Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
• Cryptography is the science of protecting information by encoding it into an
unreadable format. |
• The most famous rotor encryption machine is the Enigma used by the
Germans in WWII. |
|
|
• A readable message is in a form called plaintext, and once it is encrypted, it is
in a form called ciphertext. |
• Cryptographic algorithms are the mathematical rules that dictate the functions
of enciphering and deciphering. |
|
|
• Cryptanalysis is the study of breaking cryptosystems.
|
• Nonrepudiation is a service that ensures the sender cannot later falsely deny
sending a message. |
|
|
• Key clustering is an instance in which two different keys generate the same
ciphertext from the same plaintext. |
• The range of possible keys is referred to as the keyspace. A larger keyspace and
the full use of the keyspace allow for more random keys to be created. This provides more protection. |
|
|
• The two basic types of encryption mechanisms used in symmetric ciphers are
substitution and transposition. Substitution ciphers change a character (or bit) out for another, while transposition ciphers scramble the characters (or bits). |
• A polyalphabetic cipher uses more than one alphabet to defeat frequency
analysis. |
|
|
• Steganography is a method of hiding data within another media type, such as
a graphic, WAV file, or document. This method is used to hide the existence of the data. |
• A key is a random string of bits inserted into an encryption algorithm. The
result determines what encryption functions will be carried out on a message and in what order. |
|
|
• In symmetric key algorithms, the sender and receiver use the same key for
encryption and decryption purposes. |
• In asymmetric key algorithms, the sender and receiver use different keys for
encryption and decryption purposes. |
|
|
• Symmetric key processes provide barriers of secure key distribution and
scalability. However, symmetric key algorithms perform much faster than asymmetric key algorithms. |
• Symmetric key algorithms can provide confidentiality, but not authentication
or nonrepudiation. |
|
|
• Examples of symmetric key algorithms include DES, 3DES, Blowfish, IDEA,
RC4, RC5, RC6, and AES. |
• Asymmetric algorithms are used to encrypt keys, and symmetric algorithms
are used to encrypt bulk data. |
|
|
• Asymmetric key algorithms are much slower than symmetric key algorithms,
but can provide authentication and nonrepudiation services. |
• Examples of asymmetric key algorithms include RSA, ECC, Diffie-Hellman,
El Gamal, Knapsack, and DSA. |
|
|
• Two main types of symmetric algorithms are stream and block ciphers. Stream
ciphers use a keystream generator and encrypt a message one bit at a time. A block cipher divides the message into groups of bits and encrypts them. |
• Block ciphers are usually implemented in software, and stream ciphers are
usually implemented in hardware. |
|
|
• Many algorithms are publicly known, so the secret part of the process is the
key. The key provides the necessary randomization to encryption. |
• Data Encryption Standard (DES) is a block cipher that divides a message into
64-bit blocks and employs S-box-type functions on them. |
|
|
• Because technology has allowed the DES keyspace to be successfully broken,
Triple-DES (3DES) was developed to be used instead. 3DES uses 48 rounds of computation and up to three different keys. |
• International Data Encryption Algorithm (IDEA) is a symmetric block cipher
with a key of 128 bits. |
|
|
• RSA is an asymmetric algorithm developed by Rivest, Shamir, and Adleman
and is the de facto standard for digital signatures. |
• Elliptic curve cryptosystems (ECCs) are used as asymmetric algorithms
and can provide digital signature, secure key distribution, and encryption functionality. They use much less resources, which makes them better for wireless device and cell phone encryption use. |
|
|
• When symmetric and asymmetric key algorithms are used together, this is
called a hybrid system. The asymmetric algorithm encrypts the symmetric key, and the symmetric key encrypts the data. |
• A session key is a symmetric key used by the sender and receiver of messages
for encryption and decryption purposes. The session key is only good while that communication session is active and then it is destroyed. |
|
|
• A public key infrastructure (PKI) is a framework of programs, procedures,
communication protocols, and public key cryptography that enables a diverse group of individuals to communicate securely. |
• A certificate authority (CA) is a trusted third party that generates and
maintains user certificates, which hold their public keys. |
|
|
• The CA uses a certification revocation list (CRL) to keep track of revoked
certificates. |
• A certificate is the mechanism the CA uses to associate a public key to a
person’s identity. |
|
|
• A registration authority (RA) validates the user’s identity and then sends the
request for a certificate to the CA. The RA cannot generate certificates. |
• A one-way function is a mathematical function that is easier to compute in
one direction than in the opposite direction. |
|
|
• RSA is based on a one-way function that factors large numbers into prime
numbers. Only the private key knows how to use the trapdoor and how to decrypt messages that were encrypted with the corresponding public key. |
• Hashing algorithms provide data integrity only.
|
|
|
• When a hash algorithm is applied to a message, it produces a message digest,
and this value is signed with a private key to produce a digital signature. |
• Some examples of hashing algorithms include SHA-1, MD2, MD4, MD5, and
HAVAL. |
|
|
• HAVAL produces a variable-length hash value, whereas the other hashing
algorithms mentioned produce a fixed-length value. |
• SHA-1 produces a 160-bit hash value and is used in DSS.
|
|
|
• A birthday attack is an attack on hashing functions through brute force. The
attacker tries to create two messages with the same hashing value. |
• A one-time pad uses a pad with random values that are XORed against the
message to produce ciphertext. The pad is at least as long as the message itself and is used once and then discarded. |
|
|
• A digital signature is the result of a user signing a hash value with a private
key. It provides authentication, data integrity, and nonrepudiation. The act of signing is the actual encryption of the value with the private key. |
• Examples of algorithms used for digital signatures include RSA, El Gamal,
ECDSA, and DSA. |
|
|
• Key management is one of the most challenging pieces of cryptography. It
pertains to creating, maintaining, distributing, and destroying cryptographic keys. |
• The Diffie-Hellman protocol is a key agreement protocol and does not
provide encryption for data and cannot be used in digital signatures. |
|
|
• TLS is the “next version” of SSL and is an open-community protocol, which
allows for expansion and interoperability with other technologies. |
• Link encryption encrypts the entire packet, including headers and trailers, and
has to be decrypted at each hop. End-to-end encryption does not encrypt the headers and trailers, and therefore does not need to be decrypted at each hop. |
|
|
• Privacy-Enhanced Mail (PEM) is an Internet standard that provides secure
e-mail over the Internet by using encryption, digital signatures, and key management. |
• Message Security Protocol (MSP) is the military’s PEM.
|
|
|
• Pretty Good Privacy (PGP) is an e-mail security program that uses public key
encryption. It employs a web of trust instead of the hierarchical structure used in PKI. |
• S-HTTP provides protection for each message sent between two computers,
but not the actual link. HTTPS protects the communication channel. HTTPS is HTTP that uses SSL for security purposes. |
|
|
• Secure Electronic Transaction (SET) is a proposed electronic commerce
technology that provides a safer method for customers and merchants to perform transactions over the Internet. |
• In IPSec, AH provides integrity and authentication, and ESP provides those
plus confidentiality. |
|
|
• IPSec protocols can work in transport mode (the data payload is protected)
or tunnel mode (the payload and headers are protected). |
• IPSec uses IKE as its key exchange protocol. IKE is the de facto standard and
is a combination of ISAKMP and OAKLEY. |
|
|
• DEA is the algorithm used for the DES standard.
|
• DEA is the algorithm used for the DES standard.
|
