Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
95 Cards in this Set
- Front
- Back
|
What is
Cryptography |
The science of altering information so that is cannot be decoded without a key,
and the study of cryptographic algorithms. |
|
|
What is
Cryptanalysis |
The study of how to break cryptographic algorithms.
|
|
|
What is a
Cipher |
A method used to encode characters to hide their value.
|
|
|
What is a
Substitution Cipher |
A type of coding or ciphering system that changes one character or
symbol to another. |
|
|
What is a
Transposition Cipher |
Involves transposing or scrambling the letters in a certain manner.
|
|
|
What
is ROT13 |
One of the oldest known encoding algorithms, it is a simple algorithm that rotates
every letter 13 places in the alphabet. Thus, an A becomes an N, a B becomes an O, and so forth. |
|
|
What is
Steganography |
The process of hiding a message in a medium such as a digital image, audio
file, or other file. |
|
|
What is the
Least Significant Bit (LSB) method of steganography |
The most common method of
steganography where the very last bit (the least significant bit in each byte) is changed. Doing so does not make a noticeable change to the file. |
|
|
What is a
Symmetric Algorithms |
Requires that both ends of an encrypted message have the same key
and processing algorithms. They generate a secret key that must be protected. |
|
|
What is a
Block Cipher |
An algorithm that works on chunks of data, encrypting one chunk at a time.
|
|
|
What
is a Stream Cipher |
An algorithm that encrypts data one bit, or byte, at a time.
|
|
|
What is the
Data Encryption Standard (DES) |
A symmetric algorithm that is based on a 56–bit key and has
several modes that offer security and integrity. It is now considered insecure because of the small key size and has been replaced by AES. |
|
|
What is
Triple–DES (3DES) |
A symmetrical algorithm that is a technological upgrade of DES. It is still
used even though AES is the preferred choice for government applications. It is considerably harder to break than many other systems and uses a key length of 168 bits (using three 56–bit DES keys). |
|
|
What is
Advanced Encryption Standard (AES) |
A symmetric algorithm that replaced DES as the current
standard. It is the current product used by U.S. government agencies and supports key sizes of 128, 192, and 256 bits, with 128 bits being the default. |
|
|
What is
AES256 |
A symmetrical algorithm that uses a 256 bit key and qualifies for US classification as
Top Secret. |
|
|
What is
CAST |
A symmetrical algorithm that is used in some products offered by Microsoft and IBM. It
uses a 40 bit to 128 bit key and is very fast an efficient. A 128 and 265 bit version also exist. |
|
|
What is
Ron's Cipher (RC) |
A symmetric encryption family that was produced by RSA laboratories.
The current levels are RC4, RC5, and RC6. |
|
|
What is
RC5 |
A symmetric algorithm that uses a key size of up to 2048 bits and is considered to be a
strong system. |
|
|
What is
RC4 |
Popular with wireless and WEP/WPA encryption, it is a symmetric streaming cipher that
works with key sizes between 40 and 2048 bits, and it is used in SSL and TLS. |
|
|
What is
Blowfish |
An encryption system that performs a 64–bit block cipher at very fast speeds. It is a
symmetric block cipher that can use variable–length keys (from 32 bits to 448 bits). |
|
|
What is
Twofish |
Similar to blowfish, it works on 128–bit blocks and has a complex key schedule.
|
|
|
What
is the International Data Encryption Algorithm (IDEA) |
A symmetric algorithm that uses a 128–bit key.
