click below
click below
Normal Size Small Size show me how
Security + CompTIA
Domain 6 Cryptography and PKI
Term | Definition |
---|---|
Symmetric Key | algorithms depend on a shared single key for encryption & decryption. Examples: DES 3DES RC5 & AES |
Asymmetric Key Algorithms | use a public key for encryption and private key for decryption Examples: RSA, Diffie-Hellman, El Gamal,& elliptic curve cryptography standards |
Nonrepudiation | ensures proof or origin, submission, delivery and receipt |
block ciphers | not as fast, encrypt on blocks of fixed length and have higher level of diffusion over stream cyphers |
stream ciphers, | encryption performed bit-by-bit |
ROT13 | substitution cipher - first half fo roman alphabet corresponds to second half and its is inverse in nature |
Perfect forward secrecy or just Forward Secrecy | after the session has ended when both sides destroy keys |
Ephemeral Key Agreement protocols | DHE ECDHE - provide forward secrecy |
Bcrypt & PBKDF2 | - key derivation functions used for key stretching, provide means to stretch a key or password; making it stronger |
Key Scrow | stores private key with a trusted third party |
OCSP Stapling | puts the responsibility of OCSP requests on web server instead of the issuing CA |
OCSP | Online Certificate Status Protocol, internet protocol used for obtaning the revocation status of an x509 digital certificate |
Three Types of Validated Certificates | DV, OV, EV |
DV | Domain Validation Certificate - assure domain is owned by the claiming party |
EV | Extended Validation Certificate - assures domain is owned by party and also extends the company and location in browser bar. |
OV | Organizational Validation - higher level of assurance - no difference to UI from DV |
PEM, P7B | Are ASCII encoded (letters and numbers) makes them useful for email |
DER PFX | binary encoded certificates |
PKI | public key infrastructure - enables secure data sharing among validated parties on the internet. relies on asymmetric key cryptography using certificates digitally signed blocks of data issued by a CA |
PEAP | encapsulates EAP (extensible authentication protocol) in a TLS tunnel, only requires a certificate on the server Thus Protected Extensible Authentication Protocol... |
LEAP | light weight extensible authentication protocol. no digital certificates, simply a password and you're able to communicate between authentication methods and WAP - based on Microsoft CHAP - all information travels in the clear |
EAP | Extensible Authentication Protocol - common set of frameworks that can be used to authenticate people into things like wireless networks, WPA2 & WPA use five different EAP types as authentication mechanisms. |
CSR | Certificate Signing Request - specially formatted encrypted message sent from a SSL applicant to a certificate authority. |