Index

A

Authenticated encryption with additional data (AEAD)
algorithms
AESCCM object
AES-CCM vs. AES-GC
authenticated encryption
cryptography library
generate_key methods
Advanced Encryption Standard (AES)
algorithm
cryptographic properties
ECB mode
ECB padding
block chiper
keys
AES-CTR
cryptography library
finalize method
initialize method
RSA key exchange
transmission stream
update method
AES-CBC manager
AES-CBC modes, TLS 1.0
AES-CBC padding
AES-CTR mimics
AES-CTR mode
malleable
store
visual depictions
AES-CTR operations
aesDecryptor.update() method
aesEncryptor.update() method
AES-GCM
AE
AEAD
authenticate_additional_data function
counter context
cryptography library documentation
CTR/CBC modes
decrypt_file function
encryption/authentication
encryptor.tag
finalize method
IV/nonce values
IV/salt values
key details
production code
TLS record
Alphabet permutations
Asymmetric/Symmetric algorithms
AEC-CTR mode
full-duplex communication
one-way communication
RSA encryption
Asymmetric cryptography
Asymmetric encryption
cryptography module
cryptographic dropbox
gmpy2
integer/byte conversion
keys
OAEP
padding
CCA
common modulus attack
deterministic algorithm
homomorphisms
PEM-formatted public key
powmod function
RSA
SeeRSA
signatures
Asymmetric keys
Asyncio documentation
Authenticated encryption (AE)
Authenticated encryption with additional data (AEAD)
Authentication server (AS)
Automated decoding
Avalanche property

B

Bit map file (BMP)
Bleichenbacher’s algorithm
Block cipher, AES

C

Caesar’s shifty cipher
CAkey parameters
Camellia
CAST5
CBC mode
encryption/decryption
hand-crafted
initialization vector IV
Certificate authority (CA)
Certificate pinning
Certificate revocation list (CRL)
CertificateSigningRequestBuilder
Certificate signing request (CSR)
build_chain option
CA
Chrome’s warnings, untrusted situations
Chrome’s warning, untrusted certificate
correct certificate chain validation
create
domain_request.csr
certificate authorities
executing command
human-readable format
OpenSSL
proof of possession
signature algorithm
X.509 version 3
cryptography documentation
DER format
domain_cert.crt
domain_key.pem
eatsa.eastantarctica.southpole.gov
EC key pair
ERR_CERT_AUTHORITY_INVALID error
Eve’s certificate
Eve’s experimentation
generate RSA key
government-authorized CAs
issuer chain
issuer field
load_pem_x509_certificate
load_pem_x509_csr method
new certificate
PEM
public_bytes method
private key
root certificates
root public keys
self-signed certificate
signature lgorithm
sign key parameter
sign method
TLS Builder
trusted root certificates
V3 features
verification
web site and TLS certificate
X.509 V3 extensions
Certificate transparency
Certificate verification systems
ChaCha20
Challenge-response protocols
asymmetric
attacker
MITM
nonce
session keys
ChangeCipherSpec message
Chosen ciphertext attacks (CCA)
Chosen plaintext attack
Cipher block chaining (CBC)
Cipher block chaining (CBC)-MAC
AES encryption operation
cryptography library
encrypted block
Fake MAC
prepend message length
prepends attack
tag
Ciphertext stealing (CTS)
Collision resistance
Confidentiality
CONNECT method
Counter mode (CTR)
Crypto Done Right project
Cryptograms
Cryptographic dropbox
Cryptography
API
fundamentals
library
module
symmetric key ciphers
uses
authentication
confidentiality
correct vs. incorrect
fundamentals
integrity
internet
learning process
in practice
statistics

D

decode operation
decrypt_message() call
Denial-of-service (DoS)
Diffie-Hellman
bidirectional information exchange
elliptic-curve
forward secrecy
SeeForward secrecy
key agreement
key exchange
non-mathematical explanation
parameters
TLS key transport
vs. RSA
DigiNotar CA
Digital signatures
authenticity
CA
CRLs
cryptography module
Encrypt-Then-MAC
fake certificate
json module
json.dumps() operation
message integrity
OCSP
public key certificate
registry
replay attack
revocation
RSA encryption
RSA private keys
RSA public keys
unencrypted data
verify_certificate function

E

East Antarctica Truth-Spying Agency (EATSA )
ECB mode
ECDHExchange
ECDSA vs. RSA signing
Electronic code book (ECB)
Elliptic-Curve Diffie-Hellman (ECDH)
encode function
encode method
encode operation
Encrypt-And-MAC
encrypt_message() call
Encrypt-Then-MAC
ERR_CERT_AUTHORITY_INVALID error

F

finalize() method
finalize() operation
Fingerprint
Finished message
Forward secrecy
authenticated ECDH
ECDHExchange
ephemeral keys
long-term keys
RSA keys
signed public bytes
unauthenticated ECDH
FREAK

G

Galois/Counter Mode (GCM)
GenericAEADCipher
GenericBlockStream
GenericStreamCipher
genrsa
get_cipher_pair() method
get_cipher_pair() operation
get_public_bytes method
gmpy2 module

H

Hash function
brute-force attack
consistency
crack passwords
Google
hashlib
inverting
MD5
MD5SUMS
names
non-cryptographic
SeeNon-cryptographic hash functions
password storage
proof-of-work concept
SHA-1
SHA-256
Ubuntu Linux system
Heartbleed
HKDF
Homomorphic encryption
HTTP Proxy
HTTP Public Key Pinning (HPKP)
HTTP traffic
capabilities
CONNECT method
HTTPConnection object
HTTPConnection to HTTPSConnection
HTTP Proxy
(hu)man-in-the-middle (MITM)
port 80
port 443
protocol
Python shell
read method
set_tunnel method

