CCNA Cyber Ops
Hash - answer mechanism that is used for data integrity assurance. Based on a one-
way mathematical function: functions that are relatively easy to compute, but
significantly difficult to reverse. Grinding coffee is a good example of a one-way
function: It is easy to grind coffee beans, but it is almost impossible to put back all the
tiny pieces together to rebuild the original beans.
Symmetric Encryption - answer Uses the same key to encrypt and decrypt data. Quite
fast, used in VPN. Key management is a challenge.
Examples of this are: DES, 3DES, AES, AC4
Asymmetric Encryption - answer utilize a pair of keys for encryption and decryption. The
paired keys are intimately related and are generated together. Most commonly, an entity
with a key pair will share one of the keys (the public key) and it will keep the other key in
complete secrecy (the private key). The private key cannot, in any reasonable amount
of time, be calculated from the public key. Data that is encrypted with the private key
requires the public key to decrypt. Conversely, data that is encrypted with the public key
requires the private key to decrypt. Asymmetric encryption is also known as public key
encryption.
Examples: RSA, DSA, ELGAMAL, and elliptic curve algorithms
MD5 - answerone-way function that makes it easy to compute a hash from the given
input data, but makes it unfeasible to compute the original input data that are given only
a hash. Essentially a complex sequence of simple binary operations, such as XORs and
rotations, that is performed on input data and produces a 128-bit digest. MD5 was
originally thought to be collision-resistant, but has been shown to have collision
vulnerabilities.
SHA-1 - answertakes a message of up to 264 bits in length and produces a 160-bit
message digest. The algorithm is slightly slower than MD5, but the larger message
digest makes it more secure against brute-force collision and inversion attacks.
SHA-256 - answeris a set of cryptographic hash functions designed by the National
Security Agency (NSA)
consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512
bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
DES - answera symmetric-key algorithm for the encryption of electronic data. Although
now considered insecure, it was highly influential in the advancement of modern
cryptography.
, 3DES - answeris a symmetric-key block cipher, which applies the Data Encryption
Standard (DES) cipher algorithm three times to each data block.
AES - answeran iterated block cipher, which means that the initial input block and
cipher key undergo multiple transformation cycles before producing output. AES
specifically uses keys with a length of 128, 192, or 256 bits to encrypt 128-bit blocks
Faster than DES and 3DES
AES256-CTR - answersymmetrical encryption algorithm that has become ubiquitous,
due to the acceptance of the algorithm by the U.S. and Canadian governments as
standards for encrypting transited data and data at rest. Because of the length of the
key (256 bits) and the number of hashes (14), it takes a murderously long time for a
malware hacker to perform a dictionary attack.
RSA - answeris one of the first practical public-key cryptosystems and is widely used for
secure data transmission. In such a cryptosystem, the encryption key is public and
differs from the decryption key which is kept secret. This asymmetry is based on the
practical difficulty of factoring the product of two large prime numbers, the factoring
problem
DSA - answeris a Federal Information Processing Standard for digital signatures. It was
proposed by the National Institute of Standards and Technology (NIST) in August 1991
for use in their Digital Signature Standard (DSS) and adopted as FIPS 186 in 1993.
SSH - answeris a cryptographic network protocol for operating network services
securely over an unsecured network. The best known example application is for remote
login to computer systems by users.
SSL/TLS - answerare cryptographic protocols that provide communications security
over a computer network.
Key Exchange - answerCryptographic keys are exchanged between two parties,
allowing the use of a cryptographic algorithm
PKCS - answerpublic-key cryptography standards devised and published by RSA
Security Inc, starting in the early 1990s. The company published the standards to
promote the use of the cryptography techniques to which they had patents, such as the
RSA algorithm, the Schnorr signature algorithm, and several others.
PKCS #1 - answerRSA cryptographic standard
PKCS #3 - answerDiffie-Hellman key exchange
PKCS #7 - answerThis is a format that can be used by a CA as a response to a PKCS
#10 request. The response itself will very likely be the identity certificate (or certificates)
that had been previously requested.
