Encryption Fundamentals

Flashcards for review of Chapter 6: Encryption Fundamentals

Why is understanding encryption important?

A basic level of understanding encryption is crucial because if traffic is not encrypted, it is vulnerable, regardless of firewalls or security instruments.

What is the history of encryption?

Encryption was originally used in military communications and has evolved to include telephone, radio, and Internet/computer communications.

Name some early methods of encryption.

Single-Alphabet Substitution, Multi-Alphabet Substitution, Rail Fence, Vigenère, and Enigma.

Name the binary operations used as early encryption methods.

AND, OR, XOR.

What does the AND binary operation state?

It states that 1 + 1 = 1.

What does the OR binary operation state?

There must be a 1 in either of the numbers to result in 1 for that position.

What does the XOR binary operation state?

If a position has 1 in one number but not the other, then the result is 1.

Name some modern encryption methods.

Symmetric Encryption, Key Stretching, PRNG, Public Key Encryption, and Digital Signatures.

Name some symmetric encryption methods.

DES, Blowfish, and Advanced Encryption Standard (AES).

How does DES work?

Uses a symmetric key system, divides and transposes data, sends data through a series of steps, scrambles with a swapping algorithm, and transposes one last time.

What is Blowfish?

Symmetric block cipher designed in 1993 by Bruce Schneier.

What is Advanced Encryption Standard (AES)?

Uses Rijndael algorithm, is a block cipher, and specifies three key sizes: 128, 192, and 256 bits.

What is the International Data Encryption Algorithm (IDEA)?

Uses subkeys generated from a 128-bit key.

What are Pseudo-Random Number Generators (PRNG)?

These generate cipher keys for symmetric ciphers and are 'random enough'.

What are the three desired properties of PRNGs?

Uncorrelated sequences, long period, and uniformity.

What is Key Stretching?

It lengthens a key to make it stronger.

Name two widely used key stretching algorithms.

Password-Based Key Derivation Function 2 (PBKDF2) and bcrypt.

How does Public Key Encryption work?

One key is used to encrypt (public key) and another to decrypt (private key).

Name some Public Key Encryption Methods.

RSA, Diffie-Hellman, ElGamal, MQV, Digital Signature Algorithm (DSA), and Elliptic Curve.

What are digital signatures?

These use asymmetric cryptography in reverse order to verify who sent the message.

What is a digital certificate?

A digital document that contains a public key signed by a trusted third party, a Certificate Authority (CA).

What is X.509?

An international standard for the format and information contained in a digital certificate.

What is the primary role of Certificate Authorities (CA)?

Digitally sign and publish the public key of a given user.

What is Public Key Infrastructure (PKI)?

An arrangement that binds public keys with respective user identities by means of a CA.

What is Pretty Good Privacy (PGP)?

A system that offers digital signatures, asymmetric encryption, and symmetric encryption, often found in e-mail clients and uses its own certificate format.

What is Hashing?

Takes a variable-size input and returns a fixed-size string.

What is a hash value?

The value returned by hashing.

Name some hashing methods.

Secure Hash Algorithm (SHA), MD5, RACE Integrity Primitives Evaluation Message Digest (RIPEMD), and HAVAL.

What does salt refer to in hashing?

Random bits that are used as one of the inputs to the hash to complicate dictionary and rainbow table attacks.

What is Cryptanalysis?

The science of trying to find alternate ways to break cryptography.

Name some methods of cryptanalysis.

Brute force, frequency analysis, known plaintext, chosen plaintext, related key attack, birthday attack, differential cryptanalysis, and linear cryptanalysis.

What is Steganography?

The art and science of writing hidden messages in such a way that nobody suspects the existence of the message.

What is a Payload in steganography?

The data to be covertly communicated.

What is a Carrier in steganography?

The signal, stream, or data file into which the payload is hidden.

What is Steganalysis?

Detecting hidden messages.

What is Quantum computing?

Allows more values than binary states and is superior at factoring large numbers.