Please enable JavaScript.
Coggle requires JavaScript to display documents.
Domain 6 - Cryptography and PKI (6.1 - Compare and contrast basic concepts…
Domain 6 - Cryptography and PKI
6.4 - Given a scenario, implement public key infrastructure
Concepts
Pinning
Trust model
Stapling
key escrow
Online vs, offline CA
Certificate chaining
Components
CSR
Certificates
OSCP
Public key
CRL
Private key
Intermediate CA
Object identifiers (OID)
CA
Types of certificates
Machine/computer
Email
Self-signed
User
Code signing
Root
SAN
Domain validation
Wildcard
Extended validation
Certificate formats
PFX
CER
PEM
P12
DER
P7b
6.1 - Compare and contrast basic concepts of cryptography
Session keys
Ephemeral key
Key strength
Secret algorithm
Stream vs. block
Data-in-transit
Obfuscation
Data-at-rest
Steganography
Data-in-use
Collision
Random/pseudo-random number generation
Confusion
Key stretching
Diffusion
Implementation vs. algorithm selection
Crypto service provider
Crypto modules
Digital signatures
Key exchange
Weak/deprecated algorithims
Perfect forward secrecy
Elliptic curve
Security through obscurity
Salt IV, nonce
Common use cases
Supporting integrity
Supporting obfuscation
supporting confidentiality
Supporting authentication
High resiliency
supporting non-repudiation
low latency
Resource vs. security constraints
Low power devices
Hashing
Asymmetric algorithms
modes of operation
Symmetric algorithims
6.2 - Explain cryptography algorithms and their basic characteristics
Asymmetric algorithms
Diffie-Helman 2048/4096 bit
DHE
ECDHE
Groups
Elliptic curve 224/256/384/512 bit
PGP/GPG 1024/2048/4096 bit
DSA 1024 bit
RSA 2048/4096 bit
Cipher modes
ECB
GCM
Stream vs. block
CBC
Hashing algorithms
SHA
SHA1 128 bit
SHA2 (SHA256) 256 bit
HMAC any size bit
MD5 128 bit
RIPEMD 128/160/256/320 bit
Key stretching algorithms
BCRYPT 184 bit
PBKDF2
Symmetric algorithms
3DES 64/128 bit
RC4 40 to 2048 bit
DES 64/128 bit
Blowfish 32 to 448 bit/Twofish 128/192/256 bit
AES 128/192/256 bit
Obfuscation
ROT13
Substitution ciphers
XOR
6.3 - Given a scenario, install and configure wireless security settings
Authentication protocols
EAP-TLS
EAP-TTLS
EAP-FAST
IEEE 802.1x
PEAP
RADIUS Federation
EAP
Methods
WPS
Captive portals
PSK vs. Enterprise vs. Open
Cryptographic protocols
WPA2
CCMP
WPA
TKIP