Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
8 Cards in this Set
- Front
- Back
Wild Card PKI
|
Wildcard SSL Certificates allow you to secure an unlimited number of sub-domains on a domain name. This is very advantageous in many setups but there can be some pitfalls. Wildcard certificates are becoming cheaper and much more popular.
|
|
OSCP vs CRL
|
* Since an OCSP response contains less information than a typical CRL (certificate revocation list), OCSP can feasibly provide more timely information regarding the revocation status of a certificate without burdening the network. However, the greater number of requests and connection overhead may overwhelm this benefit if the client does not cache responses.
* Using OCSP, clients do not need to parse CRLs themselves, saving client-side complexity. However, this is balanced by the practical need to maintain a cache. In practice, such considerations are of little consequence, since most applications rely on third-party libraries for all X.509 functions. * CRLs may be seen as analogous to a credit card company's "bad customer list" – an unnecessary public exposure. * OCSP discloses to the responder that a particular network host used a particular certificate at a particular time. OCSP does not mandate encryption, so this information also may be intercepted by other parties. https://secure.wikimedia.org/wikipedia/en/wiki/Online_Certificate_Status_Protocol |
|
Perfect Forward Secrecy
|
Perfect Forward Secrecy (PFS) refers to the notion that compromise of a single key will permit access to only data protected by a single key. For PFS to exist the key used to protect transmission of data MUST NOT be used to derive any additional keys, and if the key used to protect transmission of data was derived from some other keying material, that material MUST NOT be used to derive any more keys.
https://secure.wikimedia.org/wikipedia/en/wiki/Perfect_forward_secrecy |
|
Pseudo random number generator
|
A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG),[1] is an algorithm for generating a sequence of numbers that approximates the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom numbers are important in practice for simulations.
http://en.wikipedia.org/wiki/Pseudorandom_number_generator |
|
Diffusion
|
Diffusion means that the output bits should depend on the input bits in a very complex way. In a cipher with good diffusion, if one bit of the plaintext is changed, then the ciphertext should change completely, in an unpredictable or pseudorandom manner. In particular, for a randomly chosen input, if one flips the i-th bit, then the probability that the j-th output bit will change should be one half, for any i and j — this is termed the strict avalanche criterion. More generally, one may require that flipping a fixed set of bits should change each output bit with probability one half.
http://en.wikipedia.org/wiki/Confusion_and_diffusion |
|
Confusion
|
Confusion is to make it very hard to find the key even if one has a large number of plaintext-ciphertext pairs produced with the same key. Therefore, each bit of the ciphertext should depend on the entire key, and in different ways on different bits of the key. In particular, changing one bit of the key should change the ciphertext completely.
http://en.wikipedia.org/wiki/Confusion_and_diffusion |
|
Non-repudiation
|
A service that provides proof of the integrity and origin of data.
An authentication that with high assurance can be asserted to be genuine. http://en.wikipedia.org/wiki/Non-repudiation |
|
Code Signing
|
Code signing can provide several valuable features. The most common use of code signing is to provide security when deploying; in some languages, it can also be used to help prevent namespace conflicts. Almost every code signing implementation will provide some sort of digital signature mechanism to verify the identity of the author or build system, and a checksum to verify that the object has not been modified. It can also be used to provide versioning information about an object or to store other meta data about an object.
http://en.wikipedia.org/wiki/Code_signing |