Update 05.01 - Cryptography and Key Management.md

2.Curriculum/05.Cryptography and Key Management/05.01 - Cryptography and Key Management.md

@@ -1,33 +1,187 @@
 # Module 5: Cryptography and Key Management
 
-5.1 What is cryptography
-- what are the main security properties addressed by cryptography 
+5.1 What is Cryptography
+•	Definition and purpose of cryptography in modern systems 
+•	Historical evolution of cryptographic methods 
+•	Cryptography in modern applications, cloud services, APIs, and communications 
+Core Security Properties Provided by Cryptography
+•	Confidentiality 
+•	Integrity 
+•	Authenticity 
+•	Non-repudiation 
+•	Availability considerations related to cryptographic services 
+Cryptographic Concepts and Terminology
+•	Plaintext and ciphertext 
+•	Encryption and decryption 
+•	Keys and secrets 
+•	Cryptographic primitives 
+•	Trust and threat models 
+Types of Cryptography
+•	Symmetric cryptography 
+•	Asymmetric cryptography 
+•	Hybrid cryptographic systems 
 
-5.2 Uses of cryptography
-- keys
-- hashes
-- message digest
-- X.509 certificates
-- Digital signatures
-- etc.
+5.2 Uses of Cryptography
+Encryption Technologies
+Symmetric Encryption
+-	AES and modern symmetric algorithms 
+-	Block and stream ciphers 
+-	Encryption modes (CBC, GCM, CTR) 
+-	Authenticated encryption 
+Asymmetric Encryption
+-	Public and private keys 
+-	RSA and Elliptic Curve Cryptography (ECC) 
+-	Key exchange mechanisms 
+Hashing and Integrity Protection
+Hash Functions
+-	SHA-2 and SHA-3 
+-	Message digests 
+-	Integrity verification 
+Message Authentication
+-	HMAC 
+-	MAC vs Digital Signature 
+Password Hashing
+-	bcrypt 
+-	scrypt 
+-	Argon2 
+-	Salting and stretching 
+Digital Trust and Identity
+X.509 Certificates
+-	Certificate structure 
+-	Certificate Authorities (CA) 
+-	Chain of trust 
+-	Certificate validation 
+Digital Signatures
+-	Signature generation and verification 
+-	Authenticity and non-repudiation 
+-	Code signing and document signing 
+Cryptography in Secure Communications
+TLS and HTTPS
+-	TLS handshake overview 
+-	Cipher suites 
+-	Perfect Forward Secrecy (PFS) 
+-	Certificate validation 
+Cryptography in Modern Applications
+-	API security 
+-	VPNs 
+-	Secure email 
+-	Secure file storage 
+-	Token signing (JWT) 
 
-5.3 Common algorithm pitfalls
-- Cipher suites
-- Algorithm strength
+5.3 Common Algorithm and Configuration Pitfalls
+Weak and Deprecated Algorithms
+-	DES and 3DES 
+-	MD5 and SHA-1 
+-	RC4 
+-	Weak RSA key sizes 
+-	Deprecated TLS and SSL versions 
+Cipher Suite Weaknesses
+-	Weak cipher negotiation 
+-	Downgrade risks 
+-	Lack of forward secrecy 
+-	Improper TLS configurations 
+Randomness and Entropy Problems
+-	Weak random number generation 
+-	Predictable keys 
+-	Insecure pseudo-random generators 
+Cryptographic Misuse
+-	Hardcoded secrets and keys 
+-	Reusing IVs and nonces 
+-	Improper encryption modes 
+-	Rolling custom cryptography 
+-	Insecure certificate validation 
+Token and Signature Pitfalls
+-	JWT algorithm confusion 
+-	Missing signature validation 
+-	Weak signing keys 
+-	Improper token storage 
 
-5.4 Attcks against cryptography solutions
-- Rainbow attacks
-- Brute force attacks
-- Collusion attacks
-- etc
+5.4 Attacks Against Cryptographic Solutions
+Password and Key Attacks
+-	Brute-force attacks 
+-	Dictionary attacks 
+-	Rainbow table attacks 
+-	Credential stuffing relevance 
+Cryptographic Protocol Attacks
+-	Man-in-the-middle (MITM) attacks 
+-	Downgrade attacks 
+-	Replay attacks 
+-	Padding oracle attacks 
+Key and Trust Attacks
+-	Key compromise 
+-	Certificate spoofing 
+-	Rogue certificates 
+-	Collusion attacks 
+Side-Channel and Implementation Attacks
+-	Timing attacks 
+-	Memory disclosure attacks 
+-	Weak entropy exploitation 
+Modern Threat Considerations
+-	Quantum computing considerations 
+-	Supply chain compromise affecting cryptographic trust 
 
-5.5 Insecure use of cryptography
+5.5 Insecure Use of Cryptography
+Common Developer Mistakes
+-	Storing passwords using plain hashes 
+-	Using outdated algorithms 
+-	Encrypting without integrity protection 
+-	Client-side only encryption assumptions 
+-	Disabling TLS validation 
+Insecure Secret Handling
+-	Hardcoded API keys and secrets 
+-	Secrets in source code repositories 
+-	Insecure environment variable management 
+Session and Token Weaknesses
+-	Insecure JWT implementation 
+-	Long-lived tokens 
+-	Missing expiration validation 
+-	Insecure cookie configurations 
+Data Protection Failures
+-	Insufficient encryption for data at rest 
+-	Weak transport security 
+-	Improper backup encryption 
+-	Exposed private keys and certificates 
+Compliance and Operational Risks
+-	Failure to rotate keys 
+-	Poor certificate lifecycle management 
+-	Inadequate logging and monitoring of cryptographic events 
 
-5.6 Key management
-- Key generation
-- Key storage
-- Key exchange
-- Key rotation
-- Key deletion
-- Key decommissioning
-- etc.
+5.6 Key Management
+Key Lifecycle Management
+-	Key generation 
+-	Key activation 
+-	Key distribution 
+-	Key usage 
+-	Key rotation 
+-	Key archival 
+-	Key revocation 
+-	Key deletion and destruction 
+-	Key decommissioning 
+Secure Key Generation
+-	Cryptographically secure random number generators (CSPRNG) 
+-	Key length requirements 
+-	Entropy considerations 
+Secure Key Storage
+-	Hardware Security Modules (HSM) 
+-	Cloud Key Management Services (KMS) 
+-	Secret vault solutions 
+-	Secure enclave technologies 
+Key Exchange and Distribution
+-	Diffie-Hellman and ECDH 
+-	Public key distribution 
+-	Secure provisioning mechanisms 
+Operational Key Management
+-	Key rotation policies 
+-	Backup and recovery procedures 
+-	Separation of duties 
+-	Access control for cryptographic material 
+Certificate and Trust Management
+-	Certificate issuance 
+-	Certificate renewal 
+-	Certificate revocation 
+-	Trust store management 
+Best Practices and Governance
+-	Principle of least privilege for key access 
+-	Cryptographic policy management 
+-	Auditing and monitoring key usage 
+-	Compliance and regulatory considerations