Understand Basic Cryptography Concepts - Paiet/Tech-Journal-for-Everything GitHub Wiki

  • Understand Basic Cryptography Concepts
    • 1.3.a Describe key exchange
      • Both sender and receiver need to have the public key of the trusted CA.
      • The sender and receiver need to have the public key of each other.
    • 1.3.b Describe hash algorithm
      • Hashing is method used to verify data integrity
      • a cryptographic function that creates a fixed length value from a given block of data.
        • one way function that will allow two different computers to generate the same hash value given the same data.
        • not likely if not nearly impossible to generate the same hash value from different blocks of data. (Collision Resistance)
        • The generated values is called a digest or message digest or hash.
      • 3 most popular hash algorithms
        • Message Digest 5 (MD5) - creates 128 Bit Digest
        • Secure Hashing Algorithm 1 (SHA1) - creates 160 Bit Digest
        • Secure Hashing Algorithm 2 (SHA2) - creates 224 to 512 bit Digest
      • Hashed Message Authentication Code (HMAC)
        • Hashing along with a secret key calculation.
        • The data integrity cannot be verified without knowing the secret key.
    • 1.3.c Compare and contrast symmetric and asymmetric encryption || Symmetric Encryption| Asymmetric Encryption | |---------|--------|--------| |Key|same key used to encrypt & decrypt|Key Pair: one used to encrypt; the other, decrypt| |Usage|Protects bulk data|authentication or key generation| |Cost|Fast and little CPU overhead|High CPU usage| |Key Length|112 to 256 bit|2048 and 4096 bit| |Algorithms|DES,3DES,AES,IDEA,RC2,RC4,RC5,RC6, and Blowfish|RSA,DH,ElGamal,DSA, and ECC|
    • 1.3.d Describe digital signatures, certificates, and PKI
      • Digital Signatures provides authentication, data integrity and nonrepudiation.
        • involves encryption, key-pairing and hashing.
        • Sender generates a hash on a packet and then encrypts it with his own Private Key. Receiver uses Public Key to get Hash. Because the Public Key can descrypt the Sender's Hash, it authenticates the sender. Then receiver generates a hash on packet to see if it matches to the received hash. If they match, then the data integrity is proven.
      • Certificates
        • Issued from a Trusted Certificate Authority
        • Made of Entity Name, Public Key, Digital Signature of the Certificate Authority which issued the certificate.