Bookmark and Share

Front Back
Caesar cipher
A simple three-position shifting monoalphabetic substitution cipher employed by Julius Caesar.
substitution cipher
Cipher that uses an encryption algorithm to replace each character or bit of the plain-text message with a different character, such as a Caesar cipher.
keyspace or key space
The range of values that are valid for use as a key for a specific algorithm.
Kerchoof principle
Cryptographic systems should be secure even if everything about the system, except the key, is public knowledge.
Logical AND
both values are true
Logical OR
one of two values are true
Logical NOT
! or ~
Exclusive OR
plus sign in circle
One-way function
A mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.
A random number generator variable used in cryptography software; creates a new and unique value every time it is used, often based on a timestamped seed value.
zero knowledge proof
A concept of communication whereby a specific type of information is exchanged but no real data is exchanged. Good examples of this idea are digital signatures and digital certificates.
split knowledge
The specific application of the ideas of separation of duties and two-man control into a single solution. The basic idea is that the information or privilege required to perform an operation is divided among multiple users. This ensures that no single person has sufficient privileges to compromise the security of the environment.
M of N control
A protection measure that requires that a minimum number of agents (M) out of the total number of agents (N) work together to perform high-security tasks.
work function or work factor
A way of measuring the strength of a cryptography system by measuring the effort in terms of cost and/or time. Usually the time and effort required to perform a complete brute‐force attack against an encryption system is what the work function rating represents. The security and protection offered by a cryptosystem is directly proportional to the value of the work function/factor.
Cryptographic systems of symbols that represent words or phrases.
Always meant to hide the true meaning of a message.
transposition cipher
Cipher that uses an encryption algorithm to rearrange the letters of a plain-text message to form the cipher‐text message.
columnar transposition
A form of cryptographic transposition based on arranging plain text in a form that generates columns; then the columns are extracted as the cipher text.
one-time pad requirements
  • The one-time pad must be randomly generated. Using a phrase or a passage from a book would iintroduce the possibility that cryptanalysts could break the code.
  • The one-time pad must be physically protected against disclosure. If the enemy has a copy of the pad, they can easily decrypt the enciphered messages.
  • Each one-time pad must be used only once. If pads are reused, cyptanalysts can compare similarities in multiple messages encrypted with the same pad and possibly determine the key values used.
  • The key must be at least as long as the message to be encrypted. This is because each character of the key is used to encode only one character of the message.
one-time pad
use a different substitution alphabet for each letter of plaintext message.
C= (P+K) mod 26
block cipher
A cipher that applies the encryption algorithm to an entire message block at the same time. Transposition ciphers are examples of block ciphers.
stream ciphers
Ciphers that operate on each character or bit of a message (or data stream) one character/bit at a time.
Occurs when the relationship between the plain text and the key is so complicated that an attacker can't merely continu altering the plaintext and analyzing the resulting cipertext to determine the key.
Occurs when a change in the plain text results in multiple changes spread throughout the cipertext.
Weaknesses of Symmetric key cyrpto
  • Key distribution is a major problem
  • Symmetric key cryptography does not implement nonrepudiation
  • The algorithm is not scalable
  • Keys must be regenerated often.
Major strength of symmetric key crypto
1,000 to 10,000 times faster than asymmetric crypto
Asymmetric key algorithms
(public key algorithms)
A form of cryptography that does not use symmetric keys. It either uses complex formulas to solve problems (such as Diffie‐Hellman to generate/exchange symmetric keys) or uses key pair sets to provide digital signatures and digital envelopes. This latter form is also known as public key cryptography
Major strengths of asymmetric key cryptography
  • The addition of new users requires the generation of only one public-private key pair.
  • Users can be removed far more easily from asymmetric systems.
  • Key regeneration is required only when a user's private key is compromised.
  • provides integrity, authentication, and nonrepudiation
  • simple key distribution
  • No preexisting communication link needs to exist.
