Chapter 8: Cryptography Flashcards Preview

CompTIA Security+ > Chapter 8: Cryptography > Flashcards

Flashcards in Chapter 8: Cryptography Deck (82)
Loading flashcards...
1
Q

Substitution Ciphers

A

You change one symbol with another.

  • The Caesar Cipher shifted 3 letters to the right in Latin.
  • The less cryptotext that’s available, the harder it is to decrypt
2
Q

Multi-Alphabet Substitution Cipher

A

Maybe shifting differently, say 3 to the right, 2 to the right, 1 to the left, in that order.

  • Vigenère Cipher
    • You had a table of letters matched up to keywords
3
Q

Transposition Ciphers

A

Take separate blocks of text and scramble them all differently

4
Q

Rot13

A

Rotates every letter 13 places in the alphabet

5
Q

The Enigma Machine

A

A typewriter that used a different substitute or alphabet for each keystroke
-Contained 26 different alphabets and was very hard to break back in the day.

6
Q

Steganography

A

Hiding a message within an image, audio file, or some other file

  • Least significant bit is the most common
    • You change the last bit in every byte
  • Invisible secrets is a good application for steganography
7
Q

How to encrypt in SUSE

A

Login as root and start YaST
System->partitioner
Answer yes, select filesystem, click edit
Select encrypt

8
Q

Symmetric encryption algorithm

A
  • Both ends of the message must have the same key and processing algorithms
  • Generates a (symmetric, secret, private) key that’s disclosed only to those who need to know
  • faster than asymmetric, just as secure with smaller key size
  • Problem is, if you need to share the key, how do you do it securely?
9
Q

Block Cipher

A

Algorithm works on chunks of data

10
Q

Stream Cipher

A

Algorithm works by bit or by byte

11
Q

in-band vs. out of band Key Exchange

A

In-band
-Key is included with the data stream (IPSec)
Out of Band
-Another channel shares the key

12
Q

Key Exchange Forward Secrecy

A
  • Ensures that if one key is compromised, subsequent keys will not be
  • Perfect forward secrecy is when a key is unbreakable
13
Q

Data Encryption Standard (DES)

A

-Was the standard used by government from the 70s until it was replaced by AES
-It was based on a 56-bit key
Symmetric Encryption

14
Q

Triple-DES (3DES)

A

-Uses 3 56-bit DES keys; 168 bits
-Pretty decent, though AES is still generally preferred
Symmetric Encryption

15
Q

Advanced Encryption Standard (AES)

A

-Uses the Rijndael algorithm, developed by Daemen and Rijma
-128 bit key is standard, 192 and 256 are optional
-256 bit is for DoD TS information
Symmetric Encryption

16
Q

Carlisle Adams and Stafford Tavares (CAST)

A

-Used by MS and IBM
-Fast, efficient 40-128 bit key
-128 and 256 exist, too
Symmetric Encryption

17
Q

Ron’s Cipher (RC)

A

-Developed by RSA, it’s very strong. RC4, 5, and 6. 6 is up to 2-48 bit
-RC4 is popular with wireless encryption. Streaming cipher with 40-2048 bits
-used in SSL and TLS
-Used for downloading Bittorrent files, too
Symmetric Encryption

18
Q

Blowfish and Twofish

A

Blowfish, 64 bit block cipher, very fast
-Symmetric block cipher, 32-448 bit keys
Two fish works on 128-bit blocks. Complex key schedule
Symmetric Encryption

19
Q

international Data Encryption Algorithm (IDEA)

A

-Developed by the Swiss. 128-bit key
-Used by PGP
Symmetric Encryption

20
Q

One-Time Pads

A

The key’s as long as a plaintext message

-The key can only be used once, then it’s discarded

21
Q

Rivest, Shamir, Adleman (RSA)

A

Pretty much the standard for Asymmetric encryption, as old as it is

22
Q

Diffie-Hellman

A

Founders of public/private keys
-Only used for the creation of a symmetric key between two parties
Asymmetric Encryption
<b>If you’re asked about insecure key exchange, it’s this or IPSec</b>

23
Q

Elliptic Curve Cryptography (ECC)

A

-Smaller keys than RSA, same level of security
-This may start replacing RSA as the de facto standard
Asymmetric Encryption

24
Q

ElGamal

A

Uses an ephemeral key, one that lasts only for one session

25
Q

Kerchoff’s Principle

A

The security depends on the secrecy of the key, no the algorithm

26
Q

Hashing Algorithms

A
  • Cannot be reversible
  • No matter how many characters you input, the hash size is the same
  • Few/no collisions
27
Q