Hash - answer mechanism that is used for data integrity assurance. Based on a one-
way mathematical function: functions that are relatively easy to compute, but
significantly difficult to reverse. Grinding coffee is a good example of a one-way
function: It is easy to grind coffee beans, but it is almost impossible to put back all the
tiny pieces together to rebuild the original beans.
Symmetric Encryption - answer Uses the same key to encrypt and decrypt data. Quite
fast, used in VPN. Key management is a challenge.
Examples of this are: DES, 3DES, AES, AC4
Asymmetric Encryption - answer utilize a pair of keys for encryption and decryption. The
paired keys are intimately related and are generated together. Most commonly, an entity
with a key pair will share one of the keys (the public key) and it will keep the other key in
complete secrecy (the private key). The private key cannot, in any reasonable amount
of time, be calculated from the public key. Data that is encrypted with the private key
requires the public key to decrypt. Conversely, data that is encrypted with the public key
requires the private key to decrypt. Asymmetric encryption is also known as public key
encryption.
Examples: RSA, DSA, ELGAMAL, and elliptic curve algorithms
MD5 - answerone-way function that makes it easy to compute a hash from the given
input data, but makes it unfeasible to compute the original input data that are given only
a hash. Essentially a complex sequence of simple binary operations, such as XORs and
rotations, that is performed on input data and produces a 128-bit digest. MD5 was
originally thought to be collision-resistant, but has been shown to have collision
vulnerabilities.
SHA-1 - answertakes a message of up to 264 bits in length and produces a 160-bit
message digest. The algorithm is slightly slower than MD5, but the larger message
digest makes it more secure against brute-force collision and inversion attacks.
SHA-256 - answeris a set of cryptographic hash functions designed by the National
Security Agency (NSA)
consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512
bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
DES - answera symmetric-key algorithm for the encryption of electronic data. Although
now considered insecure, it was highly influential in the advancement of modern
cryptography.
, 3DES - answeris a symmetric-key block cipher, which applies the Data Encryption
Standard (DES) cipher algorithm three times to each data block.
AES - answeran iterated block cipher, which means that the initial input block and
cipher key undergo multiple transformation cycles before producing output. AES
specifically uses keys with a length of 128, 192, or 256 bits to encrypt 128-bit blocks
Faster than DES and 3DES
AES256-CTR - answersymmetrical encryption algorithm that has become ubiquitous,
due to the acceptance of the algorithm by the U.S. and Canadian governments as
standards for encrypting transited data and data at rest. Because of the length of the
key (256 bits) and the number of hashes (14), it takes a murderously long time for a
malware hacker to perform a dictionary attack.
RSA - answeris one of the first practical public-key cryptosystems and is widely used for
secure data transmission. In such a cryptosystem, the encryption key is public and
differs from the decryption key which is kept secret. This asymmetry is based on the
practical difficulty of factoring the product of two large prime numbers, the factoring
problem
DSA - answeris a Federal Information Processing Standard for digital signatures. It was
proposed by the National Institute of Standards and Technology (NIST) in August 1991
for use in their Digital Signature Standard (DSS) and adopted as FIPS 186 in 1993.
SSH - answeris a cryptographic network protocol for operating network services
securely over an unsecured network. The best known example application is for remote
login to computer systems by users.
SSL/TLS - answerare cryptographic protocols that provide communications security
over a computer network.
Key Exchange - answerCryptographic keys are exchanged between two parties,
allowing the use of a cryptographic algorithm
PKCS - answerpublic-key cryptography standards devised and published by RSA
Security Inc, starting in the early 1990s. The company published the standards to
promote the use of the cryptography techniques to which they had patents, such as the
RSA algorithm, the Schnorr signature algorithm, and several others.
PKCS #1 - answerRSA cryptographic standard
PKCS #3 - answerDiffie-Hellman key exchange
PKCS #7 - answerThis is a format that can be used by a CA as a response to a PKCS
#10 request. The response itself will very likely be the identity certificate (or certificates)
that had been previously requested.
