Cryptography Cram

Bifid Cipher

Maps letters into numeric values

Playfair

5×5 matrix

Caesar Cipher

Shift

Kasiski Examination

Breaks the vigenere / polyalphabetic cipher

Symmetric Use

Better for fast speed

Asymmetric Use

Better for security

Privacy Enhanced Mail (PEM)

Text based format for certificates

Clipper Chip

Uses skipjack

Digital Signature

Used to verify that a data entity was created

Key length Increase

Performance decreases, but security improves

New block to blockchain

Added once every 10 minutes

ECB

Each block is processed separately with the same key. No salt or IV is used, so the same ciphertext is produced each time the same plaintext is encrypted

CBC

IV encrypts the first block and the result of that is used to encrypt the next block

CFB

IV is encrypted and XOR’d, producing multiple outputs

OFB

Block 1 is XOR’d with the encrypted version of the IV. The output is encrypted again and XOR’d with the second block

CTR

Encrypts and XOR’s a counter value and a nonce with the plain text block. Each block is processed independent of the other

AES and RC4 Similarity

Both are symmetric

Prime Number

Number that is divisible by 1 and itself

Homomorphic Encryption

Used to perform computations on encrypted data without the need to reveal the plaintext

Hash value for SHA-1

160 bits

GSM

Used A5/1 and A5/2 stream encryption

NTLM

Pads the password with null characters to reach a total length of 14 characters before encrypting it using DES

Chaskey

128 bits

Aescrypt

Encrypts individual files and full disks

Mono-alphabetic code

Single mapping from our alphabet to a cipher alphabet is created

Polyalphabetic

Mapping of our alphabet to a number of cipher alphabets

One-time pad

Considered unbreakable since it only uses its cipher code once

Pseudo Random Number Generators

Repeats random numbers after a given time. Fast and deterministic

True Random Number Generators

Generates a true random number and uses a random process. Monitoring mouse pointer or pauses between keystrokes. Slow and non-deterministic

Frequency Analysis

Identifies patterns and variations in the probability of codes. Used inn cipher cracking

Entropy

Measures the level of unpredictability

Binary to Character encoding methods

ASCII and UTF-16

Hardware Encryption

More efficient than software encryption

Hardware Security Module

Tamper evident and intrusion resistant physical device that safeguards and manages cryptographic keys and provides cryptographic processing

Trusted Platform Module

Processor that handles hardware level encryption. Allows full disk encryption on a hard drive to minimize impact on performance

Symmetric Encryption Types

Block and Stream

Symmetric Block Encryption

Grouping data into blocks and encrypting the individual blocks

Symmetric Stream Encryption

Encrypting one bit at a time. Much fast than block

Block Cipher Modes

ECB, CBC, CFB, OFB, CTR

S-boxes

Take a given input and leverage look up tables to produce a given output

Salting

Adding an IV to the ciphering process to change its operation and ensure that the ciphertext does not give the original plaintext when played back

Secret Key Encryption (Symmetric Cryptography)

Uses a single secret key for both encryption and decryption

ECB

Most basic, weak, and unsecure mode

Hashing

Onne-way irreversible encryption used to protect the integrity of data. Takes a variable length input and produces a fixed length output

Collision

When two different input values produce the same hash signature

APR1

Addresses the problems of brute forcing an MD5 hash

Rainbow Table

Collection of precomputed hash values of actual plaintext passwords used for password cracking

HMAC

Message authentication code used to verify the integrity and authentication of a message

Elliptic Curve Cryptography

Bitcoin uses this

El Gamal

Public key method used in both encryption and digital signing

Cramer-Shoup

Like El Gamal, but it adds a one way hashing method to protect against ciphertext attacks

Paillier

Supports homomorphic encryption

Forward Secrecy

Means that a compromise of the long term keys will not compromise previous session keys

Ephemeral Key Methods

Different key is used for each connection

Diffie-Hellman

Used in key exchange algorithms

DHE_EXPORT Downgrade attack

Forces the key negotiation process to default to 512 bit prime numbers

Diffie Hellman Groups

Group 1, Group 3, Group 5

Common Certificate Types

IKE, PKCS 7 & 10, RSA, X.509v3

PKCS 5

Used for password based encryption

PKCS 7

Used to sign and/or encrypt messages for PKI

PKCS 10

Use4d for requesting digital certificates from certificate authorities

PKCS 12

Used to bundle a private key with its X.509 certificate or to bundle all members of a chain of trust

X.509 Encoding Schemes

PEM & DER formats

X.509 file types

.cer, .crt, .pem, .key, .der

Initialization

Registration, Generation, Creation, Distribution, Dissemination, Backups

Issued

Retrieval, Validation, Recovery, Updates

Cancellation

Expiration, Revocation, History, Archiving

Period of Validity

Timeframe the certificate is valid and should be trusted

Flaws of SSL v22

Usage of export grade ciphersuites and crackable keys

SSL Risks

DROWN, POODLE, FREAK

SSL/TLS Tunnel

Created with symmetric key, then a signature is created with a hashing method

IPSec Handshake

Takes place on UDP port 500 for key exchange

Key Escrow

Copy of encryption key is kept in escrow so the government can use it if needed

NOBUS

Possible for government agents to crack the encryption but nobody else can

Exhaustive Search

Intruder uses brute force to decrypt the ciphertext and uses every key possible

Known Plaintext Attack

Intruder knows part of the ciphertext and the corresponding plaintext

Active Attack

Intruder inserts or modifies messages

Replay System

Intruder takes a legitimate message and sends it into the network at some future time

Cut-and-Paste

Intruder mixes two different encrypted messages and is able to create a new message

Time Attack

Determining the amount of time a user takes to decrypt the message

Time Resetting

Resetting the computer time or determining the time can give useful information to the intruder

AES

Free from major vulnerabilities. Poor implementation leaves it susceptible to attacks

RSA

Has several weaknesses and is susceptible to numerous attacks and cracking methods

Light Weight Cryptography

for IoT, embedded systems, RFID, sensor networks

Conventional Cryptography

For serrvers, desktops, tablets, smartphones

Quantum Computers

Can search a range of prime numbers at a speed which would break most existing RSA implementations

Smart Contracts

Programs stored on a blockchain that run when predetermined conditions are met

SHA-1

Generates the thumbprint of a certificate

Digital Signature

Validates the integrity and authenticity of a transaction

Certificate Authority

Generates digital certificates

Private Key of the root CA

Used to sign the certificate issued to the business

Public Key of the company

Business sends this to potential customers to prove its identity

Thumbprint

Displays the hash or digest of the certificate in a X.509 certificate

WEP max length encryption keys

40

WPA-Enterprise & WPA-Personal Difference

Support for an authentication server

Cipher used in WEP

RC4

TKIP

Improves WPA over WEP by hashing the IV and secret key

IPsec Key Exchange Port

UDP 500

Protocol 51

Indicates VPN is using Authentication Header

ECP

Encrypts each group with the same key, leaving each group independent of the others