Secure Hashing Algorithm (SHA)

A
  • 160-bit, used with encryption protocols
  • SHA-2: 224, 256, 334, 512 bit
  • SHA-3 is out, but SHA-2 is pretty much flawless, so…
28
Q

Message Digest Algorithm (MD)

A

Used to maintain integrity

  • MD5, 4, 2. MD4 was used by NTLM
  • MD5 produces a 128-bit hash, but it’s very secure. Doesn’t have strong collision resistance, so don’t use it
29
Q

RIPEMD (160, 256, 320)

A

Based on MD4

30
Q

GOST

A

Old soviet symmetric cipher modded to work as a 256-bit hash

31
Q

LANMAN

A

Pre-NT was a protocol used for authentication. It used LM Hash and two DES keys on the side

32
Q

NTLM

A

Replaced LANMAN

-Still pretty common despite MS wanting to employ Kerberos

33
Q

Rainbow Tables and Salt

A

A rainbow table is when you put in a password, get all of its possible hashes, find the hash of a stored password, and connect the two.
-Salt is when the OS adds bits to combat this

34
Q

Key Stretching

A

Strengthening a weak key, usually by making it longer

  • PBKDF2
    • Applies some function (hash or HMAC) plus Salt to get a good password
  • Bcrypt
    • Used with passwords, blowfish for hashing plus Salt
35
Q

Frequency Analysis

A

Analyze blocks for common patterns. Does not work on modern algorithms

36
Q

Chosen Plaintext

A

Comparing cypher text to plaintext to crack the algorithm. Once you do, that key is now yours.

37
Q

Related Key Attack

A

Like a chosen plaintext attack, but you obtain cipher text encrypted under two different keys.

38
Q

Brute Force

A

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

39
Q

Message Authentication Code (MAC)

A

Gives you a value to check with the message

-HMAC hashes

40
Q

Digital Signatures

A

Validates the integrity of message and sender

-The private key could be an example

41
Q

Nonrepudiation

A
  • Determining that someone is telling the truth

- Certificate authorities certify people with public keys legitimately

42
Q

Key Escrow

A

Keys are kept safe in case a 3rd party (generally the government or your employer) needs it

43
Q

Key Recovery Agent

A

Used to access information encrypted with older keys

44
Q

Key Registration

A

Providing Certificates. The RA hands these over to the CA

45
Q

Certificate Revocation List (CRL)

A

If your term expires, you’re added to the CRL and your certificate is no longer valid, usually after an hour or a day or something, but if OCSP is in action, then it’ll be pretty immediately

46
Q

National Security Agency (NSA)

A

Creates code, breaks code, and codes for the government

  • Thought to be the world’s largest employer of mathematicians
  • All missions are extremely highly classified
  • Enemies of EFF, Tor Project, Freenet, and I2P
47
Q

NSA/CSS

A

Helps coordinate DoD branch activities

48
Q

National Instutute of Standards and Technology (NIST)

A

involved in many standards, but it is primarily concerned with government systems

49
Q

Request For Comments (RFC)

A

This is how you propose a new standard

50
Q

American Bankers Association (ABA)

A

Concerned with the world of financial security

51
Q

Internet Engineering Task Force (IETF)

A

Improving the internet and computer security

52
Q

Internet Society (ISOC)

A

Experts who oversee committees such as the IETF

53
Q

World Wide Web Consortium (W3C)

A

Standardization of the WWW. Primary sponsor of XML

54
Q

International Telecommunications Union (ITU)

A

Responsible for pretty much all telecommunications and radio communication standards on Earth

  • ITU-R: Radio
  • ITU-T: Telecommunications
  • ITU-D: Expanding telecommunications in developing nations
  • Headquartered in Switzerland and sponsored by the UN
55
Q

Institute of Electrical and Electronics Engineers (IEEE)

A

PKC, wireless, networking protocol standards

56
Q

Public-Key Infrastructure X.509 (PKIX)/PK Cryptography Standards (PKCS)

A

PKIX formed by IETF to develop PKI standards

PKCS, voluntary standards created by a ton of organizations and coordinated through the RSA

57
Q

X.509

A

Certificate formats for public keys and how we should distribute said keys

  • end-entity certificate
    • most common, issued by CA to a system that uses, not issues, certificates
58
Q

CA Certificate

A

A certificate that’s issued by one CA to another

59
Q

What do all X.509 certificates have?

