What is a key encapsulation mechanism?
A method of transferring symmetric keys using public-private key infrastructure. The symmetric key is generated by hashing a randomly generated secret. This secret is then encrypted using the receiver’s public key and is sent to them with the ciphertext.
Why are key encapsulation mechanisms needed?
Public-private key encryption algorithms often have limited message sizes.
What are the 2 types of data that need protecting on a device?
Data at rest - Inactive data that is stored physically in any digital form
Data in use - Data being processed by a CPU or loaded in RAM
What is disk based encryption?
When all of the data stored on a disk is encrypted together using a single run of an algorithm using a single key.
What is the main advantage of disk based encryption?
All of the data on the disk is protected, including file system meta data.
What is the main disadvantage of using disk based encryption?
If the key is compromised, the attacker has access to all files.
What is the main advantage of file based encryption?
If a key is compromised, the attacker only has limited access to some files
What is the main disadvantage of file based encryption?
The meta data of the file system is often not protected.
What are the 3 inputs to a key derivation function?
Password
Salt
Cost factor
In what situation would you use a key derivation function over a hash function?
To increase the cost of brute forcing a password.
State 3 secure places to store a disk encryption key
Smart card
TPM
USB stick
If you are going to store the disk encryption key on the disk itself, how should it be stored?
Encrypt the key using another secret (such as a password)
