By Fatskills Exam Guides Team — the exam nerds behind 28,500+ quizzes and 2.1M practice questions across 500+ global exams.
Objective: Summarize the basics of cryptographic concepts. Topics: - digital signature - key length - key stretching - salting - hashing - key exchange - elliptical curve cryptography (ECC) - perfect forward secrecy (PFS) - quantum cryptography - ephemeral - blockchain - mode of operation - stream cipher - block cipher - symmetric cryptography - asymmetric cryptography - steganography - homomorphic encryption Cryptosystems A cryptosystem or cipher system provides a method for protecting information by disguising it in a format that only authorized systems or individuals can read. The use and creation of such systems is called cryptography. Cryptography involves turning plaintext into ciphertext (encryption) and then turning ciphertext into plaintext (decryption). Specifically, encryption protects confidentiality and safeguards data integrity. Related to cryptography, an algorithm is a mathematical procedure or sequence of steps taken to perform encryption and decryption. You can think of an algorithm as a cooking recipe, with the ingredients needed and step-by-step instructions. Algorithms are used in conjunction with a key for encryption and decryption. The process of encryption is based on two important principles: - Confusion: The plaintext input should be significantly changed in the resulting ciphertext. More technically, each bit of the resulting ciphertext should depend on numerous parts of the key to hide any connection between the two, making it difficult to reverse from ciphertext to plaintext without the key. - Diffusion: If the plaintext is changed, no matter how minor the change, at least half of the ciphertext should also change—and vice versa. Like confusion, diffusion makes things more difficult for an attacker. Specifically, diffusion mitigates the capability to identify patterns that might help break the cipher. Keys Cryptographic algorithms and keys work together. A key determines the output of a cryptographic algorithm and consists of a random string of bits. Keys used in cryptography provide for secrecy. In fact, a principle known as Kerckhoffs’s principle (from the nineteenth century) states that “only secrecy of the key provides security.” This is particularly important in relationship to the associated algorithms. An algorithm itself does not need to be (and should not be) kept secret. Depending on the type of algorithm used, either the same key is used for both encryption and decryption or else different yet mathematically related keys are used. Keys also need to be of an appropriate key strength or key length to prevent brute-force attacks. Key size is expressed as the number of bits in the key used by the algorithm. The longer the key, the more difficult it is to crack. When keys are generated, it needs to be done in such a way that they key contains enough entropy, or randomness. Modern cryptography relies on random numbers. However, pseudo-random numbers are also commonly used so that the numbers appear to be random, at least statistically, but are not truly so. An initialization vector (IV) is a fixed-size input of a random or pseudo-random value. In cryptography, an IV, for example, helps ensure that each message is encrypted differently. You would not want the same message, encrypted with the same key, to have the same resulting ciphertext. A nonce can also be used as an IV. A nonce is a random or pseudo-random number that is used only once and is associated with a time stamp. Nonces are commonly used with authentication protocols to ensure that older authentication messages cannot be reused. Passwords are often thought of as keys because they act as such. For example, a password might be needed before a document can be encrypted. At least in reliable cryptographic systems, the password is used as an input to a key derivation function (KDF), which is used to derive the actual key based on the password as the origin point. Additional random data can be applied, or a key-stretching technique can be used. An eight-character password contains only 64 bits. Key stretching runs a password through an algorithm to produce an enhanced key that is usually at least 128 bits long. In most instances, keys are static and used repeatedly for up to a year or even longer. In other cases, a key is used for only a single session. This type of key is known as an ephemeral key. Ephemeral keys are common to ephemeral key agreement protocols.” The term ephemeral is increasingly being used in computer technology in relationship to keys as well as computing systems and communication ports—to describe something of a temporary or short duration. Know that a static key is designed for long-term use, and an ephemeral key is designed to be used for a single transaction or session. Key Exchange An important concept in any discussion of encryption is key exchange. Historically, the challenge has been that to get a secret, you must share a secret. Consider a simple analogy of a password as the key. Imagine that you are friends with a kid who requires the secret password to gain secret access. Perhaps that password is “open sesame.” The problem is that, at some point, the secret password has to be shared with you. This process is likely not going to be secure and will be subject to eavesdropping. Even if the password were whispered to you, it would still be overheard. Another challenge is that you and the kid have to meet face to face, so you will likely receive the key “out of band” instead of when you are waiting at the door to gain entry. Modern cryptography solves the age-old challenges of key exchange. Exchanging keys in