Fundamental cryptography concepts and how they protect data
25 cards · security
Sign up to start studying this deck
| Front | Back |
|---|---|
| Confidentiality | Keeping data secret from unauthorized parties. Encryption enforces confidentiality so only intended recipients can read data. |
| Integrity | Ensuring data has not been altered. Hashes and MACs detect accidental or malicious changes to data. |
| Authentication | Verifying the identity of a party. Passwords, certificates, and digital signatures prove who is communicating. |
| Symmetric encryption | One key encrypts and decrypts. Fast and efficient for bulk data; keys must be shared securely. |
| Asymmetric encryption | Uses a key pair: public and private. Enables secure key exchange and digital signatures without prior shared keys. |
| Block cipher | Encrypts fixed-size blocks with a secret key. Used with modes of operation (e.g., CBC, GCM) to handle long messages. |
| Stream cipher | Generates a keystream to encrypt data. Encrypts data byte-by-byte or bit-by-bit, combining with a pseudorandom stream. |
| AES | Widely used 128-bit block cipher (128/192/256-bit keys). Standardized by NIST; used in TLS, disk encryption, and Wi‑Fi (WPA2/3). |
| Hash function | One-way function mapping data to a fixed-size digest. Good hashes are deterministic, fast, and hard to invert or collide. |
| Collision resistance | Hard to find two inputs with the same hash. Prevents forging by substituting different data with an identical digest. |
| Preimage resistance | Hard to find an input for a given hash output. Protects against reversing a hash to recover the original data. |
| Message authentication code | Short tag verifying message integrity and authenticity. Computed with a secret key; prevents tampering by unauthorized parties. |
| HMAC | MAC built from a hash function and a secret key. Resists length‑extension attacks; common in APIs and TLS. |
| Authenticated encryption | Encryption that also ensures integrity and authenticity. AEAD modes like GCM package encryption and integrity into one operation. |
| Key exchange | Method to establish a shared secret over an insecure channel. Enables later symmetric encryption without exposing the shared key. |
| Diffie–Hellman | Key exchange protocol deriving a shared secret publicly. Modern systems often use elliptic‑curve DH (ECDH) in TLS. |
| Forward secrecy | Compromise of keys doesn't reveal past session keys. Achieved with ephemeral DH (DHE/ECDHE); limits damage from key leaks. |
| Digital signature | Private key signs; public key verifies authenticity. Provides integrity, origin authentication, and non‑repudiation. |
| RSA | Public-key algorithm for encryption and signatures. Security relies on factoring difficulty; widely used for legacy TLS and PGP. |
| Elliptic-curve cryptography | Public-key crypto using elliptic curve groups. Enables small keys with strong security; used in ECDH and ECDSA. |
| SHA-256 | 256-bit hash function from the SHA-2 family. Common in TLS, code signing, and blockchains like Bitcoin. |
| SHA-3 | Keccak-based hash standard (SHA-3 family). Different design than SHA‑2; includes extendable‑output functions. |
| TLS | Protocol that encrypts and authenticates network connections. Successor to SSL; TLS 1.3 uses ephemeral key exchange and AEAD by default. |
| X.509 certificate | Signed binding of a public key to a subject. Includes subject, issuer, validity, and a public key; used in HTTPS. |
| Certificate Authority | Trusted entity that issues and signs certificates. Browsers trust CAs to vouch for domain identities within the Web PKI. |