How can we help?

You can also find more resources in our Help Center.

Advanced Encryption Standard (AES)

A Federal Information Processing Standard (FIPS) that specifies a cryptographic algorithm for use within the U.S. government to protect information in federal agencies that are not a part of the national defense infrastructure.

algorithm

A set of steps or mathematical calculations used in solving a problem. In cryptography, it is the programmatic steps used to convert an unencrypted message into an encrypted sequence of bits that represent the message, or the programs that enable the cryptographic processes.

application header (AH) protocol

A feature of the IPSec protocol that provides system to system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.

asymmetric encryption

Synonymous with public key encryption. A method of communicating on a network using two different but related keys, one to encrypt and the other to decrypt messages.

Bluetooth

The de facto industry standard for short-range wireless communications between devices.

certificate authority (CA)

An organization which issues, manages, authenticates, signs, and revokes users" digital certificates.

certificate revocation list (CRL)

A list distributed by the certificate authority that identifies all revoked certificates.

cipher or cryptosystem

An encryption method or process encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform encryption and decryption.

ciphertext

A message that is formed when plaintext data is encrypted.

cleartext

Synonymous with plaintext. The original unencrypted message, or a message that has been successfully decrypted.

code

The process of converting components (words or phrases) of an unencrypted message into encrypted components.

correlation attacks

Attempts to deduce the statistical relationships of the structure of the key and the output of the cryptosystem.

cryptogram

A message that is formed when plaintext data is encrypted.

cryptography

From the Greek work kryptos, meaning hidden, and graphein, meaning to write. The process of making and using codes to secure the transmission of information.

cryptology

The science of encryption. A field of study that encompasses cryptography and cryptanalysis.

cryptovariable

Synonymous with key, the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. This can be a series of bits used by a computer program, or it can be a passphrase used by humans.

Data Encryption Standard (DES)

An algorithm that is federally approved for encryption. The algorithm is based on the Data Encryption Algorithm (DEA), which uses a 64-bit block size and a 56-bit key.

decipher

To decrypt or convert ciphertext into the equivalent plaintext.

decryption

The process of converting the ciphertext message back into plaintext so it can be readily understood.

dictionary attack

A form of brute force attack on passwords that uses a list of commonly used passwords instead of random combinations. In cryptography, this is done by encrypting each entry in the dictionary with the same cryptosystem used by the target, then comparing the resulting ciphertext against the target"s ciphertext.

Diffie-Hellman key exchange

A method for exchanging private keys using public key encryption.

digital certificates

Public-key container files that allow computer programs to validate the key and identify to whom it belongs. Contains a key value and identifying information.

Digital Signature Standard (DSS)

The basis for digital signatures that has been approved and endorsed by the U.S. federal government.

digital signatures

Encrypted messages that can be mathematically proven authentic.

distinguished name (DN)

Used with digital certificates, a series of name-value pairs that uniquely identify a certificate entity to a user"s public key.

used in X.509v3 certificates.

used in X.509v3 certificates.

encapsulating security payload (ESP) protocol

A component of the IPSec protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.

encipher

To encrypt, encode or convert plaintext into the equivalent ciphertext.

encryption

The process of converting an original message into a form that is unreadable by unauthorized individuals.

exclusive OR operation (XOR)

A function of Boolean algebra in which two bits are compared, and if the two bits are identical, the result is a binary 0. If the two bits are not the same, the result is a binary 1.

hash algorithms

Public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value.

hash functions

Mathematical algorithms that generate a message summary or message digest that allows a hash algorithm to confirm that the content of a specific message has not been altered.

Internet Protocol Security (IPSec)

An open source protocol for securing communications across any IP-based network such as LANs, WANs, and the Internet.

key

Synonymous with cryptovariable, the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. This can be a series of bits used by a computer program, or it can be a passphrase used by humans.

keyspace

The entire range of values that can possibly be used to construct an individual key.

known-plaintext attack

A method of attacking a cryptosystem that relies on knowledge of some or all of the plaintext that was used to generate a ciphertext.

link encryption

A series of encryptions and decryptions between a number of systems, wherein each system in a network decrypts the message sent to it and then re-encrypts it using different keys and sends it to the next neighbor, and this process continues until the message reaches the final destination

man-in-the-middle attack

A method of attacking a cryptosystem that relies on knowledge of some or all of the plaintext that was used to generate a ciphertext.

message authentication code (MAC)

A key-dependent, one-way hash function that allows only specific recipients to access the message digest.

message digest

Synonymous with hash value. A fingerprint of the author"s message that is compared with the recipient"s locally calculated hash of the same message.

monoalphabetic substitution

In encryption, the substitution of one value for another using a single alphabet.

nonrepudiation

The principle of cryptography that gives credence to the authentication mechanism collectively known as a digital signature. In this asymmetric cryptographic process, the sender"s private key is used to encrypt a message, and the sender"s public key must be used to decrypt the message—when the decryption happens successfully, it provides verification that the message was sent by the sender and cannot be refuted.

permutation cipher

The rearranging of values within a block to create coded information.

plaintext

Synonymous with cleartext. The original unencrypted message, or a message that has been successfully decrypted.

polyalphabetic substitutions

In encryption, the substitution of one value for another, using two or more alphabets.