A
  • Signature
  • Version
  • Serial number
  • Signature algorithm ID
  • Issuer name
  • Validity Period
  • Subject name
  • Subject public-key info
  • Issuer unique ID
  • Subject unizue ID
  • Extensions
60
Q

SSL

A

Establishes a secure connection between two TCP machines

  • Steps in handshake are between 4 and 9
  • Establishes connection with asymmetric encryption, maintains with symmetric
  • You need an “up-to-date browser” that supports 128 bit encrypted sessions
61
Q

TLS

A

Expands on SSL, and will likely replace it. Should have replaced it long ago.

62
Q

Certificate Management Protocols (CMP)

A
  • CMP is used for messaging between PKI entities
  • XML Key Management Specification (XKMS
    • Allow XML programs to access PKI services. Built on CMP
63
Q

Secure Multipurpose Internet Mail Extensions (S/MIME)

A

Standard for email encryption. Originally published by RSA

-MIME is email standard. Asymmetric encryption, digital certificates

64
Q

Secure Electronic Transaction (SET)

A
  • Developed by visa and Mastercard for secure credit card transactions
  • Identification through an electric wallet
65
Q

Secure Shell (SSH)

A

Tunneling protocol originally used on Unix systems, but works on Windows now
-similar handshake to SSL

66
Q

Pretty Good Privacy (PGP)

A
  • Freeware email encryption. Introduced in the early 90s
  • Uses symmetric and asymmetric systems, which is why it’s so good
  • GPG (GNU Privacy Guard) is an alternative
  • Session key is encrypted in a public key
67
Q

HTTP over SSL (HTTPS)

A

Secures the channel between client and server

-It’s common for secure transactions

68
Q

Secure HTTP (S-HTTP)

A

Secure message, not secure channel

-Uses an RSA or digital certificate

69
Q

IPSec

A

Built into IPv6, becoming standard for VPN
-Highly secure
Open UDP Port 500 in firewall
Two primary protocols
-Authentication Header (AH) protocol 51
-Encapsulating Security Payload (ESP) protocol 50

70
Q

PPTP (Point to Point Tunneling Protocol)

A

Encapsulation from one point to one point

  • Encapsulates and encrypts PPP packets
  • The negotiation is in the clear, then the channel is encrypted
  • A sniffer can get information like this relatively easily
71
Q

L2F

A

Developed by Cisco for Dial-up tunneling

-Similar to PPP. Provides authentication, no encryption. Port 1701. TCP

72
Q

L2TP

A

Hybrid of PPTP and L2F. Primarily point-to-point

  • Can be sued as a bridge across many types of systems
  • Not encrypted. uses UDP port 1701
73
Q

Federal Information Processing Standard (FIPS)

A

Issued by NIST, establishes guidelines for US federal Information Systems

74
Q

Public Key Infrastructure (PKI)

A
Meant to offer security to messages and transactions on a grand scale
Two key, asymmetric system with:
-Certificate Authority (CA)
-Registration Authority (RA)
-RSA, for encryption
-Digital Certificates
Public/Private key system
75
Q

Certificate Authority (CA)

A

A CA is an organization who does shit with certificates

  • A certificate associates a person with a public key
  • To get a certificate, you send a CSR
76
Q

Registration Authority (RA)

A

It will act as the middleman and offload work for the CA

  • It can distribute keys, accept CSR, and validate identities
  • It cannot, however, issue certificates
  • A Local RA (LRA) can identify individuals on behalf of the CA
77
Q

Certificate Policies

A
  • These define what certificates do
  • A CA will have policies to give out different kinds of certifications for different applications
  • This also helps because the consumer will be able to verify that it’s the right kind of certificate
78
Q

Certificate Practice Statements (CPS)

A

This provides the users with information on the CS’s policies, rules, and standards of practice. you should not trust a company without a CPS.

79
Q

What are the Four Main PKI Trust Models?

A

Hierarchal
Bridge
Mesh
Hybrid

80
Q

Hierarchal Trust Models

A
  • A tree model
  • Allows tight control, probably the best model
  • Intermediate CAs only trust root and each other. Roots can trust roots and intermediate and leaves can trust each other
81
Q

Bridge Trust Models

A
  • intermediates only trust those above and below them
  • Roots trust each other
  • Adds flexibility and interoperability, but there’s a lack of trustworthiness.
  • good for geographically dispersed or partnered companies
  • All of the roots must maintain high security standards
82
Q

Mesh Trust Models

A

Expanded bridge, good for when companies need CAs to certify each other