How can we help?

You can also find more resources in our Help Center.

17 terms

Secure Communications and Storage

Process of encoding private message so that they can not be interpreted if intercepted by unintended recipients
Process of encoding a message so the message seems unintelligible and is kept secret
Reversing the encryption process to recover encrypted message into plain text
Hex Editor
A hex editor is software that allows you to view/edit data in raw format. Typically will allow multiple types of interpretations of data.
-Can be used to read any data file
Encrypted Data
Application data is encrypted via some algorithm such that a pass phrase is used to provide access to or generate the encryption key
Hash Function
One way encryption
Creates a thumbprint of processed data
Variable length input stream converted to fixed length output
Hash Techniques
-CRC: Cyclic Redundancy Check
Mostly used for error detection
Easy to find two files with same -CRC
-MD5: Message Digest 5
128 bit output
-SHA-1: Secure Hash Algorithm
NIST/NSA government default (160 bit)
Symmetric Encryption Standards
Same key used for encryption and decryption (or decryption key is calculated from encryption key)
DES (56 bit)
AES -Rijndael
Asymmetric Encryption Standards
-Encryption and Decryption keys are not the same
-Uses Public key- Private key pair for encryption/decryption
Key Space
To a great degree, the strength of a cryptographic algorithm is proportional to it's key size. The longer the better
Dictionary Attacks
-The most efficient way to break a password is via a dictionary attack.
-A dictionary attack attempts to crack a user's password by trying known words.
Brute Force Attacks
-Brute force attacks try all possible combinations of values for a password/Encryption Key.
-It does not require a very long key space before a brute force attack is computational infeasible.
Social Engineering
People are still the weakest link in security
To be secure a password must be complex.
PKI (Public Key Infrastructure)
A PKI is system that contains a secure repository of public keys.
Certificate Authority (CA)
A trusted third-party organization or company that issues digital certificates used to create digital signatures and public-private key pairs.
-Certificates are used to exchange Public and Private keys.
-A certificate does not need to contain both public and private keys. It may just contain a public key
-Certificates have a valid time frame.
Microsoft Encrypted File System (EFS)
-Based on public-key private-key encryption
-Each file uses a unique encryption key
-Reduces probably of attack via cryptanalysis
-Uses Symmetric algorithm for data encryption