many applications happens securely “in band” when you need to establish a secure session. Any type of out-of-band key exchange relies on sharing in advance, which means the key is delivered outside the network or process from which it will actually be used. Symmetric Algorithms Symmetric cryptography is a system that uses a common shared key between the sender and receiver. The primary advantages of such a system are that it is easier to implement than an asymmetric system and also typically is faster. However, the two parties must first somehow exchange the key securely. Assume, for example, that you have a friend located thousands of miles away from you. To exchange secure messages, you send messages back and forth in a secure lockbox; you both have a copy of the key to the lockbox. This works, but how do you securely deliver the key to your friend? Somehow the key must have been communicated or delivered to your friend, which introduces additional challenges of logistics and ways to ensure that the key is not compromised in the process. Asymmetric cryptography helps overcome these challenges. Now imagine a system in which more than two parties are involved. In this scenario, every party participating in communications must have exactly the same key to compare the information. If the key is compromised at any point, guaranteeing a secure connection is impossible. Symmetric key algorithms are often referred to as secret key algorithms, private key algorithms, and shared secret algorithms. Even given the possible risks involved with symmetric key encryption, the method is used often today mainly because of its simplicity and easy deployment. In addition, this is generally considered a strong encryption method if the source and destination that house the key information are kept secure. A symmetric key is a single cryptographic key used with a secret key (symmetric) algorithm. The symmetric key algorithm uses the same private key for both encryption and decryption operations. It is easier to implement than an asymmetric system and also typically is faster. Symmetric encryption uses two primary types of methods for encrypting plaintext data: - Stream cipher: With a stream cipher, plaintext bits are encrypted a single bit at a time. These bits are also combined with a stream of pseudo-random characters. Stream ciphers are known for their speed and simplicity. - Block cipher: With a block cipher, plaintext is encrypted in blocks, which are fixed-length groups of bits. A block of plaintext is encrypted into a corresponding block of ciphertext. For example, a 64-bit block of plaintext would output as a 64-bit block of ciphertext. Because most plaintext does not fit within the precise block size, leftover text is padded to complete the block. Block ciphers can be further described by their mode of operation. Because block ciphers encrypt based on the specified block size, the mode of operation defines how a cipher is continually applied to encrypt data larger than the specific block size. Most block cipher modes require an initialization vector (IV), a fixed-size input of a random or pseudo-random value. In cryptography, an IV helps ensure that each message is encrypted differently. You do not want the same message, encrypted with the same key to have the same resulting ciphertext.
A Comparison of Block Ciphers and Stream Ciphers
Remember the key differences between a block cipher and a stream cipher. Asymmetric Algorithms An asymmetric encryption algorithm has two keys: a public key and a private key. The public key is made available to whomever will encrypt the data sent to the holder of the private key. The private key is maintained on the host system or application. Often the public encryption key is made available in a number of ways, such as through email or on centralized servers that host a pseudo-address book of published public encryption keys. One challenge, however, is ensuring the authenticity of a public key. To address this, a public key infrastructure (PKI) is often used. A PKI uses trusted third parties that certify or provide proof of key ownership. An example of asymmetric cryptography Asymmetric algorithms are often referred to as public key algorithms because they use the public key as the focal point for the algorithm. As an example of asymmetric encryption, think about the secure exchange of an email message. When someone wants to send a secure email to someone else, he or she obtains the target user’s public encryption key and encrypts the message using this key. Because the message can be unencrypted only with the private key, only the target user can read the information held within. Ideally, for this system to work well, everyone should have access to everyone else’s public keys. Refer again to Figure 16.1. Note that the public key and the private key shown both belong to the recipient, yet the public key is provided through a key exchange. Anyone with the public key can use it to encrypt; only that person with the private key (that is, the recipient) can decrypt. Imagine a postal mailbox that enables the letter carrier to insert your mail via an open slot, but only you have the key to get the mail out. This is analogous to an asymmetric system. The open slot is the public key. If you are concerned about the security of your mail, needing a single key only to get the mail out is much easier than ensuring that every letter carrier has a copy of your mailbox key. The letter carrier is also thankful he or she is not required to carry hundreds of different keys to complete mail delivery. Keep the following points in mind regarding keys in asymmetric encryption: - Public keys encrypt, and private keys decrypt: For example, Alice can