Hello Everyone , Today this part of the cryptography contain the most of the terms that will be used frequently in the upcoming tutorials so, for your ease I have made this Glossary or dictionary whatever you might say . Do refer this as a guide.
A5:The encryption algorithm used for GSM telephones. These telephones are mainly sold in Europe.
AES :Advanced Encryption Standard. A block cipher that was chosen through a competition of the world’s greatest cryptographers. It is approved for government use by NIST and is assumed to be good for the next 20 years before a replacement needs to be found. Also known as Rijndael (rine-doll) for the two people who created the algorithm.
Algorithm :A set of mathematical step-by-step rules, or a recipe, for the encryption and decryption of data.
ANSI :American National Standards Institute. An organization that evaluates and publishes standards for various industries, including the computer technology industry.
ANSI X9.17 :The standard for the exchanging (or sharing) of the key for the DES algorithm.
Application Encryption :A program that uses an algorithm to encrypt data. PGP is an example of an application that has encryption built-in.
Asymmetric Algorithm :An algorithm that produces two keys; a public key and a private key. The public key is shared with others and the private key is kept safe by the owner. The term “asymmetric” has to do with the fact that there are two different keys — it does not mean that the algorithm is lopsided.
Authentication :The process of making sure that a person is really who he says he is, or that a computer is really the computer it’s supposed to be. It’s like being asked for your driver’s license before you can cash a check. Computers use encrypted keys or encrypted communications to exchange proof of identity.
Back Door :Usually a design flaw in software that allows unauthorized access into a system by those who know the secret.
Block Cipher :An algorithm that encrypts data and cuts the data into small chunks and encrypts the
chunks one after another. The “chunk” is a block of data and the algorithm decides how large those chunks are. This term was not invented by Lucy in the “Peanuts” comic. (You blockhead, Charlie Brown!)
Blowfish :A symmetric block cipher invented by Bruce Schneier. Publicly available on the Internet.
Browser :Your Web browser such as Internet Explorer, Mozilla, Netscape, or Opera. All browsers now have the capability to exchange data with another computer via an encrypted link. Although this term is also applied to shoppers who are not actively purchasing goods in a particular shop, that has nothing to do with cryptography.
Brute Force Attack :It’s like trying to break into a building by all possible hard attack methods: picking the locks, breaking the windows, breaking down the doors with a sledge hammer, or using bombs. In cryptography, a brute force attack is used when the attacker knows nothing about the encryption. He will start with easy guesses first and then build up to sophisticated methods. Brute force attacks in cryptography usually entail using lots of computers that try to guess each portion of the key or the encrypted message.
CAST :A block cipher developed by Carlisle Adams and Stafford Tavares (CAST) and patented by Entrust. It is available for public use.
CERT :Computer Emergency Response Team. A special team that has been formed to deal with computer emergencies of all sorts. Some companies form their own teams and other companies rely upon commercial CERTs. There is also a central CERT at Carnegie Mellon University in Pennsylvania. That CERT sends out alerts and information about new computer attacks and fixes.
Certificate :(See Digital Certificate.)
Certificate Authority (CA) :A company or a specially built computer within a company that generates and controls Digital Certificates and the accompanying keys. This is also referred to sometimes as a “trusted third party” because it is supposed to be an unbiased yet powerful authority.
CHAP :Challenge Handshake Authentication Protocol. Largely used in Microsoft products, CHAP is a two-way password authentication scheme.
Checksum :A numeric value assigned to data to be used as an indicator of change made to the data. An algorithm changes the data into numbers, goes through a number of computations, and then assigns a single, long number as the checksum. If the checksum of the data you receive is not the same checksum as the person who sent it, then something got changed in transit. Also known as a “fingerprint,” checksums are used to check the integrity of data. Checksum is also what many people do with their checking accounts at the end of the month.
CIAC :Computer Incident Advisory Capability (pronounced “sigh-ack”). This is an organization formed by the Department of Energy to track and report on computer security problems.
Cipher :The word cipher is very often confused with the word “code.” A cipher is closer to an algorithm. It does not know the “semantics” of the text or data it is converting; as far as a cipher is concerned, it’s just a blender of sorts. It’s the part of the algorithm that replaces one letter with another character. (Also see Code.)
Cipher Block Chaining :Also known by cryptographers as CBC, this is like “shuffling” the encrypted blocks of data with one another to come up with different ciphertext. Using cipher block chaining makes it much harder for someone to try to break an algorithm.
Ciphertext :The encrypted form of data. Ciphertext does not have to be text, it can be any form of data including pictures and music.
Client :Usually a desktop computer or a laptop. This is opposed to “servers.” Servers provide data, services, and resources to the client computers. Just think of clients as customers in a restaurant and the servers as waiters, and you’ll get the meaning. Client can also refer to a software program that runs on a desktop computer or a laptop. This type of program is normally used when the server is sending a special type of information that can’t be understood by other programs.
