Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
110 Cards in this Set
- Front
- Back
|
Kerckhoffs principle |
Auguste Kerckhoffs published a paper in 1883 stating that the only secrecy involved with acryptography system should be the key. He claimed that the algorithm should be publiclyknown. He asserted that if security were based on too many secrets, there would be morevulnerabilities to possibly exploitHe belived if security were based on too many secret, there would be more vulnarabilities.It opposes to security through obsecurity. |
|
|
3Des |
It used 168 bitUsing 3 different keys, k1, k2 and k3It has four versionsBoth third and fourth bit uses 112 bit |
|
|
AES |
AES Is also known as rijndael(rhine-doll) has been chosen to replace DES..NIST released FIPS 197 which mandatesnto use AES for all sensitive but unclassified data.It uses 3 key strength.128 (10 round) 292 (12 round) 256 (14 round) |
|
|
Asymetric advantages and disadvantages |
1.provide digital signature 2.addition of new users require only one public and private key. 3.users can be removed far easily 4.key regeneration is only requires when key is compromised .5.it provides integrity, authentication and non repudiation 6. Key distribution is simple 7.no pre existing link to be establishedDisadvantages1.slow speed |
|
|
Block cipher |
Transposition cipher is an example of block cipher.Appky encryption to an entire message.Some modern encryption algorithm implement some type of block cipher. |
|
|
BLOW FISH |
It uses 64 bit block sizeIt uses key from 32 bit to 448Blowfish is faster than des and ideas. |
|
|
CBC |
It implements IV and XOR, which generates unique output everytime the operation is performed. If one block is corrupted during transmission it becomes impossible to decrypt that block and the next block as well First block is XORed with a block of random data(IV) then eveey subsequent block of plain text is XORed with precious block. |
|
|
Cerasor cipher |
One of the earliest known cipher systems was used by Julius Caesar to communicate with Cicero in Rome while he was conquering Europe. you simply shift each letter of the alphabet three places to the right. For example, A would become D, and B would become E. Also known as ROT 3. It’s vulnerable to a type of attack known as frequencyanalysis |
|
|
cryptography |
The art of creating and implementing secret codes and ciphers isknown as cryptography also known as cryptovariable. |
|
|
Cryptology |
together cryptography and cryptanalysis is cryptology. |
|
|
CTR |
It uses a simple counter that increment for each operation.. Error do not propogate in CTR.CTR is well suited for parallel computing |
|
|
DES |
Its a 64 bit block cipher which has 5 modes.Key size is 56 bit1.ECB2.CBC3.CFB4.OFB5.CTRDES uses XOR to generate cipher and the process is 16btimes. |
|
|
DES key is 64 bit or 56? |
Only 56 contain keying information and the 8 bit contains parity information. |
|
|
ECB |
It is used for small amount of data and least secure. If eaves dropping, it can build build a coodbook of all possible encryoted values. Each time algorithm processb64 bit block it encrypt using the chosen key so if the algorithm find the same block multiple time it will produce the same encrypted block |
|
|
Enigma |
commercial code machine and its used for goverment.The machine used three to six rotors to implement an extremenly comlicated subsititution. |
|
|
exploit of data in use |
if process isolation is not implemented properly. |
|
|
FIPS 140-2 |
Security Requirements forCryptographic Modules,” defines the hardware and softwarerequirements for cryptographic modules that the federal governmentuses. |
|
|
Four fundamental goal of Cryptography |
confidentialityIntegrity, authentication,nonrepudiation. |
|
|
how to ensure message integrity |
using encrypted message which is known is digital signature. The receipt verified the message digital signature to ensure message is nto altered .Each one timepad must be ised only once. Key must be atleast as long as the message to be encrypted |
|
|
Hownto ensure one time pad integrity.
|
1.mustbe randomly generated 2.must be physically protected |
|
|
IDEA |
It uses 64 bit blockIt uses 128 bit key. And is broken in 52 16 bit subkeys. The sub key uses XOR with mod to produce encrypted /decrypted input message. It uses same five mode used by DES. IDEA is also found in pgp.
