Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
184 Cards in this Set
- Front
- Back
MD5: how many bits? |
128 bits |
|
MD5: What kind of algorithm is it |
Hashing |
|
MD5: how many characters in a hash? |
32 Hexadecimal Characters |
|
What characters are used in Hexadecimal? |
0-9 and A-F |
|
SHA: what's the acronym stand for? |
Secure Hash Algorythm |
|
MD5: acronym? |
Message Digest 5 |
|
What are the variations of SHA? |
SHA-0, SHA-1, SHA-2, SHA-3 |
|
What is SHA-0 used for? |
Nothing |
|
SHA-1 creates how many bit hashes? |
160 bit |
|
SHA is used for what? |
Hashing |
|
What are the versions of SHA-2? |
SHA-224, SHA-256, SHA-384, SHA-512 |
|
How many bits in SHA-384 |
384 bits |
|
How many bits in SHA-224 |
224 bits |
|
What are the versions of SHA-3? |
224 bit, 256 bit, 384 bit, 512 bit |
|
HMAC is an acronym for what? |
Hash-based Message Authentication Code |
|
How does HMAC work? |
Hashes message with either MD5 (HMAC-MD5) or SHA (HMAC-SHA-1). First the message is hashed with either MD5 or SHA. Then a secret key is used to hash the hash. |
|
HMAC provides integrity and what? |
Authenticity |
|
HMAC provides Authenticity and what? |
Integrity |
|
What encryption protocols use HMAC? |
IPsec and TLS |
|
Hashing a file verifies it's what? |
Integrity |
|
RIPEMD is an acronym for what? |
RACE Integrity Primitives evaluation Message Digest |
|
How many bits are in a RIPEMD hash |
128, 160, 256, and 320 bits |
|
LANMAN is an acronym for what? |
LAN Manager |
|
What uses LANMAN? |
Legacy Windows services and software |
|
What is the max length of characters in a password for LANMAN to handle? |
15 |
|
How long is a LANMAN password? |
14 characters |
|
LANMAN stores passwords in sets of how many strings? |
7 |
|
NTLM is an acronym for what? |
NT LAN Manager |
|
What are the versions of NTLM |
NTLM (NTLM v1) and NTLM v2 |
|
How does NTLM handle passwords? |
It uses an MD4 hash of the password and also uses LANMAN if the password is 14 characters or less. |
|
How does NTLM v2 handle passwords |
It uses a MD5 algorithm to hash the password. |
|
How does one circumvent the LANMAN vulnerability in newer Windows systems? |
Disable LANMAN passwords or create passwords that are 15 characters or larger. |
|
What are the primary encryption methods? |
Symmetric and Asymmetric.
|
|
What are the elements of encryption |
An algorithm and a key |
|
The form of encryption that requires one secret key that two or more parties share is what? |
Symmetric. |
|
The form of encryption where the sender of the encrypted medium has a private key and the receiver has a public key is what? |
Asymmetric. |
|
Secret key or session key encryption is what type of encryption |
Symmetric |
|
AES symmetric algorithm can use how many bits in its key? |
128, 192, and 256 bits |
|
AES is an initialism for what? |
Advanced Encryption Standard |
|
RADIUS uses what type of encryption key? |
Symmetric. |
|
What ciphers are used to encrypt data in symmetric algorithms? |
Block and stream |
|
How do block ciphers encrypt data |
In specific sized blocks such as 64 bit or 128 bit blocks of data. |
|
How do stream ciphers encrypt data |
in streams of bits or bytes. |
|
What cipher is faster when the size of the file is unknown or continuous? |
stream |
|
What attack made WEP a vulnerable wireless encryption standard? |
Injection Vector (IV) attacks |
|
What cipher stream was used in WEP? |
Rivest Cipher 4 (RC4) |
|
What makes cipher encryption vulnerable? |
The reuse of keys |
|
What are the AES encryption types called? |
AES-128, AES-192, and AES-256 |
|
How many passes does it take for AES to encrypt data? |
1 |
|
What does the acronym DES mean? |
Data Encryption standard |
|
DES encrypts in what size blocks? |
64-bit |
|
DES uses a key of how many bits? |
56 bits |
|
How does one pronounce the acronym 3DES? |
Triple DES |
|
How large are the blocks that 3DES encrypts? |
64-bit |
|
How many passes does 3DES use? |
3 |
|
How large are the key sizes that 3DES uses? |
56-bits, 112-bits, and 168-bits |
|
How large are the RC4 keys? |
between 40 and 2048 bits |
|
What is the only thing that currently makes RC4 a poor cipher? |
Using the same key more than once |
|
Which is stronger RC4 or AES? |
AES |
|
TLS can impliment a block cipher or a stream cipher? |
Both |
|
Is AES a block cipher or a stream cipher? |
Block |
|
Blowfish and Twofish are what kind of ciphers? |
Symmetric Block Ciphers |
|
Blowfish encrypts data in what block size? |
64-bit |
|
What key sizes does Blowfish use? |
32 and 448 bits |
|
Who created Blowfish? |
Bruce Schneier |
|
Which is faster? Blowfish or AES |
Blowfish, but only compared to AES-256 |
|
AES-256 encrypts in what size blocks? |
128-bit |
|
Is Twofish related to Blowfish? |
yes |
|
Twofish encrypts data in what size blocks? |
128-bit |
|
What are the sizes of Twofish keys |
128, 192, or 256-bit keys |
|
What algorithm was selected as AES by NIST? |
Rijndael |
|
What cipher uses a printed out key with a serial number attached to it? |
One Time Pad |
|
What does one do after encrypting or decrypting a message with One Time Pad encryption? |
