Midterm Study Guide
- Passwords
- multi-factor authentication
- dictionary attack
- salt
- biometrics: fraud rate vs. insult rate, revocation
- Cookies
- HTTP is stateless
- types: temporary, persistent, third-party
- how to construct an authenticator cookie
- use of server secret
- Secure Hash Functions
- 6 properties of secure hash functions
- collisions: avoidance vs. resistance
- one-wayness
- how to use secure hash functions for integrity and authentication
- Public Key Encryption
- Diffie-Hellman: benefit and limitations(assumptions)
- RSA: benefit and limitations(assumptions)
- how to use public/private key for confidentiality
- how to use public/private key for integrity and authentication
- Public-Key Infrastructure
- public-key certificate
- certificate authority
- digital signature
- Symmetric Key Encryption/Block Cipher
- linearity: what it is and why it is bad
- how to use symmetric key encryption for confidentiality
- how to use symmetric key for integrity and authentication
- Stream Cipher
- block cipher vs. stream cipher
- one-time pad: pros and cons
- pseudo-random number generator
- initialization vector: what it is and how to use it
- SSL/TLS
- handshake protocol
- attacks on SSL/TLS: BEAST, FREAK, HEARTBLEED