Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

84 Cards in this Set

  • Front
  • Back

Substitution cipher

one character or symbol is changed into another

one of the oldest - Caesar cipher (shift 3-rt)

other e.g.s Atbash, Playfair, Scytale

multi-alphabet substitution

Vigenere cipher

uses keyword to look up cipher text in a table

transposition ciphers

message is broken into equal blocks, then each block is scrambled

Rail Fence cipher


algorithm rotates every letter 13 places in the alphabet

enigma machine

typewriter that implemented multi-alphabet cipher

uses 26 alphabet substitutions


uses LSB (least significant bit) to hide messages in a medium

Programs- QuickStego , Invisible Secrets

used for watermarking

Encrypt filesystem in Linux

1. login as root and start YaST

2. Choose System>Partitioner

3. yes to prompt. select filesystem and edit

4. select the Encrypt file system check box. Ok

What are the major areas of modern cryptography?

symmetric cryptography

asymmetric cryptography

hashing algorithms

symmetric cryptography

both ends of encrypted message use the same key and algorithms

uses a secret/private key

uses block or stream cipher


e.g.s- DES, 3DES, AES, AE256, CAST, RC4, RC5, RC6, Blowfish, Teofish, IDEA, One time pads

DES ( data encryption standard)

replaced by AES

based on 56 bit

considered insecure due to small key size

3DES (Triple DES)

upgrade to DES

key length is 168 bits

uses 3 56 bit DES keys

AES (advanced encryption standard)

replaced DES

uses Rijndael algorithm

used bu govt agencies

default key is 128 bits

supports 128, 192, 256 bits


uses 256 bits

qualifies for US govt top secret classification


developed by Carlisle Adams & Stafford Tavares

used in microsoft and IBM products

uses 40-128 bit key

fast and efficient

additional versions- CAST128, CAST256

Ron's Cipher (RC)

an encryption family by RSA labs

authored by Ron rivest

current levels are RC4, RC%, and RC6

uses key size up to 2048 bits

RC4 (ron's cipher 4)

popular with WEP/WPA encryption

streaming cipher using 40-2048 bit keys

used in SSL and TLS

used in utilities for downloading BitToreents


invented by Bruce Schneier and team

performs 64 bit block cipher (symmetric) fast speeds

uses variable length keys from 32-448 bits


similiar to Blowfish

works on 128 bit blocks

has complex key schedule

IDEA (international data encryption algorithm)

developed by Swiss consortium

uses 128 bit key

more secure than DES but similiar concept

used in PGP (pretty good privacy)

Ascom AG holds the right to market

One-Time Pads

only truly completely secure cryptographic implementation

use a key that is as long as a plaintext message

used only once

key exchange

2 primary approaches: in band key exchange (same channel as encryption), out of band key exchange

forward secrecy

property of any key exchange system that ensures if 1 key is compromised, subsequent keys will not be compromised.

perfect forward secrecy

when the key exchange process is unbreakable

common approach uses ephemeral keys

asymmetric algortihms

uses public key to encrypt and private key to decrypt

based on number theory

the 4 popular ones are: RSA, Diffie-Hellman, ECC,and ElGamal


named after inventors Rivest, shamir, Adleman

the de facto standard

uses large integers

works with both encryption and digital signatures

can be used for key exchange


used primarily to send keys across public networks.

used to create symmetric keys between 2 parties

does not encrypt nor decrypt

ECC (elliptic curve cryptography)

similiar to RSA but uses smaller keys

uses points on a curve combined with a point at infinity and the difficulty of solving discrete algorithms

NSA recommended

will be commonly implemented on cell phones soon

variations: ECC-DH and ECC-DSA


use ephemeral key

used for single communication session

ephemeral key

a key that exists for only a single session

allows for perfect forward secrecy

Kerckhoff's Principle

the security of an algorithm should depend only on the secrecy of the key and not the algorithm itself.

Hashing Algorithms

secure hash algorithm (SHA)

message digest algorithm (MD)

The RACE integrity Primitives Evaluation Message (RIPEMD)



NT Lan Manager (NTLM)

hash characteristics

1. must be 1 way

2. variable length input produces fixed length output

3. algorithm must have few or no collisions ( 2 inputs don't give same output)

rainbow tables

all possible hashes are computed in advance

e.g. OphCrack


added bits at key locations either before or after hash

key stretching

strengthening a weak key

2 methods: PBKDF2 (Password-based key derivation function 2) & Bcrypt

quantum cryptography

originally limited to lab work and secret govt applications

basis for QKE (quantum key exchange)

Common code breaking techniques`

frequency analysis- looks at patterns

chosen plaintext

related key attack

brute force attacks

exploiting human error

cryptographic system

a system, method, or process that is used to provide encryption and decryption

pre-shared key

when all the clients and access points share the same key

work factor

an estimate of the amount of time and effort that would be needed to break a system

digital signatures

sender uses private key to create digital signature

receiver uses public key attached to message to decrypt

most use a hash to ensure message hasn't been altered

receiver compares signature area (message digest) to calculated value


prevents one party from denying actions they carried out

Certificate Authority (CA)

manage public keys

issue certificates verifying validity of a sender's message (nonrepudiation)

key escrow

keys to encrypt/decrypt in escrow until requested by 3rd party

key recovery agent

entity that has the ability to recover a key, key components, or plaintext messages

key registration

the process of providing certificates to users

done by a registration authority (RA)

certificate revocation list (CRL)

a list of certificates a specific CA states should no longer be used.

