
Security+ (SY0401) Cram Notes
Previous
Next
6.1 Summarize
general cryptography concepts
Nonrepudiation:
Nonrepudiation ensures that the sender,
as well as the receiver cannot refute having sent or received a
message. For example, you receive an email from your perspective
employer. By using an unsigned email, it might so happen that your
employer later denies having sent any such email. Nonrepudiation
ensures that neither the sender nor the receiver can deny the
transmission or the reception of a message respectively. It prevents
either the sender or the receiver of messages from denying having
sent or received a message
Digital
Signatures and Encryption

Digital signature
ensures that the sender cannot repudiate having sent the message
at a future date.

Encryption
ensures that the message cannot be read by any person who do not
have matching key to decode the coded message

Hashing ensures
that the message is not tampered with, during transit or storage.
Note that Hashing not necessarily encode or encrypt a message.
Secretkey
encryption: It is also known as
singlekey or symmetric encryption. It involves the use of a single
key that is shared by both the sender and the receiver of the message.
Typically, the sender encrypts the message with a key and transmits
the message to the recipient. The recipient then decrypts it by using
a copy of the same key used to encrypt it. The disadvantages of using
symmetric encryption over asymmetric encryption are given below:

Inability to
support nonrepudiation: Since both the sender and receiver use
the same key, it is difficult to determine who is the sender,
should a dispute arise.

Impractical for
web commerce: Imagine thousands of customers buying goods and
services over the Internet. If symmetric encryption standard is
used, one unique private keypair needs to be used for each user.
It is therefore, impractical.

Another major
difficulty is with the transmission of private key. With symmetric
encryption, the private key needs to be transmitted to the other
party for decryption, which may pose security risk.
6.2 Use
and apply appropriate cryptographic tools and products
Hash Algorithms:
These algorithm produce a hash of a message and encrypt it. They
use a mathematical formula for hashing, and it is extremely
difficult to tamper with the message and still produce the same
hash. Basically, Hashing enable a recipient to check whether a
message is received intact without being tampered by a third party.

SHA (Secure
Hashing Algorithms): There are several Secure Hashing Algorithms
and they primarily differ in the hash length. They are SHA1,
SHA256, SHA384 and SHA512. In SHA1 the bit length is 160 bits,
in SHA256 it is 256 bits, for SHA384, 384 bits and in SHA512 it
is 512 bits.

MD2, MD4, MD5
(Message Digest Series Algorithms): These are another type of hash
algorithms. These algorithms were developed by Rivest. All three
algorithms take a message of arbitrary length and produce a
128bit message digest. MD2 is meant for 8 bit machines and MD4,
MD5 are suitable for 32 bit machines. These algorithms are
primarily used for digital signature applications.

CHAP (Challenge
Handshake Authentication Protocol) works on point to point
connections. It uses a three step process for authentication
(excluding making the connection itself). If making the connection
is also involved, it would be a 4 step process.
A
cryptographic hash function is a "oneway" operation. It is
practically not possible to deduce the input data that had produced
the output hash. You can decrypt an encoded message using matching
secret key. Similarly, Digital certificate is issued by a CA, and can
be decrypted to find the contents of the certificate.
Encryption Schemes:

AES (Advanced
Encryption Standard) is more secure than DES or 3DES.

AES is a
symmetric block cipher that can encrypt (encipher) or decrypt
(decipher) information

AES is based on
Rijndael algorithm

PGP (Pretty Good
Privacy) can use DiffieHellman or RSA algorithms, but not AES or
DES.
PGP
(Pretty Good Privacy): PGP uses
publickey encryption for sending and receiving email messages.
DiffieHellman and RSA algorithms are used for encryption/ decryption
of PGP messages. PGP certificates differ
from X.509 certificates in two ways:

PGP certificates
are issued (signed) by normal people while the X.509 certificates
must be issued by a professional CA, and

PGP implements a
security fault tolerance mechanism, called the Web of Trust. Here
an individual is allowed to sign and issue certificates to people
they know
Previous
Next

