1
Q
Cryptopgraphy
A
- Practice and study of writing and solving codes to hide the true meaning of the information
2
Q
Encryption
A
- Process of converting ordinary information (plaintext) into unintelligible form (cipher text)
3
Q
A cipher is an __________ that performs the encryption or decrption
A
- Algorithm
4
Q
Encryption strength comes from the __________, not the algorithm
A
- Key
EXAMPLE: ROT 13 cipher isn’t powerful because we’re rotating text or numbers, but the fact we’re doing it 13 times
5
Q
Encryption key
A
- Essential piece of information that determines the output of a cipher
- The length of a key is proportional to the level of security it provides (Longer = better)
6
Q
What is a good practice for keeping cryptographic keys effective?
A
- Regularly changing them
EXAMPLE: Many companies will update they key lengths annually
7
Q
What is the main difference between Symmetric and Asymmetric Encryption?
A
- Symmetric uses a single key to both encrypt, and decrypt data
- Asymmetric uses two different keys; One to encrypt the data and the other to decrypt that data
8
Q
Symmetric Algorithm (Private Key)
A
- Encryption algorithm in which both the sender and the receiver must know the same shared secret using a privately held key
9
Q
What are two issues with symmetric keys?
A
- Discovering who used the key to gather specific information
- Distributing more keys to more users which could create vulnerabilities
10
Q
Asymmetric Algorithm (Public Key)
A
- Encryption algorithm where different keys are used to encrypt and decrypt the data
11
Q
Stream cipher
A
- Utilizes a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext
12
Q
Block cipher
A
- Breaks the input into fixed-length blocks of data and performs the encryption on each block
- Typically of 64, 128, or 256 bits rather than one bit at a time
13
Q
Data Encryption Standard (DES)
A
- Symmetric data encryption
- Algorithm that breaks the input into 64-bit blocks and uses transposition and substitution to create cipher text using an effective key strength of only 56-bits
14
Q
Triple DES (3DES)
A
- Symmetric data encryption
- Encryption algorithm which uses three separate symmetric keys to encrypt, decrypt, then encrypt the plaintext into cipher text in order to increase the strength of DES
15
Q
International Data Encryption Algorithm (IDEA)
A
- Symmetric data encryption
- Symmetric block cipher, which uses 64-bit blocks to encrypt plaintext into cipher text
16
Q
Advanced Encryption Standard (AES)
A
- Symmetric data encryption
- Most commonly used, and strongest
- Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into cipher text
17
Q
Blowfish
A
- Symmetric data encryption
- Symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt plaintext into cipher text
18
Q
Twofish
A
- Symmetric data encryption
- Symmetric block cipher that provides the ability to use 128-bit blocks in its encryption algorithm and uses 128-bit, 192-bit, or 256-bit encryption keys
19
Q
RC Cipher Suite
A
- Symmetric data encryption
- Symmetric block cipher created by Ron Rivest, a cryptographer who’s created six algorithms under the name RC… This stands for the Rivest Cipher
20
Q
Rivest Cipher (RC4)
A
- Symmetric data encryption
- Symmetric stream cipher using a variable key size from 40-bits to 2048-bits that is used in SSL and WEP
21
Q
Rivest Cipher (RC5)
A
- Symmetric data encryption
- Symmetric block cipher that uses key sizes up to 2048-bits
22
Q
Rivest Cipher (RC6)
A
- Symmetric data encryption
- Symmetric block cipher that was introduced as a replacement for DES but AES was chosen instead
23
Q
Digital Signature
A
- A hash digest of a message encrypted with the sender’s private key to let the recipient know the document was created and sent by the person claiming to have sent it
24
Q
Diffie-Hellman (DH)
A
- Asymmetric
- Used to conduct key exchanges and secure key distribution over an unsecure network
- Used commonly for key exchange inside of creating a VPN tunnel establishment as part of IPSec
25
RSA (Rivest, Shamir, and Adleman)
- Asymmetric
- Algorithm that relies on the mathematical difficulty of factoring large prime numbers
26
Elliptic Curve Cryptography (ECC)
- Asymmetric
- Heavily used in mobile devices and it's based on the algebraic structure of elliptical curves over finite fields to define its keys
27
Elliptic Curve Diffie-Hellman (ECDH)
- ECC version of the popular Diffie-Hellman key exchange protocol
28
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
- Uses a different key for each portion of the key establishment process inside the Diffie-Hellamn key exchange
29
Elliptic Curve Digital Signature Algorithm (ECDSA)
- Used as a public key encryption algorithm by the US Government in their digital signatures
30
Hashing
- One-way cryptographic function that takes an input and produces a unique message digest as its output
- Unique thing about a has digest is that they are always the same length
31
MD5
- Most popular and widely used hashing algorithm
- Creates a 128-bit hash value unique to the input file
- Can be susceptible to duplicates
32
SHA-1
- Hashing algorithm
- Creates a 160-bit hash digest, which significantly reduces the number of collisions that occur
33
SHA-2
- Hashing algorithm
- Family of hash functions that contain longer hash digests
34
SHA-3
- Hashing algorithm
- Newer family of hash functions, and its hash digest can go between 224 bits and 512 bits
35
RIPEMD (RACE Integrity Primitive Evaluation Message Digest)
- Hashing algorithm
- Comes in 160-bit, 256-bit, and 320-bit versions
36
HMAC (Hash-based Message Authentication Code)
- Hashing algorithm
- Used to check the integrity of a message and provides some level of assurance that its authenticity is real
37
Pass the hash attack
- Hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a user's password instead of requiring the associated plaintext password
38
Birthday Attack
- Hashing attack
- Occurs when an attacker is able to send two different messages through a hash algorithm and it results in the same identical hash digest, referred to as a collision
- Based on Birthday paradox - In a random group of people, the chances are you are going to have two people in that group that have the same birthday
39
Key stretching
- Technique used to mitigate a weaker key by increasing the time needed to crack it
40
Salting
- Adding random data into a one-way cryptographic hash to help protect against password cracking techniques
41
Rainbow tables
- Precomputed tables for reversing cryptographic hash functions
42
Nonce
- Stands for "Number used once"
- A unique, often randomly used number that is added to password-based authentication process
43
Public Key Infrastructure (PKI)
- An entire system of hardware, software, policies, procedures, and people that is based on asymmetric encryption
- HTTPS is part of this
44
Trusted Platform Module (TPM)
- Dedicated microcontroller designed to secure hardware through integrated cryptographic keys
- Used in bitlocker from Windows
45
Hardware Security Module (HSM)
- Physical device that safeguards and manages digital keys, primarily used for mission-critical situation like financial transactions
- Everything completed within a tamper resistant device
46
Key Management System (KMS)
- Integrated approach for generating, distributing, and managing cryptographic keys for devices and applications
47
Secure Enclave
- Co-processor integrated into the main processor of some devices, designed with the sole purpose of ensuring data protection
- Keeping data separate from main processor makes sure it is secure, even if the main device gets compromised
- This was used with Apple face ID
Comptia Security+ Flashcards
flashcards
Decks in class (14)
# Cards