encrypt a message with Bob’s public key. Bob decrypts the message with his private key, which only he has. - Private keys sign, and public keys verify signatures: For example, Alice signs a message with her private key. Bob verifies the message’s signature with Alice’s public key. Some general rules for asymmetric algorithms include the following: - The public key can never decrypt a message that it was used to encrypt. - With proper design, public keys should never be able to determine private keys. - Each key should be capable of decrypting a message made with the other. For instance, if a message is encrypted with the private key, the public key should be able to decrypt it. Public key encryption has proven useful on networks such as the Internet—primarily because the public key is all that needs to be distributed. Because nothing harmful can be done with the public key, it is useful over unsecured networks where data can pass through many hands and is vulnerable to interception and abuse. Symmetric encryption works fine over the Internet, too, but the limitations on securely providing the key to everyone who requires it can pose difficulties. In addition, asymmetric key systems can verify digital signatures, which provide assurance that communications have not been altered and that the communication arrived from an authorized source. In an asymmetric key system, each user has a pair of keys: a private key and a public key. To send an encrypted message, you must encrypt the message with the recipient’s public key. The recipient then decrypts the message with his or her private key. Elliptic Curve and Emerging Cryptography Two other cryptosystems are elliptic curve cryptography (ECC) and (still emerging) quantum cryptography. ECC is a public key cryptosystem based on complex mathematical structures. ECC uses smaller key sizes than traditional public key cryptosystems. As a result, it is faster and consumes fewer resources, which makes it more ideal for mobile and wireless devices. Unlike elliptic curves and other cryptosystems, quantum cryptography does not rely on mathematics. Instead, it relies on physics. Although this cryptosystem is slower, its primary advantage is increased security. Quantum mechanics protects against data disturbance because no one can measure the quantum state of the photons. The mere observation of a quantum system changes the system. Elliptic curve cryptography is an example of an asymmetric public key cryptosystem. It is often used for mobile and wireless devices. Session Keys Session keys, sometimes called symmetric keys, are randomly generated keys for performing both encryption and decryption during the communication of a session between two parties. Such a key is described as being symmetric because it is used for both encryption and decryption. When a session key is generated, the key is valid only during that one communication session. As a result, you can think of a session key as being temporary, for one-time use. A session key is deleted after the communication ends, but the key exchange mechanism used to establish session keys (most notably, RSA) often relies on a private key. This can be the web server’s private key, which is used to establish a secure session with the client. Although this is efficient, the challenge is that gaining access to the server’s private key allows an adversary to decrypt the communications. The benefit, however, is that organizations can use this private key so that security systems (for example, IDSs and web application firewalls) have visibility into the traffic. This method of obtaining a symmetric key for a session completely depends on the secrecy of the private key. Because of this, perfect forward secrecy (PFS), or just forward secrecy, provides a mechanism to prevent the compromise of a private key used to create new session keys from past session keys that were compromised. As a result, PFS eliminates the vulnerability in which a compromised private key can be used to go back and decrypt all previous key exchange conversations. This is important because with a decrypted key exchange, previously used encryption keys could be retrieved to reveal entire transactions or messages. PFS gained popularity in 2013, as revelations about government monitoring became public. Mainstream news reported on Twitter announcing that it would adopt forward secrecy to protect recorded traffic from potentially being decrypted later. Nonrepudiation and Digital Signatures Nonrepudiation is intended to provide, through encryption, a method of accountability that makes it impossible to refute the origin of data. It guarantees that the sender cannot later deny being the sender and that the recipient cannot deny receiving the data. This definition, however, does not factor into the possible compromise of the workstation or system used to create the private key and the encrypted digital signature. The following list outlines four key elements that nonrepudiation services provide on a typical client/server connection: - Proof of origin: The host gets proof that the client is the originator of particular data or an authentication request from a particular time and location. - Proof of submission: The client gets proof that the data (or authentication, in this case) has been sent. - Proof of delivery: The client gets proof that the data (or authentication, in this case) has been received. - Proof of receipt: The client gets proof that the data (or authentication, in this case) has been received correctly. Digital signatures provide integrity and authentication. In addition, digital signatures provide nonrepudiation with proof of origin. Although authentication and nonrepudiation might appear to be