Information Technology /Security+ (SY0-701): Cryptographic Solutions Part 5
Security+ (SY0-701): Cryptographic Solutions Part 5
This deck covers key concepts from Lesson 3, Part 5, focusing on cryptographic solutions such as salting, key stretching, blockchain, and various encryption methods.
What is the purpose of 'salting' and 'key stretching'?
Help to protect password-derived cryptographic secrets from discovery through cryptanalysis.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/27
Key Terms
Term
Definition
What is the purpose of 'salting' and 'key stretching'?
Help to protect password-derived cryptographic secrets from discovery through cryptanalysis.
Define a 'salt' or the process of 'salting'
Adds a random value to each plaintext input.
Define a 'salted hash’
The combination of a password and salt, input into a hashing algorithm outputs a salted hash.
Why is salting crucial for secure password storage?
Mitigates the risk that if users choose identical plaintext passwords, there won’t be identical hash values in the password file.
Define 'Key Stretching'
A salted hash repeatedly inserted into a hashing algorithm to multiply length and disorder.
Define 'Blockchain'
A decentralized/public ledger containing a growing list of records secured using cryptographic hashing.
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
What is the purpose of 'salting' and 'key stretching'? | Help to protect password-derived cryptographic secrets from discovery through cryptanalysis. |
Define a 'salt' or the process of 'salting' | Adds a random value to each plaintext input. |
Define a 'salted hash’ | The combination of a password and salt, input into a hashing algorithm outputs a salted hash. |
Why is salting crucial for secure password storage? | Mitigates the risk that if users choose identical plaintext passwords, there won’t be identical hash values in the password file. |
Define 'Key Stretching' | A salted hash repeatedly inserted into a hashing algorithm to multiply length and disorder. |
Define 'Blockchain' | A decentralized/public ledger containing a growing list of records secured using cryptographic hashing. |
How does 'Blockchain' function? | A record (block) is has a hash value, the hash value of the previous record is added to the hash calculation of the next record in the chain. |
What is security benefit of blockchain? | Ensures integrity of all historical records (blocks); Each block validates the hash of the previous block. |
Where are blockchain records kept? | Recorded in an open public ledger. |
Define an 'open public ledger' | Distributed public record of transactions. |
Define the means of which a ledger is made open to the public | Decentralized peer-to-peer (P2P) network. |
What is the purpose of a decentralized peer-to-peer (P2P) network? | Mitigate the risks a of a single point of failure/compromise ensuring equal trust between users. |
What are the potential applications of blockchain technology? | Ensure the integrity and transparency of financial transactions, legal contracts, copyright and intellectual property (IP) protection, online voting systems, identity management systems, and data storage. |
Define 'Obfuscation' | Security through obscurity; Technique that 'hides' or 'camouflages' code or data so that it is difficult to find. |
What are 3 forms of obfuscation? |
|
Define 'Steganography' | Hiding the presence of data, often by embedding information within a file or other entity called 'covertext' |
Define 'De-identification' | Obfuscates personal data from databases so that it can be shared without compromising privacy. |
Define 'Data masking' | De-identification method; Generic/placeholder labels are substituted for real data while preserving the structure or format of the original data. |
Define 'Tokenization' | De-identification method where a unique token is substituted for real data. |
How is a token stored, and how can it be interacted with? | Token is stored with the original value on a dedicated token server/vault; An authorized query or app can retrieve the original value from the vault. |
In an FDE product, what type of cipher is used for a key encrypting key (KEK)? | An asymmetric cipher (RSA or ECC) private key. |
In an FDE product, what type of cipher is used for a data encrypting key (DEK)? | A secret symmetric key to perform bulk encryption of a disk. |
What is the primary reason to avoid the use of MD5? | Propensity for collisions. |
What cipher and key length is best practice for asymmetric key pair signing? | RSA 2,048-bit or ECC 256-bit. |
What cipher and key length is best practice for asymmetric key pair exchange? | RSA 2,048-bit or ECDHE 256-bit. |
What cipher and key length is best practice for a symmetric secret key? | AES-128 or AES-256 |
What cipher and key length is best practice for hashing? | SHA256 or SHA512; MD5 allowed for documented compatibility requirements. |