Module 3: Cryptographic Solutions Summary

Plaintext: The original, readable data.

Ciphertext: The scrambled, unreadable data after encryption.

Cipher: The algorithm or "means of change" used to perform encryption.

Cryptanalysis: The art of cracking cryptographic systems (often via Brute Force, which requires massive processing power).

Feature	Symmetric Encryption	Asymmetric Encryption
Keys	Uses a single, shared secret key for both encryption and decryption.	Uses a key pair: a Public Key (to encrypt) and a Private Key (to decrypt).
Speed	Very fast.	Symmetrical is much slower and CPU-intensive.
Best Use	Bulk data encryption (large files).	Small amounts of data (e.g., exchanging keys or digital signatures).
Security	High, but key distribution is a major risk.	Very high; the Private key never needs to be shared.

Certificate Authority (CA): A trusted third party (like GoDaddy) that issues and validates digital certificates.

Digital Certificates: Acts as a "wrapper" for a public key, proving that the key belongs to a specific person or website.

X.509: The standard format for these digital certificates.

Data at Rest: Data stored on a drive. Protected by Full Disk Encryption (FDE) like BitLocker.

Data in Transit (Motion): Data moving over a network. Protected by protocols like TLS or VPNs.

Data in Use: Data currently in RAM or CPU registers. This is the hardest state to protect.

Salting: Adding random data to a password before hashing it to prevent Rainbow Table attacks (pre-computed hash lists).

Key Stretching: Running a hash through thousands of rounds to make it slower for an attacker to brute-force (e.g., PBKDF2).

Steganography: Hiding a message inside another file (like an image or video) so you don't even know it exists.

Blockchain: A decentralized, open ledger where each block is cryptographically linked to the previous one, making it tamper-proof.

Obfuscation: Making code or data difficult for humans to read or understand (e.g., data masking).

Comments