Code :A code is just a set of rules to represent meaningful information in another way — this doesn’t necessarily imply secrecy. A code does deal with symantics and can tell the difference between a letter and a number. Morse code and programming code are two good examples.
Cracking :An action to try to break the security of a computer system, software program, algorithm, encrypted data, and so on. For instance, attackers will try to crack the key to encrypted data so they can decrypt it and see what it says. This has nothing to do with the eating of Maryland crabs, contrary to popular belief.
Cryptanalysis :The examination of encrypted data to try to discover how the data was encrypted. Cryptanalysts will try to find the key or some plaintext in the encrypted data so they can unlock it. In a way, this is similar to “cracking,” but it is usually done by well-meaning folks employed by the NSA. (And, yes, because they are in Maryland, many do eat crabs.)
Cryptography/Crypto :The art or science of finding ways to hide or change data. The main goal of cryptography is to maintain secrecy – it’s a way to transform plain data (pictures, music, text, software, and so on) from a recognizable form to an unrecognizable form and back again. Cryptography is also the technical field of creating methods of changing data into an unrecognizable form and then reversing the process to make it recognizable again.
DES :Data Encryption Standard. A popular symmetric key algorithm that was created in 1975. It is usually replaced now with 3DES, which is much stronger than the original algorithm.
Diffie-Hellman :An algorithm created by Whitfield Diffie, Martin Hellman, and Ralph Merkle to solve the problem of how to share a secret over an unsecured line without compromising the secret. This became the basis for public/private key exchange.
Digital Certificate :A computer file that contains information about a person or a computer, along with a public encryption key. Digital Certificates have a standard format for the information contained so it can be used in many different encryption programs. A Digital Certificate is issued by a Certificate Authority. The Digital Authority usually has strict regulations about who or what may receive a Digital Certificate. Identities are usually verified by the Certificate Authority, which implies a greater degree of trust.
Digital Signature :A checksum created by an algorithm, combined with a person’s public key, that is based on a block of data and the person’s private key. The result is a character-based string that is included with the data when it is sent. If the data has been changed en route, it will be reflected in a changed digital signature. A digital signature is used to guarantee that the data was sent by the person who claims to have sent it. In one sense it can be considered a type of notary stamp to prove authenticity.
Digital Signature Standard :This is also referred to as DSS and is the algorithm used to create digital signatures. DSS was developed by the NSA and approved by NIST.
ECC :Elliptical Curve Cryptosystem. A relatively new and unique form of encryption that uses mathematical curves over defined fields to create a public/private key pair.
Encipher/Encrypt :Changing plain data (plaintext) into an unreadable or unrecognizable form (ciphertext).
Exclusive Or :(See XOR.)
Export Control :Laws and regulations to prevent products or technologies from being exported from the United States when exportation of that information is not in the best interest of the country. The United States considers cryptography to be munition and therefore controls the export of some encryption methods and products.
FIPS :Federal Information Processing Standard. Rules and regulations adopted by the federal government for computer systems, computer security, and the implementation of cryptography.
FORTEZZA :A PCMCIA card that contains the SKIPJACK encryption algorithm. This is mainly used by government agencies and some law enforcement agencies to encrypt e-mail. This term is often confused with foccacia, which is actually a type of Italian bread and has nothing to do with cryptography.
GOST :A symmetric block algorithm developed in the former Soviet Union.
HASH :A type of checksum that produced a fixed string of characters from a section of data that is used as a “fingerprint” of the data. If the data has not been changed, you will always get the same hash; if it has changed by only one character, the hash will not be the same as the original.
IDEA :The International Data Encryption Algorithm was developed in Switzerland and is one of the algorithms that is used in PGP.
IETF :The Internet Engineering Task Force is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual.
IKE :This stands for Internet Key Exchange and is used by the protocol IPsec (secure IP) for key management.
IP :Internet Protocol carries individual data packets on a network. It allows the packets to be routed through multiple networks until it reaches its destination.
Ipsec :A network security protocol that uses encryption to protect data as it is moving through the network.
ISAKMP :Internet Security Association Key Management Protocol was the basis for IKE and is still used in many networking environments. ISAKMP defines payloads for exchanging key generation and authentication data.
KDC :Stands for Key Distribution Center and is the basis of the Kerberos authentication system. It is a device or computer that allows two computers to encrypt the traffic flowing on the network between them. Not to be confused with KFC, which is fine to eat on a 4th of July picnic.
KEK :A Key Encryption Key is used to encrypt other keys such as session keys or data keys. A KEK does not encrypt any of the data itself, it just sets up the environment so that encryption can begin.
Kerberos :An authentication protocol, developed at MIT, that uses session keys. Available commercially and in the public domain.
