Revocation List should be used.

You need to encrypt your hard drive. Which of the following is the best choice? A. DES B. RSA C. AES D. SHA

C. For a hard drive, you want a symmetric cipher and AES is more secure than DES.

You're a member of a consortium wanting to create a new standard that will effectively end all spam. After years of meeting, the group has finally come across a solution and now wants to propose it. The process of proposing a new standard or method on the Internet is referred to by which acronym? A. WBS B. X.509 C. RFC D. IEEE

C. RFC

Kristin from Payroll has left the office on maternity leave and won't return for at least six weeks. You've been instructed to suspend her key. Which of the following statements is true? A. In order to be used, suspended keys must be revoked. B. Suspended keys don't expire. C. Suspended keys can be reactivated. D. Suspending keys is a bad practice.

C. Suspended keys can be reactivated.

The system involves simply shifting all letters to a certain number of spaces in the alphabet. - One of the oldest substitution ciphers

Caesar Cipher

Rail Fence Cipher

Ciphers that write message letters out diagonally over a number of rows then read off cipher row by row.

Confidentiality

Confidentiality may be intended to prevent the unauthorized disclosure of information in a local network or to prevent the unauthorized disclosure of information across a network.

John is concerned about message integrity. He wants to ensure that message integrity cannot be compromised no matter what the threat. What would best help him accomplish this goal? A. SHA2 B. MD5 C. AES D. MAC

D. A message authentication code will reveal any tampering, accidental or intentional.

Mary claims that she didn't make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide? A. Integrity B. Confidentiality C. Authentication D. Nonrepudiation

D. Nonrepudiation

The CRL takes time to be fully disseminated. Which protocol allows a certificate's authenticity to be immediately verified? A. CA B. CP C. CRC D. OCSP

D. Online Certificate Status Protocol is done in real-time.

Your IT manager has stated that you need to select an appropriate tool for email encryption. Which of the following would be the best choice? A. MD5 B. IPSEC C. TLS D. PGP

D. PGP is an excellent choice for email security.

X.509 standard

Defines specific items that must be part of any certificate for use on the Internet.

If you are asked about an algorithm for exchanging keys over an insecure medium, unless its IPsec, the answer is always

Diffie-Hellman

steganography is also referred to as:

Electronic Watermarking

The official designation is GOST.....

GOST 28147-89. It was meant as an alternative to the U.S. DES algorithm and has some similarities to DES.

An alternative to the freeware PGP is

GPG (GNU Privacy Guard)

Human error is one of the major causes of encryption vulnerabilities. An example would be

If an email is sent using an encryption scheme, someone else may send it in the clear (unencrypted). If a cryptanalyst gets ahold of both messages, the process of decoding future messages will be considerably simplified. A code key might wind up in the wrong hands, giving insights into what the key consists of.

LSB (Least Significant Bit)

If you changed the very last bit, then that would not make a noticeable change in the image

SAN (Subject Alternative Name)

It allows you to specify additional items (IP addresses, domain names, and so on) to be protected by this single certificate.

Implementation vs. Algorithm selection

It is concerned about proper implementation when it comes to cryptographic modules and cryptographic providers. - For example, you should ask about their key generation and key storage methods with providers. Other issues include time and power consumption. A cryptographic module that is slow might not be useful for commercial solutions.

Vigenère cipher

It is used a keyword to look up the cipher text in a table.

IDEA (International Data Encryption Algorithm)

It's an algorithm that uses a 128-bit key. This product is similar in sped and capability to DES, but its more secure - used in Pretty Good Privacy (PGP) - A public domain used by email.

Password cracking online and offline

Offline methods can use more resources and take as long as needed. Online methods have to be executed quite quickly.

RA (Registration Authority)

Offloads some of the work from a CA. - can be a intermediary in the process: it can distribute keys, accept registrations for the CA, and validate identifies. - RAs do not issue certificates; that's the responsibility remains with the CA

Online vs Offline CA

Online certificates are always connected and always accessible. Offline is usually for a root certificate authority that has been isolated from network access.

PBKDF2 (Password-Based Key Derivation Function 2)

Part of RSA (PKCS #5 v2.0). Helps make keys stronger. Key Stretching Algorithm

Asymmetric algorithms use two keys to encrypt and decrypt data. These asymmetric keys are referred to as:

Public key and Private Key

How RCs are there and which is the strongest

RC3, RC4, RC5. - RC5 being the strongest with a key size up to 2,048 bits.