|
|
|
IV |
IVs are used to create unique ciphertext every time the samemessage is encrypted using the same key. |
|
|
Ket management |
Secure key generation Secure key storage and use(key escrow) Seperation of duties, dual control and split knowledge Timely key rotation and key change Key destruction |
|
|
Key escrow and recovery |
Two major approaches 1.fair crypto systems 2.escrowed encryption standard
|
|
|
Non repudiation |
Nonrepudiation provides assurance to the recipient that the messagewas originated by the sender and not someone masquerading as thesender.Also prevent sender from denying that they never sent this message.Secret key/ symetric key and ( sinmple substituation cipher) do not provide non repudiation. |
|
|
Nonce |
Cryptography often gains strength by adding randomness to theencryption processNonce is a randome number when the function is executed nonce is replaced with the random number and nonce must be a unique number each time it;s used.Example : Initialization vector |
|
|
Number of keys formula |
Number of keys formula=n(n-1)/2 |
|
|
OFB |
Almost the same fashiom as CFB.Instead of XORing, it uses XORS plain text with seed value.Future seed value are derived by running the DES algorithm on the previous seed value.There is no channing function and transmission error don't propagate to affect the decryption of future block. |
|
|
One time pad |
Is extremely powerfull substitute cipher.C=(p+k) mod 26Its also known as vernam cipher. One time pad can be used only for short messages bexause of key length |
|
|
Polyaalphabetic |
Its a subsitiution cipher use multiple alphatbets in the same messagento hinder decryption effort. Vigenere cipher is polyaalphabetic cipher. |
|
|
RC4 |
It was used in 802.11 WEP. But it was vulnarable to modification attack. |
|
|
RC5 |
Its a block cipher of variable block(32,64,128)Key size between 0 to 2040Rc5bis subject to bruteforce when using with 64bit and it takes 4 year to Crack single message. The number of round can go up to 255. New rc6 has been developed but not widely used. |
|
|
Round of encryption |
Each repetitions is known as round of encryption |
|
|
Running key cipher |
It is known as book cipher.Encryption is as long as the message. |
|
|
SKIPJACK |
It's approved by ua goverment in FIPS 185.escrowed encryption standard. It uses 64 bit blockIt uses 80 bit key and supoort tje same 4 mode supported by DES. Two agencies, NIST and department ofnthe treasury hold a portion of information required to reconstruct a skipjack key. Law enforcement contact two agencies, obtain key and decrypt communication between the affected parties
|
|
|
Split knowledge |
no single person has sufficientprivileges to compromise the security of an environment. Thisseparation of duties and two-person control contained in a singlesolution is called split knowledge. |
|
|
Stream cipher |
It operates on one charcter or bit of a message.Ceaser cipher is am example of stream cipher.Stream cipher can also fucntion as a block cipher |
|
|
Symetric key algorithm |
It relies on shared secret. Its also known as secret key and private kry cryptography. When used large key, symetric algorithm is difficult to break
|
|
|
Symetric weakness and advantages |
1.Key distribution is a major problem.2 it doesnt implement non repudiation3 algorithm is not scalable4.key must be regenerated oftenAdvantages.Faster 1000 to 10000 then asymmetric |
|
|
Twofish |
Is another one OF AES finalist.Its a block cipherBlock size 128Key size is 256It uses two techniques which is not found in any other.1.prewhitening involves XORing the plain text with sperate sub key befire first round of encryption2.postwhiting, its uses similar operation after 16th round of encryption. |
|
|
Ultra |
alan turing broke engima in 1940 using the cryptabnalysis known as ultra.Japanese used like engima machine " Japanese purple" which was also broken using ulta. |
|
|
Well knows Symetric algorithm |
DES3DESBLOWFISHIDEARC4, RC5 AND RC6AES |
|
|
which cryptosystme is one way |
Public key cryptosystems are all based on some sort of one-way function. |
|
|
which cryptosystme is one way |
Public key cryptosystems are all based on some sort of one-way function. |
|
|
work function |
You can measure the strength of a cryptography system by measuring.1. effort in temrf of cost. 2.work fucntion or work factor. The security and protection offered by a cryptosystem is directly proportional to the value of the workfunction/factor.size of work factor should match the value of protected assets.crypto system should be cost effective ( mean work function need to be slightly higher than the value of |
