Key stretching

Key stretching algorithms take a relatively insecure value, such as a password, and manipulates it in a way that makes it stronger and more resilient to threats like dictionary attacks. In this video, learn how key stretching increases the security of an encryption key with the PBKDF2 and bcrypt key stretching algorithms.

Course Overview
Transcript
View Offline

- [Instructor] Many encryption technologies…depend upon the ability to create an encryption key…from a password in a way that remains strong.…Key Stretching technologies allow this to happen.…The basic idea behind Key Stretching…is that an algorithm takes a relatively insecure value,…such as a password, and manipulates it…in a way that makes it stronger…and more resilient to threats like dictionary attacks.…Key Stretching combines two different techniques…to add strength to an encryption key.…

First, it combines encryption keys…with a value known as a salt, to modify the key.…This process is known as Salting.…Second, it hashes the resulting value…to add time to the key-checking process.…This might be less than a second,…but Key Stretching algorithms repeat this process…hundreds or thousands of times…to consume longer amounts of time.…The idea is, that if the user knows the correct password,…the second or two that it takes…to verify the password is not a big deal.…

However, if an attacker is trying…to guess the correct password,…

Resume Transcript Auto-Scroll

Author

Mike Chapple

Skill Level Advanced

4h 19m

Duration

111,212

Views

Show More Show Less

Related Courses

Introduction
- Welcome
  2m 15s
1. Security Engineering
- Secure design principles
  5m 18s
- Security models
  4m 14s
- Evaluation models
  3m 24s
2. Cloud Computing and Virtualization
- Virtualization
  4m 20s
- Cloud computing models
  3m 44s
- Public cloud tiers
  5m 35s
3. Hardware Security
- Memory protection
  3m 20s
- Interface protection
  4m 10s
- High availability and fault tolerance
  4m 52s
4. Client and Server Vulnerabilities
- Client security issues
  6m 16s
- Server security issues
  4m 25s
- NoSQL databases
  6m 53s
- Large-scale parallel and distributed systems
  4m 30s
5. Web Security
- OWASP top 10 vulnerabilities
  4m 52s
- SQL injection prevention
  5m 20s
- Cross-site scripting prevention
  4m 2s
- Cross-site request forgery prevention
  4m 24s
- Fuzz testing
  6m 44s
- Session hijacking
  3m 50s
6. Mobile Security
- Mobile device security
  2m 35s
- Mobile device management
  6m 14s
- Mobile device tracking
  3m 14s
- Mobile application security
  4m 23s
- Bring your own device (BYOD)
  4m 47s
7. Smart Device Security
- Industrial control systems
  4m 36s
- Smart home technology
  3m 6s
- Securing the Internet of Things
  2m 57s
- Secure networking for the Internet of Things
  2m 28s
8. Encryption
- Understanding encryption
  3m 24s
- Symmetric and asymmetric cryptography
  5m 17s
- Goals of cryptography
  2m 49s
- Codes and ciphers
  3m 20s
- Choosing encryption algorithms
  3m 1s
- The perfect encryption algorithm
  3m 54s
- The cryptographic life cycle
  2m 49s
- Digital rights management
  2m 17s
9. Symmetric Cryptography
- Data encryption standard
  3m 19s
- 3DES
  3m 35s
- AES, Blowfish, and Twofish
  6m 40s
- RC4
  2m 23s
- Steganography
  4m 55s
10. Asymmetric Cryptography
- Rivest-Shamir-Adleman (RSA)
  3m 26s
- PGP and GnuPG
  11m 9s
- Elliptic curve and quantum cryptography
  3m 19s
11. Key Management
- Key exchange
  3m 4s
- Diffie-Hellman key exchange
  5m 12s
- Key escrow
  3m 13s
- Key stretching
  1m 55s
12. Public Key Infrastructure
- Trust models
  3m 1s
- PKI and digital certificates
  4m 28s
- Hash functions
  9m 11s
- Digital signatures
  4m 4s
- Create a digital certificate
  4m 33s
- Revoke a digital certificate
  1m 48s
13. Cryptanalytic Attacks
- Brute-force attacks
  3m 12s
- Knowledge-based attacks
  2m 10s
14. Physical Security
- Site and facility design
  2m 44s
- Data center environmental controls
  4m 8s
- Data center environmental protection
  4m 58s
- Physical security control types
  3m 33s
- Physical access control
  4m 6s
- Visitor management
  1m 35s
Conclusion
- Next Steps
  38s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start Your Free Trial Now

Skills covered in this course

Key stretching

Author

Released

Skill Level Advanced

Duration

Views

Related Courses

CompTIA Security+ Cert Prep (SY0-401): The Basics

Learning Cryptography and Network Security

CISSP Cert Prep: 2 Asset Security

Introduction

1. Security Engineering

2. Cloud Computing and Virtualization

3. Hardware Security

4. Client and Server Vulnerabilities

5. Web Security

6. Mobile Security

7. Smart Device Security

8. Encryption

9. Symmetric Cryptography

10. Asymmetric Cryptography

11. Key Management

12. Public Key Infrastructure

13. Cryptanalytic Attacks

14. Physical Security

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start Your Free Trial Now