Similar in speed and capability to DES, but it's more secure. It is also used in PGP. |
|
|
What are
One–Time Pads |
The only truly completely secure cryptographic implementations. They are
so secure for two reasons. They use a key that is as long as a plain text message, and they are only used once before being discarded. |
|
|
What is
In–band Key Exchange |
A method of key exchange where the key is exchanged within the
same communications channel that is going to be encrypted. IPSec uses in–band key exchange. |
|
|
What is
Out–of–Band Key Exchange |
A method of key exchange where the key is exchanged using
some other channel, other than the one that is going to be secured. |
|
|
What is
Forward Secrecy |
A property of any key exchange system, which ensures that if one key is
compromised, subsequent keys will not also be compromised. |
|
|
What is
Perfect Forward Secrecy |
When the process of key exchange is unbreakable. A common
approach uses ephemeral keys. |
|
|
What is an
Asymmetric Algorithm |
Uses two keys to encrypt and decrypt data. The keys are referred to as
the public and private keys. The sender uses the public key to encrypt a message, and the receiver uses the private key to decrypt the message. What one key does, the other undoes. |
|
|
What is
RSA |
An early public–key (asymmetric) encryption system that uses large integers as the basis
for the process. It's widely implemented, and it has become a de facto standard. It works with both encryption and digital signatures and is used in many environments, including SSL and it can be used for key exchange. |
|
|
What is
Diffie–Hellman |
An asymmetric system, it is primarily used to send keys across public networks
and works by splitting the key into two parts. The process isn't used to encrypt or decrypt messages, and is used merely for the creation of a symmetric key between two parties. |
|
|
What is
Elliptic Curve Cryptography |
Similar in functionality to RSA, but it uses smaller key sizes to
obtain the same level of security. This asymmetric encryption system is based on the idea of using points on a curve combined with a point at infinity and the difficulty of solving discrete logarithm problems. |
|
|
What is
ElGamal |
An asymmetric algorithm that has several variations, including Elliptic Curve. It uses
an ephemeral key. |
|
|
What are the
Three Characteristics of a Cryptography Hash Function |
It must be one way and not reversible.
Variable–Length input produces fixed–length output. The Algorithm must have few or no collisions. |
|
|
What is the
Secure Hash Algorithm |
Designed to ensure the integrity of a message. It is a one–way hash
that provides a hash value that can be used with an encryption protocol. It produces a 160–bit hash value. |
|
|
What is
SHA2 |
A hashing algorithm that has several sizes: 224, 256, 334, and 512. It is the most
widely used and recommended hashing algorithm. |
|
|
What is the
Message Digest Algorithm |
A hash value that uses a one–way hash to help maintain integrity.
There are several, the most common are MD5, MD4, and MD2. MD4 was used by NTLM to compute the NT hash. |
|
|
What is
MD5 |
The newest version of the algorithm, it produces a 128–bit hash, but the algorithm is
more complex than its predecessors and offers greater security. Its biggest weakness is that is does not have strong collision resistance, and is no longer recommended for use. |
|
|
What is the
RACE Integrity Primitives Evaluation Message Digest (RIPEMD) |
A hashing algorithm based
on MD4 there were questions regarding it's security and it has been replaced with a 160 bit version. There are also version that use 256 and 320 bits. |
|
|
What is
GOST |
A symmetric cipher developed in the old Soviet Union that has been modified to work
as a hash function. It processes a variable–length message into a fixed–length output of 256 bits. |
|
|
What is
LANMAN |
A protocol used for authentication prior to the release of Windows NT. While
functioning only has an authentication protocol, it used LM Hash and two DES keys. |
|
|
What is
NT LAN Manager (NTLM) |
A protocol that replaced the LANMAN protocol and uses MD4/MD5
hashing algorithms. |
|
|
What is a
Rainbow Table |
A table in which all of the possible hashes are computed in advance.
