A one-page reference. Reread before an exam or before Chapter 5. Dense by design. The governing rule of the
whole chapter: you use crypto, you don't break it — and almost every real failure is usage, not math.
The four guarantees (which primitive provides what)
Guarantee
Plain meaning
Provided by
NOT provided by
Confidentiality
keep data secret
encryption (symmetric/asymmetric)
hashing, signatures alone
Integrity
detect alteration
hash, HMAC, authenticated encryption
plain encryption (e.g., CBC alone)
Authenticity
prove who produced it
HMAC, digital signature
a bare hash
Non-repudiation
signer can't deny it
digital signature only
HMAC (shared key — either party)
Trap: encryption ≠ integrity. Encrypting data does not stop tampering — use authenticated
encryption (AES-GCM) or add a MAC.
Symmetric vs. asymmetric (memorize this table)
Symmetric
Asymmetric (public-key)
Keys
one shared secret
a key pair: public + private
Speed
very fast (bulk data)
slow (small data only)
Use for
encrypting the actual data
exchanging a key; signatures
Algorithms
AES (128/256)
RSA, ECC
Hard problem it solves
—
the key-distribution problem
Hard problem it has
key distribution
speed / size limits
Real systems
hybrid: asymmetric exchanges a symmetric key, symmetric encrypts the data (this is TLS — Ch.5)
salted Argon2 (or bcrypt/scrypt), high work factor
any bare/fast hash, no salt, plain SHA-256/MD5
Asymmetric (RSA)
RSA-3072+ (2048 minimum)
RSA-1024
Asymmetric (ECC)
ECC P-256+
weak/custom curves
Equivalence to remember
ECC-256 ≈ RSA-3072
Randomness
CSPRNG (secrets, /dev/urandom)
default random() for secrets
Entropy floor
≥ 128 bits for keys/high-value secrets
Modes of operation (symmetric)
Mode
Behavior
Verdict
ECB
each block independent; identical plaintext → identical ciphertext
✗ never — leaks structure
CBC
chains blocks; needs unpredictable IV
~ no built-in integrity; pair with a MAC
GCM (AEAD)
counter mode + auth tag
✓ confidentiality and integrity — prefer this
IV/nonce rules: need not be secret; must be unique per key (CTR/GCM) and unpredictable (CBC).
Nonce reuse under one key = catastrophe (leaks plaintext; in GCM, enables forgery).
Password storage (the rule that prevents megabreaches)
Salt (unique, random, per user; stored in clear) → defeats rainbow tables / precomputation.
Slow + memory-hard algorithm (Argon2/bcrypt/scrypt) at a real work factor → defeats offline brute
force. You need both.
Severity of a credential dump = the storage method: plaintext / unsalted MD5/SHA-1 → assume total
compromise; salted Argon2/bcrypt → largely contained.
PKI in one glance
Component
Role
Certificate authority (CA)
trusted third party; signs the binding of a public key to an identity
X.509 certificate
the format: subject, subject public key, issuer, validity, serial, key usage, CA signature
Chain of trust
leaf ← intermediate CA ← root CA (pre-installed/trusted); verify each signature up to a trusted root
Revocation
invalidate before expiry: CRL (list) or OCSP (live query)
Bad randomness — non-CSPRNG / guessable seed; predictable keys/IVs; reused ECDSA nonce leaks the
private key.
Nonce/IV reuse under the same key.
Key management (the big one, operational) — keys in source/config, keys stored next to the data,
no rotation, broad access.
Encryption without integrity — unauthenticated mode, no MAC.
Over-trusting a valid signature — proves a key signed it, not that intent was legitimate.
Defender's leverage: these are usage failures → your tools are code review + config audit
(grep for MD5/DES/ECB/random(); hunt hard-coded keys; confirm GCM, CSPRNG, salts, cert
inventory), not cryptanalysis.
Meridian program:encryption standard (algorithms, key sizes, modes, key-management rules) — the
PCI-DSS data-protection backbone for cardholder data at rest (Requirement 3 area; full crosswalk in
Ch.28).