similar, the difference is that, with nonrepudiation, proof can be demonstrated to a third party. Nonrepudiation is the assurance that something can’t be denied by someone. A sender of a message signs the message using his or her private key. This provides unforgeable proof that the sender did indeed generate the message. Nonrepudiation is unique to asymmetric systems because the private (secret) key is not shared. Remember that, in a symmetric system, both parties involved share the secret key; therefore, any party can deny sending a message by claiming that the other party originated the message. Digital signatures attempt to guarantee the identity of the person sending the data from one point to another. The digital signature acts as an electronic signature used to authenticate the identity of the sender and to ensure the integrity of the original content (to make sure it has not been changed). Do not confuse the terms digital signature and digital certificate. In addition, do not confuse digital signatures with encryption. Digital signatures and encryption are related concepts, but their intentions and operations differ significantly. Finally, do not confuse a digital signature with the block of identification information that is often appended to an email, such as the sender’s name and telephone number or digitally created image. Digital signatures can easily be transported and are designed so that no one else can copy them. This ensures that something that is signed cannot be repudiated. A digital signature does not have to accompany an encrypted message. It can simply be used to assure the receiver of the sender’s identity and confirm that the integrity of the message was maintained. The digital signature contains the digital signature of the certificate authority (CA) that issued the certificate for verification. The point of this verification is to prevent or alert the recipient to any data tampering. Ideally, if a packet of data is digitally signed, it can bear only the original mark of the sender. If this mark differs, the receiver knows that the packet differs from what it is supposed to be, and either the packet is not unencrypted, or it is dropped altogether. This works based on the encryption algorithm principles discussed previously. If you cannot determine what the original data was in the encrypted data (in this case, the signature), faking the data and convincing the receiver that it is legitimate data is much harder. Suppose, for example, that you need to digitally sign a document sent to your stockbroker. You need to ensure the integrity of the message and assure the stockbroker that the message is really from you. The exchange looks like this: You type the email. Using software built into your email client, you obtain a hash (which you can think of as digital fingerprint) of the message. You use your private key to encrypt the hash. This encrypted hash is your digital signature for the message. You send the message to your stockbroker. Your stockbroker receives the message. Using software, he makes a hash of the received message. The stockbroker uses your public key to decrypt the message hash. A match of the hashes proves that the message is valid. Hashing A hash is a generated summary from a mathematical rule or algorithm that is commonly used as a “digital fingerprint” to verify the integrity of files and messages. Hashing ensures message integrity and provides authentication verification. In other words, hashing algorithms are not encryption methods, but they offer additional system security via a “signature” for data to confirm the original content. A hash function works by taking a string (for example, a password or an email) of any length and producing a fixed-length string for output. Keep in mind that hashing works one-way. Although you can create a hash from a document, you cannot re-create the document from the hash. If this all sounds confusing, the following example should help clear things up. Suppose that you want to send an email to a friend, and you also want to ensure that, during transit, the message cannot be read or altered. You use software that generates a hash value of the message to accompany the email and then encrypts both the hash and the message. When the email is received, the recipient’s software decrypts the message and the hash and then produces another hash from the received email. The two hashes are compared, and a match indicates that the message was not tampered with (because any change in the original message would produce a change in the hash). A password hash can use a salt, which is an additional input of random data to a function that hashes a password. This process, known as salting, helps defend against specific attacks in which hashed values are precomputed (for example, rainbow table attacks). Some of the attacks mentioned here work because users who have the same password would also have the same resulting hash. This problem can be overcome by making the hashes more random. Salting involves using a prefix consisting of a random string of characters added to passwords before they are hashed. Such a countermeasure makes it more difficult or impractical to attack passwords unless the attacker knows the value of the salt that needs to be removed. Cryptographic hashes are susceptible to collisions and, thus, collision attacks. Recall the example in “Attack Basics,” about the birthday attack used to find collisions within hash functions. Such an attack tries to find two input strings of a hash function that have the same output. Although collisions are not likely, they can occur because hash functions produce a predefined output length, despite taking in an infinite input length. Remember