Corporate Cybersecurity – Chapter 3: Cryptography

Vocabulary flashcards covering major terms and definitions from Chapter 3 (Cryptography) of Corporate Cybersecurity.

Cryptography

Use of mathematical operations to protect messages traveling between parties or stored on a computer.

Confidentiality

Assurance that intercepted communications cannot be read by unauthorized parties.

Encryption

cryptographic process that turns plaintext into a seemingly random stream of bits called ciphertext.

Plaintext

Original, readable form of a message before encryption.

Ciphertext

Seemingly random bit stream produced after encryption.

Cipher

Specific mathematical algorithm used for encryption and decryption.

Key

Random string (40–4,000 bits) fed into a cipher; must be kept secret.

Kerckhoffs’ Law

Security of encryption should rely on the secrecy of keys, not algorithms.

Cryptanalysis

Science and practice of breaking encryption.

Brute-Force Key Cracking

Attempting every possible key until the correct one is found.

Substitution Cipher

Cipher that replaces each letter/bit with another.

Transposition Cipher

Cipher that rearranges the order of letters/bits without altering them.

Code

System that substitutes complete words or phrases, not individual letters or bits.

Symmetric Key Encryption

Both parties encrypt/decrypt with the same shared key.

RC4

Stream cipher; historically common but now discouraged due to weaknesses.

DES

Data Encryption Standard; 56-bit key symmetric block cipher, now obsolete.

3DES

Triple DES; applies DES three times for stronger security.

AES

Advanced Encryption Standard; modern symmetric block cipher (128/192/256-bit keys).

Twofish

Symmetric cipher created by Bruce Schneier; AES finalist.

IDEA

International Data Encryption Algorithm; widely used in Europe.

SEED

Symmetric cipher standardized in South Korea.

GOST

Russian symmetric encryption standard.

Camellia

Japanese symmetric block cipher with AES-like strength.

Cryptographic System

Packaged set of cryptographic protections (confidentiality, authentication, integrity).

Cipher Suite

Specific set of algorithms (authentication, key exchange, confidentiality, integrity) chosen during negotiation in a cryptographic system such as TLS.

Supplicant

Entity that seeks to prove its identity during authentication.

Credentials

Proofs of identity such as passwords or digital certificates.

Verifier

Entity that checks credentials presented by a supplicant.

Hashing

One-way calculation that converts data of any length into a fixed-length digest.

Hash

Fixed-length output produced by a hashing algorithm.

MD5

128-bit hashing algorithm now considered insecure.

SHA-1

160-bit hashing algorithm; also no longer secure.

SHA-2

Family of secure hash algorithms (SHA-224, SHA-256, SHA-384, SHA-512).

MS-CHAP

Microsoft Challenge Handshake Authentication Protocol for initial authentication.

Public Key Encryption

Asymmetric method where each party has a public and private key pair.

Public Key

Key openly distributed for others to encrypt messages or verify signatures.

Private Key

Secret key kept by owner to decrypt messages or create digital signatures.

Symmetric Session Key

Temporary symmetric key generated for a single communication session.

Diffie-Hellman Key Exchange

Public-key method that securely agrees on a symmetric session key.

Man-in-the-Middle (MITM) Attack

Attacker intercepts and relays messages between parties without detection.

Replay Attack

Attacker captures and retransmits a valid message to gain unauthorized access.

Electronic Signature

Mechanism that provides authentication and message integrity.

Digital Signature

Public-key based electronic signature offering strong, nonrepudiable authentication.

HMAC

Key-Hashed Message Authentication Code; cheaper alternative to digital signatures for authentication and integrity.

Certificate Authority (CA)

Trusted organization that issues and digitally signs digital certificates.

Digital Certificate

File containing a subject’s identity and public key, signed by a CA.

Nonrepudiation

Inability of a sender to deny having sent a message; ensured by digital signatures.

Quantum Key Distribution

Quantum method of sending a one-time key where eavesdropping is detectable.

Quantum Key Cracking

Use of quantum computing to test many keys simultaneously, threatening current key lengths.

Virtual Private Network (VPN)

Cryptographic system providing secure communication over an untrusted network.

TLS (Transport Layer Security)

Transport-layer cryptographic protocol commonly securing web traffic and some VPNs.

IPsec

Network-layer cryptographic protocol suite; considered the “gold standard” for security.

IPsec Transport Mode

End-to-end IPsec protection between hosts; high setup cost and firewall issues.

IPsec Tunnel Mode

Protection only between IPsec gateways; lower cost and firewall friendly.

Security Association (SA)

Agreement on security methods and options between two IPsec entities.