Message Digest (MD) - One of the earliest hash algorithms is a "family" of algorithms known as Message Digest (MD). Versions of MD hashes were introduced over almost 20 years, from MD2 (1989) to MD6 (2008). The most widely used of these algorithms is MD5. This hash algorithm uses four variables of 32 bits each in a round-robin fashion to create a value that is then compressed. Serious weaknesses have been identified in MD5, and it is no longer considered suitable for use. Show
Secure Hash Algorithm (SHA) - Another family of hashes is the Secure Hash Algorithm (SHA). SHA-1 was developed in 1993 but is no longer considered suitable for use. SHA-2 has six variations, the most common are SHA-256, SHA-384, and SHA-512 (the last number indicates the length in bits of the digest that is generated) and is currently considered a secure hash. In 2015, after eight years of competition between 51 original entries, SHA-3 was announced as a new standard. One design goal of SHA-3 was to make it dissimilar to previous hash algorithms to prevent threat actors from building on earlier work of compromising the algorithms. RIPEMD - it stands for RACE Integrity Primitives Evaluation Message Digest. The primary design feature of RIPEMD is two different and independent parallel chains of computation, the results of which are then combined at the end of the process. All versions of RIPEMD are based on the length of the digest created, including RIPEMD-128, RIPEMD-256, and RIPEMD-320. Initially, modern web browsers (Chrome, Firefox, Internet Explorer, Safari, and Opera) used OCSP. However, if the web browser cannot reach the OCSP Responder server, such as when the server is down, then the browser receives a network error message (called a soft fail), and the revocation check is simply ignored. Also, online revocation checking by web browsers can be slow. For these reasons, web browsers have implemented a range of solutions to reduce or eliminate the need for online revocation checking by instead "harvesting" lists of revoked certificates from CAs and then pushing them to the user's browser. Creation - At this stage, the certificate is created and issued to the user. Before the digital certificate is generated, the user must be positively identified. The extent to which the user's identification must be confirmed can vary, depending upon the type of certificate and any existing security policies. Once the user's identification has been verified, the request is sent to the CA for a digital certificate. The CA can then apply its appropriate signing key to the certificate, effectively signing the public key. The relevant fields can be updated by the CA, and the certificate is then forwarded to the registration authority. The CA also can keep a local copy of the certificate it generated. A certificate, once issued, can be published to a public directory if necessary. Suspension - This stage could occur once or multiple times throughout the life of a digital certificate if the certificate's validity must be temporarily suspended. Suspension may occur, for example, when employees are on a leave of absence and their digital certificates may not be used for any reason until they return. Upon a user's return, the suspension can be withdrawn or the certificate can be revoked. Revocation - At this stage, the certificate is no longer valid. Under certain situations, a certificate may be revoked before its normal expiration date, such as when a user's private key is lost or compromised. When a digital certificate is revoked, the CA updates its internal records, and any CRL with the required certificate information and time stamp (a revoked certificate is identified in a CRL by its certificate serial number). The CA signs the CRL and places it in a public repository so that other applications using certificates can access the repository to determine the status of a certificate. Expiration - At the expiration stage, the certificate can no longer be used. Every certificate issued by a CA must have an expiration date. Once it has expired, the certificate may not be used for any type of authentication. The user will be required to follow a process to receive a new certificate with a new expiration date. What happens if employees are hospitalized, and their organization needs to transact business using their keys? Some CA systems have an embedded key recovery system that designates a key recovery agent (KRA), a highly trusted person responsible for recovering lost or damaged digital certificates. Digital certificates can then be archived along with a user's private key. If the user is unavailable or if the certificate is lost, the certificate with the private key can be recovered. Another technique is known as M-of-N control. A user's private key is encrypted and divided into a specific number of parts, such as three. The parts are distributed to other individuals with an overlap, so multiple individuals have the same part. For example, the three parts could be distributed to six people, with two people each having the same part. This is known as the N group. If it is necessary to recover the key, a smaller subset of the N group, known as the M group, must meet and agree that the key should be recovered. If a majority of the M group can agree, they can then piece the key together. M-of-N control is illustrated in Figure 7-12. The reason for distributing parts of the key to multiple users is that the absence of one member would not prevent the key from being recovered. How does cryptography protect the confidentiality of information?cryptography can protect the confidentiality of information by ensuring that only authorized parties can view it Integrity ensures the information is correct and no unauthorized person or malicious software has altered that data Authentication the authentication of the sender can be verified through cryptography Non-repudiation
What basic protections can cryptography support?What basic protections can cryptography support? confidentiality, integrity, authentication, non-repudiation, obfuscation Confidentiality cryptography can protect the confidentiality of information by ensuring that only authorized parties can view it Integrity
Is obfuscation a basic security protection for information that cryptography can provide?Obfuscation cannot by itself be used as a general cybersecurity protection because it does not provide security, even limited security. Which of these is NOT a basic security protection for information that cryptography can provide? a. Authenticity b.
What is a cryptographic ciphers?Cipher also known as a cryptographic algorithm; plaintext data is input into a cipher which consists of procedures based on a mathematical formula to encrypt and decrypt the data. Key a mathematical value entered into the cryptographic algorithm, or cipher, to produce the ciphertext
Which feature of cryptography is used to prove a users identity and prevent an individual?A digital signature proves the identity of the sender of a message and to show that a message has not been tampered with since the sender posted it. This provides authentication, integrity, and non-repudiation. A private key will encrypt the message.
Which feature of cryptography is used to prove a user's identity?Authentication: The process of proving one's identity. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.
What are the five basic information protections cryptography can provide?The publication describes the following basic security services as confidentiality, integrity, authentication, source authentication, authorization and non-repudiation.
Which encryption method in BitLocker prevents attackers from accessing data?BitLocker Device Encryption uses the XTS-AES 128-bit encryption method.
|
Which feature of cryptography is used to prove a users identity and prevent an individual from fraudulently reneging on an action quizlet?
direito autoral © 2024 cumeu Inc.