Key :The data created by an algorithm that causes a cipher to begin the encryption and decryption process. Keys are associated with the algorithm that was used to create it.
Key Escrow :The storing of copies of encryption keys so they can be used if the original key is lost or corrupted. This is very difficult to do securely.
Key Fingerprint :A unique string of characters that is used to authenticate a key. This is done by creating a hash of the key. Usually used by PGP users to verify that the parties are using the correct keys for encrypting and decrypting communications.
Key Length :The size of a key represented in bits. The larger the number of bits, the stronger the key is.
Key Management :The process and procedures uses to safely store and distribute keys. It also makes sure that keys are sent out in a secure manner so they won’t be compromised.
Key Pair :A set of keys created by an asymmetric algorithm: the public key and the private key.
Key Recovery :A method of hiding parts of keys in different places so a key can be reassembled if the original key is lost or corrupted. Key recovery usually involves the use of multiple storage locations and multiple passphrases to complete the recovery process.
Key Splitting :A security measure that splits a key up amongst a number of people so no one person on his own can use the key. All members of the group must participate in order for the key to be used.
Keyring :A program or file that holds a set of keys.
LDAP :Lightweight Directory Access Protocol. A protocol used in databases to allow simple search and access operations for data that is usually hard to index — phone numbers, addresses, and now used for encryption keys.
MAC :Message Authentication Code. A one-way hash that uses a single key. The key is used to verify the hash.
MD2 :Message Digest #2. Developed by Ron Rivest, it’s a 128-bit one-way hash.
MD4 :Message Digest #4. Another one-way hash developed by Ron Rivest, but later found to be very weak. It was replaced with MD5.
MD5 :Message Digest #5 is an algorithm used to create a hash.
NIST :National Institute of Standards and Technologies is a government agency that establishes national standards.
Non-Repudiation :A process that, once completed, makes it extremely difficult for someone to deny that they were involved in the process. It’s a method of ensuring that someone sent a file or encrypted a file without “reasonable doubt” that they did so.
NSA :The National Security Agency is an intelligence agency responsible for intercepting communications and developing crypto systems for the security of national secrets. This agency employs the largest number of cryptographers in the world.
Oakley :A protocol for a session key exchange that is a hybrid of the Diffie-Hellman scheme.
One Time Pad :Also known as OTP, this is one of the older but most secure forms of encryption. A person creates a pad of completely random characters and then uses that pad to replace the characters in a message, one by one. If the pad is never used again, it is nearly impossible to break.
One Time Password :A security mechanism in which a password is only used one time and never again. These passwords are usually generated by a small card-like device that is synchronized with an authentication server.
One Way Hash :Also known as a one way function, this is the same as a message digest or a fingerprint. It’s called “one way” because the algorithm creates an encrypted string that cannot be decrypted. The encrypted string is used for comparison only.
PAP :Password Authentication Protocol. This protocol allows users to authenticate with one another but does not prevent unauthorized access.
PCMCIA :Stands for Personal Computer Memory Card International Association. It’s a plug-in slot for peripheral devices such as modems and wireless network access cards. There are also PCMCIA cards that store crypto functions and keys.
PGP :Short for Pretty Good Privacy, this is cryptographic protocol for encrypting e-mail. PGP uses RSA and IDEA algorithms and comes as a complete software package.
PKCS :Public Key Cryptography Standards. This is a standard for keys that was created by RSA and describes how public/private keys can interoperate with various algorithms.
PKI :Public Key Infrastructure. A system that uses public and private keys for encryption and decryption, but also checks to make sure that the correct keys are being used for any transaction.
Plaintext :Data that is in its original form and has not been decrypted. Also, it’s the data after decryption has taken place.
Private Key :One of a pair of keys created by an asymmetric algorithm that are mathematically linked to encrypt and decrypt data. This key belongs to one person (or computer) and is kept safely secret. (Also see Public Key.)
PRNG :Pseudo Random Number Generator. A process or algorithm that generates a random sequence of numbers. A good PRNG will make it nearly impossible to guess what the next number or numbers in a sequence might be. Used in key generation in algorithms.
Protocol :In computer technology, a protocol is an accepted set of rules for computer communications or the transference of data. A protocol goes into a detailed level of instructions for the behavior of any software, hardware, which ports to use, and so on.
Public Key:One of a pair of keys created by an asymmetric algorithm that are mathematically linked to encrypt and decrypt data. This key can be shared with anyone and everyone without fear that it will give any clues as to what the private key might be. (Also see Private Key.)
RADIUS :Remote Authentication Dial-In User Service. A protocol developed to help secure remote access to networks by persons, computers, and other networks. Originally developed to secure modem banks, it is now used to secure remote network connections.
RC2 :Rivest’s Cipher #2 or Ron’s Cipher #2. Named after Ron Rivest, this is a block cipher that uses a 40-bit key that is considered very weak.
