Intro to Cybersecurity: CSCI E-159 | Summaries
1. Method to store passwords more securely: Hashing
2. Hashing: A method that converts plain text into a hashed value, making it less readable.
3. Effectiveness of hashing for password security: Adversaries cannot derive the original password without access
to the hash function.
4. Potential threats to hashed passwords: Dictionary attacks, brute-force attacks, and rainbow tables.
5. Salting: Adding a unique value to a password before hashing to ensure unique hashed outputs.
6. Importance of salting: It prevents identical passwords from having the same hash and increases the difficulty of
attacks.
7. One-way hash function: A function that outputs a fixed-length hash, making it computationally infeasible to
reverse.
8. Potential issue with one-way hash functions: Different inputs might produce the same hash (collision).
9. Encoding: The process of converting plaintext into codetext.
10.Decoding: It converts codetext back into plaintext.
11.Ciphering: The process of encrypting plaintext into ciphertext.
12.Encryption vs Decryption: Encryption converts plaintext to ciphertext; decryp- tion reverses the process.
13.Keys in cryptography: Large strings used in encryption and decryption.
14.Secret-key cryptography: An encryption method where both parties share the same key.
15.Cryptanalysis: The study of encryption and decryption techniques to secure or break data.
16.Public-key cryptography: A method where a public key encrypts data, and a private key decrypts it.
17.RSA: A standard encryption algorithm for public-key cryptography.
18.Goal of Diffie-Hellman: To securely exchange cryptographic keys between parties.
19.Shared values in Diffie-Hellman: A common `g` value, a prime `p`, and private keys from each party.
20.Creating a digital signature: By hashing a message and encrypting the hash with a private key.
21.Verifying a digital signature: By comparing the hash from the message with the hash decrypted using the
sender's public key.
22.Passkeys: Device-dependent public/private key pairs used for authentication.
23.Passkeys vs Passwords: They eliminate the need for traditional usernames and passwords.
1/
5
, Intro to Cybersecurity: CSCI E-159 | Summaries
24.Encryption in transit: Securing data as it moves between networks.
25.End-to-end encryption: No third party can read the data during transmission.
26.File deletion: The system forgets its location, but data remnants may remain.
27.Secure deletion: Overwriting file remnants with zeros, ones, or random data.
28.Full-disk encryption: Encrypting all data on a hard drive to protect against unauthorized access.
29. Risks of full-disk encryption: Losing access to data if the password is forgotten or due to ransomware
attacks.
30.Quantum computing threat to cybersecurity: It may exponentially reduce the time needed to break passwords
and encryption.
31.Positive use of quantum computing: By developing advanced encryption methods before adversaries do.
32.Authorization in security: The act of verifying that you are the person who should have access to an account.
33.Importance of strong passwords: Strong passwords defend against dictionary and brute-force attacks by making
them harder to guess.
34.Tradeoff between security and usability: More secure systems can be less usable; balance depends on the use
case.
35.Combinations with a four-digit password: 10,000 combinations.
36.Increasing password complexity: It significantly raises the number of possible combinations, making passwords
harder to crack.
37.NIST password recommendations: Use at least eight characters, allow up to 64 characters, avoid common
words, and limit failed attempts.
38.Components of multi-factor authentication (MFA): Knowledge (e.g., pass- word), possession (e.g., a device),
and inherence (e.g., biometrics).
39.App-based OTPs vs text-message OTPs: Text-based OTPs are vulnerable to SIM swapping, whereas app-based
OTPs are tied to a secure device.
40.Keylogging: By logging keystrokes, adversaries can steal usernames, pass- words, and OTPs.
41.Credential stuffing: Using compromised username-password pairs from one site to gain access to another.
42.Phishing attack: A social engineering tactic where fake websites or links steal your credentials.
43.Machine-in-the-middle attack: A compromised device between you and your data source intercepts or alters
data.
44.Single Sign-On (SSO): A system that lets you use one set of login credentials (e.g., Google) to access multiple
services.
45.Benefit of using a password manager: It securely stores complex passwords and helps protect against phishing.
