COMPTIA Security+ Cryptographic Solutions

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/66

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

67 Terms

1
New cards

Cryptography

Practice and study of writing and solving codes

2
New cards

Encryption

Convert Plain text to ciphertext

3
New cards

Data at Rest

Inactive data on storage device

4
New cards

Data in Transit

Data actively moving across networks

5
New cards

Data in use

Data currently undergoing change

6
New cards

Algorithm (Cipher)

An algorithm is a mathematical formula that tells you how to encrypt or decrypt something

7
New cards

Key

Essential for determining cipher output

8
New cards

Key Length

Proportional to security

9
New cards

Key Rotation

Best practice for security longevity

10
New cards

Types of Encryption

Symmetric and Asymmetric

11
New cards

Symmetric Encryption

Uses a single key for both encryption and decryption

12
New cards

Asymmetric Encryption

Uses a public key for encryption and a separate private key for decryption

13
New cards

Stream Cipher

Encrypts data bit by bit or byte by byte in a continuous stream

14
New cards

Block Cipher

Breaks input data into fixed-size blocks before encryption

15
New cards

Symmetric Algorithms

DES, Triple DES, IDEA, AES, Blowfish, Twofish, Rivest Cipher Family

16
New cards

Asymmetric Algorithms

RSA, Diffie-Hellman, Elliptic Curve Cryptography

17
New cards

Hashing

Converts data into fixed-size string (digest) using hash functions

18
New cards

Hashing Algorithms

MD5, SHA Family, RIPEMD, HMAC

19
New cards

Public Key Infrastructure (PKI)

Framework managing digital keys and certificates for secure data transfer

20
New cards

DES (Data Encryption Standard)

Symmetric. Uses a 64-bit key (56 effective bits due to parity). Not widely used today (1970s-2000s)

21
New cards

Triple DES (3DES)

Symmetric. Utilizes three 56-bit keys. Provides 112-bit key strength but is slower than other algorithms. Not widely used today.

22
New cards

IDEA (International Data Encryption Algorithm)

Symmetric. A symmetric block cipher with a 64-bit block size. Uses a 128-bit key, faster and more secure than DES. It is not as widely used.

23
New cards

AES (Advanced Encryption Standard)

US government encryption standard. Supports 128-bit, 192-bit, or 256-bit keys and matching block sizes

24
New cards

Blowfish

A block cipher with key sizes ranging from 32 to 448 bits

Developed as a DES replacement but not widely adopted

25
New cards

Twofish

A block cipher supporting 128-bit block size and key sizes of 128, 192, or 256 bits

Open source and available for use

26
New cards

RC Cipher Suite (RC4, RC5, RC6)

Created by cryptographer, Ron Rivest

RC4 is a stream cipher with variable key sizes from 40 to 2048 bits, used in SSL and WEP

RC5 is a block cipher with key sizes up to 2048 bits

RC6, based on RC5, was considered as a DES replacement

27
New cards

Of all of the symmetric encryption algorithms, which is stream cipher?

RC4

28
New cards

Digital Signature

A hash digest of a message encrypted with the sender's private key

29
New cards

Diffie-Hellman

Asymmetric. Used for key exchange and secure key distribution

30
New cards

RSA (Ron Rivest, Adi Shamir, Leonard Adleman)

Used for key exchange, encryption, and digital signatures. Relies on the mathematical difficulty of factoring large prime numbers.

31
New cards

Elliptic Curve Cryptography (ECC)

Efficient and secure, uses algebraic structure of elliptical curves

32
New cards

When is RSA most often used?

Multifactor identification via those key chains that contain 6 digit codes that rotate every 30-60 seconds, or in environments where more computing resources are available like desktops and laptops

33
New cards

When is ECC most often used?

Mobile devices and low power computing

34
New cards

Hash Digest

digital fingerprint for the original data

35
New cards

MD5 (Message Digest Algorithm 5)

128-bit hash value. Limited unique values, leading to collisions. Not recommended due to security risks

36
New cards

SHASecure Hash Algorithm) Family

Different iterations, though the most important one uses 224-bit to 512-bit hash digests, more secure, 120 rounds of computations

37
New cards

RIPEMD

RACE Integrity Primitive Evaluation Message Digest

38
New cards

HMAC

(Hash-based Message Authentication Code). Utilizes other hashing algorithms.

39
New cards

DSA

Digital Security Algorithm

40
New cards

Pass the Hash Attack

Authenticate to a remote

server or service by using the underlying hash of a user's password

41
New cards

Birthday Attack

Occurs when two different messages result in the same hash digest

(collision)

42
New cards

Key Stretching

creating longer, more

secure keys (at least 128 bits)

43
New cards

Salting

Adds random data (salt) to passwords before hashing

44
New cards

Nonces

(Number Used Once). Adds unique, often random numbers to password-based authentication

processes

45
New cards

Key Escrow

Storage of cryptographic keys in a secure, third-party location

46
New cards

Digital Certificates

Electronic credentials verifying entity identity for secure communications

47
New cards

Wildcard Certificate

Allows multiple subdomains to use the same certificate

48
New cards

SAN (Subject Alternate Name) field

Certificate that specifies what additional domains and IP addresses are

going to be supported. Used when domain names don't have the same root domain

49
New cards

Single-sided Certificates

Only requires the server to be validated

50
New cards

Dual-sided Certificates

Both server and user validate each other

51
New cards

Self-Signed Certificates

signed by the same entity whose identity it it certifies

52
New cards

Third-Party Certificates

issued and signed by trusted certificate authorities (CAs)

53
New cards

Root of Trust

Highest level of trust in certificate validation. rusted third-party providers like Verision, Google, etc.

54
New cards

Certificate Authority (CA)

Trusted third party that issues digital certificates

55
New cards

Registration Authority (RA)

Requests identifying information from the user and forwards certificate

56
New cards

Certificate Signing Request (CSR)

A block of encoded text with information about the entity requesting the

certificate. Submitted to CA for certificate issuance

57
New cards

Certificate Revocation List (CRL)

List of all digital certificates that the certificate authority has already revoked.

58
New cards

Online Certificate Status Protocol (OCSP)

Determines certificate revocation status or any digital certificate

59
New cards

Blockchain

Shared immutable ledger for transactions and asset tracking. Essentially a really long series of information with various "categories"

60
New cards

TPM (Trusted Platform Module.)

Dedicated microcontroller for hardware-level security. Internal device.

61
New cards

HSM (Hardware Security Module)

Physical device for safeguarding and managing digital keys

62
New cards

Key Management System

Manages, stores, distributes, and retires cryptographic keys

63
New cards

Secure Enclaves

Coprocessor integrated into the main processor of some devices. Safeguards sensitive data like biometric information

64
New cards

Steganography

Conceals a message within another

65
New cards

Tokenization

Substitutes sensitive data with non-sensitive tokens

66
New cards

Data Masking (Data Obfuscation)

Disguises original data to protect sensitive information

67
New cards

Downgrade Attacks

Force systems to use weaker or older cryptographic standards or protocols