CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
PC Hardware
Network Administration
IT Project Management
Network Design
User Training
IT Troubleshooting
Qualifications Summary
Education
M.B.A., IT Management, Western Governor’s University
B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.
5. Page 5
The idea behind hashing is
to create a method of easily
verifying the integrity (or
authenticity) of a set of data.
The process involves using an algorithm on the data to create a
unique value that can be used to verify the data set. This value is
known as the hashed value (or message digest). No matter how
many times the data set is run through the hashing algorithm, the
same hashed value is derived (as long as the same algorithm is
used).
The message digest can also be known as a one-way hashed
value. This is because it is impossible to take a hashed value and
determine what the data is—helping to keep the data secure.
Introduction to cryptography II.
6. Page 6
– Hashing concepts.
» Hashing algorithms do not work on the header of a file.
• No matter how many times the header of the file changes
(e.g., changing the name of a file), the hashed value of the
data remains the same.
» The hashed value returned is a fixed length that depends on
which algorithm is used.
• A specific algorithm will always generate the same size hash.
» It is theoretically possible to recreate a hashed value by running
enough data through the hashing algorithm.
• When two hashed values are the same, it is called a collision.
• This is the concept behind a birthday attack.
– HMAC (hash-based message
authentication code).
» The process of using a secret key (a data value only known to
the communicating parties) combined with the data set to
derive the hashed value.
• Provides an authentication check—verifying the identity of the
sender—as well as an integrity check of the data.
Introduction to cryptography II.
7. Page 7
– Common hashing algorithms.
» MD (Message Digest): created by Ron Rivest.
• MD5 is the current standard used and always returns a 128-
bit hashed value.
» SHA (Secure Hash Algorithm) created by the National Security
Agency (NSA).
• SHA-1 is the most popular of the versions of SHA and returns
a 160-bit hashed value.
• SHA-256 is a newer version that returns a 256-bit hashed
value.
• SHA-512 is also a newer version that returns a 512-bit
hashed value.
Introduction to cryptography II.
9. Page 9
– Key escrow.
» The process of storing or giving encryption keys to a third party;
the third party can then use the keys to decrypt any messages
that use those keys (in some cases, governmental agencies
have required the turning over of encryption keys to aid in
investigations).
• Highly controversial.
– Ephemeral key.
» A temporary key that is used to encrypt a single message
within a communication channel.
• Reduces the chances that a hacker will acquire a key set and
be able to decrypt the messages.
– Perfect forward secrecy.
» A process that generates a random public key (ephemeral key)
for each session, so that the private key exchange can be kept
secure.
Introduction to cryptography II.
10. Page 10
– Digital signature.
» Created to digitally sign messages in order to prove the
integrity of the sender.
• A message digest is created from a set of data and then
encrypted with the sender’s private key. The receiver decrypts
the hashed value with the sender’s public key and then
verifies the hashed values.
• Also provides a means of non-repudiation—the sender can’t
deny that he or she is the entity that sent the message.
– Elliptic curve.
» A newer asymmetrical encryption algorithm that employs Diffie-
Hellman for the exchange of keys and the Digital Signature
Algorithm (DSA) for the digital signature.
– Quantum cryptography.
» Encryption standard that is used with fiber optic communication
to determine if the message has been intercepted.
• Relies upon the fact that any interaction with the photons in
transit will cause the state of the photons to change.
Introduction to cryptography II.
11. Page 11
Introduction to cryptography II.
The idea behind hashing is to create a method of easily verifying the
integrity (or authenticity) of a set of data. Hashing only works on data, not
on file headers. Hashing algorithms always return the same size hashed
value. HMAC can be used for both authentication and integrity purposes.
Common hashing algorithms include: MD5, SHA-1, SHA-256, and SHA-
512.
Topic
Hashing basics.
Summary
Key escrow is where a third party stores the keys used for encryption
purposes (a very controversial topic). Ephemeral keys are where a random
public key is generated on a single message in a communication session.
Perfect forward secrecy is used to aid in the encryption key exchange
process by using ephemeral keys. Digital signatures are used to prove the
integrity of the sender and can be used for non-repudiation purposes.
Elliptic curve is a newer asymmetric encryption standard that uses a
combination of DH and DSA. Quantum cryptography is used on fiber optic
networks and can be used to determine if the message has been viewed by
unauthorized parties.
Additional cryptography
topics.
13. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.