Four popular asymmetric used today

RSA, Diffie-Hellman, Elliptic Curve Cryptography, & ElGamal

key stretching

Refers to processes used to take a key that might be a bit weak and make it stronger, usually by making it longer.

RC stands for

Ron's Cipher or Ron's Code

The core of the Enigma machines were:

Rotors

The standard for SHA

SHA-3

A countermeasure for rainbow tables is

Salt

DER

The DER extension is used for binary DER-encoded certificates. These files may also bear the CER or the CRT extension.

High resiliency with cipher issues

The concern is various rather advanced attacks that can "leak" a portion of the secret key, such as with side-channel attacks.

Strength

The effectiveness of a cryptographic system in preventing unauthorized decryption - Referred to as work factor

Feistel ciphers

The process is to split the block of plain text into two halves.

data in transit

The second is when data is being transmitted from point A to point B

Cryptanalysis

The study of how to break cryptographic algorithms

P7B

These are base 64 encoded ASCII files. They actually include several variations: P7b, P7C, etc

Domain Validation

These are used to secure communication with a specific domain. This is a low-cost certificate that website administrators use to provide TLS for a given domain.

Rotors

These were disks arranged in a cycle with 26 letters on them

CER

This is an alternate form of .crt (Microsoft Convention). You can use Microsoft crypto API to convert .crt to .cer (both DER-encoded .cer, or base64 [PEM]-encoded .cer). The .cer file extension is also recognized by IE as a command to run an MS cryptoAPI command (specifically rundll32.exe cryptext.dll, CryptExtOpenCER).

Birthday Attack

This is an attack on cryptographic hashes, based on something called the birthday theorem. The basic idea is this: How many people would you need to have in a room to have a strong likelihood that two would have the same birthday (month and day, but not year)?

brute force attack

This method simply involves trying every possible key.

GCM

This mode uses a hash function of a binary Galois field to provide encryption that is authenticated

PEAP (Protected Extensible Authentication Protocol)

This protocol encrypts the authentication process with an authenticated TLS tunnel.

EAP-TTLS (Extensible Authentication Protocol-Tunneled Transport Layer Security)

This protocol extends TLS. It was first supported natively in Windows with Windows 8.

EAP-TLS

This protocol utilizes TLS in order to secure the authentication process. - Most implementations of EAP-TLS utilize X.509 digital certificates to authenticate the users.

EAP-FAST (EAP Flexible Authentication via Secure Tunneling)

This protocol was proposed by Cisco as a replacement for the original EAP. EAP-FAST establishes a TLS tunnel for authentication, but it does so using a Protected Access Credential (PAC).

P12

This refers to the use of PKCS#12 standard

a message is broken into blocks of equal size, and each block is then scrambled. What is this referring to

Transposition cipher

Machine/Computer Certificate

Used to authenticate a machine/computer into an Active Directory (AD) environment.

User Certificate

Used to authenticate a user into an AD environment. Similar to machine certificate.

Frequency Analysis Attack

Uses general frequency of certain letters in english language to gauge what is most likely the key

An example of a One-time pad:

Vernam cipher - the concept behind a one-time pad is that the plain text is somehow altered by a random string of data so that the resulting ciphertext is truly random

Replay Attack

When a user sends their login information, even if it is encrypted, the attacker captures it and later sends the same information.

known plaintext attack

When an attacker has both a known plaintext and the ciphertext, they can sometimes derive the key itself.

cipher suite

a combination of methods, such as an authentication, encryption, and message authentication code (MAC) algorithms used together

cipher

a method used to scramble or obfuscate characters to hide their value.

Rainbow Table

a series of tables; each has all the possible two-letter, three-letter, four-letter, and so forth combinations and the hash of that combination, using a known hashing algorithm like SHA-2.

Enterprise mode

a server handles distribution of cryptographic keys and/or digital certificates.

cryptographic systems

a system, method, or process that is used to provide encryption and decryption.

Enigma Machine

a typewriter that implemented a multi-alphabet substitution cipher. When each key was hit, a different substitution alphabet was used. - Used in World War I

RIPEMD (RACE Integrity Primitives Evaluation Message Digest)

algorithm was based on MD4.

802.1x

allows you to secure a port so that only authenticated users can connect to it. - IEEE standard for port-based network access control

One-Time Pads

are the only truly completely secure cryptographic implementations.

root certificate

are used for root authorities. These are usually self-signed by that authority.

four main types of trust models that are used with PKI are

bridge, hierarchical, hybrid, and mesh

How can integrity be accomplished with cryptographic systems

by adding information such as redundant data that can be used as checked suing a hashing algorithm

wildcard certificate

can be used more widely, usually with multiple subdomains of a given domain. So rather than have a different X.509 certificate for each subdomain, you would use a wildcard certificate for all subdomains.

