Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE539 - Applied Cryptography > Week3 > Flashcards

Week3 Flashcards

1
Q

Suppose that the length of a password is 16 characters. What is the maximum number of possible combinations of characters if the password can include uppercase and lowercase characters but excludes numbers?

62^{16}
52^8
52^{16}
62^6

A

52^16
Correct! Because we are considering essentially two alphabets (all uppercase letters and lowercase letters), we have 52 possibilities to choose from for each of the 16 characters of the password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q 
Which attack is incapable of stealing a password?
The birthday attack
The man-in-the-middle attack (MITM)
The brute force attack
The phishing attack
A

The birthday attack
Correct! Although it might sound more like trying a user’s birthday as their password, the birthday attack has nothing to do with stealing passwords. Instead, it is used to create duplicate documents with identical hashes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which security measure is a common tool against phishing attacks?

Multi-factor authentication
Encryption
Hashing
Antivirus programs

A

Multi-factor authentication
Correct! With multi-factor authentication, even if the attacker finds out the user password through a phishing attack, it would still need more information to get access to the account. Such information generally includes OTPs that are sent to the user (phone, email, etc.) at time of each login.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which attack can generally be used to steal a database that contains passwords?

Cross-site scripting (XSS) attack
Denial of service (DOS) attack.
Password recovery attack
SQL injection attack

A

SQL injection attack
Correct! If the user input is not verified, it can execute SQL queries to select columns that contain sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which process demonstrates how a user password is verified when the passwords are stored as hashes?

The user entry is encrypted and matched against the hash that is saved in the database.

The user entry is encrypted to match the hash in the database using a special algorithm, which creates an identical output for the hash and encryption.

The user entry is hashed, and this hash is matched against the hash stored in the database.

The user entry is matched against a password, which is generated by reverting the hash.

A

The user entry is hashed, and this hash is matched against the hash stored in the database.

Correct! This is done to check the integrity of user entry.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which attack can easily compromise a user’s account if the password is simple and has meaningful information, such as names or birthdays?

The dictionary attack

The phishing attack

The brute force attack

The man-in-the-middle attack (MITM)

A

The dictionary attack

Correct! Dictionary attacks are way faster compared to brute force attacks because of the reduced search space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

In the context of cryptography, what is “salt”?

A random number appended to user-provided password to create a combination that is used as the password.

A random number used in One Time Passwords for Multi-Factor authentication.

A random number provided to the user after the user has entered the password.

A random data that is used as an additional input to the hash function.

A

A random data that is used as an additional input to the hash function.
Correct! Salts make it difficult to retrieve the original password by matching hashes of most commonly used passwords against hashes in the stolen password database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

When a user enters the password on their computer to connect to a web server, the password is sent over the network in which form?

As a ciphertext encrypted using asymmetric key encryption

As a hash of the password so that no one could figure out what the password was

As a plaintext so that the web server and anyone else sitting on the line can see it easily

As a ciphertext encrypted using symmetric encryption where the key is stored on the user machine as well as the server.

A

As a ciphertext encrypted using asymmetric key encryption

Correct! The https protocol ensures that the information is encrypted before it is sent over the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Password hashes are salted before storing so that the hashes in the passwords table fails to match with which of the following?

1 / 1 point

Encrypted password received from the user

Hashes computed on the fly in online dictionary attacks

Hashes precomputed in offline dictionary attacks

Hashes computed in the rainbow table attacks

A

Hashes precomputed in offline dictionary attacks
Correct! This makes an attackers job really difficult as they would have to generate the whole dictionary again for cracking a single password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How many bits were used for each character in the Unix password scheme?

7 bits
5 bits
8 bits
6 bits

A

7 bits
Correct! This made the password length (7x8) 56 bits, which was the same as that of DES, which was utilized for hashing at that time in Unix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

From the given choices, which was used as a hashing algorithm in earlier Unix systems to store hashes of passwords?

DES
SHA1
MD5
MD4

A

DES
Correct! In spite of the fact that DES was an encryption algorithm, the system was modified so that it would function as a hashing algorithm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which best describes the use of salt in earlier Unix password storage systems?

Salt was supplied along with the password to perturb the S-Boxes in the hashing algorithm.

