MD5
128-bit hash algorithm.
Used by applications to verify the integrity of files.
SHA-1
160-bit hash algorithm.
Verifies file integrity.
SHA-2
Hashing algorithm that includes four versions that range from 224 to 512 bits.
Verifies file integrity.
HMAC
Hash algorithm that uses a shared secret key to add randomness to the result, and only the sender and receiver know the key.
Verifies the integrity and authenticity of a message with the use of a shared secret.
HMAC-MD5
128-bit hash algorithm.
Verifies the integrity and authenticity of a message with the use of a shared secret.
HMAC-SHA1
160-bit hash algorithm.
Verifies the integrity and authenticity of a message with the use of a shared secret.
AES
Block cypher, 128-bit symmetric encryption algorithm used to encrypt data and provide confidentiality.
Includes key sizes of 128, 192, or 256 bits.
DES
Older block cypher, 64-bit symmetric encryption standard used to provide confidentiality.
Uses 56 bits and is considered cracked. Use AES instead, or 3DES if the hardware doesn't support AES.
3DES
Symmetric 64-bit block cypher used to encrypt data and provide confidentiality.
Still used in some applications when hardware doesn't support AES.
Blowfish
Strong 64-bit block cypher that supports key sizes between 32 and 448 bits.
Faster than AES.
Twofish
Block cypher that encrypts data in 128-bit blocks, and supports 128, 192, or 256 bit keys.
RSA
Asymmetric encryption algorithm used to encrypt data and digitally sign transmissions.
Uses both a public key and a private key in a matched pair.
ECC
Uses mathematical equations to formulate an elliptical curve. It then graphs points on the curve to generate keys.
Diffie-Hellman
Key exchange algorithm used to privately share a symmetric key between two parties. Once the two parties know the symmetric key, they use symmetric encryption to encrypt the data.
DHE
Uses ephemeral keys, generating different keys for each session.
ECDHE
Uses ephemeral keys generated using ECC.
ECDH
Uses static keys generated using ECC.
S/MIME
One of the most popular standards used to digitally sign and encrypt email.
Uses RSA for asymmetric encryption and AES for symmetric encryption.
Can encrypt email at rest and in transit.
PGP
Method used encrypt, decrypt, and digitally sign mail.
GPG
Hybrid cryptosystem that uses a combination of public key and private key encryption.
RC4
Symmetric encryption algorithm used by WEP.
128
WPA uses a ____ bit encryption key.
TKIP
Protocol used by WPA to change the encryption keys for every packet that is sent.
EAP
Secure authentication protocol that supports a number of authentication methods.
802.1x
EAP messages are encapsulated inside _____ packets for network access authentication with wired or wireless networks.
PEAP
Used to encapsulate EAP messages over a secure tunnel that uses TLS.
LEAP
Cisco proprietary EAP solution.
WPA-PSK
WPA Personal, also known as WPA preshared key.
AES
The symmetric encryption algorithm used along with CCMP by WPA2.
VPN
For the highest level of security, you should treat wireless clients as remote clients and use a _____ solution to secure the communication.
static
WEP uses a _____ key.
WPA2
Configure wireless encryption using (Choose 1: WEP, WPA, WPA2) because it is the most secure.
Confidentiality and Integrity
Enabling WPA on a WLAN provides what?
WPA2 Enterprise
The type of security that has been configured when, in addition to encrypting wireless traffic, you configure your wireless router to require connecting users to authenticate against a RADIUS server.
PEAP
Requires only a server-side PKI certificate to encrypt user authentication traffic.
CCMP
Wireless encryption protocol that uses counter mode to make pattern detection difficult.
IV attack
What type of attack might a wireless network configured with WEP be susceptible to?
WPA
TKIP is used primarily with which wireless standard?
Substitution Cypher
Replaces a character with another character.
Transposition Cypher
Shifts the places of the characters.
Work Factor
Refers to a value indicating the time it would take to break the encryption.
One-Time Pad
A very secure method of encrypting information that involves using a key only once.
Symmetric Encryption
Encrypting and decrypting information with the same key.
3DES
168-bit symmetric encryption algorithm.
AES
128-, 192-, or 256-bit symmetric encryption.
recipient's public
When using asymmetric encryption, the data is encrypted with the ________ key.
sender's private
To ensure nonrepudiation, a message is signed using the ____________ key.
RSA
Asymmetric encryption algorithm
Diffie-Hellman
Asymmetric encryption algorithm
Elliptic Curve
Asymmetric encryption algorithm
Hashing algorithms
MD, SHA, LANMAN, NTLM, RIPEMD, and HMAC
MD5
Most common hashing algorithm.
LANMAN, or LM hash
Hashing algorithm used by older Microsoft operating systems to hash and store passwords.
LANMAN, or LM hash
Hashing algorithm created by encrypting a password with DES.
NTLM
Hashing algorithm that uses MD4.
NTLMv2
Hashing algorithm that uses HMAC-MD5 to hash the challenge and response between the client and the server.
RIPEMD
Type of hashing algorithm.
HMAC
Hashing algorithm that involves using a secret key with the hashing algorithm to calculate the MAC (resulting hash value).
MD5
Hashing algorithm that creates a 128-bit hash.
SHA-1
Hashing algorithm that creates a 160-bit hash value.
TLS
A more secure protocol that was designed to replace SSL.
S/MIME
Protocol used to encrypt e-mail messages on the network.
SCP
Protocol that runs on top of an SSH channel in order to encrypt the communication used to transfer a file.
Transport
IPsec _______ mode encrypts only the payload (data portion) of the packet.
Tunnel
IPsec _______ mode encrypts both the header and the data of the packet.
Ephemeral Key
A temporary key that is typically used to encrypt a single message within the communication instead of using the same key to encrypt all messages.
Perfect forward secrecy
Describes a system that generates random public keys (ephemeral keys) for each session so that secret key exchange can occur during the communication.
Key stretching
A technique used to ensure that a weak key is not a victim to a brute force attack.
PBKDF2 and Bcrypt
Algorithms that enable key stretching.
PPTP
An older VPN protocol used to encrypt PPP traffic and is common in Microsoft environments.
L2TP
A newer VPN protocol that uses IPsec for encryption of traffic.
SSTP
A newer VPN protocol that uses SSL to encrypt VPN traffic.
Asymmetric Encryption Algorithms
RSA and Diffie-Hellman
Symmetric Encryption Algorithms
DES, 3DES, RC4, and AES
L2TP
Use ______ instead of PPTP for VPNs.
Key Management
The biggest disadvantage to symmetric encryption is _______.