Difference between Asymmetric Encryption and Signing (Digital Signature)
Exam Cram emphasizes several times the efficiency of elliptic curve cryptography (ECC) and its application for mobile devices with more constrained computational or energetic profiles. Which I suspect means that a question like this is likely to be on the Security+ exam.
Exam Cram indicates that the Security+ test is likely to have some kind of question about the difference between steganography and cryptography.
To reiterate, a list of the roles of cryptography in security:
[Cryptography] is trying to make us live in a world that’s “need to know”.
- Dan Lowrie
The three states of data:
Important cyphers for low-power devices (SCADA, etc.)
Encryption is about ensuring confidentiality; steganography is about hiding information (which may - and probably should be! - itself cyphertext).
Interesting… ITPro.TV is defining a streaming cipher as operating byte-by-byte, whereas Exam Cram defined them as operating bit-by-bit. So either one of these is wrong, or the difference between stream and block cyphers are more a matter of degree than kind (I kind of suspect it’s the latter).
Stream cipher bullet points:
Block cipher bullet points:
Block cipher modes:
Hashes are always fixed length (for a given hash type). Also, “message digest” == “fingerprint” == “hash”!
HMACs are “hashed message authentication codes” used to verify message integrity and authenticity. HMACs are not hash functions themselves, but are rather encrypted hashes that are appended to messages (so, a signature).
Checksums are not hashing algorithms, but serve a similar purpose.
A note about salts: You don’t want your salt(s) to become public, but it also doesn’t completely negate their value if they are leaked. The reason for this is that, so long as you are using unique salts in every instance, you are still preventing the use of mass password/data cracking. So even a leaked salt buys you time… But that’s the only thing it buys you at that point, so it’s still important to re-encrypt / re-hash / invalidate passwords, etc. if this happens!
Of these, only AES is considered strong these days.
Two applications/machines that try to communicate cryptographically need to first agree on a “cipher suite” - a set of cryptographic algorithms - to use. These are represented in a standard(ish) fashion as “standard name + key exchange + asymmetric cipher (with) symmetric cipher + symmetric cipher mode + HMAC”. For example:
Has the following parts: