Term
|
Definition
| Set of mathematical and logic rules used in cryptographic functions |
|
|
Term
|
Definition
| Another name for algorithm |
|
|
Term
|
Definition
| Science of secret writing that enables an entity to store and transmit data in a form that is available only to the intended individuals |
|
|
Term
|
Definition
| Hardware or software implementation of cryptography that contains all the necessary software, protocols, algorithms, and keys |
|
|
Term
|
Definition
| Practice of uncovering flaws within cryptosystems |
|
|
Term
|
Definition
| The study of both cryptography and cryptanalysis |
|
|
Term
|
Definition
| Act of transforming data into an unreadable format |
|
|
Term
|
Definition
| Act of transforming data into a readable format |
|
|
Term
|
Definition
| Sequence of bits that are used as instructions that govern the acts of cryptographic functions within an algorithm |
|
|
Term
|
Definition
| Instance when two different keys generate the same ciphertext from the same plaintext |
|
|
Term
|
Definition
| A range of possible values used to construct keys |
|
|
Term
|
Definition
| Data in readable format, also referred to as cleartext |
|
|
Term
|
Definition
| Encryption method that uses an algorithm that changes out (substitutes) one value for another value |
|
|
Term
|
Definition
| Ancient encryption tool that used a type of paper and rod used by Greek military factions |
|
|
Term
|
Definition
| Concept that an algorithm should be known and only the keys should be kept secret |
|
|
Term
|
Definition
| Encryption method created by Gilbert Vernam that is considered impossible to crack if carried out properly |
|
|
Term
|
Definition
| Algorithm used to create values that are used in cryptographic functions to add randomness |
|
|
Term
|
Definition
| Substitution cipher that creates keystream values, commonly from agreed-upon text passages, to be used for encryption purposes |
|
|
Term
|
Definition
| Encryption method that hides a secret message within an open message |
|
|
Term
|
Definition
| Method of hiding data in another media type with the goal of secrecy |
|
|
Term
| Digital Rights Management (DRM) |
|
Definition
| Access control technologies commonly used to protect copyright material |
|
|
Term
|
Definition
| Encryption method that shifts (permutation) values |
|
|
Term
|
Definition
| Simple substitution algorithm created by Julius Caesar that shifts alphabetic values three positions during its encryption and decryption processes |
|
|
Term
|
Definition
| Cryptanalysis process used to identify weaknesses within cryptosystems by locating patterns in resulting ciphertext |
|
|
Term
| Key Derivation Functions (KDFs) |
|
Definition
| Generation of secret keys (subkeys) from an initial value (master key) |
|
|
Term
|
Definition
| Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes. |
|
|
Term
|
Definition
| Sending data through an alternate communication channel. |
|
|
Term
|
Definition
| Encryption method that uses two different key types, public and private. Also called public key cryptography. |
|
|
Term
|
Definition
| Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties. |
|
|
Term
|
Definition
| Value used in public key cryptography that is used for decryption and signature creation and known to only key owner. |
|
|
Term
|
Definition
| Asymmetric cryptography, which uses public and private key values for cryptographic functions. |
|
|
Term
|
Definition
| Symmetric algorithm type that encrypts chunks (blocks) of data at a time. |
|
|
Term
|
Definition
| Transposition processes used in encryption functions to increase randomness. |
|
|
Term
|
Definition
| Substitution processes used in encryption functions to increase randomness. |
|
|
Term
|
Definition
| Algorithm design requirement so that slight changes to the input result in drastic changes to the output. |
|
|
Term
|
Definition
| Algorithm type that generates a keystream (random values), which is XORd with plaintext for encryption purposes. |
|
|
Term
|
Definition
| Component of a stream algorithm that creates random values for encryption purposes. |
|
|
Term
| Initialization vectors (IVs) |
|
Definition
Values that are used with algorithms to increase randomness for cryptographic functions.
