Term
|
Definition
| algorithms are used to generate a fixed-length value mathematically from a message. The most common * standards for cryptographic applications are the SHA and MD algorithms. |
|
|
Term
|
Definition
| algorithm requires that receivers of the message use the same private key. This algorithms can be extremely secure. This method is widely implemented in governmental applications. |
|
|
Term
|
Definition
| algorithms use a two-key method of encryption. The message is encrypted using the public key and decrypted using a second key or private key. The key is derived from the same algorithm. |
|
|
Term
| confidentiality, integrity, authentication, and nonrepudiation. |
|
Definition
| the primary objectives for using cryptographic systems. |
|
|
Term
| DES (Data Encryption Standard) |
|
Definition
- Symmetric encryption algorithm
- Block cipher operating on 64-bit blocks
- Key length of 56 bits
- Now considered insecure |
|
|
Term
|
Definition
- Symmetric encryption algorithm
- Block cipher operating on 64-bit blocks
- Key length of 112 bits
- Considered secure
|
|
|
Term
| AES (Advanced encryption standard): |
|
Definition
- Symmetric encryption algorithm
- Block cipher operating on 128-bit blocks
- Key length of 128, 192 or 256 bits
- Considered secure
- used to encrypt network communication, or hard drives. |
|
|
Term
|
Definition
- Symmetric encryption algorithm
- Block cipher operating on 64-bit blocks
- Key length of 21 and 448 bits
- Now considered insecure |
|
|
Term
|
Definition
- Symmetric encryption algorithm
- Block cipher operating on 128-bit blocks
- Key length of 128, 192 or 256 bits
- Considered secure |
|
|
Term
|
Definition
- Symmetric encryption algorithm
- Stream cipher
- Key length between 40 bits and 2048 bits
- Now considered insecure
- Used for network encryption WAP, WPA, SSL,TLS |
|
|
Term
| PGP - Pretty Good Privacy |
|
Definition
| uses public and private keys pairs to encrypt and digitally sign messages. |
|
|
Term
|
Definition
| is an implementation of open PGP standards. |
|
|
Term
|
Definition
is a hashing algorithm that computers a digest from provided data. Any changes in the data will indicate the digest; thus, data integrity is attained.
- Message digest is another term for hash
- It produces a 128-bit hash
- it is no longer recommended
- SHA (1 or 2) are the recommended alternatives. |
|
|
Term
|
Definition
- It produces a 160-bit hash
- it is no longer recommended |
|
|
Term
|
Definition
- It produces output of 224, 256, 384 and 512-bit hash
- Consist of a family of six hush functions
- Uses a mathematically similar approach to SHA-1 and MD5 |
|
|
Term
|
Definition
- Designed eventually to replace SHA-2
- Uses a completely different hash generation approach than SHA-2
- Produces hashes of user-selected fixed length |
|
|
Term
| RIPEMD (Integrity Primitives Evaluation Message Digest) |
|
Definition
- Created as an alternative to government-sponsored hash functions
- Produces 128, 160, 256 and 321-bit hashes
- Contains flaws in the 128-bit version |
|
|
Term
| HMAC (hash-based message authentication code) |
|
Definition
- uses a hashing algorithm along with a symmetric key.
- Provides authentication and integrity
Create and verify message authentication code by using a secret key in conjunction with a hash function |
|
|
Term
| Approved DSS (Digital signature standards) Algorithms |
|
Definition
- Digital Signature Algorithm (DSA)
- Rivest, Shamir, Adelman (RSA)
Elliptic Curve Digital Signature Algorithm (ESDSA) |
|
|
Term
| Online Certificate Status Protocol (OCSP) |
|
Definition
| CAs provide a real-time service that allows users to verify that a certificate is not revoked |
|
|
Term
|
Definition
| is a method used with OCSP, which allows a web server to provide information on the validity of its own certificate rather than needing to go to the certificate vendor. This is done by the web server essentially downloading the OCSP response from the certificate vendor in advance and providing that to browsers. |
|
|
Term
| Certificate Revocation list (CRL) |
|
Definition
| CAs provide a list of the serial numbers of revoked certificates |
|
|
Term
| Extensible Authentication Protocol (EAP) |
|
Definition
| a framework frequently used in wireless networks and point-to-point connections, framework with many variants, some secure, some no |
|
|
Term
|
Definition
| insecure protocol that relies upon MS-CHAP |
|
|
Term
|
Definition
| This protocol utilizes TLS in order to secure the authentication process. Most implementations of this protocol utilize X.509 digital certificates to authenticate the users. Cryptographic keys can be stored on smartcards. Smartcards are not stored on servers, they are used on client stations, normally with PIN |
|
|
Term
| PEAP Protected Extensible Authentication Protocol |
|
Definition
| Tunnels EAP inside an encrypted TLS session, creates secure channel for user authentication using a server side PKI certificate initially, then symmetric session key is used for the remainder of the session |
|
|
Term
| EAP – FAST or Flexible Authentication via Secure Tunneling |
|
Definition
This protocol was proposed
by Cisco as a replacement for the original EAP. this protocol establishes a TLS tunnel for authentication, but it does so using a Protected Access Credential (PAC). |
|
|
Term
| PAP - Password Authentication Protocol |
|
Definition
| should be disables when hardening VPNs, as it sends unencrypted passwords across the network during authentication |
|
|
Term
| MS-CHAP v2 - Microsoft Challenge Handshake Authentication Protocol |
|
Definition
| hashes credentials on both sides of a connection |
|
|
Term
|
Definition
| hashes data on both sides of a connection similarly to CHAP |
|
|
Term
| FTPS - File Transfer Protocol Secure |
|
Definition
| can use Secure Sockets Layer (SSL) to secure FTP traffic |
|
|
Term
| SFTP - Secure File Transfer Protocol |
|
Definition
| refers tunneling FTP traffic through a Secure Shell (SSH) - encrypted session |
|
|
Term
| ECC - Elliptic curve cryptography |
|
Definition
| is public key cryptography based on points on an elliptic curve, does not use prime factorization |
|
|
Term
|
Definition
| is a software package that uses encryption and relay nodes to facilitate anonymous Internet access. |
|
|
Term
|
Definition
| is secure key exchange protocol used for asymmetric encryption and is provide through a cryptographic service provider, often in the form of an API library or module. Neither used for symmetric encryption nor is it a hashing algorithm |
|
|
Term
Elliptic Curve Diffie Hellman (ECDH):
Diffie-Hellman Groups:
- Large group number more secure
- Secure group starts after Group 14 |
|
Definition
| uses similar to DH approach but with elliptic curve problem |
|
|
Term
| PBKDF2 (Password-Based Key Derivation Function 2) |
|
Definition
is part of PKCS #5
v. 2.01. It applies some function (like a hash or HMAC) to the password or passphrase
along with Salt to produce a derived key. |
|
|
Term
|
Definition
is used with passwords, and it essentially uses a derivation of the Blowfish
algorithm converted to a hashing algorithm to hash a password and add Salt to it |
|
|
