Cryptography

Front 1

Substitution cipher

Back 1

one character or symbol is changed into another

one of the oldest - Caesar cipher (shift 3-rt)

other e.g.s Atbash, Playfair, Scytale

Front 2

multi-alphabet substitution

Back 2

Vigenere cipher

uses keyword to look up cipher text in a table

Front 3

transposition ciphers

Back 3

message is broken into equal blocks, then each block is scrambled

Rail Fence cipher

Front 4

ROT13

Back 4

algorithm rotates every letter 13 places in the alphabet

Front 5

enigma machine

Back 5

typewriter that implemented multi-alphabet cipher

uses 26 alphabet substitutions

Front 6

steganography

Back 6

uses LSB (least significant bit) to hide messages in a medium

Programs- QuickStego , Invisible Secrets

used for watermarking

Front 7

Encrypt filesystem in Linux

Back 7

1. login as root and start YaST

2. Choose System>Partitioner

3. yes to prompt. select filesystem and edit

4. select the Encrypt file system check box. Ok

Front 8

What are the major areas of modern cryptography?

Back 8

symmetric cryptography

asymmetric cryptography

hashing algorithms

Front 9

symmetric cryptography

Back 9

both ends of encrypted message use the same key and algorithms

uses a secret/private key

uses block or stream cipher

fast

e.g.s- DES, 3DES, AES, AE256, CAST, RC4, RC5, RC6, Blowfish, Teofish, IDEA, One time pads

Front 10

DES ( data encryption standard)

Back 10

replaced by AES

based on 56 bit

considered insecure due to small key size

Front 11

3DES (Triple DES)

Back 11

upgrade to DES

key length is 168 bits

uses 3 56 bit DES keys

Front 12

AES (advanced encryption standard)

Back 12

replaced DES

uses Rijndael algorithm

used bu govt agencies

default key is 128 bits

supports 128, 192, 256 bits

Front 13

AES256

Back 13

uses 256 bits

qualifies for US govt top secret classification

Front 14

CAST

Back 14

developed by Carlisle Adams & Stafford Tavares

used in microsoft and IBM products

uses 40-128 bit key

fast and efficient

additional versions- CAST128, CAST256

Front 15

Ron's Cipher (RC)

Back 15

an encryption family by RSA labs

authored by Ron rivest

current levels are RC4, RC%, and RC6

uses key size up to 2048 bits

Front 16

RC4 (ron's cipher 4)

Back 16

popular with WEP/WPA encryption

streaming cipher using 40-2048 bit keys

used in SSL and TLS

used in utilities for downloading BitToreents

Front 17

Blowfish

Back 17

invented by Bruce Schneier and team

performs 64 bit block cipher (symmetric) fast speeds

uses variable length keys from 32-448 bits

Front 18

Twofish

Back 18

similiar to Blowfish

works on 128 bit blocks

has complex key schedule

Front 19

IDEA (international data encryption algorithm)

Back 19

developed by Swiss consortium

uses 128 bit key

more secure than DES but similiar concept

used in PGP (pretty good privacy)

Ascom AG holds the right to market

Front 20

One-Time Pads

Back 20

only truly completely secure cryptographic implementation

use a key that is as long as a plaintext message

used only once

Front 21

key exchange

Back 21

2 primary approaches: in band key exchange (same channel as encryption), out of band key exchange

Front 22

forward secrecy

Back 22

property of any key exchange system that ensures if 1 key is compromised, subsequent keys will not be compromised.

Front 23

perfect forward secrecy

Back 23

when the key exchange process is unbreakable

common approach uses ephemeral keys

Front 24

asymmetric algortihms

Back 24

uses public key to encrypt and private key to decrypt

based on number theory

the 4 popular ones are: RSA, Diffie-Hellman, ECC,and ElGamal

Front 25

RSA

Back 25

named after inventors Rivest, shamir, Adleman

the de facto standard

uses large integers

works with both encryption and digital signatures

can be used for key exchange

Front 26

Diffie-Helman

Back 26

used primarily to send keys across public networks.

used to create symmetric keys between 2 parties

does not encrypt nor decrypt

Front 27

ECC (elliptic curve cryptography)

Back 27

similiar to RSA but uses smaller keys

uses points on a curve combined with a point at infinity and the difficulty of solving discrete algorithms

NSA recommended

will be commonly implemented on cell phones soon

variations: ECC-DH and ECC-DSA

Front 28

ElGamal

Back 28

use ephemeral key

used for single communication session

Front 29

ephemeral key

Back 29

a key that exists for only a single session

allows for perfect forward secrecy

Front 30

Kerckhoff's Principle

Back 30

the security of an algorithm should depend only on the secrecy of the key and not the algorithm itself.