|
|
|
What is
Salt |
A countermeasure to Rainbow Tables, it works by adding bits at key locations, either
before or after the hash. |
|
|
What is
Key stretching |
The processes used to take a key that might be a bit weak and make it
stronger, usually by making it longer. |
|
|
What is the
Password–Based Key Derivation Function 2 (PBKDF2) |
A part of PKCS #5, it applies some
function (like a hash or HMAC) to a password along with Salt to produce a derived key. |
|
|
What is
Bcrypt |
Used with passwords, it uses a derivative of the Blowfish algorithm, converted to a
hashing algorithm, to hash a password and add Salt to it. |
|
|
What is
Frequency Analysis |
Looking at blocks of an encrypted message to determine if any common
patterns exist. Initially, the analyst doesn't try to break the code, but looks at the patterns in the message. |
|
|
What is
Chosen Plaintext |
An attacker obtains the ciphertexts corresponding to a set of plaintexts of
their own choosing. This allows the attacker to attempt to derive the key used and thus decrypt the other messages encrypted with that key. |
|
|
What is a
Related Key attack |
Similar to a chosen–plaintext attack, except the attacker can obtain
ciphertexts encrypted under two different keys. It is a very useful attack if you can obtain the plaintext and matching ciphertext. |
|
|
What is a
Brute–Force Attack |
Accomplished by applying every possible combination of characters that
could be the key. Although it may take a long time to find the key, it can indeed be found. |
|
|
What
are the Three Most Important Concepts in Security |
Confidentiality
Integrity Availability |
|
|
What is the
Work Factor |
An estimate of the amount of time and effort that would be needed to break a
system. |
|
|
What is a
Message Authentication Code (MAC) |
A common method of verifying integrity. It is derived
from the message and a shared secret key. |
|
|
What is a
Hash–Based Message Authentication Code (HMAC) |
A MAC that uses a hashing algorithm
along with a symmetric key. |
|
|
What is a
Digital Signature |
Validates the integrity of the message and the sender. The message is
encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message. Most implementations also use a hash to verify that the message has not been altered. |
|
|
What is
Nonrepudiation |
Prevents one party from denying actions they carried out.
|
|
|
What is
Key Escrow |
Addresses the possibility that a third party may need to access keys used to
encrypt/decrypt data. The keys are held in an account and made available if the third party requests them. |
|
|
What is a
Key Recovery Agent |
An entity that has the ability to recover a key, key components, or
plaintext messages as needed. Typically used to access information that is encrypted with older keys. |
|
|
What is
Key Registration |
The process of providing certificates to users.
|
|
|
What is the
Certificate Revocation List (CRL) |
The most widely used method to find out if a key is still valid.
It is literally a list of certificates that a specific CA states should no longer be used. |
|
|
What is the
Online Certificate Status Protocol (OCSP) |
A real–time protocol that is replacing CRLs.
|
|
|
What is
a Request For Comment (RFC) |
The mechanism used to propose a standard. It's a
document–creation process with a set of practices and can be categorized as standard, best practice, informational, experimental, or historic. |
|
|
What is the
Internet Engineering Task Force (IETF) |
An international community of computer professionals
that is mainly interested in improving the Internet. It is also very interested in security. |
|
|
What is
the Internet Society (ISOC) |
A professional group whose membership consists primarily of Internet
experts. It oversees a number of committees and groups, including the IETF. |
|
|
What is the
World Wide Web Consortium (W3C) |
An association concerned with the interoperability,
growth, and standardization of the World Wide Web. |
|
|
What is the
International Telecommunications Union (ITU) |
Responsible for virtually all aspects of
telecommunications and radio communication standards world wide. |
|
|
What is the
Institute of Electrical and Electronics Engineers (IEEE) |
An international organization focused
on technology and related standards. It is organized into several working groups and standards committees, and is actively involved in the development of PKC, wireless, and networking protocol standards. |
|
|
What is
Public–Key Infrastructure X.509 (PKIX) |
The working group formed by the IETF to develop
standards and models for the PKI environment. |
|
|
What are the
Public–Key Cryptography Standards (PKCS) |
A set of voluntary standards created by RSA and
security leaders. There are 15 published standards. |
|
|
What is the
X.509 Standard |
Defines the certificates formats and fields for public keys. It also defines the
procedures that should be used to distribute public keys and is the standard certificate format supported by the ITU. |
|
|
What is an
End–Entity Certificate |
The most common certificate, which is issued by a CA to an end