being replaced by OCSP (online certificate status protocol)

types of trust models





National Security Agency (NSA)

responsible for creating codes, breaking codes, and coding systems for the US government.\

chartered in 1952

responsible for obtaining foreign intelligence and supplying to US govt agencies

world's largest employer of mathematicians

National Security Agency/Central Security Service (NSA/CSS)

independently functioning part of the NSA

supports all branches of the US military

created in the 1970s to standardize and support the DoD

National Institute of Standards and Technology (NIST)

formerly NBS ( national bureau of standards)

develops and supports US govt standards

publishes info about known vulnerabilities

RFC ( Request for Comments)

method to propose a standard

originated in 1969

categorized as a standard, best practice, informational, experimental or historic

major associations

American Bankers Association (ABA)

Internet Engineering Task Force (IETF)

Internet society (ISOC)- oversees the IETF

World Wide Web Consortium (W3C)- sponsors XML

International Telecommunications Union (ITU)

Institute of Electrical and Electronics Engineers (IEEE)- development of PKC, wireless and networking protocols

Public Key Infrastructure X.509 (PKIX)

the working group formed by IETF to develop standards and models for the PKI environment

Public Key Cryptography Standards (PKCS)

a set of voluntary standards created by RSA and security leaders.

there are 15 standards

early group members: Apple, microsoft, HP, Lotus, Sun, MIT

X.509 standard

defines the certificate formats and fields for public keys

defines procedures for public key distribution

currently on v3

2 basic types: End-entity certificate, CA certificate

X.509 properties

signature (primary purpose)



signature algorithm id

issuer name

validity period

subject name

subject public key info

issues unique identifier (v2 and v3)

subject unique identifier (v2 and v3)

extensions (v3)

cipher suite

a combination of methods such as authentication, encryption and message authentication code (MAC) algorithm used together

e.g TLS and SSL

configure ssl port in windows server 2012

1. start> admin tools> IIS manager

2. right click on website and go to Properties

3. select web site tab, enter port #

4. click ok and exit

-default port is 443

certificate management protocol (CMP)

a messaging protocol used between PKI entities

XML Key Management Specification (XKMS)

designed to allow XML-based programs access to PKI services.

built on CMP

Secure Multipurpose Internet Mail Extensions (S/MIME)

standard for encrypting email

contains signature data

assymetric alogorithms for confidentiality

uses digital certificates for authentication

Secure Electronic Transaction (SET)

provides encryption for credit card numbers that can be transmitted over the internet

developed by Visa and Mastercard

works with an electronic wallet

electronic wallet

a device that identifies you electronically in the same ways as the cards you carry in your wallet

Pretty Good Privacy (PGP)

freeware email encryption system

used for email security

uses both asymmetric and symmetric systems

GNU Privacy Guard (GPG)

free alternative to PGP


port 443

uses SSL

used for secure transactions by providing a secure channel

Secure HTTP (S-HTTP)

HTTP with message security

port 80

seldom used

creates a secure message

provides data integrity and authentication

configure IPSec on windows 7/8

1. run perfmon.msc

2. select performance monitor

3. right-click graph, choose Add Counters

4. select IPSec IKEv1 IPv4 and expand options

5. click show description and read comments

6. Click Add--Failed main mode negotiations and failed quick mode negotiations

Federal Information Processing standard (FIPS)

a set of guidelines for US federal government information systems

issued by NIST

Public Key infrastructure (PKI)

a framework

a 2 key, asymmetric system with 4 main components: certificate authority (CA), registration authority (RA), RSA, and digital certificates

certificate policies

define what certificates do

affect how a certificate is issued and how it is used

the policy indicates which certificates will be accepted in a given application

cross certification

the process of requiring interoperability of a certificate

Certificate Practice Statement (CPS)

a detailed statement the CA uses to issue certificates and implement its policies.

discusses how certificates are issued, measures taken to protect certificates, rules that CA users must follow to maintain certificate eligibility

certificate revocation

the process of revoking a certificate before it expires

handled through a CRL (certificate revocation list) or by using OCSP (online certificate status protocol)

PKI trust models





hierarchical trust model


allows tight control over certificate-based activities

the root CA is at the top and provides all the info

then comes the intermediate CA> Leaf CA (the end of the chain/network)

bridge trust model

a peer-to-peer relationship exists among the root CAs

useful for large, geographically dispersed or 2 separate orgs

mesh trust model

expands on bridge model by supporting multiple paths and root CAs.

also known as a web structure

useful when several orgs need to cross certify certificates

hybrid trust model

uses the capabilities of any or all of the other trust models.

hardware based encryption devices

in the advanced config settings in BIOS you can enable TPM (trusted platform module).

as well as HSMs (hardware security module) which are PCI adapters- its a cryptoprocessor that is used to enhance security

TPM (trusted platform module)

used to assist with hash key generation

a chip that can store cryptographic keys/passwords/certificates

used to protect mobile devices

is sometimes used with BitLocker

may be installed on motherboard


a full disk encryption feature

uses 128 bit encryption

a.k.a. hard drive encryption

data encryption


bitlocker to go


database encryption