that hashing data does not provide for confidentiality (or encryption) but rather provides verification of integrity (that the data hasn’t been modified). Use of Proven Technologies and Implementation Because of the sensitive nature of cryptography, using well-known, proven technologies is crucial. Backdoors and flaws, for example, can undermine any encryption algorithm. Vendors might have their own encryption solutions, and most of them depend on well-known, time-tested algorithms; you should be skeptical of any vendor using a proprietary unproven algorithm. Recall from earlier that Kerckhoffs’s principle states that a cryptosystem should be secure even if everything about the system is known except for the key. Proven technologies are well-designed cryptosystems. Systems that require keeping the algorithms secret introduce additional measures related to what needs to be protected, and they often provide security through obscurity. In addition to avoiding secret algorithms, or “snake oil” cryptography, be sure to steer clear of weak or deprecated algorithms. Even once-proven technologies can weaken over time. Only algorithms that are public and have been thoroughly reviewed and approved should be used. The National Institute of Standards and Technology (NIST) maintains publications and guidance for the use of approved cryptographic and hashing algorithms. The following is a summary of this and other good practices: - Use well-known and approved cryptographic algorithms. - Adhere to required minimum key guidance for the chosen algorithm. - Use approved cryptographic modes. - Use strong random number generators. NIST’s Federal Information Publication Standard 140-2 (FIPS 140-2) covers the secure design and implementation of cryptographic modules, and NIST provides a program to validate such modules to this standard. Cryptographic modules, or cryptographic service providers (CSPs), are the hardware, software, or firmware that implements cryptographic functions such as encryption, decryption, digital signature, random number generation, authentication, and key management. Applications and systems can interface with these secure cryptographic modules, helping to ensure sound implementation based on vetted and sound cryptographic modules. However, modules provide varying security levels and options, particularly because different algorithms can be encapsulated within a module. Thus, consideration must be given to algorithm selection and the application to ensure an appropriate level of security. For example, a cryptography algorithm based on factoring and prime numbers uses more bits for keys than cryptography based on the algebraic structure of elliptic curves. As a result, the former requires compute resources, which makes the latter more ideal for mobile devices. Steganography A method commonly used for obfuscating data—particularly in media types such as audio, video, image files, and other documents—is steganography. Steganography is a word of Greek origin that means “hidden writing.” It involves hiding messages so that unintended recipients are not aware that there is any message. Compare this to cryptography, which does not seek to hide the fact that a message exists but just makes the message unreadable by anyone other than the intended recipients. Writing a letter using plaintext but in invisible ink is an example of steganography. The content is not scrambled in any way; it is just hidden. Another interesting example, albeit a bit cumbersome, is the historical use of writing a secret message on the scalp of one’s shaved head, allowing the hair to grow back, and then ultimately having it shaved again upon arrival at the intended recipient. Steganography is not cryptography. Whereas steganography hides the presence of a message, the purpose of cryptography is to transform a message from its readable plaintext into an unreadable form known as ciphertext. Of course, steganography is useless if someone other than the intended recipient knows where to look. Therefore, steganography is best used when combined with encryption. If attackers do not even know that a message exists in the first place, they cannot attempt to crack it. As a result, steganography is not just the stuff of child’s play or far-fetched spy movies. Steganography actually entered mainstream media after the terrorist attacks of 9/11. Various reports indicated that the terrorists were (and others still are) using this practice to secretly hide messages. Modern uses include hiding messages in digital media and using digital watermarking. In addition, printers have used steganography, using tiny dots that reveal serial numbers and time stamps. Cryptography Use Cases Cryptography has many potential use cases. The following are common examples: - Confidentiality: Ensures the privacy of data. This is the most common use case—or at least the one that many tend to think of during discussions on cryptography. - Integrity: Ensures the accuracy of the data. Hashing, discussed earlier, is a common mechanism to ensure integrity. Assurance of message integrity, for example, might apply regardless of whether a message was encrypted. - Nonrepudiation: Ensures accountability so that the origin of the data cannot be refuted. Nonrepudiation is needed to affirm the authenticity of a digital signature and verify that a message was indeed sent by the originator. - Authentication: Ensures the secure transfer of authentication data between two entities or systems. Cryptographic authentication protocols are required for authentication. In addition, encryption and authentication work together. Both have their own responsibilities when it comes to securing communications and data. These days, it’s easy