Destroy the key |
|
How is one time encryption used electronically? |
with key fobs that know what key is used at what time. |
|
List the Symmetric encryption protocols. |
AES, DES, 3DES, Blowfish, Twofish, RC4 |
|
If a privet key encrypts data, how is the data decrypted? |
With the matching public key. |
|
If a public key is used to encrypt data, how is the data decrypted? |
With the matching privet key. |
|
How many individuals should posses a particular privet key |
1 |
|
A key element in asymmetric encryption methods is that they require what? |
A certificate and a Public Key Infrastructure (PKI). |
|
Which encryption method is faster, Symmetric or Asymmetric? |
Symmetric |
|
What is a good physical example of Asymmetric encryption |
The Rayburn Box |
|
What information is in the public key certificate? |
Serial number, Issuer, Validity Dates, Subject, Public key, Usage |
|
What uniquely identifies a certificate? |
Serial Number |
|
What is used to identify a certificate in a Certificate Revocation List (CRL)? |
Serial Number |
|
What identifies the Certificate Authority (CA) that issued the certificate? |
Issuer |
|
What explains when the certificate was created and when it expires? |
Validity Dates |
|
What explains who owns the certificate? |
Subject |
|
What explains what form of encryption is used in the certificate? |
Public Key |
|
What explains what the certificate is used for (such as encryption or authentication)? |
Usage |
|
RSA is an initialism of what? |
Rivest, Shamir, and Adleman. The last names of the people who created it. |
|
What kind of encryption is RSA |
Asymetric |
|
TPMs and HSMs store what type of key |
RSA |
|
How large are RSA keys? |
1024, 2048, and 4096-bits |
|
Semi-permanent keys that stay the same over a period of time are what? |
Static |
|
Keys that have very short lifespans and are changed each session are what? |
Ephemeral |
|
What states that a cryptographic system generates a different key for each session and doesn't use a deterministic algorithm to do so? |
Perfect Forward Secrecy |
|
What is a non deterministic algorythm? |
an algorithm that produces a different key each time the same data is inputted. |
|
What encryption method mathematical equations to formulate a type of curve and then graphs a point on the curve to create keys? |
Elliptic Curve Cryptography |
|
The initialism DHE stands for what? |
Diffie-Hellman Ephemeral |
|
ECDHE is an initialism that stands for what? |
Elliptic Curve Diffie-Hellman Ephemeral |
|
ECDH is an initialism that stands for what? |
Elliptic Curve Diffie-Hellman |
|
ECDHE is what type of key? |
Ephemeral |
|
ECDH is what type of key? |
Static |
|
Diffie-Hellman is creates what type of keys? |
Asymmetric keys |
|
How does steganography hide data? |
By manipulating bits inside the data or hiding the data in the white space of a file. |
|
What bits are manipulated to hide data within a file? |
The least significant bits. |
|
What type of files can be used in steganography? |
Any media file. Audio, Video, or image. |
|
What is unused bit space at the end of a file cluster called? |
White Space |
|
Does manipulating white space change the size of a file? |
No |
|
What is a method of detecting stegonography? |
Comparing the hash of the file with that of the original file. |
|
Cryptography based on the physics of photons is called what? |
Quantum Cryptography. |
|
When a photon is read or measured it does what? |
changes direction |
|
A digital signature on a message is what? |
A hash of the message created from the senders private key |
|
A digitally signed message provides what security benefits? |
Authentication Non-repudiation Integrity |
|
How is a digital signature created |
the message is hashed by the email system. Then the hash is encrypted with the senders private key. |
|
How is a digital signature verified |
The recipient of the message decrypts the message with the senders public key. The decrypted hash is then verified against the receivers email systems hash of that message. |
|
Why sign a document instead of encrypting it? |
To conserve computing resources. |
|
When would you encrypt a message despite the abundant use of computing resources used? |
To ensure Confidentiality |
|
Do private keys encrypt or decrypt a message? |
decrypt |
|
Do public keys encrypt or decrypt a message? |
encrypt |
|
Do private keys encrypt or decrypt a digital signature? |
encrypt |
|
Do public keys encrypt or decrypt a digital signature? |
decrypt |
|
S/MIME is an acronym of what? |
Secure / Multipurpose Internet Mail Extensions |
|
S/MIME uses what encryption standard for asymmetric encryption? |
RSA |
|
S/Mime uses what encryption standard for symmetric encryption? |
AES |
|
What data states can S/MIME be used for encryption? |
In transit and at rest. |
|
PGP is an initialism for what? |
Pretty Good Privacy |
|
Who invented PGP? |
Phillip Zimmerman |
|
Who currently owns PGP? |
Symantec Corporation |
|
What version of PGP does not require a licence to use? |
OpenPGP |
|
Both PGP and OpenPGP can be used with what standard? |
