Learn encryption algorithm vocabulary: symmetric vs. asymmetric encryption, AES-256-GCM, RSA, ECDSA, key exchange (ECDH, Diffie-Hellman), and perfect forward secrecy.
0 / 5 completed
1 / 5
AES-256-GCM is an authenticated encryption algorithm. What does the 'GCM' component provide beyond confidentiality?
AES-GCM is an AEAD (Authenticated Encryption with Associated Data) mode. It produces a ciphertext plus a 128-bit authentication tag. If the ciphertext is modified, the tag verification fails before decryption — preventing padding oracle and bit-flipping attacks. GCM also allows 'associated data' (e.g., headers) to be authenticated without being encrypted.
2 / 5
The Diffie-Hellman key exchange allows two parties to:
DH works on the discrete logarithm problem: each party picks a private value and computes a public value. Exchanging public values allows both to derive the same shared secret, while an eavesdropper cannot compute it without solving the (computationally hard) discrete log. ECDH uses elliptic curves for the same purpose with shorter keys.
3 / 5
Perfect Forward Secrecy (PFS) means:
Without PFS, an attacker who records TLS traffic and later obtains the server's private key can decrypt all recorded sessions. With PFS (using ECDHE or DHE), each session generates ephemeral key pairs that are discarded after the session — past sessions remain protected. PFS is mandatory in TLS 1.3.
4 / 5
ECDSA (Elliptic Curve Digital Signature Algorithm) is preferred over RSA for digital signatures in modern systems because:
Elliptic curve cryptography (ECC) exploits the hardness of the elliptic curve discrete logarithm problem. The key size advantage means faster operations, smaller certificates, and less CPU usage — critical for TLS handshakes on constrained devices and high-traffic servers.
5 / 5
The fundamental difference between symmetric and asymmetric encryption is:
Symmetric (e.g., AES) is fast and efficient for bulk data encryption but requires secure key distribution. Asymmetric (e.g., RSA, ECC) solves the key distribution problem — anyone can encrypt using a public key, but only the private key holder can decrypt. In practice, TLS uses asymmetric algorithms only to exchange a symmetric session key, then switches to symmetric (AES) for bulk encryption.