click below
click below
Normal Size Small Size show me how
Module 3
Cryptographic Solutions
Term | Definition |
---|---|
Cryptography | The science and practice of altering data to make it unintelligible |
Plaintext | Unencrypted data |
Ciphertext | Data that cannot be read without the cipher key |
Algorithm | Operations that transform a plaintext into a ciphertext |
Cryptanalysis | The science art and practice of breaking codes and ciphers |
Encryption | Scrambling the characters used in a message |
Key | A specific piece of information used with an algorithm to perform encryption and decryption |
Symmetric encryption | Two-way encryption that uses the same key |
Key length | Size of a cryptographic key in bits |
Asymmetric algorithm | Cipher that uses public and private keys |
Public key | A freely distributed key to perform the reverse encryption or decryption |
Private key | this key is known only to the holder |
Blockchain | A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography |
Open public ledger | Distributed public record of transactions of blockchains |
Steganography | The practice of concealing a file message image or video within another file message image or video |
Data masking | A de-identification method where generic or placeholder labels are substituted for real data |
Tokenization | A de-identification method where a unique token is substituted for real data |
Key management system | PKI procedures and tools that centralizes generation and storage of cryptographic keys |
Trusted Platform Module | secure hardware-based storage of encryption keys hashed passwords and other identification information |
Secure enclave | CPU extensions that protect data stored in system memory so that an untrusted process cannot read it |
Hashing algorithm | A function that converts an arbitrary-length string input to a fixed-length string output |
Digital signature | A message digest encrypted using the senders private key that is appended to a message |
Salt | A security countermeasure that mitigates the impact of precomputed hash table attacks |
Key stretching | A technique that strengthens potentially weak input for cryptographic key generation |
Secure Hash Algorithm | A cryptographic hashing algorithm created to address possible weaknesses in multi-domain authentication |
Data at rest | Information that is primarily stored on specific media rather than moving from one medium to another |
Data in transit | Information that is being transmitted between two hosts such as over a private network or the internet |
Data in use | Information that is present in the volatile memory of a host such as system memory or cache |
Transport encryption | Encryption scheme applied to data-in-motion such as WPA IPsec or TLS |
Key exchange | Any method by which cryptographic keys are transferred among users |
Full disk encryption | Encryption of all data on a disk |
Self-encrypting drives | A disk drive where the controller can automatically encrypt data that is written to it |
Public key infrastructure | A framework of certificate authorities digital certificates software services and other cryptographic components |
Digital certificate | Identification and authentication information presented in the X.509 format and issued by a CA |
Certificate signing request | A Base64 ASCII file that a subject sends to a CA to get a certificate |
Wildcard | In PKI a digital certificate that will match multiple subdomains of a parent domain |
Root certificate | A certificate authority that issues certificates to intermediate certificate authorities |
Certificate chaining | A method of validating a certificate |
Escrow | The storage of a backup key with a third party |