For example, if we have the plaintext value of “See Spot run” two times within our message, we need to make sure that even though there is a pattern in the plaintext message, a pattern in the resulting ciphertext will not be created. So the IV and key are both used by the algorithm to provide more randomness to the encryption process. |
|
|
Term
|
Definition
| Combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key. |
|
|
Term
|
Definition
| Symmetric keys that have a short lifespan, thus providing more protection than static keys with longer lifespans. |
|
|
Term
|
Definition
| Message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. Collectively this is called a digital envelope. |
|
|
Term
|
Definition
| Block symmetric algorithm chosen by NIST as an encryption standard in 1976. It uses a 56-bit true key bit size, 64-bit block size, and 16 rounds of computation. |
|
|
Term
|
Definition
| Algorithm that was chosen for the Data Encryption Standard, which was altered and renamed Data Encryption Algorithm. |
|
|
Term
| Data Encryption Algorithm |
|
Definition
| Algorithm chosen to fulfill the Data Encryption Standard. Block symmetric cipher that uses a 56-bit true key size, 64-bit block size, and 16 rounds of computation. |
|
|
Term
| Advanced Encryption Standard |
|
Definition
| U.S. encryption standard that replaced DES. Block symmetric cipher that uses 128-bit block sizes and various key lengths (128, 192, 256). |
|
|
Term
|
Definition
| Block symmetric cipher that was chosen to fulfill the Advanced Encryption Standard. It uses a 128-bit block size and various key lengths (128, 192, 256). |
|
|
Term
|
Definition
| Symmetric cipher that applies DES three times to each block of data during the encryption process. |
|
|
Term
| International Data Encryption Algorithm |
|
Definition
| Block symmetric cipher that uses a 128-bit key and 64-bit block size. |
|
|
Term
|
Definition
| Block symmetric cipher that uses 64-bit block sizes and variable-length keys. |
|
|
Term
|
Definition
| Stream symmetric cipher that was created by Ron Rivest of RSA. Used in SSL and WEP. |
|
|
Term
|
Definition
| Block symmetric cipher that uses variable block sizes (32, 64, 128) and variable-length key sizes (0–2040). |
|
|
Term
|
Definition
| Block symmetric cipher that uses a 128-bit block size and variablelength key sizes (128, 192, 256). Built upon the RC5 algorithm. |
|
|
Term
|
Definition
| First asymmetric algorithm created and is used to exchange symmetric key values. Based upon logarithms in finite fields. |
|
|
Term
|
Definition
| De facto asymmetric algorithm used for encryption, digital signatures, and key exchange. Based upon the difficulty of factoring large numbers into their original prime numbers. |
|
|
Term
|
Definition
| Asymmetric algorithm based upon the Diffie- Hellman algorithm used for digital signatures, encryption, and key exchange. |
|
|
Term
| Elliptic curve cryptosystem algorithm |
|
Definition
| Asymmetric algorithm based upon the algebraic structure of elliptic curves over finite fields. Used for digital signatures, encryption, and key exchange. |
|
|
Term
|
Definition
| Asymmetric algorithm based upon a subset sum problem (knapsack problem). It has been broken and no longer used. |
|
|
Term
|
Definition
| One entity can prove something to be true without providing a secret value. |
|
|
Term
|
Definition
| Cryptographic process that takes an arbitrary amount of data and generates a fixed-length value. Used for integrity protection. |
|
|
Term
| Message authentication code (MAC) |
|
Definition
| Keyed cryptographic hash function used for data integrity and data origin authentication. |
|
|
Term
| Hashed message authentication code (HMAC) |
|
Definition
| Cryptographic hash function that uses a symmetric key value and is used for data integrity and data origin authentication. |
|
|
Term
|
Definition
| Cipher block chaining message authentication code uses encryption for data integrity and data origin authentication. |
|
|
Term
|
Definition
| Cipher message authentication code that is based upon and provides more security compared to CBC-MAC. |
|
|
Term
|
Definition
| Block cipher mode that combines the CTR encryption mode and CBC-MAC. One encryption key is used for both authentication and encryption purposes. |
|
|
Term
|
Definition
| When two different messages are computed by the same hashing algorithm and the same message digest value results. |
|
|
Term
|
Definition
| Cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory forces collisions within hashing functions. |
|
|
Term
|
Definition
| Ensuring the authenticity and integrity of a message through the use of hashing algorithms and asymmetric algorithms. The message digest is encrypted with the sender’s private key. |
|
|
Term
| Digital signature standard |
|
Definition
| U.S. standard that outlines the approved algorithms to be used for digital signatures for government authentication activities. |
|
|
Term
|
Definition