A number known as a message digest generated from a hash function. Also see hash function.
hash function
The process of taking a full message and generating a unique output value derived from the content of the message. This value is commonly referred to as the message digest.
Common hasing algoritms
  • Message Digest 2 (MD2)
  • Message Digest 5 (MD5)
  • Secure Hash Algorithm (SHA-0, SHA-1, and SHA-2)
  • Hashed Message Autenticated Code (HMAC)
Data Encryption Standard (DES)
A standard cryptosystem proposed in 1977 for all government communications. DES and 3DES were superseded by Advanced Encryption Standard (AES) in December 2001.
Cipher Block Chaining (CBC)
A process in which each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm
Electronic Codebook (ECB)
The simplest encryption mode to understand and the least secure. Each time the algorithm processes a 64‐bit block, it simply encrypts the block using the chosen secret key. This means that if the algorithm encounters the same block multiple times, it produces the same encrypted block.
Cipher Feedback (CFB)
A mode in which the DES algorithm is used to encrypt the preceding block of cipher text. This block is then XORed with the next block of plain text to produce the next block of cipher text.
Output Feedback (OFB)
A mode in which the Data Encryption Standard XORs plain text with a seed value. For the first encrypted block, an initialization vector is used to create the seed value. Future seed values are derived by running the DES algorithm on the preceding seed value. The major advantage of OFB mode is that transmission errors do not propagate to affect the decryption of future blocks.
Triple DES (3DES)
A standard that uses three iterations of DES with two or three different keys to increase the effective key strength to 112 bits.
International Data Encryption Algorithm (IDEA)
A block cipher that was developed in response to complaints about the insufficient key length of the DES algorithm. IDEA operates on 64‐bit blocks of plain/cipher text, but it begins its operation with a 128-bit  key.
A block cipher that operates on 64‐bit blocks of text and uses variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits.
Associated with the Escrowed Encryption Standard, an algorithm that operates on 64‐bit blocks of text. It uses an 80‐bit key and supports the same four modes of operation supported by DES. Skipjack was proposed but never implemented by the US government. It provides the cryptographic routines supporting the Clipper and Capstone high‐speed encryption chips designed for mainstream commercial use.
Advanced Encryption Standard (AES)
The encryption standard selected in October 2000 by the National Institute of Standards and Technology (NIST) that is based on the Rijndael cipher.
  • 128-bit keys require 10 rounds of encryption
  • 192-bit keys require 12 rounds of encryption.
  • 256-bit keys require 14 rounds of encryption.
  • Created by Bruce Schneier.
  • 128-bit block cipher
  • Capable of using cryptographic keys up to 256 bits in length.
  • XORs the plain text with a separate subkey before the first round of encryption.
  • Postwhitening uses a similar operation after the 16th round of encryption.
Enables two users to securely reac agreement about a shared secret that can be used as a secret key for subsequent symmetric encryption of messages.
Best practices for the storage of encryption keys
  • Never store an encryption key on the same system where encrypted data resides. This just makes it easier for the attacker
  • For sensitive keys, consider providing two different individuals with half of the key. They then must collaborate to re-create the entire key. This is known as the principle of split knowledge.
Fair Cryptosystems
A failed government attempt to create a back door to all encryption solutions. This technology used a segmented key that was divided among several trustees.
Escrowed Encryption Standard
A failed government attempt to create a back door to all encryption solutions. The solution employed the Clipper chip, which used the Skipjack algorithm.
El Gamal
The explanation of how the mathematical principles behind the Diffie–Hellman key exchange algorithm could be extended to support an entire public key cryptosystem used for the encryption and decryption of messages.
elliptic curve cryptography
A new branch of public key cryptography that offers similar security to established public key cryptosystems at reduced key sizes
message digest (MD)
A summary of a message’s content (not unlike a file checksum) produced by a hashing algorithm.
x of y cards Next > >> >|