|
|
2 digital signature ny name |
Schnorr'SNyberg-rueppels signature algorithm |
|
|
ADEPT |
Adobe digital experience protectionProvides DRM technology for e books sold in a variety of format. It uses AES to encrypt the content and RSA to protect the AES key.. |
|
|
Analytic attack |
Attemot to reducr the complexity of the algorithm. It foxuses on logic. |
|
|
Certificate authorities |
Symentec Identrust Amazon Globalsign Certum Comodo Digicert. secom Entrust Actalis Trustwave
|
|
|
Certificate comply with X. 509 contains the following |
1.version 2 serial number 3.Signature algorithm identifiers 4.issuer name 5.validity period 6.subjects name 7.subjects public key
|
|
|
Certificate verification |
1.digital signature of CA is authentic 2.you trust the CA 3.the certificate is not listed on a CRL 4.the certificate actually contains the data you are trusting. |
|
|
Certification generation and destruction |
1.enrollment2.verification3 revocation4.CRL5.OCSP |
|
|
Chosen cipher attack |
Ability to decrypt chosen portion of cipher text adn disxover the key |
|
|
CPV |
Important to verify that every link between trusted endpoints remain current, valid and trustworthy |
|
|
Crypto system provide almost equal protection. |
RSA 1024DSA 1024ELLIPTIC CURVE 160 |
|
|
Digital signature |
1.It provides non repudiation2.it also ensures that the message is not altered.It provides, integrity, authentication non repudiation |
|
|
Document DRM |
It is used also to protect the security of sensitive information stored in pdf file.Commecial DRM product1.vitrium2.fileopen |
|
|
EL GAMAL |
1985 It proposes how defi hellman coukd ve extended to support an entire public key cryptosystem used for encrypting and decrypting messages. .El gamal has major disadvantages thst it doubles the length of any message it encrypts. This present hardship when encrypting and transmitting over a narrow bandwidth. |
|
|
Eliptic curve |
Neal koblitz built in 1985 from University of washington and victor miller from IBM . Y2=x3+ax+b It widely believe that this problem is harder to solve than bothbthe prime factorization problem that RSA is based on and discreate logarithm utlizied by diffie hellman.Its key 160 is equal to RSA 1024 |
|
|
Encryption on portable devices |
EFS on windowsFile vault encryption in MACVeracrypt open source in linux, mac and windows |
|
|
End to end encryption End to end encryption |
Doesnt encypt the following 1.header 2.trailer 3.address 4.routingbdataIt moves faster but Sucpectibility to eaves dropping.Ssh
|
|
|
HAVAL |
Hash og variable lengthIt uses 1034 bit block and produces the following hash value.128160192224.256 |
|
|
HMAC |
It implementa partial digital signature.It guarantees of message integrity but does not provide nin repudiationIt relies on shared secret key(symetric)It can be combined with public key cryptography like SHA 3. 1.concatenated message 2.hashing algorithm 3.symmetric key
|
|
|
Implementatiom attack |
It focuses on exploiting software code.Not just the error or flaw but methodology. |
|
|
IPSEC |
AH ESP Esp is sometime used without AH But its rarento see AH used without ESP AH 1.INTEGRITY 2.non repudiation 3 authentication 4 access control ESP 1confidentiality 2 integrity 3.limited authentication 3.prevent replay attack |
|
|
Ipsec two modes |
Transport Tunnel mode Trasnport Only packet payliad is encrypted TunnelThe entire packet including the header this mode is designed for gateway to gateway communications
|
|
|
Link encryption |
Creating a secure tunnelIt encrypts all data including the header, trailer, addrsss routing data. |
|
|
Mark-hellman knapsack |
It waa developed a year after RSA was publicized.Its not on based of perdorming factoring operation but relies on a component of theory (known as "super increasing sets) rather than on largebprime number.It was proven in effective in 1984. |
|
|
MD2 |
Developed in 1989It provides a sexure hash function for 18 bit processor. Md2 pads the message so that its length 128 bit message digest generated by using entore orognal message and apoended checksum. .If checksum is not appended before digestion then collision may occur.FREDERIC MUELLER proved MD2 is not a one way function.
|
|
|
MD4 |
Its used 32 nit processorIts pads the message to ensure that the message length is 64 bit smaller than a multiple of 512 bits. Md4 process 512 bit block in three round of computation. Final. Output is 128 bit.
