Security+ Lesson 3

ElGamal is an extension of the Diffie-Hellman key exchange designed by Taher Elgamal in 1985. It extends DH into a complete discrete logarithm cryptosystem, allowing for tasks like general encryption. Elgamal released his technique into the public domain, while at the time, RSA was proprietary, so the royalty-free nature gained its popularity. One disadvantage is that it generates ciphertext twice as long as the plaintext, so it increases the consumption of storage and bandwidth.

The correct sequence of encryption ciphers from the weakest to the strongest is as follows:

1 - Data Encryption Standard (DES)

2 - TripleDES (3DES)

3 - Blowfish

4 - Advanced Encryption Standard (AES)

Extended Validation (EV) is a certificate backed by a stricter identity validation process than the CA’s default. It provides the highest available level of assurance. The CA issuing an EV certificate certifies that they have verified the identity and authenticity of the certificate subject. For SSL certificates used on the web, sites with a valid EV certificate show a distinct green color in the browser’s address bar. Generally, an EV certificate cannot also be a wildcard, but it might be multi-domain.

Since the output of a cryptographic hash is pseudorandom, it can be used anywhere pseudorandom data of a fixed length is desired. For example, you can securely generate a new key by hashing an existing key, arbitrary data, or some combination of the two. Hashing is particularly valuable for creating cryptographic keys from passwords created by humans. Since these passwords are often shorter and less random than modern keys, it’s a good idea to add a key stretching algorithm that makes brute force decryption more difficult.

Digital Signature Algorithm (DSA) is created by a former NSA employee in 1991 and soon adopted as a NIST standard. It uses a different one-way problem called a discrete logarithm. It is similar in overall strength to RSA at the same key length, but different in performance. DSA allows faster key generation and decryption and RSA is faster for data encryption and signature verification. RSA is more popular, and current DSA standards require 1024-bit keys, which are no longer considered secure.

Confusion makes the mathematical relationship between the plaintext and the key as complex as possible, so that a partially correct key is useless to an attacker. Every bit or character of the plaintext should be acted upon by more than one bit or character of the key. In a cipher with very strong confusion, changing a single bit of the key might change half the bits of the entire ciphertext.