CompTIA Security+ Sy0-601: Cryptography Basics (Mike Meyers)

Ace your homework & exams now with Quizwiz!

What is TPM (Trusted Platform Module)?

It is a chip built into a computer's motherboard and is used during Full Disk Encryption (FDE)

Describe hashing

Used for integrity, one-way function that outputs a fixed length result. The value is determine by the data input. Involved in password storage and encryption

What is Web of Trust?

Uses a network of mutually-trusting peers. Not commonly used

What is a digital signature?

Verifies that the person who sent the public key legitimately owns the private key.

What is a collision and what hash types are prone to it?

When two different pieces of data output the same hash value. SHA1 and MD5 are prone to this

Describe the Blowfish block cipher algorithm. Hint: Block size, number of rounds, and key size

The symmetric algorithm has a 64 bit block size, encrypts in 16 rounds and has a key size of 32-448 bits

Describe the RC4 streaming cipher algorithm. Hint: Block size, number of rounds, and key size

The symmetric-key algorithm encrypts 1 bit at a time, in one round using a key size of 40-2048 bits

What is a root certificate?

A certificate that is at the top of the hierarchy

Describe PKI (Public key infrastructure)

A hierarchical structure consisting of root Certificate Authorities (root CAs) at the top. Root CAs generate certificates and are typically offline for security reasons. Intermediate CAs are used to take the load off of CAs. There are also Certificate Authorities (CAs) or registration authorities (RAs) that identify and authenticate individuals registering the certificate

What is a private key?

A key that is used for decryption. Should be protected

What is a public key?

A key that is used for encryption. This key can be given to anyone. Without its paired key the data can not be decrypted

What is X.509?

A method to query systems that store certificates and includes that standards for constructing digital certificates

What is a HSM (Hardware Security Module)?

A removable device that can be attached to a server or server via USB connection. It is used to store encryption keys and can act as a key escrow (can hold the private key for third parties)

What is the PKCS (Public Key Cryptography Standards)?

A standard which gives details on certificate construction and use

What is an ephemeral key?

A temporary key, thus providing perfect forward secrecy

What is Elliptic-curve cryptography (ECC)?

An asymmetric algorithm that can create a smaller key than RSA while providing the same security with increased performance. It is widely used today

What is certificate chaining?

It shows the trust from the CA down to the Intermediary to the certificate itself

What is a symmetric block algorithm and what are some examples?

An algorithm that encrypts data in chunks. These algorithms include DES, 3DES , Blowfish and the currently used AES

What is a streaming symmetric-key algorithm and what is the most used streaming symmetric cipher?

An algorithm that encrypts data one bit at a time. The most used is RC4

Asymmetric Encryption

An encryption method in which there are two keys in use, the public key and the private key. Very secure but is very slow. Typically used in exchanging session keys

Symmetric Encryption

An encryption method where there is only one key in use for both encryption and decryption. This method can encrypt large amounts of data quickly but is less secure

Describe the 3DES (Triple Data Encryption Standard) block cipher algorithm. Hint: Block size, number of rounds, and key size

The symmetric-key algorithm has a 64 bit block size, encrypts in 16 rounds and has a key size of 168 bits

Describe the DES (Data Encryption Standard) block cipher algorithm. Hint: Block size, number of rounds, and key size

The symmetric-key algorithm has a 64 bit block size, encrypts in 16 rounds and has a key size of 56 bits

What do salting and keystretching do?

Both techniques provide password obfuscation in which the password is appended with a random string before it is hashed, defending against rainbow table attacks

Data at rest

Data stored physically on a hard drive

Data in processing

Data that is actively stored in RAM and being accessed by a program

Data in transit

Data that is moving through cables / wireless transmission

What is a brute force attack?

In this attack, the attacker tries different character combinations until the password is cracked. Generally takes a good amount of time

What is a dictionary attack?

In this attack, the attacker tries every word in a wordlist (think dictionary) until a password match is found

What is a rainbow table?

In this attack, the attacker uses a table of passwords and their precomputed hashes to find a match

What is an offline attack?

In this attack, the attacker will usually move the information from the target system and copy it into their attacker system and to go through their attack. Think: An attacker finds a list of users and the password hashes, copies it from the target machine and moves it to their attacker machine to carry out cracking the password

What occurs in CBC mode?

In this block cipher mode an Initialization Vector is used

What occurs in CFB mode?

In this block cipher mode each previous of ciphertext is encrypted and fed into the algorithm to encrypt the next block

What occurs in ECB mode?

In this block cipher mode the same plaintext always results in the same ciphertext, it is considered insecure

What is a digital certificate?

Includes verification from a trusted third party to authenticate the owner of the digital signature. Think of it like the owner's public key + the owner's digital signature + the third party's digital signature

What are the different hash types?

MD5 (128 bit hash), SHA1 (16o bit has), SHA-265, SHA-512, and RIPEMD (128,160,256, 320 bit digest)

Describe the Diffie-Hellman key exchange.

The idea is to be able to exchange cryptographic keys in a secret manner so that only the two participants will know the keys when the exchange is complete. The keys are derived based on shared knowledge. It is an asymmetric algorithm

What is an email certificate?

This certificate allows the user to send encrypted emails between them and another user.

What is a Wildcard Certificate?

This certificate can be used for the domain and an unspecified amount subdomains. This type of certificate should not be used as attackers can make a subdomain of their own. Think: *.securityplus.training

What is a Subject Alternative Name (SAN) certificate?

This certificate can be used for the domain and the SPECIFIED subdomains chosen by the user

What is a user certificate?

This certificate ensures authenticity of a user in a system

What is a computer / machine / hardware certificate?

This certificate ensures that machines or device drivers can be trusted as legitimate and not tampered with. Think of digitally signed device drivers.

What is a code-signing certificate?

This certificate ensures that software can be trusted (usually verified by a big third party company like Microsoft) and is proof that it has not been tampered with. Essentially digitally signs the software

What is a self-signed certificate?

This certificate is one that is signed by the entity that registered for the certificate. This type of certificate is typically used in an internal network and should not be trusted outside of one

What is an Extended Validation (EV) Certificate?

This certificate provides a higher level of trust in identifying an entity, this is typically used on sites dealing with card information.

Describe the P12 certificate format

This file contains the certificate and the chain certificates along with the private key.

Describe the P7B certificate format

This file contains the certificate and the chain certificates but does not contain the private key

Describe the DER (Distinguished Encoding Rules) certificate format

This file puts the digital certificate in a binary format ends with the file extension .CER and is the oldest format

Describe the where the expiration date of a certificate is usually found and where it is usually published.

This information is found on the certificate itself and is also included on the CA's Certificate Revocation List (CRL)

Describe AES ( Advance Encryption Standard) block cipher algorithm. Hint: Block size, number of rounds, and key size

This symmetric-key algorithm is currently the strongest block cipher algorithm. The algorithm has a 128 bit block size, encrypts in 10,12, or 14 rounds depending on the key size and has a key size of 128, 192 or 256 bits

What is a Domain Validation (DV) Certificate?

This type of certificate proves ownership to a domain name, it is a standard X.509 certificate


Related study sets

Chapter 28 scrotal and penile sonography

View Set

CHAPTER 10 LESSON 2: FAT-SOLUBLE VITAMINS

View Set

Thomas Edison - Presentation Cards

View Set

Foundation of Business - Ch1 Quiz

View Set

The Nucleus: Crash Course Chemistry #1

View Set

STRENGTH TRAINING AND WEIGHT CONTROL

View Set