# Sec+ preparation #7 (Cryptography)

## Intro

Let’s jump into next day of preparing for SEC+.

Before beginning I just want to give credit to Master OTW at [Hackers-Arise](https://www.hackers-arise.com/). I really enjoy how he describes data of various topics. Real professional.

You can purchase Security+ SY0-701 boot camp [here](https://hackersarise.thinkific.com/courses/security-training)

### Buffer overflows

* A buffer is a data storage area inside computer memory
    
* A predefined amount of data can be inserted
    
* If you give too much data it creates a buffer overflow.
    
* The overflow data can even be executable code.
    
* You kind of fool the machine to execute your code.
    
* **One of the most malicious attack.**
    

## Cryptography

**This topic is one of the key element of the Security+ exam.**

#### Cryptography at a glance

* Explain general cryptographic concepts
    
* Explain basic hashing concept
    
* Map algorithm to applications
    
* Explain and implement security protocols
    
* Explain core concepts of public key cryptography
    
* Look at trust models
    

Concepts that you must understand **for the exam**:

* Key management
    
* Steganography
    
* Symmetric key
    
* Asymmetric key
    
* Confidentiality, Integrity, Availability (**CIA triad)**
    
    * These are the goals of cybersecurity. We can’t optimize them simultaneously .
        
* Non-repudiation
    
* Comparative strength of algorithms
    
* Digital signatures
    
* Whole disk encryption
    
* Trusted Platform Module (TPM)
    
* Single vs. Dual sided certificates
    
* Use of proven technologies
    
* [Kerckhoffs’s Principle](https://nordvpn.com/cybersecurity/glossary/kerckhoffs-principle/)
    

**Cryptography i the science of hiding the meaning of information. Looking in history, it comes from the Greek word Kryptos which means hiding.**

People working in this field are Cryptographers. It’s mathematics. Most of the people who work in cryptography field have Phd in mathematics.

#### Goals of Cryptography

* Confidentiality
    
* Integrity
    
    * The information cannot be altered in storage or transit
        
    * Addition, Deletion, Modification are detected.
        
* Authentication
    
    * Sender and Receiver confirm each other’s identity
        
* Access Control
    

#### Cryptosystem

* A set of rules, steps, and processes
    
* It is the same concept as using common door lock
    
* Each of the users have a different physical key.
    
    * Key can be **asymmetric which means that every user has different key.**
        
    * Key can also be **symmetric which means a single key for every user.**
        
        * It is a lot simpler and faster. About 1000 times faster.
            
        * In the internet, encryption is usually symmetric.
            
* The key is the only secret. Algorithm is known.
    

#### Compare Strength of Ciphers

* Algorithm
    
    * [AES](https://www.geeksforgeeks.org/advanced-encryption-standard-aes/) is a strong algorithm.
        
        * If the key is very short, then it does not have a good effect,
            
    * AES512 is stronger than AES256. **The number after AES represents the length of the key.**
        
* Secrecy of the key
    
* Length of the key
    
* Use only as strong as needed
    

#### Steganography

It’s kin of hiding a message inside a file. Audio record or picture or other filetypes.

* Comes from the Greek word steganos which means hidden and a word graphein which means to write.
    
* Hiding is plain sight
    
* Hiding a message within another medium
    
* You cannot even claim there is a message
    
* Invisible and hard to detect without tools.
    
* Example of steganography:
    

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1747657792833/fa8133a4-e119-4e3e-9381-5ab47da47073.jpeg align="center")

**It’s a good option to store important or secret information in mp3 files inside a separate USB drive or CD.**

### Cryptography Symmetric and Asymmetric (will be tested in exam)

* Symmetric means **one key.**
    
    * Shared key encryption.
        
    * One key shared between receiver and sender
        
    * Key must be securely exchanged. (This is the problem which asymmetric encryption solves)
        
    * Has the advantage to be very fast
        
    * Provides only confidentiality service
        
    * Message Authentication Code (MAC)
        
    * ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1747660133196/e8432b57-06d6-4c5c-b252-95b308830314.png align="center")
        
        SCADA also uses AES.
        
* Asymmetric means **TWO KEYS.**
    
    * One public and one private key.
        
    * Public key can be given to anyone
        
    * Private key should never be shared.
        
    * Here’s where Diffie Hellman exchange comes in:
        
    * ![](https://cdn.hashnode.com/res/hashnode/image/upload/v1747660414817/2d56f071-649e-477b-ba1f-cc6257048c4c.png align="center")
        
        No prior relationship required to communicate securely.
        
    * **100 to 1000 times slower than Symmetric Ciphers.**
        

##### Asymmetric Ciphers (**important for exam**):

Used for exchanging keys securely across public networks:

* [Diffie-Hellman](https://www.techtarget.com/searchsecurity/definition/Diffie-Hellman-key-exchange)
    
* [El Gamal](https://www.geeksforgeeks.org/elgamal-encryption-algorithm/)
    

Used for encryption and for digital signatures:

* [RSA](https://www.geeksforgeeks.org/rsa-algorithm-cryptography/) (Rivest–Shamir–Adleman)
    
    * There’s also a company RSA. They’ve got hacked in 2014. They had to change keys which was very expensive.
        
* [ECC](https://www.keyfactor.com/blog/elliptic-curve-cryptography-what-is-it-how-does-it-work/) (Elliptical Curve Cryptography)
    
    * It is simple and does not require lots of computing power, not like RSA.
        

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1747661589173/70f9adbc-a6a7-4bff-bfc4-f18f12f5cd4e.png align="center")

#### Digital Signatures

[Message digest (MD)](https://www.geeksforgeeks.org/what-is-message-and-message-digest-in-cryptography/) - a synonym for the word hash.

Question that was in exam:

* How many bits does SHA1 use?
    
    * 160 bits is the answer
        
    * SHA1 was developed by NSA
        

#### Whole disk encryption

Good software for that is [Veracrypt](https://veracrypt.io/en/Home.html).

* It’s a must have for mobile devices for a good security layer.
    
* Must provide pre-boot authentication
    

#### [Trusted Platform Module](https://support.microsoft.com/en-us/topic/what-s-a-trusted-platform-module-tpm-705f241d-025d-4470-80c5-4feeb24fa1ee)

* AKA TPM Chip
    
* A secure Crypto Processor
    
* Can store Cryptographic Keys
    
* Can validate the ID of a system
    

## Will add more

.

.

.

.

.