RC4 :Rivest’s Cipher #4. This is a stream cipher that is widely used in commercial products and especially in e-commerce transactions.
Reusable Passphrase :A passphrase that can be used over and over, with no limitations. Most passphrases are reusable.
Revocation :The retraction or cancellation of a certificate and its associated keys.
RNG :Random Number Generator. An algorithm or cryptographic device that can create true random numbers. True random numbers are often generated by physical and natural events that cannot be predicted and occur randomly.
RSA :Stands for Rivest, Shamir, Adelman, which are the last names of the three men who created the RSA algorithm and the RSA company (RSA Data Security). The RSA algorithm creates public/private keys and can be used to create a digital signature (among other activities).
Salt :Random data that is mixed in with a password to help foil dictionary attacks on passwords.
Secret Key :The key created by a symmetric algorithm. This key is used to both encrypt and decrypt data.
Seed :A random value that is added to an algorithm to help begin the generation of a pseudo random number. (See PRNG.) This is not to be confused with the seed generation used in tennis tournaments.
Server :Usually a large and powerful computer used to store and disseminate large amounts of data and/or services to desktop computers and laptops on a network (clients). Servers are also used for storage and important applications.
Session Key :A key that is only used for a short period of time: a session. The key is normally used to encrypt data between two machines only and is thrown away when the session is complete.
SHA-1 :Secure Hash Algorithm #1. An algorithm used to create a one-way hash. It’s similar to MD4.
SHTTP :Secure HyperText Transfer Protocol. This is a change to the regular HTTP, which is used to display Web pages. HTTP adds cryptological services to HTTP for the encrypted transmission of sensitive data over the Web.
SKIP :Secure Key Interchange Protocol. This protocol is used in the IPsec headers. The headers contain information about keys that are being exchanged over the network. The header contains information such as what type of key is included, its destination and source, and the application associated with it.
SKIPJACK:A block cipher developed by NSA and often used in hardware crypto devices.
S/MIME :Secure Multipart Internet Message Extensions. This protocol is added to e-mail programs so e-mail can be encrypted and the contents kept secret.
SMTP :Simple Mail Transfer Protocol. The protocol used to transmit e-mail between servers. SMTP traffic is not encrypted.
Snake Oil:A derogatory term used to describe marketing language that is deceptive and misleading, often stating that the encryption or crypto device does more than it is able to do.
Sniffing :A method of listening in on network traffic and capturing it. A special sniffer program is run on a computer on the network and captures and stores the information it was told to save. Very similar to eavesdropping. Hackers use these programs to capture UserIDs, passwords, encryption keys, and other important data.
SSL :Secure Sockets Layer. A cryptologic protocol that is added to data at the socket layer so a secure, encrypted link can be established and maintained. This protocol is often added to applications and is primarily used to protect Web communications.
Stream Cipher :A symmetric key cipher that encrypts data bit by bit rather than cutting the date into chunks like a block cipher does.
Symmetric Algorithm :An algorithm that creates a single key to both encrypt and decrypt data. This is sometimes called a “secret key” algorithm because the key is never supposed to be made available to the public and must be kept secret.
TACACS+ :Terminal Access Controller Access Control System. Does the title somehow give you an idea that this protocol is used to control access to something? It is. It was developed by Cisco and is used to authenticate and authorize remote access by persons or machines.
TCP/IP :Transmission Control Protocol/Internet Protocol. A suite of protocols used for networking that has become the de facto standard. Even networks that use other networking protocols will include TCP/IP so other networks can communicate with them.
TLS :Transport Layer Security. This is a draft version of a new security protocol to replace SSL.
Token :A hardware device that is used to authenticate its owner to computers and applications on a network. A token can be a one-time password generator, a physical device that plugs into a socket, a smart card that is run through a reader, or another similar device.
Triple DES :Also known as 3DES, this algorithm is basically the same as DES except that it encrypts each block of data three times instead of once.
Twofish :A new symmetric algorithm that was one of the runners up to become the new AES algorithm for government use. It is freely available on the Internet.
Validity :The level of confidence a person has that a key actually belongs to the person who presented it.
Verification:Comparing a digital signature created with a private key to its public key. This proves that the information was sent by the person who actually digitally signed the data.
VPN :Virtual Private Network. A VPN provides an encrypted link on an otherwise unprotected network such as the Internet. It allows remote computers or networks at a distance to connect to another and protect their communications with encryption.
Web of Trust :The scheme used by PGP where individuals “sign” other people’s public keys to give an indication of the key’s validity.
X.509 :A public key certification specification as part of a directory system that stores and distributes public keys.
XOR :Stands for eXclusive Or; it is a mathematical function of comparing bits from the data to random bits created by the algorithm. It’s used to indicate whether the bits of the two strings match