Salt was used to increase the bit strength of the password from 56 to 70 bits.

Salt was used as the key to encrypt the password before storing.

Salt was supplied to the hashing algorithm along with user password.

A

Salt was supplied along with the password to perturb the S-Boxes in the hashing algorithm.
Correct! This put salt to better use than the typical append operation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What was the reason why 25 rounds of hashing were done in the Unix password system?

To strengthen the hash because an encryption algorithm was used instead of hashing.

To achieve the right amount of avalanche effect.

To make the password hashing 25 times slower than usual.

To remove the part of the password, which leaked in the output of hash after an initial round.

A

To make the password hashing 25 times slower than usual.

Correct! Although a usability problem, this ensured that generating an online dictionary got drastically slowed down making it computationally infeasible to attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Which item is stored in the rainbow table?

Passwords generated using the reduction function
The reduction function
Hashes of the candidate password
Candidate passwords

A

Candidate passwords

Correct! These are stored so that the chain can be recreated in case the final hash matches any hash in the passwords table.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why is it difficult to brute-force passwords to hashes?

It requires a huge amount of both computation and storage space.

It requires application-specific integrated circuits (ASICs) to generate hashes.

It requires a huge amount of computation.
It requires a huge amount of storage space.

A

It requires a huge amount of computation.

Correct! Hashing is an expensive operation in terms of computation time and resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Why is it difficult to use a precomputed dictionary to crack hashes for passwords?

It requires a huge amount of computation.

It requires a huge amount of both computation and storage space.

It requires a huge amount of storage space.

It requires application-specific integrated circuits (ASICs) to generate hashes.

A

It requires a huge amount of storage space.

Correct! The number of potential passwords is so large that it is infeasible to store every single possibility.

17
Q

Which description best explains how a reduction function is used in the rainbow table?

The reduction function tries to reverse a hash to a possible value.

The reduction function reduces the number of passwords that we need to reverse.

The reduction function reduces the amount of hashing required to reverse a password.

The reduction function tries to reduce the length of a hash to match that of a password.

A

The reduction function tries to reverse a hash to a possible value.
A quality reduction function results in better coverage.

18
Q

What is step 2 for generating a sample rainbow table?

Select and store a list of a million candidate passwords.
_____________________________________________________________________
Use a reduction function to reverse the hash to some password.
_____________________________________________________________________
Store the millionth hash generated, paired with the candidate password.
_____________________________________________________________________
Save the candidate passwords and hash pairs in persistent storage.

Options:

Repeat all but step 1 for the remaining candidate passwords.

Repeat all but step 1 and 3 for the remaining candidate password.

Repeat hashing and reduction a million times.

Generate the hash for a candidate password.

A

Generate the hash for a candidate password.
Correct! When the candidate password is fetched, it is hashed and then stored to make it more secure at first. Then it is passed through a reverse hash function to be stored as a password-hash pair.

19
Q

What is step 2 for generating a sample rainbow table?

Select and store a list of a million candidate passwords.
_____________________________________________________________________
Use a reduction function to reverse the hash to some password.
_____________________________________________________________________
Store the millionth hash generated, paired with the candidate password.
_____________________________________________________________________
Save the candidate passwords and hash pairs in persistent storage.

Options:

Repeat all but step 1 for the remaining candidate passwords.

Repeat hashing and reduction a million times.

Generate the hash for a candidate password.

Repeat all but step 1 and 3 for the remaining candidate password.

A

Repeat hashing and reduction a million times.

Correct! Hashing and reduction are repeated multiple times to iterate over all the passwords stored in step 1.

20
Q

What is step 6 for generating a sample rainbow table?

Select and store a list of a million candidate passwords.
_________________________________________
Use a reduction function to reverse the hash to some password.
_________________________________________
Store the millionth hash generated, paired with the candidate password.
_________________________________________
Save the candidate passwords and hash pairs in persistent storage.

Options

Repeat hashing and reduction a million times.

Generate the hash for a candidate password.

Repeat all but step 1 for the remaining candidate passwords.

Repeat all but step 1 and 3 for the remaining candidate password.