TPM (Trusted Platform Module)

can be used to assist with cryptographic key generation. - it is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. - an Hardware-Based Encryption device

MD (Message Digest Algorithm)

creates a hash value and uses a one-way hash. The hash value is used to help maintain integrity

NSA (National Security Agency) is responsible for

creating codes, breaking codes, and coding systems for the U.S. government.

Public key and Private key do for asymmetric algorithms to:

encrypt a message, and the receiver uses the private key to decrypt the message

Work Factor

estimated time resources to break a cryptosystem

NIST (National Institute of Standards and Technology)

has become involved in cryptography standards, systems, and technology in a variety of areas. - publishes information about known vulnerabilities in operating systems and applications.

dictionary attack

involves attempting common words (such as words in a dictionary) that might be used as a password, hoping one will work.

Transposition Cipher

involves transposing or scrambling the letters in a certain manner.

RADIUS Federation (authentication protocols)

is a federation that is using RADIUS to authenticate between the various entities within the federation. - operates at layer 7 of the OSI model.

EAP (Extensible Authentication Protocol)

is a framework frequently used in wireless networks and point-to-point connections

PGP (Pretty Good Privacy)

is a freeware email encryption system - Uses both symmetrical and asymmetrical systems as part of its process.

BitLocker

is a full disk encryption feature that can encrypt an entire volume with 128-bit encryption

Pinning

is a method designed to mitigate the use of fraudulent certificates.

Stapling

is a method used with OCSP, which allows a web server to provide information on the validity of its own certificate rather than needing to go to the certificate vendor.

Forward secrecy

is a property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised

TLS (Transport Layer Security)

is a security protocol that expands on SSL. - Think of TLS as an updated version of SSL. TLS is based on SSL, and it is intended to supersede it.

substitution cipher

is a type of coding or ciphering system that changes one character or symbol into another.

IEEE (Institute of Electrical and Electronics Engineers)

is actively involved in the development of PKC, wireless, and networking protocol standards.

HSM (Hardware Security Module)

is also a cryptoprocessor that can be used to enhance security. - it is commonly used with PKI systems to augment security with CAs.

LEAP (Lightweight Extensible Authentication Protocol)

is an EAP version that uses TKIP (Temporal Key Integrity Protocol) and dynamic WEP (Wired Equivalent Privacy) keys for authentication and confidentiality

PFX

is an archive file for PKCS#12 standard certificate information.

Blowfish

is an encryption system invented by a team led by Bruce Schneier that performs a 64-bit block cipher at very fast speeds - keys are from (32-448 bits)

(NSA/CSS) National Security Agency/Central Security Service

is an independently functioning part of the NSA. It was created in the early 1970s to help standardize and support Department of Defense (DoD) activities.

IETF (Internet Engineering Task Force)

is an international community of computer professionals that includes network engineers, vendors, administrators, and researchers.

CA (Certificate Authority)

is an organization that is responsible for issuing, revoking, and distributing certificates.

PKI (Public Key Infrastructure)

is intended to offer a means of providing security to messages and transactions on a grand scale.

RSA

is named after Ron Rivest, Adi Shamir, & Leonard Adleman. - is an early public key encryption system that uses large integers as the basic for the process. - Works with both encryption and digital signatures - Used in environments like Secure Sockets Layer(SSL) and can be used for key exchange

certificate

is nothing more than a mechanism that associates the public key with an individual. It contains a great deal of information about the user.

Trust model

is simply a model of how different certificate authorities trust each other and consequently how their clients will trust certificates from other certificate authorities

Downgrade Attack

is sometimes used against secure communications such as TLS in an attempt to get the user to shift to less secure modes. The idea is to trick the user into shifting to a less secure version of the protocol, one that might be easier to break.

Latency with cipher issues

is the difference between the time you input plain text and the time get out cipher text -Low latency is a goal of any cipher

MD5

is the newest version of the algorithm. It produces a 128-bit hash, but the algorithm is more complex than its predecessors and offers greater security.

Steganography

is the process of hiding a message in a medium such as digital image, audio file, or other file. -In theory, doing this prevents analysts from detecting the real message. You could encode your message in another file or message and use that file to hide your message.

Ciphering

is the process of using a cipher to do that type of scrambling to a message

Cryptography

is the science of altering information so that it cannot be decoded without a key

PKIX (Public Key Infrastructure X.509)

is the working group formed by the IETF to develop standards and models for the PKI environment.

