Security+ SY0-701 Cryptography Algorithms Cheat Sheet

Vocabulary flashcards covering symmetric and asymmetric algorithms, hash functions, password hashing and key-stretching, and common block cipher modes from the notes.

AES (Advanced Encryption Standard)

Block cipher with 128-bit blocks; key sizes of 128, 192, or 256 bits; modern standard and secure.

DES (Data Encryption Standard)

Block cipher with a 56-bit key and 64-bit block; legacy and insecure.

3DES (Triple DES)

Block cipher with 112/168-bit effective key length and a 64-bit block; deprecated due to slower performance and vulnerabilities.

IDEA (International Data Encryption Algorithm)

Block cipher with a 128-bit key and 64-bit block; used in older PGP implementations.

Blowfish

Block cipher with a variable key length (32-448 bits) and a 64-bit block; older but fast.

Twofish

Block cipher with a 128/192/256-bit key and a 128-bit block; AES finalist.

Camellia

Block cipher with a 128/192/256-bit key and a 128-bit block; alternative to AES.

Serpent

Block cipher with a 128/192/256-bit key and a 128-bit block; AES finalist, generally slower.

CAST-128/CAST-256

Block cipher with a variable key and variable block size; used in some apps.

RC4

Stream cipher with a variable key size; deprecated and insecure.

ChaCha20

Stream cipher with a 256-bit key; modern, secure, fast.

Salsa20

Stream cipher with a 256-bit key; predecessor to ChaCha; largely superseded.

PBKDF2

Key stretching function using salt and adjustable iterations; widely used to derive keys from passwords.

bcrypt

Blowfish-based password-hashing function with a configurable cost factor; adaptive and salt-aware.

scrypt

Memory-hard key-stretching function designed to resist GPU/ASIC attacks; CPU/memory intensive.

Argon2

PHC winner; memory/time configurable password hashing; modern and secure.

MD5

Hash function with a 128-bit output; outdated due to collision vulnerabilities.

SHA-1

Hash function with a 160-bit output; deprecated due to collision attacks.

SHA-2

Family with 224-512 bit outputs (e.g., SHA-256, SHA-512); secure and widely used.

SHA-3

New standard hash family with 224-512 bit outputs; designed as a secure alternative.

RIPEMD-160

Hash function with a 160-bit output; alternative secure hash, less common today.

RSA

Asymmetric algorithm; typically 2048+ bit keys; widely used for encryption and digital signatures.

Diffie-Hellman (DH)

Key exchange protocol for secure key agreement; typically 2048+ bit groups.

ElGamal

Asymmetric algorithm for encryption and signatures; operates on discrete logarithm groups.

DSA (Digital Signature Algorithm)

Digital signature algorithm; commonly 1024-3072 bit keys; used for signatures only.

ECC (Elliptic Curve Cryptography)

Asymmetric cryptography using elliptic curves; smaller key sizes (160-521 bits) for equivalent security.

ECDH (Elliptic Curve Diffie-Hellman)

Elliptic-curve-based key exchange; establishes a shared secret.

ECDSA (Elliptic Curve Digital Signature Algorithm)

Elliptic-curve digital signature scheme; signatures with ECC.

EdDSA (Edwards-curve Digital Signature Algorithm)

Modern ECC-based signature scheme (e.g., Ed25519/Ed448) offering high security and speed.

ECB (Electronic Codebook)

Block cipher mode; each block encrypted independently; insecure due to pattern leakage.

CBC (Cipher Block Chaining)

Block cipher mode where each block is XORed with the previous ciphertext; uses an IV.

CFB (Cipher Feedback)

Block cipher mode that turns a block cipher into a self-synchronizing stream cipher; uses IV.

OFB (Output Feedback)

Block cipher mode that generates a keystream independent of ciphertext; uses IV.

CTR (Counter) mode

Block cipher mode that turns a block cipher into a stream cipher by encrypting a counter; uses nonce/IV.

GCM (Galois/Counter Mode)

Authenticated encryption mode combining CTR with GHASH for both confidentiality and integrity.