security final chapter 10
Secure HTTP (HTTPS)
Browser communications
In PKI, a published list of revoked or terminated digital certificates.
Certificate revocation list
When used as a verb, the transformation of the individual components (characters, bytes, or bits) of an unencrypted message into encrypted components or vice versa; when used as a noun, the process of encryption or the algorithm used in encryption, and a term synonymous with "cryptosystem."
Cipher
How long does it take to crack a 64-bit symmetric key on a single workstation?
Give me a year or so.
What does a sender use to to create a digital signature?
Hash algorithm Sender's private key
Cryptosystems that use asymmetric encryption to exchange session keys, then switch to symmetric encryption using the session keys. Provides the speed of symmetric encryption while getting rid of symmetric encryption's key-exchange problems.
Hybrid cryptography systems
IP Security (IPSec)
IP
What is password hash salting, and how does it defeat rainbow cracking?
In password hash salting, a random piece of data (the salt) is added to the password being hashed
A substitution cipher that incorporates a single alphabet in the encryption process.
Monoalphabetic substitution
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
Network communications
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.
Public key infrastructure
A standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.
Secure Hash Standard (SHS)
A recipient uses the signed message and the hash algorithm to verify a digital signature. What else does the recipient need to verify the signature?
Sender's public key
The mathematical formula or method used to convert an unencrypted message into an encrypted message; sometimes refers to the programs that enable the cryptographic processes.
algorithm
The entire range of values that can be used to construct an individual key.
keyspace
The current federal standard for the encryption of data, as specified by NIST. Based on the Rijndael algorithm. Symmetric cryptosystem with variable block lengths and key lengths of 128, 192, or 256 bits.
Advanced Encryption Standard (AES)
In PKI, a third party that manages users' digital certificates.
Certificate authority (CA)[
In addition to the CA and RA, what other components are included in the typical PKI solution?
Certificate directories Management protocols Policies and procedures
Symmetric cryptosystem with a 64-bit block size and 56-bit key. Adopted by NIST in 1976 as a federal standard for encryption of non-classified information, after which it became widely employed in commercial applications.
Data Encryption Standard (DES)
A hybrid cryptosystem that facilitates exchanging private keys using public-key encryption.
Diffie-Hellman key exchange
The NIST standard for digital signature algorithm usage by federal information systems; based on a variant of the ElGamal signature scheme.
Digital signature standard
Encrypted message components that can be mathematically proven as authentic.
Digital signatures
Privacy-Enhanced Mail (PEM)
Secure/Multipurpose Internet Mail Extensions (S/MIME)
Pretty Good Privacy (PGP)
Email and TCP/IP communications
De facto standard for public-use encryption applications; developed in 1977.
RSA
A cryptographic operation that involves simply rearranging the values within a block based on an established pattern.
Transposition (permutation) cipher
Wi-Fi Protected Access version 2 (WPA2)
WiFi
Wired Equivalent Privacy (WEP)
WiFi (but not really)
Why can rainbow cracking (or time-memory trade-off attacks) be a more efficient method of password cracking?
With a database of precomputed hashes, it's a lot faster to simply compare hashes, find a match, and see which password goes with the hash.
A cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message; either key can be used to encrypt a message, but the other key is required to decrypt it.
asymmetric (public-key) encryption
An encryption method that involves converting plaintext to ciphertext one bit at a time.
bit stream cipher
An encryption method that involves dividing the plaintext into blocks or sets of bits and then converting the plaintext to ciphertext one block at a time.
block cipher
The unintelligible encrypted or encoded message resulting from an encryption.
ciphertext or cryptogram
The process of converting components (words or phrases) of an unencrypted message into encrypted components.
code
Secure Electronic Transactions (SET)
credit card transactions
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.
cryptoanalysis
The process of making and using codes to secure information.
cryptography
The field of science that encompasses cryptography and cryptanalysis.
cryptology
The process of converting an encoded or enciphered message back to its original readable form.
decryption (deciphering)
Public-key container file that allows PKI system components and end users to validate a public key and identify its owner.
digital certificate
The process of converting an original message into a form that cannot be used by unauthorized individuals.
encryption (enciphering)
A function within Boolean algebra used as an encryption function in which two bits are compared; identical bits result in a binary 0 while different bits result in a binary 1.
exclusive or operation (XOR)
Public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value.
hash algorithms
Mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm the message's identity and integrity.
hash functions
A value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated value of the same message.
hash value
The information used in conjunction with the algorithm to create the ciphertext from the plaintext; it can be a series of bits used in an algorithm or the knowledge of how to manipulate the plaintext.
key (cryptovariable)
A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it, re-encrypts the message using different keys, and sends it to the next neighbor. This process continues until the message reaches the final destination.
link encryption
A key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
message authentication code
The process of reversing public-key encryption to verify that a message was sent by the user and thus cannot be refuted.
nonrepudiation
The original unencrypted message that is encrypted and the message that results from successful decryption.
plaintext or cleartext
A substitution cipher that incorporates two or more alphabets in the encryption process.
polyalphabetic substitution
In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.
registration authority
A key that can be used in symmetric encryption both to encipher and decipher the message.
secret key
An encryption method in which one value is substituted for another.
substitution cipher
A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.
symmetric (private key) encryption
Advanced application of DES developed to extend its lifespan as computer hardware caught up with the 56-bit key size of DES.
triple DES (3DES)
An advanced type of substitution cipher that uses a simple polyalphabetic code.
vigenere cipher
The amount of effort (usually expressed in units of time) required to perform cryptanalysis on an encoded message.
work factor