I

Initialization vector (IV)
Integrity
Internet Engineering Task Force (IETF)

J

json library

K

Kerberos
AEAD algorithm
AS_REQ packet
AS responder
client
connection_made method
cryptographic protocol
CTS
data_received method
DOS
encryption
JSON handling, functions
json library
login process
login receiver
on_ticket callback
packet type
session key
SSO
symmetric key
TGS
TGS_REQ packet
TGT
ticket
timestamps/nonces
key_block
Known answer tests (KATs)

L

load_pem_x509_certificate
load_pem_x509_csr method
Logjam

M

Malleability, concept of
MD5
computing
features
hexdigest
md5hasher
md5hasher.hexdigest() instruction
Message authentication code (MAC)
AEAD
CBC-MAC
SeeCipher block chaining (CBC)-MAC
Encrypt-And-MAC
Encrypt-Then-MAC
HMAC
key
SHA-256
symmetric encryption
Message confidentiality
Message digest
Message integrity
Munging process
Mutual TLS (MTLS)

N

National Institute of Standards and Technology (NIST)
Network programming
asyncio library
blocking/synchronous approach
connection_made method
create_connection method
create_server method
data_received method
EchoServerProtocol constructor
protocol
secure echo client
secure echo server
NIST KAT
Non-cryptographic hash functions
brute-force attack
collision resistance
non-negative integers
preimage resistance
second-preimage resistance

O

One-time pad (OTP)
One-way function
Online Certificate Status Protocol (OCSP)
OpenSSL with Python
certificate validation
default checking
default cipher suites
error
execute code
get_ciphers
host checking
HTTPSConnection class
load_verify_locations method
openssl s_server and restarts
peer’s certificate
recall
rejected certificate
set_ciphers method
SSLContext object
system’s trusted certificates
tbs_certificate_bytes
TLS implementations
weak ciphers
X.509 certificates
Originator usage period (OUP)

P, Q

Padding Oracle On Downgraded Legacy Encryption (POODLE)
Parallel counter mode
Password storage, problems
PKCS7 padding
powmod function
Preimage resistance
Pre-master secret (PMS)
Privacy-Enhanced Mail (PEM)
private_bytes methods
Pseudo-random function (PRF)
Pseudo-random generators
public_bytes methods
Public key infrastructure (PKI)
Python 3 environment
dictionaries creation
encoding and decoding program
setting up

R

Ransomware
AES-CTR/AES-CBC
AES keys
asymmetric encryption
key pair
Recipient usage period (RUP)
Registry key
Replay attack
ResponseHandler class
ROBOT
RSA
code
key management
padding
paramaters
PKCS #1 v1.5 padding
blinding
checks solution
computing solution
conforming messages
cryptography module
encryption
fake Oracle
int_to_bytes
oracle attack
quantum cryptography
relative performance
AES library
algorithm tester
decryption speeds vs. AES-CTR
encryption speeds vs. AES-CTR
encryption tester
finalize method
implementation
key
random text generation
speed test
stats dictionary
update method

S

scrypt parameters
Second-preimage resistance
SEED
Self-signed certificate
ServerHello
Session key
sha256WithRSAEncryption
Shift cipher encoder
Signature Algorithm
Signatures
SimpleKerberosGetTicket class
Single sign-on (SSO) service
SSLv3 padding
byte, lucky
oracle
Stream cipher
AES-CTR
RC4
Sweet32 attack
Symmetric cipher
Symmetric encryption
Symmetric key encryption algorithms
block ciphers
stream ciphers
Symmetric keys

T

Ticket-Granting Service (TGS)
Ticket-Granting Ticket (TGT)
TLS 1.2
cipher suite
client authentication
derived keys/bulk data transfer
AEAD algorithms
CBC modes
C-style struct
expansion
IV/nonce data
key_block
MAC
parameters
PRF
select statement
stream and block cipher types
design
handshake
hello messages
cipher suite
client/server hello exchange
specification
TLS configuration
Wireshark decoding
HTTP proxy
new cipher
session keys
DHE and ECDHE
key agreement
long-term RSA/ECDSA private key
PMS
RSA encryption scheme
RSA key transport
TLS_RSA
TCP/IP protocol suite
TLS 1.3
AEAD ciphers
AES-GCM, AES-CCM
ChaCha20-Poly1305
handshake
HTTP messages
RSA encryption
RSA key transport
TLS Builder
TLSCiphertext structures
TLS communications
attacks
BREACH
CRIME
Heartbleed
Logjam and FREAK
POODLE
ROBOT
Sweet32
TIME
certificate verification
CT
DigiNotar CA
fraudulent/misused certificates
HPKP
pinning
process
revocation
server’s certificate
thief
Trustico
digital identities
SeeX.509 certificates
EaVEsdropper
HTTP Proxy
HTTP traffic
SeeHTTP traffic
OpenSSL with Python
sniffing software
strong cipher suites
TLS 1.3
Transparency, certificate
TripleDES (3DES)

U

Ubuntu Linux system
update() method

V

verify_certificate function

W

West Antarctica Central Knights Office (WACKO)
Wireshark decoding

X, Y, Z

X.509 certificates
builder pattern
collection of key/value pairs
concept of
CSR
SeeCertificate signing request (CSR)
cryptography module’s documentation
extensions
hierarchical keys
Issuer Unique Identifier
OpenSSL certificate tests
primary purpose of
public key
signing algorithm
sign method
structure/subcomponents
Subject Alternative Name
Subject Unique Identifier
TLS Builder
validity period
Versions 1 and 2
XOR operation