Crypto & Security Terms
|
|||
|
Term/Acronymn |
Full Name |
Features/Application |
Reference |
| Symmetric Ciphers | |||
|
Hash |
|
|
|
|
Cipher |
|
|
|
|
Public Key |
|
|
|
|
Private Key |
|
|
|
|
Certificate |
|
|
|
|
OWF |
One Way Function |
|
|
|
Symmetric/Assymetric (as in keys) |
|
|
|
|
40 bit DES, 56 bit DES and 3DES (Triple DES) |
Data Encryption Standard |
|
|
|
CAST |
Carlisle Adams & Stafford Tavares |
|
|
|
SSL |
Secure Sockets Layer |
channel/data transmission encryption |
|
|
TLS |
Transport Layer Security |
channel/data transmission encryption |
|
|
IPSec |
IP Security |
Encrypts IP packets, can be used for tunneling
encrypted IP packets inside other packets, and channel/data transmission
encryption w/helpers |
|
| Asymmetric Ciphers | |||
|
Fortezza |
|||
|
SASL |
|
|
|
|
RSA |
|
|
|
|
CHAP/MS-CHAP/MS-CHAP 2.0 |
|
|
|
|
NTLM |
Windows NT Challenge & Response |
|
|
|
NIST |
National Institute of Standards and Technology |
|
|
|
FIPS |
Federal Information Processing Standard (FIPS)
FIPS-140-1 standard |
FIPS 140-1 is the benchmark against which all
commercial implementations of the DES, DSS, and SHA-1 algorithms are judged. |
An Introduction to the
Windows 2000 Public-Key Infrastructure Microsoft White Paper |
|
PGP |
Pretty Good Privacy |
|
|
|
X.509 |
|
|
|
|
CA |
Certificate Authority |
|
|
|
IKE |
|
|
|
|
Diffie-Hellman |
|
|
|
|
SHA1 |
|
|
|
|
MD5 |
|
|
|
|
DMS |
Defense Messaging Service |
|
|
|
Kerberos v.5 |
Authentication protocol |
|
|
|
S/MIME |
|
|
|
|
DPA |
Distributed Password Authentication |
|
|
|
ISAKMP |
Internet Security Association and Key Management Protocol |
|
(MS1560B, Mod.12 p.5) |
|
ESP |
Encryption Security Payload |
Encrypts IP Packets |
(MS1560B, Mod.12 p.5) |
|
|
|
|
|
A big source of these terms (thus far) was the Spyros
Sakellariadis WinntMag Oct. '98 article.
Many of the contained details are plagiarized from: “An Introduction
to the Windows 2000 Public-Key Infrastructure” by Microsoft.
Symmetric key crypto; has only one key (is this right?).
Public key crypto; two keys, but one cannot be derived
from the other.
There are two fundamental operations associated with
public key cryptography: encryption and signing.
These
two operations can be used to provide three capabilities – privacy,
authentication, and non-repudiation
Because public keys can be posted freely, complete
strangers can establish private communications simply by retrieving each
other’s public keys and encrypting the data.
While public keys are required for PKI-based security,
they're usually packaged as digital certificates. (It’s important to stress
that only public keys are packaged into certificates.
The private key is never shared, so it doesn’t require packaging—it’s simply stored securely). The certificate contains the public key and a set of attributes, like the key holder's name. These attributes may be related to the holder's identity, what they're allowed to do, or under what conditions the certificate is valid. The binding between attributes and the public key is present because the certificate is digitally signed by the entity that issued it; the issuer's signature on the certificate vouches for its authenticity and correctness.
Other References:
DES reference (by Bruce Schneier)
SSL References:
“Secure Client Communications with SSL, Joseph Neubauer,
Exchange & Outlook Administrator, October 2001
“SSL Demystified”, Allen Jones, www.iisadministrator.com,
InstantDoc 16047
“Implementing SSL on IIS 5.0”, Chris Lehr, www.iisadministrator.com,
InstantDoc 16183
“SSL’s Benefits on OWA”, Barb McDonald, www.exchangeadmin.com, InstantDoc
15772
“Securing Web Communications with SSL”, Robert McIntosh,
www.win2000mag.com, InstantDoc 20688
“Using Certificates for Security in IIS”, Ken Spencer, www.iisadministrator.com,
InstantDoc 21934
Digital Certificates 101, William Wong, www.win2000mag.com, InstantDoc 4900.