0P3N Blog
Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.


A data dictionary is a database for system developers. It logs all of the data structures used by an application. Sophisticated data dictionaries integrate application generators that use the data logged in the dictionary to automate some of the program production tasks. The data dictionary communicates with the DBMS, the program library, applications, and the information security system. A data ...


Algorithms are the basis of cryptography. Encryption, a type of cryptography, refers to the mechanism of scrambling information so it cannot be deciphered or read by an unauthorized observer. An algorithm is a procedure for taking the original message, called plaintext, and using instructions combined with a message key to create a scrambled message, referred to as ciphertext. A __cryptographic ...


Because of its small key size of 56 bits, DES can no longer defend against coordinated brute-force attacks using modern cryptanalysis. The National Institute of Standards and Technology (NIST) has appointed the Advanced Encryption Standard to be the authorized Federal Information Processing Standard for all non-confidential communications by the U.S. government. NIST is also seeing applications in the private sector. ...


X.509 was developed from the X.500 standard. X.500 is a directory service standard that was ratified by the International Telecommunications Union. The objective was to develop an accessible, easy-to-use electronic directory of people provided for all Internet users. The X.500 directory standard specifies a common root of a hierarchical tree. Picture an upside down tree, the root of the tree ...


Key pairs are used in a range of functions. With most PKI implementations, only single key pairs are used. Sometimes a CA needs to generate multiple key pairs in situations where backup private keys are required but the possibility of a forged digital signature is acknowledged. For example, if someone is the backup operator, that person is responsible for the ...


Using asymmetric key pairs is easy to apply however when expanded beyond a small community there are potential vulnerabilities. If a private key is compromised, it is difficult to locate and remove that key. The security infrastructure developed to address these problems is known as a public key infrastructure (PKI). PKI uses asymmetric key pairs and combines software, encryption technologies, ...


Private Key Protection: The storage of private keys in a secure location is mandatory when dealing with PKI. Many people take private keys for corporate CAs completely offline, store them in a secure place, and only use them when they need to generate a new key. Key Escrow: Private key escrow is a process where the CA maintains a copy ...


Certificates and keys have a certain duration. Various factors play into the lifespan of a particular key. Several things can occur to impact the lifespan of a key such as being compromised or revoked. There’s also an expiration date for keys. As is the case with a driver’s license or credit card, keys are considered valid for a finite amount ...


When a certificate is created, it is stamped with Valid From and Valid To dates. The interim period between these dates is the cycle of time the certificate and key pairs are valid. Once a certificate’s validity period has expired, it must be either renewed or destroyed. Certification Revocation List: The X.509 standard mandates CAs to publish CRLs. The basic ...


Software Storage of an Archived Key Software storage of an archived key is where the key is kept on a disk or other type of removable media. When you need to provide another user with a key, you can copy the key to a floppy disk and use the copy to perform the operation. When the key is in use, ...