Front 31

Hashing Algorithms

Back 31

secure hash algorithm (SHA)

message digest algorithm (MD)

The RACE integrity Primitives Evaluation Message (RIPEMD)

GOST

LANMAN

NT Lan Manager (NTLM)

Front 32

hash characteristics

Back 32

1. must be 1 way

2. variable length input produces fixed length output

3. algorithm must have few or no collisions ( 2 inputs don't give same output)

Front 33

rainbow tables

Back 33

all possible hashes are computed in advance

e.g. OphCrack

Front 34

salt

Back 34

added bits at key locations either before or after hash

Front 35

key stretching

Back 35

strengthening a weak key

2 methods: PBKDF2 (Password-based key derivation function 2) & Bcrypt

Front 36

quantum cryptography

Back 36

originally limited to lab work and secret govt applications

basis for QKE (quantum key exchange)

Front 37

Common code breaking techniques`

Back 37

frequency analysis- looks at patterns

chosen plaintext

related key attack

brute force attacks

exploiting human error

Front 38

cryptographic system

Back 38

a system, method, or process that is used to provide encryption and decryption

Front 39

pre-shared key

Back 39

when all the clients and access points share the same key

Front 40

work factor

Back 40

an estimate of the amount of time and effort that would be needed to break a system

Front 41

digital signatures

Back 41

sender uses private key to create digital signature

receiver uses public key attached to message to decrypt

most use a hash to ensure message hasn't been altered

receiver compares signature area (message digest) to calculated value

Front 42

nonrepudiation

Back 42

prevents one party from denying actions they carried out

Front 43

Certificate Authority (CA)

Back 43

manage public keys

issue certificates verifying validity of a sender's message (nonrepudiation)

Front 44

key escrow

Back 44

keys to encrypt/decrypt in escrow until requested by 3rd party

Front 45

key recovery agent

Back 45

entity that has the ability to recover a key, key components, or plaintext messages

Front 46

key registration

Back 46

the process of providing certificates to users

done by a registration authority (RA)

Front 47

certificate revocation list (CRL)

Back 47

a list of certificates a specific CA states should no longer be used.

being replaced by OCSP (online certificate status protocol)

Front 48

types of trust models

Back 48

bridge

hierarchical

hybrid

mesh

Front 49

National Security Agency (NSA)

Back 49

responsible for creating codes, breaking codes, and coding systems for the US government.\

chartered in 1952

responsible for obtaining foreign intelligence and supplying to US govt agencies

world's largest employer of mathematicians

Front 50

National Security Agency/Central Security Service (NSA/CSS)

Back 50

independently functioning part of the NSA

supports all branches of the US military

created in the 1970s to standardize and support the DoD

Front 51

National Institute of Standards and Technology (NIST)

Back 51

formerly NBS ( national bureau of standards)

develops and supports US govt standards

publishes info about known vulnerabilities

Front 52

RFC ( Request for Comments)

Back 52

method to propose a standard

originated in 1969

categorized as a standard, best practice, informational, experimental or historic

Front 53

major associations

Back 53

American Bankers Association (ABA)

Internet Engineering Task Force (IETF)

Internet society (ISOC)- oversees the IETF

World Wide Web Consortium (W3C)- sponsors XML

International Telecommunications Union (ITU)

Institute of Electrical and Electronics Engineers (IEEE)- development of PKC, wireless and networking protocols

Front 54

Public Key Infrastructure X.509 (PKIX)

Back 54

the working group formed by IETF to develop standards and models for the PKI environment

Front 55

Public Key Cryptography Standards (PKCS)

Back 55

a set of voluntary standards created by RSA and security leaders.

there are 15 standards

early group members: Apple, microsoft, HP, Lotus, Sun, MIT

Front 56

X.509 standard

Back 56

defines the certificate formats and fields for public keys

defines procedures for public key distribution

currently on v3

2 basic types: End-entity certificate, CA certificate

Front 57

X.509 properties

Back 57

signature (primary purpose)

version

serial#

signature algorithm id

issuer name

validity period

subject name

subject public key info

issues unique identifier (v2 and v3)

subject unique identifier (v2 and v3)

extensions (v3)