S/MIME |
|
GPG is an initialism that stands for what? |
Gnu Privacy Guard |
|
GPG is based of of what standard? |
OpenPGP |
|
All versions of PGP use what algorythm |
RSA |
|
If a secure protocol starts with an S, what encryption protocol is it using? |
SSH |
|
If a secure protocol ends with an S, what encryption protocol is it using? |
SSL or TLS |
|
SSH, SSL, and TLS are what form of encryption? |
Transport encryption |
|
IPsec can encrypt data in what modes? |
Tunnel and Transport |
|
IPsec uses what to provide authentication and integrity? |
Authentication header (AH) |
|
IPsec uses an authentication header (AH) to provide what? |
Authentication and Integrity |
|
Request for Comments 4835 (RFC 4835) requires the use of what for AH? |
HMAC |
|
Routers and firewalls identify AH traffic with what protocol ID? |
51 |
|
IPsec uses what to provide Confidentiality? |
Encapsulating Security Payload (ESP) |
|
IPsec uses Encapsulating Security Payload (ESP) to provide what? |
Confidentiality |
|
Request for comments 4835 (RFC 4835) mandates the use of what in the symmetric encryption algorithm? |
AES or 3DES |
|
Routers and firewalls identify ESP traffic with what protocol ID? |
50 |
|
How does ESP work? |
It encapsulates the entire IP packet and adds an additional IP header. |
|
SSL is an initialism for what |
Secure Socket Layer |
|
SSL uses asymmetric encryption to do what? |
Share a session key |
|
SSL uses symmetric encryption to do what? |
To encrypt information displayed on the web page and in transmission. |
|
Who created SSL? |
Netscape |
|
What was created to standardize improvements with SSL? |
TLS |
|
Who created TLS |
The Internet Engineering Task Force (IETF) |
|
Every update of TLS is considered an update of what? |
SSL 3.0 |
|
If the version of TLS is 1.2, it is considered what version of SSL? |
3.3 |
|
TLS uses what type of encryption |
Symmetric and Asymmetric |
|
How does TLS use Asymmetric encryption? |
To share a symmetric key |
|
How does TLS use symmetric keys? |
to encrypt the data in a web session ( on the page and in transit) |
|
SSL and TLS both use what? |
Certificates |
|
A combination of cryptographic algorithms that provide several layers of security for TLS and SSL are what? |
Cipher Suites |
|
a cipher suite is identified by a string of hexadecimal characters and a code name. what is this called? |
cipher identifier |
|
What parts make up a cipher identifier? |
Protocol Key exchange method Authentication Encryption Integrity |
|
The addition of random bits inside a password is called what? |
Key stretching |
|
A secure method of keys stretching is what? |
Salting |
|
What key stretching technique salts a password before encrypting it with Blowfish? |
Bcrypt |
|
Wi-Fi Protected Access 2 (WPA2), Apple's iOS, and Cisco opperating systems use what to increase the security of passwords? |
PBKDF2 |
|
PBKDF2 salts passwords with how many additional bits? |
64 |
|
Key stretching prevents what form of attacks? |
Brute forcing and Rainbow Table. |
|
Two parties sharing an encryption key in the same communication channel as the encrypted data is called what? |
In-Band Key Exchange |
|
Two parties that share the symmetric key in one communication channel and then exchange the encrypted data in a separate communication channel is called what? |
Out-of-Band Key Exchange |
|
an entity that issues, manages, validates, and revokes certificates is called what? |
Certificate Authority |
|
what is the first certificate created by a CA that identifies it? |
Root Certificate |
|
A public CA creates a root CA, then child CAs that create a chain of trust. This model is called what? |
Hierarchical trust model |
|
a trust model that uses self-signed certificates with a 3rd party vouching for these certificates is called what? |
Web of trust or decentralized trust |
|
What is the danger of the web of trust? |
If the third party does not adequately verify the certificates |
|
Private CAs are only good for issuing certificates |
internally / within the corperation |
|
a certificate that is valid for multiple versions of "example.com" such as: "an.example.com" "another.example.com" "stupid.example.com" is called what? |
a Wildcard Certificate |
|
Users and systems request certificates from a CA using what? |
Registration process |
|
what is the process of registration? |
-create a key pair -create a Certificate Signing Request (CSR) -send CSR to CA -CA validates identity and creates certificate with the public key |
|
What entity assists the CA by collecting registration information? |
Registration Authority (RA) |
|
how would a CA revoke a certificate before it's expiration date? |
Putting the certificate's serial number on a Certificate Revocation List (CRL) |
|
how is a certificate validate by a client? |
Verify the certificate was issued by a trusted CA Verify the certificate in not on the CAs CRL |
|
Placing a copy of a private key in a safe environment is called what? |
Key Escrow |
|
a designated individual who can recover or restore cryptographic keys is called what? |
Recovery Agent |