Podcast
Questions and Answers
What is the primary purpose of the Diffie-Hellman algorithm in asymmetric cryptography?
What is the primary purpose of the Diffie-Hellman algorithm in asymmetric cryptography?
Which of the following block cipher modes is vulnerable to error propagation?
Which of the following block cipher modes is vulnerable to error propagation?
What is the primary advantage of Elliptic Curve Cryptography (ECC) over RSA?
What is the primary advantage of Elliptic Curve Cryptography (ECC) over RSA?
What is the purpose of padding in block ciphers?
What is the purpose of padding in block ciphers?
Signup and view all the answers
What is the main advantage of stream ciphers over block ciphers?
What is the main advantage of stream ciphers over block ciphers?
Signup and view all the answers
What is the primary purpose of a keyed-hash function in digital signature algorithms?
What is the primary purpose of a keyed-hash function in digital signature algorithms?
Signup and view all the answers
What is the main difference between a MAC and a MIC?
What is the main difference between a MAC and a MIC?
Signup and view all the answers
What is the primary vulnerability exploited in a Return-Oriented Programming (ROP) attack?
What is the primary vulnerability exploited in a Return-Oriented Programming (ROP) attack?
Signup and view all the answers
What is the purpose of a KDF (Key Derivation Function) in cryptography?
What is the purpose of a KDF (Key Derivation Function) in cryptography?
Signup and view all the answers
What is the main difference between a CWE (Common Weakness Enumeration) and a CVE (Common Vulnerabilities and Exposures)?
What is the main difference between a CWE (Common Weakness Enumeration) and a CVE (Common Vulnerabilities and Exposures)?
Signup and view all the answers
Study Notes
Terms
- Confidentiality: protecting sensitive information from unauthorized access
- Integrity: ensuring data is accurate, complete, and not modified without authorization
- Authentication: verifying the identity of a user, device, or system
- Authorization: controlling access to resources based on user identities and permissions
- Non-repudiation: ensuring a sender cannot deny sending a message
Symmetric Cryptography
- Key sharing: out-of-band, asymmetric, key agreement algorithms, key management systems
- Key sizes: 56-bit (DES), 128-256 bit (AES)
- Block sizes: 64-bit (DES), 128-bit (AES)
- DES: outdated, can be brute forced
- Triple DES: repeated DES three times, actual key length of 112 bits
- Blowfish: alternative to AES
- AES: most widely used, key sizes 128-256 bits, block size 128 bits
Block Ciphers
ECB (Electronic Code Book)
- Parallel computations, each block independent
- Same plaintext yields same ciphertext
CBC (Cipher Block Chaining)
- Initialization vector required
- Plaintext XORed with previous ciphertext, error propagation possible
Padding
- Always add padding, last byte determines amount of padding (up to an entire block)
Stream Ciphers
CTR (Counter Mode)
- Requires nonce concatenated with a counter
- Can be parallelized and allows random access (counter can be precomputed)
CFB (Cipher Feedback)
- Initialization vector encrypted with key generates keystream
- Similar to CBC
OFB (Output Feedback)
- Similar to CFB, but keystream is chained, not output ciphertext
Asymmetric Cryptography
- Computationally heavier
- Used for key distribution (confidentiality) and digital signatures (integrity and authentication, hashing message and private crypt)
- Very long keys required
- Diffie-Hellman: key exchange only, vulnerable to man-in-the-middle attacks
- RSA: for any purpose, breakable by quantum computers, 2048-bit keys
- Elliptic Curve Cryptography (ECC): RSA alternative with shorter keys (256-512 bits)
- Digital Signature Algorithm (DSA): digital signatures only
Hash Functions
- Digest used for integrity in combination with encryption (keyed-hash)
- Fast, difficult to invert, and collision-free
- MD5: 512-bit block size, 128-bit digest, insecure
- SHA-2: 512-bit block size, digest sizes 256/384/512-bit, secure
- Keyed-digest: hashing message and key combined, doesn't require encryption
Memory Vulnerabilities
CWE-119 Buffer Overflow
- Reading or writing to memory locations outside the buffer
CWE-125 Buffer Overread
- Reading memory locations beyond the buffer
CWE-416 Use After Free
- Using a dangling pointer not reset to NULL
CWE-190 Integer Overflow
- Overflowing an integer value
CWE-134 Use of Externally-Controlled Format String
- Format string generated or modified by an external source
CWE-78 OS Command Injection
- Injecting shell commands, mitigated by checking content and using least privilege
Code Reuse
- Return-to-libc: using buffer overflow to return to exec() with malicious parameters
Return-Oriented Programming (ROP)
- Using small code gadgets, ending with RET, to craft malicious code
- Stack can be overflowed with fake return addresses
Secure Coding
- CWE: Common Weakness Enumeration, theoretical vulnerabilities
- CVE: Common Vulnerabilities and Exposures, actual vulnerabilities
- KDF: Key Derivation Functions
- PKI: Public Key Infrastructure
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge of basic cryptography concepts, including confidentiality, integrity, and authentication, as well as symmetric cryptography and its limitations.