CTR/CTM

is used to convert a block cipher into a stream cipher

SSL (Secure Sockets Layer)

is used to establish a secure communication connection between two TCP-based machines. This protocol uses the handshake method of establishing a session.

Diffie-Hellman key exchange

is used to primarily generate a shared secret key across public networks - Key agreement

end-entity certificate

issued by a CA to an end entity; an end entity is a system that doesn't issue certificates but merely uses them

CA Certificate

issued by one CA to another CA; the second CA can, in turn, then issue certificates to an end entity

MD5 biggest weakness is

it does not have strong collision resistance, and thus it is no longer recommended for use. SHA (1 or 2) are the recommended alternatives.

Diffusion

means that a change in a single bit of input changes more than one bit of the output.

Out-Band Key Exchange (Symmetric)

means that some other channel, other than the one that is going to be secured, is used to exchange the key

In-band key exchange

means that the key is exchanged within the same communications channel that is going to be encrypted.

ECB

means to use the algorithm without any modification at all. You implement the algorithm exactly as it is designed.

Perfect forward secrecy

occurs when this process is unbreakable

Collision hashing

occurs when two different inputs to a hashing algorithm produce the same output.

Nonrepudiation

prevents one party from denying actions that they carried out

GOST

processes a variable-length message into a fixed length output of 256 bits

Salt

refers to the addition of bits at key locations, either before or after the hash. So if you type in the password letmein, bits are added by the operating system before it is hashed

certificate chaining

refers to the fact that certificates are handled by a chain of trust. You purchase a digital certificate from a certificate authority (CA), so you trust that CA's certificate. In turn, that CA trusts a root certificate.

Symmetric Algorithms

require both the sender and receiver of an encrypted message to have the same key and processing algorithms

Extended Validation Certificate

require more validation of the certificate holder; thus, they provide more security

data in use

should data be encrypted when it is actually being used?

digital signature

similar in function to a standard signature on a document. It validates the integrity of the message and the sender.

symmetric key

sometimes referred to as a private key, is a key that isn't disclosed to people who aren't authorized to use the encryption system.

One of the first steps in getting a certificate is

submit certificate-signing request (CSR)

Block Cipher

the algorithm works on chunks of data, encrypting one and then moving to the next.

Chosen Plain Text

the attacker obtains the cipher texts corresponding to a set of plain texts of their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt other messages encrypted with that key.

PSK (pre-shared key)

the client and the wireless access point must negotiate and share a key prior to initiating communications.

Confusion

the concept that the relationship between the plain text, cipher text, and key are very difficult to see.

Stream Cipher

the data is encrypted one bit, or byte, at a time.

key escrow

the process of storing a copy of an encryption key in a secure location

Authentication

the process of verifying that the sender is who they say they are.

In cryptology, one of the key principles is called Kerckhoffs' principle. Kerckhoffs' principle states that

the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself. - This literally means that the algorithm can be public for all to examine, and the process will still be secure as long as you keep the specific key secret.

CSR

this request will have the public key that you wish to use and your fully distinguished name (often a domain name).

Security through obscurity

this that something is not particularly secure, just that the details are hidden and you hope that no attacker finds them - very back approach to security

PEM

used for different types of X.509v3 files that contain ASCII (Base64) armored data prefixed with a -- BEGIN ... line.

Email Certificate

used for securing email. Secure Multipurpose Internet Mail Extensions (S/MIME) uses X.509 certificates to secure email communications.

CAST

uses a 40-bit to 128-bit key, and it's very fast and efficient.

HMAC (Hash-Based Message Authentication Code)

uses a hashing algorithm along with a symmetric key. Thus, for example, two parties agree to use an MD5 hash.

ElGamal

uses an ephemeral key which is a key that exists only for that session; used for transmitting digital signatures and key exchanges that is not used again

SHA (Secure Hash Algorithm)

was designed to ensure the integrity of a message. SHA is a one-way hash that provides a hash value that can be used with an encryption protocol - Produces 160-bit has value - Originally named Keccak

Data at rest

when the data is simply stored—for example, on a hard drive.


Set pelajaran terkait

SECURITY + INTRUSION DETECTION AND PREVENTION 6.8

View Set

Management and Organizational Behavior

View Set

Brain, Spinal Cord, and Nervous Review

View Set

Introduction to Federal Fair Housing Laws

View Set

Chapter 4: Calcium & Power Stroke

View Set

CSC 121: People in Computing Quiz

View Set

chromosomal abnormalities PRACTICE QUIZ

View Set