cryptograhpgy

Algorithm

A step-by-step procedure; typically an established computation for solving a problem within a set number of steps.

Block cipher

A cipher that operates on blocks of data.

Collision attack

An attack on a hash function, in which a specific input is generated to produce a hash function output that matches another input.

Cryptanalysis

The process of attempting to break a cryptographic system.

Cryptography

The art of secret writing that enables an individual to hide the contents of a message or file from all but the intended recipient.

Diameter

The base protocol that is intended to provide an authentication, authorization, and accounting (AAA) framework for applications such as network access or IP mobility. Diameter is a draft IETF proposal.

Hash

Form of encryption that creates a digest of the data put into the algorithm.

Key

In cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message.

Keyspace

The entire set of all possible keys for a specific encryption algorithm.

Linear cryptanalysis

The use of linear functions to approximate a cryptographic function as a means of analysis.

Multiple encryption

The use of multiple layers of encryption to improve encryption strength.

Bcrypt

Key-stretching mechanism that uses the Blowfish cipher and salting, and adds an adaptive function to increase the number of iterations.

Birthday attack

A special type of brute-force attack that gets its name from the birthday paradox.

Cipher suite

An arranged group of algorithms.

Cryptographic service provider (CSP)

A software library that implements cryptographic functions.

Crypto modules

A module that uses a hardware, software, or hybrid cryptographic engine contained within the boundary.

Data at rest

A state of data in a computing system that is typically referred to as data encryption.

Data in transit

A state of data in a computing system that is at risk of interception while being transported across a network.

Data in use

Data that is stored in a nonpersistent state of either RAM, CPU caches, or CPU registers.

Digital rights management (DRM)

The process for protecting intellectual property from unauthorized use.

Digital signature

Provides a means of verifying authenticity and integrity of a message.

DNSSEC

A protocol for the translation of names into IP addresses.

Ephemeral keys

Cryptographic keys that are used only once after they are generated.

Federal Information Processing Standards Publications (FIPS PUBS)

Describe various standards for data communication issues.

FTPS

The implementation of FTP over an SSL/TLS secured channel.

HMAC-based one-time password (HOTP)

An algorithm that is a key component of the Open Authentication Initiative (OATH).

Hypertext Transfer Protocol Secure (HTTPS)

The use of SSL or TLS to encrypt a channel over which HTTP traffic is transmitted.

IPsec

A collection of IP security features designed to introduce security at the network layer.

Key escrow

The process of keeping a copy of the encryption key with a trusted third party.

Key exchange

The central foundational element of a secure symmetric encryption system.

Key stretching

A mechanism that takes what would be weak keys and 'stretches' them to improve security.

Lightweight Directory Access Protocol Secure (LDAPS)

Involves the use of an SSL tunnel to connect LDAP services.

Message integrity

A crucial component of message security, ensuring a document has not been tampered with.

Password-Based Key Derivation Function 2 (PBKDF2)

A key-derivation function designed to produce a key derived from a password.

Pretty Good Privacy (PGP)

A popular program that is used to encrypt and decrypt e-mail and files.

Rainbow tables

Precomputed tables or hash values associated with passwords to crack them.

Replay attack

Attacks that work against cryptographic systems by reusing previously recorded packets.

Secure IMAP

IMAP over a SSL/TLS session.

Secure POP3

POP3 over a SSL/TLS session.

Secure/Multipurpose Internet Mail Extensions (S/MIME)

A standard for public key encryption and signing of e-mails.

Secure Real-time Transport Protocol (SRTP)

A network protocol for securely delivering audio and video over IP networks.

Secure Shell (SSH)

An encrypted remote terminal connection program used for remote connections to a server.

Secure Sockets Layer (SSL)

An application of encryption technology developed for transport-layer protocols across the Web.

Session key

A symmetric key used for encrypting messages during a communication session.

SFTP

Involves the use of FTP over an SSH channel.

Simple Network Management Protocol version 3 (SNMPv3)

A standard for managing devices on IP-based networks.

Steganography

An offshoot of cryptography technology that means covered.

Transport encryption

Used to protect data that is in motion.