2/
5
1. Method to store passwords more securely: Hashing
2. Hashing: A method that converts plain text into a hashed value, making it less readable.
3. Effectiveness of hashing for password security: Adversaries cannot derive the original password without access
to the hash function.
4. Potential threats to hashed passwords: Dictionary attacks, brute-force attacks, and rainbow tables.
5. Salting: Adding a unique value to a password before hashing to ensure unique hashed outputs.
6. Importance of salting: It prevents identical passwords from having the same hash and increases the difficulty of
attacks.
7. One-way hash function: A function that outputs a fixed-length hash, making it computationally infeasible to
reverse.
8. Potential issue with one-way hash functions: Different inputs might produce the same hash (collision).
9. Encoding: The process of converting plaintext into codetext.
10.Decoding: It converts codetext back into plaintext.
11.Ciphering: The process of encrypting plaintext into ciphertext.
12.Encryption vs Decryption: Encryption converts plaintext to ciphertext; decryp- tion reverses the process.
13.Keys in cryptography: Large strings used in encryption and decryption.
14.Secret-key cryptography: An encryption method where both parties share the same key.
15.Cryptanalysis: The study of encryption and decryption techniques to secure or break data.
16.Public-key cryptography: A method where a public key encrypts data, and a private key decrypts it.
17.RSA: A standard encryption algorithm for public-key cryptography.
18.Goal of Diffie-Hellman: To securely exchange cryptographic keys between parties.
19.Shared values in Diffie-Hellman: A common `g` value, a prime `p`, and private keys from each party.
20.Creating a digital signature: By hashing a message and encrypting the hash with a private key.
21.Verifying a digital signature: By comparing the hash from the message with the hash decrypted using the
sender's public key.
22.Passkeys: Device-dependent public/private key pairs used for authentication.
23.Passkeys vs Passwords: They eliminate the need for traditional usernames and passwords.
1/
5
, Intro to Cybersecurity: CSCI E-159 | Summaries
24.Encryption in transit: Securing data as it moves between networks.
25.End-to-end encryption: No third party can read the data during transmission.
26.File deletion: The system forgets its location, but data remnants may remain.
27.Secure deletion: Overwriting file remnants with zeros, ones, or random data.
28.Full-disk encryption: Encrypting all data on a hard drive to protect against unauthorized access.
29. Risks of full-disk encryption: Losing access to data if the password is forgotten or due to ransomware
attacks.
30.Quantum computing threat to cybersecurity: It may exponentially reduce the time needed to break passwords
and encryption.
31.Positive use of quantum computing: By developing advanced encryption methods before adversaries do.
32.Authorization in security: The act of verifying that you are the person who should have access to an account.
33.Importance of strong passwords: Strong passwords defend against dictionary and brute-force attacks by making
them harder to guess.
34.Tradeoff between security and usability: More secure systems can be less usable; balance depends on the use
case.
35.Combinations with a four-digit password: 10,000 combinations.
36.Increasing password complexity: It significantly raises the number of possible combinations, making passwords
harder to crack.
37.NIST password recommendations: Use at least eight characters, allow up to 64 characters, avoid common
words, and limit failed attempts.
38.Components of multi-factor authentication (MFA): Knowledge (e.g., pass- word), possession (e.g., a device),
and inherence (e.g., biometrics).
39.App-based OTPs vs text-message OTPs: Text-based OTPs are vulnerable to SIM swapping, whereas app-based
OTPs are tied to a secure device.
40.Keylogging: By logging keystrokes, adversaries can steal usernames, pass- words, and OTPs.
41.Credential stuffing: Using compromised username-password pairs from one site to gain access to another.
42.Phishing attack: A social engineering tactic where fake websites or links steal your credentials.
43.Machine-in-the-middle attack: A compromised device between you and your data source intercepts or alters
data.
44.Single Sign-On (SSO): A system that lets you use one set of login credentials (e.g., Google) to access multiple
services.
45.Benefit of using a password manager: It securely stores complex passwords and helps protect against phishing.
2/
5
