1
Q
MD5
A
MD5
- Hashing algorithm
- 128-bit hash
- Cracked
- Used to verify integrity of files
2
Q
SHA
-Types
A
SHA
Secure Hash Algorithm
-Integrity
-SHA-1: 160-bit hash
-SHA-2: 256 bit most popular, up to 512-bit hash
-SHA-3: same sizes as SHA-2 (up to 512-bit hash). Non-NSA
3
Q
HMAC
- What is it
- What does it provide
- What uses it
A
HMAC Hash-Based Message Authentication Code -Integrity and authenticity -Combine hash plus secret key (ic, HMAC-MD5,HMAC-SHA1) -Integrity and authenticity -IPSec and TLS use
4
Q
RIPEMD
A
RIPEMP
- Family of hashing functions
- For integrity
- RIPEMPD-128 (not secure)
- RIPEMD-160: 160-bit hash
- RIPEMD-256
- RIPEMD-320
5
Q
Key Stretching
- What is it
- What can it prevent
- Specific techniques
A
Key Stretching
- Make a weak key stronger
- Add salt with additional random bits
- Repeatedly hashing
- Can thwart brute force and rainbow table attacks
- bcrypt and PBKDF2 are key-stretching techniques
6
Q
bcrypt
- What is it
- What does it do
- What does it result in
- Where is it used
A
bcrypt
- Key-stretching technique for passwords
- Salts, then encrypts with Blowfish
- Can repeat multiple times
- Result is 60 character string
- Used in linux
7
Q
PBKDF2
- What is it
- What does it do
- What does it result in
- Where is it used
A
PDKDF2 Password Based Key Derivation Function 2 -Key-stretching technique for passwords -Salts of at least 64 bits -Hash with HMAC -May repeat a million times -Results in 128, 256, 512 bit hash -Used in WPA2, iOS, Cisco -May be weaker than bcrypt
8
Q
ECB
A
ECB Electronic Code Book -A cypher mode -Simplest encryption mode -Each block encrypted with same key (same plaintext block creates same ciphertext) -Deprecated
9
Q
CBC
A
CBC Cipher Block Chaining -A cypher mode -Each plaintext block XOR'ed with previous ciphertext block -Initialization vector for first block -Adds randomization
10
Q
CTR
A
CTR
- Counter Mode
- A cypher mode
- Converts block cypher into stream cypher
- Combines IV with counter so every block gets different encryption key
- Encrypts successive values of counter
- Widely used and respected
11
Q
GCM
-What uses it?
A
GCM Galois/Counter Mode -A cypher mode -Encryption with authentication -Counter mode plus Galois authentication -Commonly used with in packetized data (wireless, IPSec, SSH, TLS)
12
Q
Elliptic Curve Cryptography (ECC)
- What is it
- What is it used for
A
Elliptic Curve Cryptography (ECC)
- Asymmetric encryption algorithm
- Encryption, digital signatures, pseudo-random generators
- Less processing power, good for wireless devices
- Deprecated
13
Q
Stream Cipher
A
Stream Cipher
- Used with symmetric encryption (not asymmetric)
- One bit or byte at a time
- High speed, low hardware complexity
- Starting state should never be the same - combine key with IV
14
Q
Block Cipher
A
Block Cipher
- Symmetric encryption
- Encrypt fixed-length groups
15
Q
Digital Signature
- What does it provide
- Which keys are used by sender and receiver
- Steps to send/receive digital signature
A
Digital Signature
- Integrity
- Authentication
- Non-repudiation
- Sender uses sender’s private key
- Recipient uses sender’s public key
Steps
- Sender creates hash of message
- Sender encrypts hash with sender’s private key
- Sender sends encrypted has and plaintext
- Recipient decrypts hash with sender’s public key
- Recipient hashes plaintext and compares to decrypted hash
16
Q
PFS
A
PFS
Prefect Forward Secrecy
-Ephemeral keys (good for one session)
-Elliptic Curve or Diffie-Hellman ephemeral
17
Q
AES
- What is it
- What uses it
- Is it good
A