Pretty Good Privacy (PGP)

A hybrid cryptosystem that combines some of the best available cryptographic algorithms. PGP is the open source de facto standard for encryption and authentication of e-mail and file storage applications.

Privacy Enhanced Mail (PEM)

Standard proposed by the Internet Engineering Task Force (IETF) to function with the public key cryptosystems.

private key encryption

Synonymous with symmetric encryption. Private key encryption is a method of communicating on a network using a single key to both encrypt and decrypt a message.

public-key encryption

Synonymous with asymmetric encryption. A method of communicating on a network using two different but related keys, one to encrypt and the other to decrypt messages.

Public-key Infrastructure (PKI)

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.

registration authority (RA)

A component of a Public Key Infrastructure system that operates under the trusted collaboration of the certificate authority and can be delegated day-to-day certification functions, such as verifying registration information about new registrants, generating end-user keys, revoking certificates, and validating that users possess a valid certificate.

replay attack

An attack in which an abuser has successfully broken an encryption and attempts to resubmit the deciphered authentication to gain entry to a secure source.

RSA algorithm

The de facto standard for public use encryption applications. The security of the algorithm is based on the computational difficulty of factoring large composite numbers and computing the eth roots modulo, a composite number for a specified odd integere. 1977.

secret key

Password or passphrase used in private key or symmetric encryption.

Secure Electronic Transactions (SET)

A means of securing Web transactions that was developed by MasterCard and VISA in 1997 to provide protection from electronic payment fraud.

Secure Hash Standard (SHS)

An encryption norm that specifies SHA-1 (Secure Hash Algorithm 1) as a secure algorithm for computing a condensed representation of a message or data file. Issued by NIS

Secure HTTP (S-HTTP)

A protocol designed to enable secure communications across the Internet. S-HTTP is the application of SSL over HTTP, which allows the encryption of all information passing between two computers through a protected and secure virtual connection.

Secure Multipurpose Internet Mail Extensions (S/MIME)

A specification developed to increase the security of e-mail that adds encryption and user authentication.

Secure Sockets Layer (SSL)

A protocol to use public key encryption to secure a channel over the internet. Invented by netscape.

selected-plaintext attack

A crypto system attack in which the attackers send a target a section of plaintext they want encrypted and returned in order to reveal information about the target"s encryption systems.

session keys

Limited-use symmetric keys for encrypting electronic communication.

simple polyalphabetic

A basic code used in substitution ciphers where one letter is replaced with another.

SSL Record Protocol

A protocol responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.

standard HTTP

A protocol that provides the Internet communication services between client and host without consideration for encryption of the data that is communicated over the connection between client and server.

steganography

A method of hiding the existence of a secret message.

substitution cipher

In encryption, an encryption method that involves the substitution of one value for another.

symmetric encryption

Synonymous with private key encryption. A method of communicating on a network using a single key to both encrypt and decrypt a message.

time-memory tradeoff attack

A method of attack in which attackers compare hashed text against a database of pre-computed hashes from sequentially calculated passwords.

timing attack

An attack that eavesdrops during the victims session and uses statistical analysis for patterns and inter0keystrok timings to discern sensitive session information.

transport mode

One of the two modes of operation of the IPSec Protocols. In transport mode, only the IP data is encrypted, not the IP headers.

transposition cipher

Synonymous with permutation cipher. The rearranging of values within a block to create coded information.

trapdoor (mathematical)

In cryptography, a secret mechanism that enables you to easily accomplish the reverse function in a one-way mechanism.

triple DES (3DES)

An enhancement to the Data Encryption Standard (DES). An algorithm that uses up to three keys to perform three different encryption operations.

tunnel mode

One of the two modes of operation of the IP Security Protocol. In tunnel mode, the entire IP packet is encrypted and placed as payload into another IP packet.

Vernam cipher

An element of cryptosystems that was developed at AT&T and uses a set of characters only one time for each encryption process. Also known as the one-time pad.

Vigenère cipher

An advanced type of substitution cipher that uses a simple polyalphabetic code and involves using the Vigenère Square, which is made up of 26 distinct cipher alphabets.

work factor

The amount of effort (usually in hours) required to perform cryptanalysis on an encoded message so that it may be decrypted when the key or algorithm (or both) are unknown.

Digital Signature Standard (DDS)

A base for the process used to create digital signatures.

Key

Information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.

SHA-1

160-bit digest

DES

Widely known, IBM, Lucifer

64 Bit block size

64 Bit block size