20.4.1. Database Encryption

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/8

flashcard set

Earn XP

Description and Tags

20.4 Application Security Implementation

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

9 Terms

1
New cards

symmetric encryption

- Uses 1 shared key (same key to encrypt and decrypt)

e.g. [[AES]]

Faster and more efficient but less secure because the same key is used by both parties.

Examples of Encryption Algorithms:

Symmetric Encryption Algorithms: [[AES]], [[DES]], [[3DES]] (though 3DES and DES are considered insecure).

2
New cards

Asymmetric Encryption

- Uses 2 keys: public and private

- Public key = shared openly , encrypts

- Private key = kept secret, decrypts

- Common in TLS (HTTPS)

Uses different keys for encryption and decryption (public and private keys).

- More secure because the private key is never shared, but it’s slower and can result in larger ciphertext sizes.

e.g., [[RSA]]

(Rivest-Shamir-Adleman):

- Common key sizes: 2048-bit, 3072-bit, 4096-bit

- 2048-bit is commonly used in practice for RSA encryption.

- Asymmetric Encryption Algorithms: RSA, [[DSA]], [[DH]], and [[ECC]] algorithms.

3
New cards

AES

(Advanced Encryption Standard)

What it is:

  • Top-tier digital scrambler.

  • Symmetric: Same secret key locks and unlocks.

Key Features:

  • Super strong & everywhere.

  • Blocks: Chops data into 128-bit chunks.

  • Key Sizes (Strength):

    • 128-bit (Good)

    • 192-bit (Better)

    • 256-bit (Best)

How it Works:

  1. Original Data + Secret Key

  2. Scramble (Rounds): Mix, shift, transform.

  3. Encrypted Data (Gibberish)

  4. Unlock: Use the same secret key in reverse.

Why it Matters:

  • Super Secure: Hardest to crack.

  • Fast: Used in everything (VPNs, Wi-Fi, files).

  • AES is for speed and encrypting tons of data with one shared secret key.

  • RSA is for securely exchanging those secret keys and proving identity, using separate public and private keys.

They often work together in real-world security (like TLS/SSL for websites): RSA is used to securely exchange an AES key, and then AES is used to quickly encrypt all the actual data exchanged during the session.

4
New cards

RSA

(Rivest-Shamir-Adleman)

What it is:

- A public-key (asymmetric) encryption algorithm used to secure data.

- Asymmetric encryption means it uses two different keys:

- A public key for encryption (anyone can use it).

- A private key for decryption (only the owner has it).

Key Features:

- Common Key Sizes:

- 2048-bit (Most common in practice)

- 3072-bit

- 4096-bit (Stronger, but slower)

- Slower than symmetric algorithms (like AES), so often used for:

- Secure key exchange: Encrypting a symmetric key (like an AES key) which is then used for the bulk of the communication.

- Digital signatures: Verifying authenticity and integrity.

How it Works (Simplified):

1. Someone wants to send you a secret message.

2. They use your public key (which everyone knows) to encrypt the message.

3. Only you can decrypt that message using your unique private key (which only you have).

Why it Matters:

- Secure communication: Allows people to send secrets to each other without first having a shared secret key.

- Digital Signatures: Proves who sent a message and that it hasn't been tampered with.

  • AES is for speed and encrypting tons of data with one shared secret key.

  • RSA is for securely exchanging those secret keys and proving identity, using separate public and private keys.

They often work together in real-world security (like TLS/SSL for websites): RSA is used to securely exchange an AES key, and then AES is used to quickly encrypt all the actual data exchanged during the session.

5
New cards

3DES

3DES (Triple DES) - CompTIA Security+ Notes

- What it is: Old encryption, DES applied 3 times.

- **Type:** Symmetric (same key locks/unlocks).

- Block Cipher: Encrypts in 64-bit chunks.

- Key Strength:

- Effective 112-bit (most common, K1-K2-K1).

- Max 168-bit (K1-K2-K3).

- **Speed:** Slow (much slower than AES).

- Why use it? For legacy systems or backward compatibility.

- **Status:** Deprecated/Phasing Out (less secure & slower than AES).

- Vulnerability: Susceptible to [[Sweet32 attack]] (birthday attack).

6
New cards

TDE

### (Transparent Data Encryption)

Layman's Definition:

TDE is a technology used to encrypt entire databases, including data files, log files, and backups, while they are stored on disk (data at rest).

Imagine you have a giant vault (your database) full of valuable information. TDE is like automatically making sure everything you put into that vault is immediately scrambled (encrypted) before it even hits the shelves, and unscrambled only when someone authorized takes it out. You don't have to think about it; it just happens "transparently."

7
New cards

Data at rest

(e.g., in databases) needs encryption like (TDE-transparent data encryption)

8
New cards

Data in transit

uses protocols like TLS/SSL.

9
New cards

TDE

(Transparent Data Encryption)

Layman's Definition:

TDE is a technology used to encrypt entire databases, including data files, log files, and backups, while they are stored on disk (data at rest).

Imagine you have a giant vault (your database) full of valuable information. TDE is like automatically making sure everything you put into that vault is immediately scrambled (encrypted) before it even hits the shelves, and unscrambled only when someone authorized takes it out. You don't have to think about it; it just happens "transparently."