entity. |
|
|
What is a
CA certificate |
Issued by one CA to another CA. The second CA can, in turn, then issue
certificates to an end entity. |
|
|
What do
All X.509 Certificates contain |
Signature
Version Serial Number Signature Algorithm ID Issuer Name Validity Period Subject Name Subject Public–Key Information Issuer Unique Identifier Subject Unique Identifier Extensions |
|
|
What is
Secure Sockets Layer (SSL) |
used to establish a secure communications connection between
two TCP–based machines. The number of steps in the handshake is always between four and nine, inclusive, based on who is doing the documentation. One of the early steps will always be to select an appropriate cipher suite to use. |
|
|
What is
Transport Layer Security (TLS) |
A security protocol that expands upon SSL and may replace
SSL in the future. |
|
|
What is the
Certificate Management Protocol (CMP) |
A messaging protocol used between PKI entities, and
is used in some PKI environments. |
|
|
What is the
XML Key Management Specification (XKMS) |
Designed to allow XML–based programs access
PKI services, it is a standard that is build on CMP and uses it as a model. |
|
|
What is the
Secure Multipurpose Internet Mail Extensions (S/MIME) |
A standard used for encrypting email
and contains a signature. It uses the PKCS #7 standard and is the most widely supported standard used to secure email communications. |
|
|
What is
Secure Electronic Transaction (SET) |
Provides encryption for credit card number that can be
transmitted over the Internet. It was developed by Visa and MasterCard. |
|
|
What is
Pretty Good Privacy (PGP) |
A freeware encryption system. It uses both symmetrical and
asymmetrical systems as a part of its process. |
|
|
What is
Secure Hypertext Transport Protocol (S–HTTP) |
HTTP with message security (added by using
RSA or a digital certificate). Creates a secure message not a secure channel. It can use multiple protocols and mechanisms to protect the message. It also provides data integrity and authentication. |
|
|
What is
Federal Information Processing Standard (FIPS) |
A set of guidelines for U.S. federal
government information systems. It is used when an existing commercial or government system does not meet federal security requirements. |
|
|
What is
Public–Key Infrastructure (PKI) |
A security framework that should work across multiple
vendors, systems, and networks. It is a two–key, asymmetric system with four main components: Certificate Authority (CA), Registration Authority (RA), RSA (the encryption algorithm), and digital certificates. Messages are encrypted with a public key and decrypted with a private key. |
|
|
What is a
Certificate Authority (CA) |
An organization that is responsible for issuing, revoking, and
distributing certificates. |
|
|
What is a
Certificate |
A mechanism that associates the public key with an individual.
|
|
|
What is a
Certificate–Signing Request (CSR) |
A request formatted for the CA. It will have the public key you wish to use and your fully
distinguished name (often a domain name). |
|
|
What is a
Registration Authority |
Offloads some of the work from a CA and operates as a middle man. It
can distribute keys, accept registration for the CA, and validate identities. It can not issue certificates. |
|
|
What is a
Local Registration Authority (LRA) |
Can be used to identify or establish the identity of an
individual for certificate issuance. |
|
|
What are
Certificate Policies |
Define what certificates do (i.e. this certificate can only be used for email,
or this certificate can only be used for e–commerce, etc) |
|
|
What is a
Certificate Practice Statement (CPS) |
A detailed statement the CA uses to issue certificates
and implement its policies. They should discuss how certificates are issued, what measures are taken to protect certificates, and the rules that CA users must follow in order to maintain their certificate eligibility. |
|
|
What is
Certificate Revocation |
The process of revoking a certificate before it expires possibly due to
the certificate being stolen, an employee leaving the company, or someone has had their access revoked. |
|
|
What is the
Hierarchical Trust Model |
Also known as a tree, a root CA at the top provides all of the
information. The intermediate CAs are next and only trust information provided by the root CA. The root CA also trusts the intermediate CAs that are in their level in the hierarchy and none that aren't. |
|
|
What is the
Bridge Trust Model |
A peer–to–peer relationship exists among the root CAs. The root CAs can
communicate with one another, allowing cross certification. Each intermediate CA trusts only the CAs above and below it, but the CA structure can be expanded without creating additional layers of CAs. |
|
|
What is the
Mesh Trust Model |
Expands the concepts of the bridge model by supporting multiple paths and
multiple root CAs. Each of the root CAs can cross–certify with the other root CAs. |
|
|
What is the
Hybrid Trust Model |
Can use the capabilities of any or all of the trust models.
|