to confuse the “crypto” ideas cryptography and cryptocurrency. Bitcoin, a leading cryptocurrency, is a decentralized currency for which balances are maintained on a public digital ledger known as a blockchain. Transactions are grouped into blocks shared with the network. Each block is linked to the previous block through a cryptographic hash. Part of what makes bitcoin so successful is its use of cryptography. A bitcoin wallet consists of two keys: a public key and a private key. Bitcoin can be sent to me by using my public key as the address; using my private key, I can spend bitcoin. Addresses are long alphanumeric numbers and may be represented as QR codes, which can be scanned or photographed with a mobile device for quick access and entry. Protecting data through encryption and yet maintaining the capability for decryption can be broadly categorized into three high-level areas, based on the state of the data: data at rest, data in transit, or data in processing. Emerging solutions like homomorphic encryption are attempts at providing alternatives to working with data in processing and would allow operations such as searching and sorting to be performed on ciphertext as if it were plaintext. Other specific use cases and needs continue to exist. Although it is considered insecure on its own, obfuscation is commonly used with encryption. This includes, for example, first encrypting the obfuscated data. A primary use case for obfuscation without encryption involves trying to protect source code from reverse engineering. Research in combining obfuscation and encryption to protect source code continues. Strong cryptographic implementations demonstrate resiliency to leakage and subsequent attacks, and research and development into highly resilient cryptography or leakage-resilient cryptography is continuing. For example, the physical implementation of cryptographic algorithms could leak information (for example, electromagnetic and power consumption), which can be leveraged to break the system. Cryptography Constraints Security systems often require trade-offs. Cryptography, for example, consumes resources in a system and carries a cost; security, performance, and power all need to be factored in. Modern computer systems and algorithms work well together. Furthermore, cryptographic implementations have made management easier. In fact, more than half of the web is now encrypted using HTTPS. When it comes to modern cryptography, performance and security have always been two important factors. How is it possible to increase the security robustness of an algorithm or a system without sacrificing speed and introducing more latency? Recently, especially with small and low-power devices, the trade-offs and resource constraints are continually being considered in the search for lighter-weight cryptography. Quiz:1. Which of the following attacks would be rendered ineffective by the use of salting? A. Hash B. Brute force C. Dictionary D. Rainbow table2. You are exchanging secure emails with another user. You use a key to encrypt your outbound email, but then you are unable to decrypt the email you receive in return by using the same key you used to encrypt the outbound email. Which best explains what’s happening? A. Email clients do not support cryptography. B. Asymmetric cryptography is being used. C. You are using a stream cipher. D. You are using a block cipher.3. Which of the following is true regarding block and stream ciphers? (Select three.) A. Block ciphers are more complex than and not as fast as stream ciphers. B. Stream ciphers, unlike block ciphers, require padding. C. Block ciphers have higher diffusion than stream ciphers. D. Stream ciphers perform encryption bit by bit.4. Which statement is false? A. Symmetric key algorithms use the same private key to encrypt and decrypt. B. Symmetric key algorithms are often referred to as public key algorithms. C. ECC is an example of an asymmetric public key cryptosystem. D. Symmetric key algorithms are typically faster than asymmetric systems. Answer 1: D. A rainbow table attack can be rendered ineffective by salting, which defends against precomputed hash values. Dictionary and brute-force attacks don’t necessarily rely on precomputed hash values. Thus, answers B and C are incorrect. Answer A is incorrect because a hash is not a type of attack but instead describes a function. Answer 2: B. In asymmetric cryptography, key pairs are used: one key to encrypt and the other to decrypt. The email you received would have been encrypted with your public key, and you would need to decrypt the email with your private key. This private key would not have been the key used to encrypt the original outgoing email. You would have used the recipient’s public key for that. Answers A, C, and D are incorrect because you were able to originally encrypt an email outbound. Further, most email clients do support cryptography, and stream and block ciphers are methods for encrypting plaintext in symmetric algorithms. Answer 3: A, C, and D. Stream ciphers do not require padding because each bit is processed and is the smallest unit; thus answer B is incorrect. All the other choices are true statements comparing block ciphers and stream ciphers. Answer 4: B. Symmetric key algorithms are often referred to as secret key algorithms, private key algorithms, and shared secret algorithms. Asymmetric algorithms are often referred to as public key algorithms because they use the public key as the focal point for the algorithm. Answers A, C, and D are all true statements and are therefore incorrect answer choices.
Join 4M+ learners. Unlock unlimited quizzes, wrong-answer tracking, flashcards + reminders, study guides, and 1-on-1 challenges.