More on this book
Community
Kindle Notes & Highlights
Read between
January 9 - January 13, 2020
The hashing algorithms always create a fixed-size bit string regardless of the size of the original data. The hash doesn’t give you a clue about the size of the file, the type of the file, or anything
If you want to work with hashes yourself, check out the hashing and checksum labs in the online resources for this book at http://gcgapremium.com/501labs/.
Bcrypt salts the password by adding additional random bits before encrypting it with Blowfish.
authenticated. As an added measure, it’s possible to add some pepper to the salt to further randomize the bcrypt string.
Some security experts believe that PBKDF2 is more susceptible to brute force attacks than bcrypt.
Bcrypt and PBKDF2 are key stretching techniques that help prevent brute force and rainbow table attacks. Both salt the password with additional random bits.
If you can recognize the hashing algorithms such as MD5, SHA, and HMAC, it will help you answer many exam questions. For example, if a question asks what you would use to encrypt data and it lists hashing algorithms, you can quickly eliminate them because hashing algorithms don’t encrypt data.
Random numbers are picked by chance. Pseudo-random numbers appear to be random but are created by deterministic algorithms, meaning that given the same input, a pseudo-random number generator will create
the same output. In cryptology, confusion indicates that the ciphertext is significantly different than the plaintext. Diffusion cryptographic techniques ensure that small changes in the plaintext result in significant changes in the ciphertext.
Stream ciphers encrypt data a single bit, or a single byte, at a time in a stream. Block ciphers encrypt data in a specific-sized block such as 64-bit or 128-bit blocks. Stream ciphers are more efficient than block ciphers when encrypting data in a continuous stream.
The Electronic Codebook (ECB) mode of operation is deprecated and should not be used. Cipher Block Chaining (CBC) mode combines each block with the previous block when encrypting data and sometimes suffers from pipeline delays. Counter (CTM) mode combines an IV with a counter to encrypt each block. Galois/Counter Mode (GCM) combines Counter mode
However, symmetric encryption doesn’t use the same key to encrypt and decrypt all data.
On the other hand, if symmetric encryption always used the same key of 123, it would add vulnerabilities. First, when keys are reused, the encryption is easier to crack. Second, once the key is cracked, all data encrypted with this key is compromised.
Symmetric encryption uses the same key to encrypt and decrypt data. For example, when transmitting encrypted data, symmetric encryption algorithms use the same key to encrypt and decrypt data at both ends of the transmission media. RADIUS uses symmetric encryption.
When more bits are used, it makes it more difficult to discover the key and decrypt the data.
AES is much less resource intensive. However, if hardware doesn’t support AES, 3DES is a suitable alternative.
AES is a strong symmetric block cipher that encrypts data in 128-bit blocks. AES
uses 128-bit, 192-bit, or 256-bit keys. DES and 3DES are block ciphers that encrypt data in 64-bit blocks. 3DES was originally designed as a replacement for DES, but NIST selected AES as the current standard. However, 3DES is still used in some applications, such as when legacy hardware doesn’t support AES.
RC4 is a strong symmetric stream cipher, but most experts recommend using AES instead today. Blowfish is a 64-bit block cipher and Twofish is a 128-bit block cipher. Although NIST
If you can recognize the symmetric algorithms such as AES, DES, 3DES, Blowfish, and Twofish, it will help you answer many exam questions. For example, if a question asks what you would use to hash data and it lists encryption algorithms, you can quickly eliminate them because encryption algorithms don’t hash data. You should also know the size of the blocks and the size of the keys listed in Table 10.2.
Although asymmetric encryption is very strong, it is also very resource intensive.
It takes a significant amount of processing power to encrypt and decrypt data, especially when compared with symmetric encryption. Most cryptographic protocols that use asymmetric encryption only use it for key exchange.
exchange is any cryptographic method used to share cryptographic keys between two entities. In this context, asymmetric encryption uses key exchange to share a symmetric key. The cryptographic protocol then uses the symmetric encryption to encrypt and decrypt data because symmetric encryption is much more efficient.
Imagine that I wanted you to send some proprietary information and a working model of an invention to me. Obviously, we wouldn’t want anyone else to be able to access the information or the working model. I could send you the empty open box with a copy of the key used to lock it. You place everything in the box and then lock it with the public key I’ve sent with the box. This key can’t unlock the box, so even if other people had copies of the public key that I sent to you, they couldn’t use it to unlock the box. When I receive the box from you, I can unlock it with the only key that will
...more
Diffie-Hellman (DH) is a key exchange algorithm used to privately share a symmetric key between two parties.
Diffie-Hellman is a secure method of sharing symmetric encryption keys over a public network. Elliptic curve cryptography is commonly used with small wireless devices. ECDHE is a version of Diffie-Hellman that uses elliptic curve cryptography to generate encryption keys.
Security professionals use steganalysis techniques to detect steganography, and the most common method is with hashing.
Steganography hides messages or other data within a file. For example, you can hide messages within the white space of a JPEG or GIF file. Security professionals use hashing to detect changes in files that may indicate the use of steganography.
Knowing which key encrypts and which key decrypts will help you answer many questions on the exam. For example, just by knowing that a private key is encrypting, you know that it is being used for a digital signature.
benefits. The digital signature algorithm (DSA) uses an encrypted hash of a message. The hash is encrypted with the sender’s private key. If the recipient of a digitally signed email can decrypt the hash, it provides the following three security benefits:
A digital signature is an encrypted hash of a message. The sender’s private key encrypts the hash of the message to create the digital signature. The recipient decrypts the hash with the sender’s public key. If successful, it provides authentication, non-repudiation,
and integrity. Authentication identifies the sender. Integrity verifies the message has not been modified. Non-repudiation prevents senders from later denying they sent an email.
Both SSL and TLS provide certificate-based authentication and they encrypt data with a combination of both symmetric and asymmetric encryption during a session.
TLS is the replacement for SSL. Both TLS and SSL require certificates issued by Certificate Authorities (CAs). TLS encrypts HTTPS traffic, but it can also encrypt other traffic
