One Time Pad :Also known as OTP, this is one of the older but most secure forms of encryption. A person creates a pad of completely random characters and then uses that pad to replace the characters in a message, one by one. If the pad is never used again, it is nearly impossible to break.
One Time Password :A security mechanism in which a password is only used one time and never again. These passwords are usually generated by a small card-like device that is synchronized with an authentication server.
One Way Hash :Also known as a one way function, this is the same as a message digest or a fingerprint. It’s called “one way” because the algorithm creates an encrypted string that cannot be decrypted. The encrypted string is used for comparison only.
PAP :Password Authentication Protocol. This protocol allows users to authenticate with one another but does not prevent unauthorized access.
PCMCIA :Stands for Personal Computer Memory Card International Association. It’s a plug-in slot for peripheral devices such as modems and wireless network access cards. There are also PCMCIA cards that store crypto functions and keys.
PGP :Short for Pretty Good Privacy, this is cryptographic protocol for encrypting e-mail. PGP uses RSA and IDEA algorithms and comes as a complete software package.
PKCS :Public Key Cryptography Standards. This is a standard for keys that was created by RSA and describes how public/private keys can interoperate with various algorithms.
PKI :Public Key Infrastructure. A system that uses public and private keys for encryption and decryption, but also checks to make sure that the correct keys are being used for any transaction.
Plaintext :Data that is in its original form and has not been decrypted. Also, it’s the data after decryption has taken place.
Private Key :One of a pair of keys created by an asymmetric algorithm that are mathematically linked to encrypt and decrypt data. This key belongs to one person (or computer) and is kept safely secret. (Also see Public Key.)
PRNG :Pseudo Random Number Generator. A process or algorithm that generates a random sequence of numbers. A good PRNG will make it nearly impossible to guess what the next number or numbers in a sequence might be. Used in key generation in algorithms.
Protocol :In computer technology, a protocol is an accepted set of rules for computer communications or the transference of data. A protocol goes into a detailed level of instructions for the behavior of any software, hardware, which ports to use, and so on.
Public Key:One of a pair of keys created by an asymmetric algorithm that are mathematically linked to encrypt and decrypt data. This key can be shared with anyone and everyone without fear that it will give any clues as to what the private key might be. (Also see Private Key.)
RADIUS :Remote Authentication Dial-In User Service. A protocol developed to help secure remote access to networks by persons, computers, and other networks. Originally developed to secure modem banks, it is now used to secure remote network connections.
RC2 :Rivest’s Cipher #2 or Ron’s Cipher #2. Named after Ron Rivest, this is a block cipher that uses a 40-bit key that is considered very weak.
RC4 :Rivest’s Cipher #4. This is a stream cipher that is widely used in commercial products and especially in e-commerce transactions.
Reusable Passphrase :A passphrase that can be used over and over, with no limitations. Most passphrases are reusable.
Revocation :The retraction or cancellation of a certificate and its associated keys.
RNG :Random Number Generator. An algorithm or cryptographic device that can create true random numbers. True random numbers are often generated by physical and natural events that cannot be predicted and occur randomly.
RSA :Stands for Rivest, Shamir, Adelman, which are the last names of the three men who created the RSA algorithm and the RSA company (RSA Data Security). The RSA algorithm creates public/private keys and can be used to create a digital signature (among other activities).
Salt :Random data that is mixed in with a password to help foil dictionary attacks on passwords.
Secret Key :The key created by a symmetric algorithm. This key is used to both encrypt and decrypt data.
Seed :A random value that is added to an algorithm to help begin the generation of a pseudo random number. (See PRNG.) This is not to be confused with the seed generation used in tennis tournaments.
Server :Usually a large and powerful computer used to store and disseminate large amounts of data and/or services to desktop computers and laptops on a network (clients). Servers are also used for storage and important applications.
Session Key :A key that is only used for a short period of time: a session. The key is normally used to encrypt data between two machines only and is thrown away when the session is complete.
SHA-1 :Secure Hash Algorithm #1. An algorithm used to create a one-way hash. It’s similar to MD4.
SHTTP :Secure HyperText Transfer Protocol. This is a change to the regular HTTP, which is used to display Web pages. HTTP adds cryptological services to HTTP for the encrypted transmission of sensitive data over the Web.
SKIP :Secure Key Interchange Protocol. This protocol is used in the IPsec headers. The headers contain information about keys that are being exchanged over the network. The header contains information such as what type of key is included, its destination and source, and the application associated with it.
SKIPJACK:A block cipher developed by NSA and often used in hardware crypto devices.
S/MIME :Secure Multipart Internet Message Extensions. This protocol is added to e-mail programs so e-mail can be encrypted and the contents kept secret.
SMTP :Simple Mail Transfer Protocol. The protocol used to transmit e-mail between servers. SMTP traffic is not encrypted.
Snake Oil:A derogatory term used to describe marketing language that is deceptive and misleading, often stating that the encryption or crypto device does more than it is able to do.
Sniffing :A method of listening in on network traffic and capturing it. A special sniffer program is run on a computer on the network and captures and stores the information it was told to save. Very similar to eavesdropping. Hackers use these programs to capture UserIDs, passwords, encryption keys, and other important data.
SSL :Secure Sockets Layer. A cryptologic protocol that is added to data at the socket layer so a secure, encrypted link can be established and maintained. This protocol is often added to applications and is primarily used to protect Web communications.
Stream Cipher :A symmetric key cipher that encrypts data bit by bit rather than cutting the date into chunks like a block cipher does.
Symmetric Algorithm :An algorithm that creates a single key to both encrypt and decrypt data. This is sometimes called a “secret key” algorithm because the key is never supposed to be made available to the public and must be kept secret.
TACACS+ :Terminal Access Controller Access Control System. Does the title somehow give you an idea that this protocol is used to control access to something? It is. It was developed by Cisco and is used to authenticate and authorize remote access by persons or machines.
TCP/IP :Transmission Control Protocol/Internet Protocol. A suite of protocols used for networking that has become the de facto standard. Even networks that use other networking protocols will include TCP/IP so other networks can communicate with them.
TLS :Transport Layer Security. This is a draft version of a new security protocol to replace SSL.
Token :A hardware device that is used to authenticate its owner to computers and applications on a network. A token can be a one-time password generator, a physical device that plugs into a socket, a smart card that is run through a reader, or another similar device.
Triple DES :Also known as 3DES, this algorithm is basically the same as DES except that it encrypts each block of data three times instead of once.
Twofish :A new symmetric algorithm that was one of the runners up to become the new AES algorithm for government use. It is freely available on the Internet.
Validity :The level of confidence a person has that a key actually belongs to the person who presented it.
Verification:Comparing a digital signature created with a private key to its public key. This proves that the information was sent by the person who actually digitally signed the data.
VPN :Virtual Private Network. A VPN provides an encrypted link on an otherwise unprotected network such as the Internet. It allows remote computers or networks at a distance to connect to another and protect their communications with encryption.
Web of Trust :The scheme used by PGP where individuals “sign” other people’s public keys to give an indication of the key’s validity.
X.509 :A public key certification specification as part of a directory system that stores and distributes public keys.
XOR :Stands for eXclusive Or; it is a mathematical function of comparing bits from the data to random bits created by the algorithm. It’s used to indicate whether the bits of the two strings match
