CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology) "Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53" Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

1. Cryptographic
methods I.

2. Page 2
Instructor, PACE-IT Program – Edmonds Community College
Areas of Expertise Industry Certifications
 PC Hardware
 Network Administration
 IT Project Management
 Network Design
 User Training
 IT Troubleshooting
Qualifications Summary
Education
 M.B.A., IT Management, Western Governor’s University
 B.S., IT Security, Western Governor’s University
Entrepreneur, executive leader, and proven manger
with 10+ years of experience turning complex issues
into efficient and effective solutions.
Strengths include developing and mentoring diverse
workforces, improving processes, analyzing
business needs and creating the solutions
required— with a focus on technology.

3. Page 3
– Cipher suites.
– Cryptographic implementations.
PACE-IT.

4. Page 4
Cryptographic methods I.

5. Page 5
In most cases, a single
cryptographic method will
not provide the required
level of security that most
organizations seek.
The solution is to use a cipher suite to provide the necessary
security. A cipher suite is when a group of cryptographic solutions
are combined to provide user authentication, encryption, and
message authentication solutions into a single set.
One measure of the strength of the cipher suite is the number of
bits that make up the keys. The longer (more bits) the key set, the
stronger the cipher—which will lead to a stronger cipher suites.
One thing to remember: the stronger the cipher suite, the more
computing power and time it will take when in use.
Cryptographic methods I.

6. Page 6
Cryptographic methods I.

7. Page 7
– PAP (password authentication protocol).
» An authentication protocol that does not use any cryptographic
methods to ensure the integrity of the message.
• The username and password are sent in clear text; this is not
a secure solution.
– CHAP (Challenge-Handshake
Authentication Protocol).
» A cryptographic authentication protocol used to authenticate
remote clients based on hashed values.
• The client combines its password with a key supplied by the
server to generate a hashed value (MD5 is the algorithm used
to generate that message digest).
• The client sends the hashed value (message digest) back to
the server, which then compares what was received against a
stored value.
• If the values match, the client is authenticated and then given
access to authorized resources.
» CHAP is considered to be a type of HMAC (Hash-based
Message Authentication Code).
Cryptographic methods I.

8. Page 8
– RIPEMD (RACE Integrity Primitives
Evaluation Message Digest).
» A cryptographic hashing algorithm developed as an open
source solution.
» When implemented, the most common version is RIPEMD-160
(uses a 160-bit hashing function).
• There are also 128, 256, and 320-bit versions.
– NTLMv2 (NT LAN Manager version 2).
» A cryptographic hashing process used in Windows operating
systems for storing passwords in the registry as hashed values.
• Uses HMAC-MD5 (HMAC using Message Digest 5) as the
method of creating and storing the message digest.
» Replaced NTLM, which used MD4 as the hashing algorithm for
the HMAC.
Cryptographic methods I.

9. Page 9
– MD (Message Digest).
» A cryptographic hashing algorithm developed by Ron Rivest as a
method of using hashed values for authentication purposes,
particularly to ensure that the data that is received is the data that
was sent.
» MD5 is the most popular version and always generates a 128-bit
hashed value.
• While still in use, MD5 has been proven to be a broken
cryptographic solution and should not be used for mission critical
security needs.
– SHA (Secure Hash Algorithm).
» A cryptographic hashing algorithm developed by the NSA (National
Security Agency) as a method of using hashed values for
authenticating data—to ensure the data’s integrity.
» SHA-1 is the most popular version and always generates a 160-bit
hashed value.
• In theory, SHA-1 has been broken (the theoretical weaknesses
have yet to be proven) and most U.S. government agencies now
require the use of SHA-2—an improved version of the original
SHA family of hashing algorithms.
Cryptographic methods I.

10. Page 10
Cryptographic methods I.
In most cases, a single cryptographic implementation will not provide
adequate security. The solution is to use a cipher suite, which is a
combination of different cryptographic products to provide data integrity
services, user authentication, and encryption. The strength of the cipher
suite is dependent on the bit strength of the security keys that are used.
Topic
Cipher suites.
Summary
PAP doesn’t employ any cryptographic methods and should not be used.
Some common implementations of cryptography that rely upon hashing to
provide integrity checks include: CHAP, RIPEMD, NTLMv2, MD, and SHA.
Cryptographic
implementations.

11. Page 11
THANK YOU!

12. This workforce solution was 100 percent funded by a $3 million grant awarded by the
U.S. Department of Labor's Employment and Training Administration. The solution was
created by the grantee and does not necessarily reflect the official position of the U.S.
Department of Labor. The Department of Labor makes no guarantees, warranties, or
assurances of any kind, express or implied, with respect to such information, including
any information on linked sites and including, but not limited to, accuracy of the
information or its completeness, timeliness, usefulness, adequacy, continued availability
or ownership. Funded by the Department of Labor, Employment and Training
Administration, Grant #TC-23745-12-60-A-53.
PACE-IT is an equal opportunity employer/program and auxiliary aids and services are
available upon request to individuals with disabilities. For those that are hearing
impaired, a video phone is available at the Services for Students with Disabilities (SSD)
office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call
425.354.3113 on a video phone for more information about the PACE-IT program. For
any additional special accommodations needed, call the SSD office at 425.640.1814.
Edmonds Community College does not discriminate on the basis of race; color; religion;
national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran
status; or genetic information in its programs and activities.