Below are some notes I made to help prepare me for the SY0-501 exam which I passed on the 30th December 2020 …
RC4 – is a streaming cipher algorithm that encodes plain text bit by bit.
Bycrypt Algorithm – is based on the blowfish cipher and is a key stretching tech that helps strenghten the password by using a password hashing function and then salting the password.
CASB (Cloud Access Secuirty Broker) – can be deployed in three different ways –
- Forward proxy model, the user needs to install self-signed certs to access the cloud resources via the proxy.
- Reverse proxy model, the CASB first authentucates the user and then passes it to the identity and access management to service for further authentication.
- API model, CASB is directly connected to the api of the cloud service to monitor the usage of the cloud resources.
Examples of hashing algorithms – MD5, SHA1 and SHA2
MD5 (Message Direct Algorithm 5) – is a complex hashing algorithm that produces a 128bit hash. Although it is more complex to MD2, it does not have a strong collision resistance, making this algorithm an unpopular recommendation.
Obfuscation – Obscuring the intended meaning or intentionally making something difficult to understand.
Cryptographic Concepts –
- Entropy – Randomness collected by system, example mouse movement.
- Confusion – Each part of the character of the ciphertext should depend on several ports of the key
- Diffusion – Dissipating the statistical structure of the plain text over the bulk of the ciphertext.
Key Stretching –
- Bcrypt – Based on Blowfish algorithm, a key dervation function used for passwords, adds additional “salt function” to guard against rainbow table attacks
Perfect Forward Secrecy
- Session keys that are derived from a set of long-term keys, yet discreet in nature.
- If one of the long term keys is compromised it doesn’t compromise the session key or the data it protects
- Keys used to protect data are not used to derive any additional keys.
- If the key used to protect data was derived from some other keying material, the material must not be used to derive and additional keys.
Security Through Obscurity – attempts to create security by hiding the implementation.
Common Use Cases for cryptosystems …
- Low power Devices – Elliptical Curve Cryptography (ECC) uses low power consumption, making it well suited for providing security for mobile devices
- Low Latency – Symmetric key cryptography provides quick (Low latency) and uses the same key for encryption and decryption (some times called “secret keys”)
- High Resilience – Cryptosystems that are made public, allowing the community at large to test, vet and discover vulnerabilities.
What does it give us?
Supporting Confidentiality – Encryption in and of itself ensures confidentiality.
Supporting integrity – Hashing ensures integrity, especially with weaker algorithms like symmetric key cryptograhy. Hybrid cryptography uses symmetric and hashing to provide speed, confidentiality and integrity.
Supporting Obfuscation – Obfuscation, or hiding how something works, is the basis of cryptography. Creating ciphertext that is extremely hard to reverse engineer or crack.
Supporting Authentication – Hashing is used to authentication a piece of data, ensuring nothing has changed during transmission. Two hashes can be compared to determine if the files or data is the same.
Supporting Non-Repudiation – Public key infrastructure (PKI) provides for non-repudiation through the use of public/private keys. Assuming a user keeps his private key secure, data encrypted via that private key could only originate from that user.
Resource vs. Security Constraints – Application developers are challenged with balancing security and available resources (time, money and talent) to ensure applications are as secure as possible without undue burden to the organization.
PGP – Pretty Good Privacy is concept of the “web of trust” (WoT).
- Combines several algorithms – hashing, data compression, symmetric-key cryptography, Public-key cryptography, Public-key cryptograhy.
GPG – GNU Privacy Guard – Free to implement of the OpenPGP standard, Command tool,
- Compatible with PGP
- Supports RSA, DES, 3DES, Blowfish, TwoFish and many others.
- Supports many graphical front ends
Hashing Algorithms
MD5 – 128-bit
SHA – SHA1 160bit, SHA256 and SHA512
RIPEMD – RACE integrity Primitives Evaluation Message Digest, 128, 160, 256 and 320-bit versons.
HMAC – Hash-based message authentication code, uses hashing function plus secret key, Hashing function that verifies integrity and authentication.
Cipher Modes
Counter Mode (CTR) – Random 64-bit block as first initialization Vector (IV), Increments a specified number for each subsequent block of plaintext.
Galois/Counter Mode (GCM) – Used with Symmetric key block ciphers. Very efficient, low latency that adds data integrity.