Front 58

cipher suite

Back 58

a combination of methods such as authentication, encryption and message authentication code (MAC) algorithm used together

e.g TLS and SSL

Front 59

configure ssl port in windows server 2012

Back 59

1. start> admin tools> IIS manager

2. right click on website and go to Properties

3. select web site tab, enter port #

4. click ok and exit

-default port is 443

Front 60

certificate management protocol (CMP)

Back 60

a messaging protocol used between PKI entities

Front 61

XML Key Management Specification (XKMS)

Back 61

designed to allow XML-based programs access to PKI services.

built on CMP

Front 62

Secure Multipurpose Internet Mail Extensions (S/MIME)

Back 62

standard for encrypting email

contains signature data

assymetric alogorithms for confidentiality

uses digital certificates for authentication

Front 63

Secure Electronic Transaction (SET)

Back 63

provides encryption for credit card numbers that can be transmitted over the internet

developed by Visa and Mastercard

works with an electronic wallet

Front 64

electronic wallet

Back 64

a device that identifies you electronically in the same ways as the cards you carry in your wallet

Front 65

Pretty Good Privacy (PGP)

Back 65

freeware email encryption system

used for email security

uses both asymmetric and symmetric systems

Front 66

GNU Privacy Guard (GPG)

Back 66

free alternative to PGP

Front 67

HTTP Secure (HTTPS)

Back 67

port 443

uses SSL

used for secure transactions by providing a secure channel

Front 68

Secure HTTP (S-HTTP)

Back 68

HTTP with message security

port 80

seldom used

creates a secure message

provides data integrity and authentication

Front 69

configure IPSec on windows 7/8

Back 69

1. run perfmon.msc

2. select performance monitor

3. right-click graph, choose Add Counters

4. select IPSec IKEv1 IPv4 and expand options

5. click show description and read comments

6. Click Add--Failed main mode negotiations and failed quick mode negotiations

Front 70

Federal Information Processing standard (FIPS)

Back 70

a set of guidelines for US federal government information systems

issued by NIST

Front 71

Public Key infrastructure (PKI)

Back 71

a framework

a 2 key, asymmetric system with 4 main components: certificate authority (CA), registration authority (RA), RSA, and digital certificates

Front 72

certificate policies

Back 72

define what certificates do

affect how a certificate is issued and how it is used

the policy indicates which certificates will be accepted in a given application

Front 73

cross certification

Back 73

the process of requiring interoperability of a certificate

Front 74

Certificate Practice Statement (CPS)

Back 74

a detailed statement the CA uses to issue certificates and implement its policies.

discusses how certificates are issued, measures taken to protect certificates, rules that CA users must follow to maintain certificate eligibility

Front 75

certificate revocation

Back 75

the process of revoking a certificate before it expires

handled through a CRL (certificate revocation list) or by using OCSP (online certificate status protocol)

Front 76

PKI trust models

Back 76

hierarchical

bridge

mesh

hybrid

Front 77

hierarchical trust model

Back 77

tree

allows tight control over certificate-based activities

the root CA is at the top and provides all the info

then comes the intermediate CA> Leaf CA (the end of the chain/network)

Front 78

bridge trust model

Back 78

a peer-to-peer relationship exists among the root CAs

useful for large, geographically dispersed or 2 separate orgs

Front 79

mesh trust model

Back 79

expands on bridge model by supporting multiple paths and root CAs.

also known as a web structure

useful when several orgs need to cross certify certificates

Front 80

hybrid trust model

Back 80

uses the capabilities of any or all of the other trust models.

Front 81

hardware based encryption devices

Back 81

in the advanced config settings in BIOS you can enable TPM (trusted platform module).

as well as HSMs (hardware security module) which are PCI adapters- its a cryptoprocessor that is used to enhance security

Front 82

TPM (trusted platform module)

Back 82

used to assist with hash key generation

a chip that can store cryptographic keys/passwords/certificates

used to protect mobile devices

is sometimes used with BitLocker

may be installed on motherboard

Front 83

BitLocker

Back 83

a full disk encryption feature

uses 128 bit encryption

a.k.a. hard drive encryption

Front 84

data encryption

Back 84

bitlocker

bitlocker to go

Truecrypt

database encryption