Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
39 Cards in this Set
- Front
- Back
|
Trusted Platform Module (TPM)
|
A chip that can store cryptographic keys, passwords, or certificates.
|
|
|
Hashing
|
Algorithm which performs a calculation on a message and converts it into a numeric hash value. Ensures that the data has not been altered.
|
|
|
Message Authentication Mode (MAC)
|
Authenticates both the source of a message and its integrity without the use of any additional mechanisms. Symmetric. Requires the sender the and receiver to share a secret key
|
|
|
Hashed MACing (HMAC)
|
A type of message authentication code (MAC) calculated using a specific algorithm involving a cryptographic hash function in combination with a secret key.
|
|
|
Symmetric Cryptography
|
Requires both ends of an encrypted message to share the same secret key.
|
|
|
Data Encryption Standard (DES)
|
64-bit block. Algorithm: DEA. Easily broken. Symmetric
|
|
|
3DES (Triple-DES)
|
Applies DES three times. 168-bit key. Symmetric. Algorithm: DEA
|
|
|
Advanced Encryption Standard (AES)
|
Current standard. 128 bit block. Key sizes: 128, 192, and 256 bits. Algorithm: Rijnadel. Symmetric
|
|
|
Blowfish algorithm
|
Symmetric
|
|
|
Twofish algorithm
|
Symmetric
|
|
|
CAST algorithm
|
Symmetric
|
|
|
Rivest Cipher (RC)
|
First algorithm known to be suitable for signing as well as encryption.
|
|
|
RC4
|
is an output feedback cipher and is most commonly used with a 128-bit key, which is repeated 16 times. A Rivest Cipher.
|
|
|
Asymmetric Cryptography
|
uses two keys to encrypt and decrypt data. Both a public and private key. Slower than symmetric.
|
|
|
Rivest, Shamir, Adleman (RSA)
|
Asymmetric algorithm. Used for encryption, digital signatures, and key exchange. Is the De Facto standard. Based on the difficult of factoring N, a product of two large prime numbers. Very slow.
|
|
|
Elliptic Curve Cryptography (ECC)
|
Based on the idea of using points on a curve to define the pubic/private key. Requires less computing power, therefore being used in wireless devices. Asymmetric.
|
|
|
Diffie-Hellman
|
Provides for Key Exchange.
|
|
|
Digital Signature Algorithm (DSA)
|
Used to digitally sign documents.
|
|
|
Digital Signature
|
Validates the integrity of the message and the sender. The message is encrypted using the encryption system, and a second piece of information, the digital signature, is added to the message.
|
|
|
Brute Force Attacks
|
Accomplished by applying every possible combination of characters that could be the key. Time is a factor.
|
|
|
Dictionary attack
|
Uses a dictionary of common words to reveal the user's password.
|
|
|
Rainbow attack
|
A rainbow table is a lookup table used to recover an unknown password using its known cryptographic hash, making attacks against hashed passwords feasible.
|
|
|
Secure Socket Layer (SSL)
|
Established a secure connection between two TCP based machines. Uses X.509v3 certificates for authentications. Vulnerabilities: small key sizes; expired digital certificates; compromised keys.
|
|
|
SSL Provides for:
|
Confidentiality, Message integrity, Key exchange
|
|
|
SSL Default Port:
|
Uses TCP port 443
|
|
|
Transport Layer Security (TLS) Port:
|
Uses TCP port 443
|
|
|
HTTPS
|
HTTP over SSL (port 443). The secure version of of HTTP. HTTPS uses SSL to secure the channel between the client and server.
|
|
|
Secure Shell (SSH)
|
Secures remote terminal communications. Protects against sniffing, spoofing, and man in the middle attacks. Uses a symmetric algorithm.
|
|
|
Secure Shell (SSH) Port:
|
Uses TCP port 22
|
|
|
Secure/MIME (S/MIME
|
Uses the X.509 standard requiring a personal ID from a trusted third party CA. Provides protection for email and attachments.
|
|
|
Pretty Good Privacy (PGP)
|
Freeware e-mail encryption system. Uses a web of trust model.
|
|
|
Tunneling
|
Virtual dedicated connection between two systems or networks. Sends private data across a public network by encapsulating data into other packets.
|
|
|
Point-to-Point Tunneling Protocol (PPTP)
|
Encapsulates and encrypts PPP packets.
|
|
|
Point-to-Point Tunneling Protocol PPTP Port:
|
Uses TCP port 1723
|
|
|
Layer 2 Tunneling Protocol (L2TP)
|
Hybrid of PPTP and L2F. No data encryption. Uses IPSec to provide data encryption and integrity. Operates at layer 2.
|
|
|
Layer 2 Tunneling Protocol (L2TP)
|
Uses UDP port 1701
|
|
|
International Protocol Security (IPSec)
|
Most widely VPN technology. Can be used to encrypt any traffic supported by IP. Includes both encryption and authentication. Operates at layer 3.
|
|
|
IPSec Modes
|
Transport on the LAN and Tunnel on the WAN
|
|
|
Internet Key Exchange
|
Standard automated method for negotiating shared secret keys in IPSEC. Used to generate, exchange, and manage keys. Uses UDP port 500.
|
