Chapter 8 - Cryptography Flashcards Preview

Security + > Chapter 8 - Cryptography > Flashcards

Flashcards in Chapter 8 - Cryptography Deck (44)
Loading flashcards...
1

what is cryptography?

8 - 245

the study of cryptographic algorithms

2

what is a cipher?

8 - 245

a method used to encode characters to hide their value

3

2 methods of ciphering (nonmathematical)

8 - 246

substitution (shift the letters over) and
transposition (break the letters into separate blocks and then scramble the blocks)

4

how do you do ROT13?

8 - 247

shift the letter by 13. works backwards and forwards.

5

what was the enigma typewriter?

8 - 248

typewriter that implemented a multi-alphabet substitution cipher

6

what is steganography?

8 - 248

process of hiding a message in a medium like a digital image, audio file, or other file

7

what is the most common method of steganography?

8 - 248

least significant bit method

8

3 major areas of modern cryptography

8 - 249

symmetric - same key at each end, which will be a secret (private) key
asymmetric
hashing algorithms

9

what are the two kinds of ciphers that symmetric methods use?

8 - 250

block cipher
steam cipher

10

9 examples that use symmetric algorithms

8 - 250

Data Encryption Standard - replaced by AES, uses 56 bit key
Triple-DES - more secure than DES, uses 3 56 bit keys
Advanced Encryption Standard - uses the Rijndael algorithm, key sizes are 128, 192, 256
AES256 - US Govt Top Secret, 256 bit
CAST - Carlisle Adams and Stafford Tavares
Ron's Cipher - RC4, RC5, and RC6. max key size 2048.
Blowfish and Twofish - symmetric block cipher, variable length keys, 64 bit block cipher
International Data Encryption Algorithm - Swiss developed, 128 bit
One-Time Pads - the only truly secure cryptographic implementations, uses a key that is as long as a plaintext message

11

two kinds of key exchange

8 - 251

in-band
and
out-band

12

what is a common approach to achieving forward secrecy

8 - 251

use ephemeral keys

13

you are exchanging keys over an insecure medium and IPSec is not part of the scenario. what algorithm will you be using?

8 - 253

Diffie-Hellman

14

this cryptography is similar to RSA but uses smaller key and is based on the idea of using points on a curve

8 - 253

Elliptic Curve Cryptography

15

a hashing algorithm is different from cryptography because it has these 3 characteristics

8 - 255

it must be one-way
variable length input produces fixed length output
the algorithm must have few or no collisions

16

when you are key stretching, how do you usually make it stronger?

tell me 2 types of key stretching

8 - 256

make it longer

Password-Based Key Derivation Function 2 - applies a hash or HMAC to the password/passphrase along with salt to produce a derived key

Bcrypt - used with passwords, essentially uses a derivation of the Blowfish algorithm, converted to a hashing algorithm, to hash a password and add Salt to it

17

common code breaking techniques. tell me 5

8 - 257

frequency analysis - looking at blocks to determine patterns
chosen plaintext - obtain the ciphertexts corresponding to a set of plaintexts of their own choosing
related key attack - like a chosen plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys
brute force attacks - apply every possible combination of characters
exploiting human error - not encrypting when you should

18

what does WPA use? what does WPA2 use?

8 - 258

TKIP

CCMP

19

the three most important concepts in security

8 - 259

confidentiality
integrity
availability

20

what are the two things that HMAC uses?

8 - 260

hashing algorithm and a symmetric key

21

what's a digital signature?

8 - 261

validates the integrity of the message and the sender

22

what is nonrepudiation responsible for?

8 - 262

prevents one party from denying actions they carried out

23

tell me the 4 main trust models of PKI

8 - 262

bridge - peer to peer relationship between the root CAs
hierarchal - root CA at top provides all the info
hybrid - two root CAs, but the peer to peer occurs between the intermediate CAs
mesh - expands the bridge, more than 2

24

what does X.509 define?

8 - 267

defines the certificate formats and fields for public keys

25

who developed Secure Electronic Transaction?

8 - 270

visa and mastercard

26

tell me what Kerckhoff's principle is.

8 - 254

states that the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself

27

this is the most widely used and recommended hashing algorithm

8 - 255

SHA2

28

the strength of a cryptographic system is determined by what?

what is strength also known as?

8 - 257

how difficult it is to crack

work factor

29

in terms of THIS chapter, what does MAC stand for and what is it derived from?

8 - 260

message authentication code

the message and the shared key

30

what is the mechanism used to propose a standard?

8 - 264

the Request for Comments, the RFC