|
|
|
MD5 |
1991It uses 512 bit block of message. Its uses four distict round of computation to produce a disgest of same length md2, md4 (128 bit)It has a same padding requirement as md4. It imlement additional securiry the reduces speed of message digest production. |
|
|
Message digest. |
Also other name.HashHash valueHash totalCRCfingerprintChecksumDigital ID. A single value can be used to perform tje function of parity. A low level or single digit checksum value used to provide a single indivisual point of verification. |
|
|
Moors law |
Computing power doubles approximately every two years. If takes current computer one year to break your code., it will take 3 month if the attempt is made after 4 years. |
|
|
NIST digital signature standard |
FIPS 186-4 also known as DSS.It specifies all document must use SHA-3 |
|
|
PGP COMMERCIAL |
Uses RSA for key exchangeIdea for encryption/decryptionMd5 for message digestion. |
|
|
Pgp email based services |
StartmailMailenvelopSafegmailHushmail |
|
|
PGP freeware |
It uses diffe helman for jey excamhangeIt uses cast 128 bit foe encryption / decryptionIt uses SHA1 for hashing |
|
|
PKI STEPS |
1.john makes a request to RA 2.The RA request this information. Driver licnese Phone number His address Other identifying information 3.once RA receive this information, RA sends his certificate request to CA 4.CA creates a certificate with Johns public key and identifying info embedded.(the public/private keybis generated by CA or john machine. Note :in most cases, the user generates this pair and sends in his publix key during registration |
|
|
Replay attack |
It intercept the an ecrypted message between two parties and replay to open new session. This can be defeated using time stamp adn expiry period
|
|
|
Revocation grace period |
Revocation grace period is the maximum response time within which a CA will perform any requested revocation. Its defines in CPSCertificate practice statement |
|
|
RSA |
1. n=p*q 2.e is less than n 3.e and (p-1) (q-1) are prime numbers 4.find d which ia secret key (ed-1)mod(p-1)*(q-1)=1C=p^e mod nP=c^d mod n |
|
|
S/MIME |
De facto standard for encrypted email.It uses RSA and has backing of majority players, inckuding RSA security.It uses X. 509 for exchanging cryptographic keys. It uses AES adn 3DES for encryption/ decryption. Its incorporated with the following.1.Microsoft outlook and office 3652 .mozila thunderbird3.Mac OS X mail4.Gsuit enterprise edition
|
|
|
SHA |
Sha1, 2 and 3 are governement standard defined by NIST.Its called SHS and FIPS-180 |
|
|
SHA1 |
It takes any input approximately 2097152And produce 160 message digest.SHA 1 processes a message 512 bit blocks, if message length is not multiple of 512 then sha will repeat it until reaches 512.Crypt analysis demonstrated weakness which led to creation of sha2 |
|
|
SHA2 |
SHA 256 produces 256 bit message using 512 block sizeSHA 224 uses a truncated version og SHA 256 hash and produces 224 bit messageSHA 512 produces a 512 bit message digest using a 1024 bit size.SHA 384 uses a truncated version of SHA 512 produces 384 using 1024 bit block size. |
|
|
Specialize hashing fucntion which adds salt |
1.Pbkdf22.Bcrypts3.scrypt |
|
|
SSH1 |
Support1.Des2.idea.3.3 des4.bliw fish. |
|
|
Statistical attack |
Explotis the floatinf point erroe and inability toRandom numbers.It also find vulbarability in hardware and software hostinf cryptosystem.. |
|
|
TPM |
Is a microchip installed on the motherboard and is dedicated to carryingout security functions like.Storage and processing symetr3and asymmetric keys, hashea and digital certificatesTPM is devised by TCG |
|
|
Two major technology used to protect mass distributed media. |
Two major technology used to protect mass distributed media.HDCPAACS |
|
|
Web application |
TLS v1. 2 dropped backword compatibility2014 major flaw poodle indentified in SSL v3. 0TLS has gained a name SSL 3.1 |
|
|
What is endorsed copy of indivisual pblic key |
Digital signature |
|
|
What permission does document DRM put |
1.reading a file2.modifying the content of a file3.removing watermarka feom a file4.downloading /saving5.printing a file6.taking screenshot of file content . |
|
|
When adopting security for email? What is the effective solution? |
Simplicity |
|
|
Which 3 standard encryption algorithm is specified by DSS. |
DSA - FIPS-186RSA X9.31 ECDSA specified in ANSI X9. 62 |
|
|
Certificate classes and type |
|
|
|
Most common letter in the english |
ETAONRISH |
|
|
Confusion |
When relationship between plaintext and the key is so complicated. Also multiple round of subsitiution |
|
|
Diffusion |
It occurs when a change in the plaintext result multiple changes. Multiple round of transposition |
|
|
Same pattern encryption |
Des Idea Blowfish |
|
|
Symetric chart |
|
|
|
HAVAL |
1024 bit block size Key 128 260 224 256 |
|
|
Hash algorithm chart |
|
|
|
Cast |
Used in pgp free version 128 bit |
|
|
Supplicant |
To use 802.1x, client runs a piece of softwate known as suplicant |
|
|
Attack identity |
ETAOIN is found then its most likely trasnposition cipher Otherwise it will be subsitiution cipher. |
|
|
Side channel attack |
|
|
|
DSA |
DSS IS A FEDERAL standard security standard that governs DSA. DSA generates 160 bits It only provide digital signature |
|
|
What RSA provides |
RSA provides digital signatures, encryption, and secure |
|
|
quadrent in risk assesment |
quadrent in risk assesment |
