Cryptography

Password hashing, encryption, PKI & certificates, uses of cryptography, cryptographic tools

What is cryptography?

The practice of securing information by converting it into a secure format.

What is hashing?

A one-way process used to ensure data integrity by creating a unique output (digest) from a given input.

What is encryption?

A two-way process used to ensure data confidentiality through digital signatures

What are collisions?

Two different inputs yield the same output, signaling the algorithm is cryptographically broken

What are common types of hashing algorithms?

MD5, SHA256, SHA512.

What is the main issue with MD5?

It is very old and known to generate collisions, making it not secure enough for most secure hashing operations.

What does SHA256 provide over MD5?

It is more cryptographically secure than MD5.

Why isn’t encryption used to secure passwords anymore?

If an attacker gets into system and/or encryption key, they gain access to all passwords.

What is salt?

Digits added to hash output to prevent brute force hash cracking

What is symmetric encryption?

An encryption method where the encoding key is the same as the decoding key.

What is the benefit of symmetric encryption over asymmetric encryption?

It is less computationally intensive.

What is the benefit of asymmetric encryption over symmetric encryption?

It is not easily broken through brute force and/or frequency analysis.

How to solve the symmetric encryption key transportation problem?

Send key encrypted through asymmetric encryption.

What is asymmetric encryption?

An encryption method (Diffie Hellman exchange) that uses a public key and a private key.

What is out-of-band exchange?

Keys are sent over an unrelated communication channel, such as verbally or in the mail.

What is an in-band exchange?

Keys are sent over the same channel used for communication.

What is key strength?

A measure, determined by key length, of how resistant an encryption key is to brute force and other key-discovery techniques. Inversely related to usability (processing power/time).

Levels of encryption

Full disk encryption, partition level, volume level, file level, database level, record level.

What is a certificate?

A key-pair assignment from a CA.

Third-party certificate

Issued by another entity

Self-signed certificate

Issued by an organization for use within that organization.

Public Key Infrastructure (PKI)

Ensures public keys (and by extension, private keys) belong to 1&only1 organization to protect confidentiality through issuing certificates from CAs.

What is a Certificate Authority (CA)?

A trusted organization that (1) assigns digital certificates to applicants, (2) ensures no two organizations have the same key pair, and (3) maintains records of assigned and revoked certificates.

What is a Certificate Signing Request (CSR)?

An application to a CA to initiate the process of receiving a signed certificate for a specific key pair

Types of CAs

Issuing, Intermediate, Root

Online Certificate Status Protocol (OCSP)

Allows an entity to check the status of a certificate with the issuing CA

Control Revocation List (CRL)

Identifies which certificates have been revoked by the issuing CA and should no longer be trusted

Certificate Contents

(1) Chain of trust, (2) Certificate holder info, (3) Issuing CA info, (4) Expiration date, (5) URLs used by certificate (Subject alternative names), (6) Algorithm used for public key

Code Signing

Ensures an application has not been modified and confirms the author by hashing the file and signing it with the developer’s private key

What is the purpose of digital signatures?

To authenticate the sender of a message and ensure that the message data has not been modified.

Blockchain

A decentralized and distributed public ledger that records the alterations of a digital asset, typically managed by a peer-to-peer network.

What makes Blockchain secure?

An attacker would need to take over the majority of the network in order to add falsified info to the ledger (hard but not impossible)

What is a secure enclave?

Cryptographic memory where encrypted sensitive data is stored, often accessed through biometrics.

How is Key Management carried out?

Key rotation prevents an attacker from being able to use a stolen key for very long by periodically switching out keys.

What is a Trusted Platform Module (TPM)?

A small chip in the motherboard used to identify a specific system, often used to store sensitive information like passwords and cryptographic keys.

What is a Hardware Security Module (HSM)?

A large, special-purpose GPU-powered peripheral that offloads computationally intense encryption/decryption workload from the main general-purpose CPU.