Lesson 4

Secure Enclave

Separate processor and microkernel for storing and handling cryptographic keys, used in mobile devices

Trusted Platform Module (TPM)

Hardware chip for storing cryptographic keys

Digital Certificates

An object linked to website / service that can be used to prove its authenticity

Key

A cryptographic variable, the secret in an algorithm

Deprecated

Cryptographic element is able to be used, but risky and highly discouraged (e.g 3DES)

Hashing

The process of converting a file / string to it’s unique token / hash pairing

Broken

A cryptographic element that has known exploit(s)

Encryption

Encoding data so it cannot be read, confidentiality

Hardware Security Module (HSM)

A physical device that stores cryptographic keys (e.g thumbdrive)

Public Key Infrastructure (PKI)

The grouping of technologies / techniques that allow for secure communication between two parties (e.g browser and web server)

Trusted Platform Module

A hardware chip responsible for storing cryptographic keys

Digital Signatures

A way for a sender to prove the integrity of what they are sending, and proof they actually sent it (non-repudiation)

Cipher

A recipe for converting plaintext to cipher text

Algorithm

A mathmatically complex cipher that needs a computer to solve

Secure Enclave

A separate processor and microkernel for storing and processing cryptographic keys, used in mobile devices

Ciphertext

The version of plaintext after the cipher recipe has been applied

Cryptography

The field of making something a secret

El Gamal

An asymmetric algorithm, used for key exchange

KMPS

Key Management Practice Statement, document detailing an organization’s key management practices

ECC

Asymmetric Algorithm, less common

3DES

Deprecated symmetric algorithm

Private key

Kept secret, paired with matching public key

Key

A secret used as part of an algorithm

Encryption

A way of protecting the confidentiality of data in transit and data at rest

RC4

A symmetric algorithm used for streams of data

Asymmetric

An encryption method that uses two keys

RSA

Asymmetric algorithm, the U.S standard

Public Key

Freely distributed, used as part of asymmetric algorithm

Symmetric

An encryption process that uses a single shared key

Diffie-Hellman

An asymmetric algorithm, used for key sharing

Session Key

A symmetric key that acts as the shared key for the entire period of communication

Hash

A unique fixed length string

HMAC

Hashed Message Authentication Code (HMAC), a hash value paired with symmetric key, used in TLS / IPsec

Collison

When two variable length inputs come out with the same hash value

RSA

Asymmetric encryption algorithm, also a digital signature algorithm

RIPEMD

The hash function used in Bitcoin

Message Digest

A hash value that assures receivers that the message is authentic from when the sender first wrote it

SHA

A hashing function, first version is insecure but second and third versions are gold standard today

One way representation

Can go from A to B, but can not go backwards from B to A

MD

A hash function, not safe for cryptographic use

Fingerprint

Type of hash value

DSA

The digital signature algorithm used by the U.S government

Certificate Authority (CA)

An organization that manages applications and distribution of a trusted digital certificate

Extended Validation

Type of digital certificate, domain and organization go through a standardized verification process

Registration Authority (RA)

Offloads some work from the Certificate Authority (CA), can only review requests and deliver certificates, cannot create new certificates

Web of Trust

An auditing process you can go through to get your self signed certificate to be considered trusted by major Certificate Authorities (CA)

Certification Revocation List (CRL)

A CA-managed list of revoked certificates, either downloaded by user or periodically pushed from certificate authority

Online Certificate Status Protocol (OCSP)

Queries the status of certificates in real time

X.509

The standard that governs Digital Certificates

Root Certificate

The top level certificate that verifies a certificate authorities entire PKI. Remains private and offline

Intermediate Certificate

A public, online CA that can be used to trace trust back to the CA’s root certificate