AES Advanced Encryption Standard -Symmetric encryption algorithm -128-bit block cipher -128, 192, 256-bit keys -Used in WPA2 -Strong, fast, efficient
18
Q
DES
- What is it
- What uses it
- Is it good
A
DES Data Encryption Standard -Symmetric encryption algorithm -64-bit block cypher -56-bit key (small) -Nothing today uses -Not good. Easily brute forced
19
Q
3DES
- What is it
- What uses it
- Is it good
A
3DES Triple DES -Symmetric encryption algorithm -DES encryption three times with three different keys -Nothing today uses -Not good anymore -Superseded by AES
20
Q
RC4
- What is it
- What uses it
- Is it good
A
RC4 Rivest Cipher 4 -Symmetric encryption algorithm -Symmetric stream cipher -Was used in WEP and SSL -Cracked; Not used anymore
21
Q
Blowfish
- What is it
- What uses it
- Is it good
- Block size
- Key size
A
Blowfish
- Symmetric encryption algorithm
- 64-bit block cipher
- Key up to 448 bits
- Open source: Not limited by patents
- No way to break 16 rounds of encryption
- Faster than AES due to smaller block size
- strong
22
Q
Twofish
- What is it
- What uses it
- Is it good
- Block size
- Key size
A
Twofish
- Symmetric block encryption algorithm
- Successor to Blowfish
- 128-bit block size
- Key up to 256 bits
- Open source: not limited by pattents
23
Q
Diffie-Hellman
A
Diffie-Hellman
- Key exchange method for asymmetric keys
- Does not encrypt or authenticate
- Privately share symmetric key
- RSA uses for static keys
- Used for Perfect Forward Secrecy (PFS)
- Ephemeral DH (EDH or DHE)
- Combine with Elliptical Curve (ECDHE)
24
Q
RSA
A
RSA
- Asymmetric encryption with public/private key
- Static keys
- Public domain
- Encrypt email: recipient’s public key encrypts symmetric key; recipient’s private key decrypts
25
DSA
```
DSA
Digital Signature Algorithm
-Asymmetric encryption
-Modifies Diffie-Hellman
-Can combine with Elliptical Curve (ECDSA)
-Fast and efficient digital signatures
```
26
S/MIME
| -What does it use (two things)?
S/MIME
Secure Email
-RSA for asymmetric encryption
-AES for symmetric encryption
27
CSR
CSR
| Certificate Signing Request
28
CRL
CRL
| Certificate Revocation List
29
Certificate Stapling
Certificate Stapling
- Haver certificate holder verify their own certificate's status so client doesn't have to ask
- Appends signed OCSP status to certificate
30
Public Key Pinning
Public Key Pinning
| -Web server sends list of public key hashes that clients can use to validate certificates
31
PGP
PGP
Pretty Good Privacy
-Asymmetric encryption
32
CER
```
CER
Canonical Encoding Rules
-Format for PKI certificates
-ASCII
-P7B is common format used to share public keys
```
33
DER
```
DER
Distinguished Encoding Rules
-Format for PKI certificates
-Base64 binary encoded
-P12 is common format used to hold encrypted private keys
```
34
OCSP
OCSP
Online Certificate Status Protocol
-Alternative to CRL
-Client queries CA for status in real-time
-stapling makes it so clients don't have to keep querying CA
35
ECDSA
ECDSA
| Elliptical Curve Digital Signature Algorithm
36
IDEA
IDEA
International Data Encryption Algorithm
-Broken
-symmetric-key block cipher
Security+
flashcards
Decks in class (20)
# Cards
-
Tools & Random Stuff13
-
Protocols12
-
Protocols & Ports (Memorize)27
-
Network Devices21
-
Securing Your Network7
-
Wireless Protocols (Memorize)11
-
Wireless Attacks10
-
VPN7
-
Securing Hosts & Data19
-
Threats, Vulnerabilities, Common Attacks7
-
Advanced Attacks25
-
Risk Management Tools34
-
Controls To Protect Assets18
-
Cryptography36
-
Test Questions38
-
Ports Only (Quick Study)20
-
Ports (Reversed)21
-
Wireless Protocols (Quick Study)0
-
Identity And Access Services14
-
EAP6
