Process of encoding private message so that they can not be interpreted if intercepted by unintended recipients
A hex editor is software that allows you to view/edit data in raw format. Typically will allow multiple types of interpretations of data.
-Can be used to read any data file
Application data is encrypted via some algorithm such that a pass phrase is used to provide access to or generate the encryption key
One way encryption
Creates a thumbprint of processed data
Variable length input stream converted to fixed length output
-CRC: Cyclic Redundancy Check
Mostly used for error detection
Easy to find two files with same -CRC
-MD5: Message Digest 5
128 bit output
-SHA-1: Secure Hash Algorithm
NIST/NSA government default (160 bit)
Symmetric Encryption Standards
Same key used for encryption and decryption (or decryption key is calculated from encryption key)
DES (56 bit)
Asymmetric Encryption Standards
-Encryption and Decryption keys are not the same
-Uses Public key- Private key pair for encryption/decryption
To a great degree, the strength of a cryptographic algorithm is proportional to it's key size. The longer the better
-The most efficient way to break a password is via a dictionary attack.
-A dictionary attack attempts to crack a user's password by trying known words.
Brute Force Attacks
-Brute force attacks try all possible combinations of values for a password/Encryption Key.
-It does not require a very long key space before a brute force attack is computational infeasible.
People are still the weakest link in security
To be secure a password must be complex.
Certificate Authority (CA)
A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs.
-Certificates are used to exchange Public and Private keys.
-A certificate does not need to contain both public and private keys. It may just contain a public key
-Certificates have a valid time frame.