| Component of a PKI that creates and maintains digital certificates throughout their life cycles. |
|
|
Term
|
Definition
| Component of PKI that validates the identity of an entity requesting a digital certificate. |
|
|
Term
| Certificate revocation list |
|
Definition
| List that is maintained by the certificate authority of a PKI that contains information on all of the digital certificates that have been revoked. |
|
|
Term
| Online certificate status protocol |
|
Definition
| Automated method of maintaining revoked certificates within a PKI. |
|
|
Term
|
Definition
| Digital identity used within a PKI. Generated and maintained by a certificate authority and used for authentication. |
|
|
Term
|
Definition
| Technology that encrypts full packets (all headers and data payload) and is carried out without the sender’s interaction. |
|
|
Term
|
Definition
| Encryption method used by the sender of data that encrypts individual messages and not full packets. |
|
|
Term
| Multipurpose Internet Mail Extension |
|
Definition
| Standard that outlines the format of e-mail messages and allows binary attachments to be transmitted through e-mail. |
|
|
Term
|
Definition
| Secure/Multipurpose Internet Mail Extensions, which outlines how public key cryptography can be used to secure MIME data types. |
|
|
Term
|
Definition
| Cryptosystem used to integrate public key cryptography with e-mail functionality and data encryption, which was developed by Phil Zimmerman. |
|
|
Term
|
Definition
| Use of quantum mechanical functions to provide strong cryptographic key exchange. |
|
|
Term
|
Definition
| A combination of HTTP and SSL\TLS that is commonly used for secure Internet connections and e-commerce transactions. |
|
|
Term
| Secure Electronic Transaction |
|
Definition
| Secure e-commerce standard developed by Visa and MasterCard that has not been accepted within the marketplace. |
|
|
Term
|
Definition
| Data files used by web browsers and servers to keep browser state information and browsing preferences. |
|
|
Term
|
Definition
| Network protocol that allows for a secure connection to a remote system. Developed to replace Telnet and other insecure remote shell methods. |
|
|
Term
|
Definition
| Protocol suite used to protect IP traffic through encryption and authentication. De facto standard VPN protocol. |
|
|
Term
| Authentication header protocol |
|
Definition
| Protocol within the IPSec suite used for integrity and authentication. |
|
|
Term
| Encapsulating security protocol |
|
Definition
| Protocol within the IPSec suite used for integrity, authentication, and encryption. |
|
|
Term
|
Definition
| Mode that IPSec protocols can work in that provides protection for packet data payload. |
|
|
Term
|
Definition
| Mode that IPSec protocols can work in that provides protection for packet headers and data payload. |
|
|
Term
| Internet Security Association and Key Management Protocol |
|
Definition
| Used to establish security associates and an authentication framework in Internet connections. Commonly used by IKE for key exchange. |
|
|
Term
|
Definition
| Attack where the attacker does not interact with processing or communication activities, but only carries out observation and data collection, as in network sniffing. |
|
|
Term
|
Definition
| Attack where the attacker does interact with processing or communication activities. |
|
|
Term
|
Definition
| Cryptanalysis attack where the attacker is assumed to have access only to a set of ciphertexts. |
|
|
Term
|
Definition
| Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext. |
|
|
Term
|
Definition
| Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts. |
|
|
Term
|
Definition
| Cryptanalysis attack where the attacker chooses a ciphertext and obtains its decryption under an unknown key. |
|
|
Term
| Differential cryptanalysis |
|
Definition
| Cryptanalysis method that uses the study of how differences in an input can affect the resultant difference at the output. |
|
|
Term
|
Definition
| Cryptanalysis method that uses the study of affine transformation approximation in encryption processes. |
|
|
Term
|
Definition
| Attack that uses information (timing, power consumption) that has been gathered to uncover sensitive data or processing functions. |
|
|
Term
|
Definition
| Valid data transmission is maliciously or fraudulently repeated to allow an entity gain unauthorized access. |
|
|
Term
|
Definition
| Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic structure of mathematical functions. |
|
|
Term
|
Definition
| Cryptanalysis attack that exploits vulnerabilities within the algorithm structure. |
|
|
Term
|
Definition
| Cryptanalysis attack that uses identified statistical patterns. |
|
|
Term
| Social engineering attack |
|
Definition
| Manipulating individuals so that they will divulge confidential information, rather than by breaking in or using technical cracking techniques. |
|
|
Term
| Meet-in-the-middle attack |
|
Definition
| Cryptanalysis attack that tries to uncover a mathematical problem from two different ends. |
|
|