A

Repeat all but step 1 for the remaining candidate passwords.
Correct! The first step is omitted because the million passwords do not need to be listed again and again. This is a one-time process to assist the further steps.

21
Q

What does the term “coverage” mean with respect to the rainbow table?

All of the candidate passwords and reduction function outputs.

All of the intermediate hashes.

All of the candidate passwords.

All of the final hashes at the end of each chain.

A

All of the candidate passwords and reduction function outputs.
Correct! The rate of being able to crack passwords using the rainbow table is dependent on the table’s coverage.

22
Q

Which component can ensure good coverage?

A hash function that is different from the one used by the password storage scheme.

A set of carefully chosen candidate passwords that have high randomness.

A small chain length that contains only a few combinations of passwords.

A reduction function that generates a random output with minimum repetition.

A

A reduction function that generates a random output with minimum repetition.

Correct! Because a single collision can create a redundant chain, it is crucial to have a quality reduction function.

23
Q

What is step 7 to find a password that corresponds to hash in the rainbow table?

Use the reduction function to generate an intermediate password from the hash.
Create a hash for the intermediate password.
___________________________________
Get the candidate password if intermediate hash is found in the reduction table.
___________________________________
Repeat the reduction and functions and lookup a million times.
___________________________________
Return the password that generated the matching hash.

Stop if the hash is generated in the chain that started from the candidate password.

Reverse the hash to generate password.

Lookup the intermediate hash in the reduction table.

Hash the candidate password and repeat reduction and hashing.

A

Stop if the hash is generated in the chain that started from the candidate password.
Correct! We need to stop the generation and reduction of hash if all of the possible combinations of hash have already been generated from the original password feed and still no match was found.

24
Q

Which description best explains how reduction function collisions affect chains in the rainbow table?

They introduce partial redundancy for different outputs of the reduction function.

They introduce completely new chains for different outputs of the reduction function.

They introduce new chains for collisions in the hashing function.

They introduce partial redundancy for identical outputs of the reduction function.

A

They introduce partial redundancy for identical outputs of the reduction function.

Correct! This lowers the coverage because the table loses that many passwords.

25
Q

What is the impact of reduction function collisions?

Reduction function collisions lower the total number of unique passwords.

Reduction function collisions increase the total number of unique passwords.

Reduction function collisions make the algorithm that they are a part of more secure.

Reduction function collisions decrease the total number of unique intermediate hashes.

A

Reduction function collisions lower the total number of unique passwords.
Correct! Each reduction function output is a password that the rainbow table could crack, but if these passwords repeat often, we need a new reduction function.

26
Q

Which parameter could be changed if there are frequent reduction collisions while generating the rainbow table with a good reduction function?

Other more random candidate passwords can be chosen to ensure new reductions and new chains.

The number of candidate passwords can be increased.

The length of the chain can be shortened.

A hashing algorithm can be chosen that is different from the one used for password storage.

A

Other more random candidate passwords can be chosen to ensure new reductions and new chains.
Correct! Candidate passwords play a big role because that is where chains begin. Therefore, it is best to have unrelated random values to ensure better coverage.

27
Q

What is step 3 to find a password that corresponds to hash in the rainbow table?

Use the reduction function to generate an intermediate password from the hash.

Create a hash for the intermediate password.

___________________________________

Get the candidate password if intermediate hash is found in the reduction table.

___________________________________

Repeat the reduction and functions and lookup a million times.

___________________________________

Return the password that generated the matching hash.

Stop if the hash is generated in the chain that started from the candidate password.

Hash the candidate password and repeat reduction and hashing.

Reverse the hash to generate a password.

Lookup the intermediate hash in the reduction table.

A

Lookup the intermediate hash in the reduction table.
Correct! Intermediate hash is the hash of the potential intermediate password to be looked up in the table if the value was previously stored. This is done to find the password with the matching hash.

28
Q

What is step 5 to find a password that corresponds to hash in the rainbow table?

Use the reduction function to generate an intermediate password from the hash.

Create a hash for the intermediate password.

___________________________________

Get the candidate password if intermediate hash is found in the reduction table.

___________________________________

Repeat the reduction and functions and lookup a million times.

___________________________________

Return the password that generated the matching hash.

Lookup the intermediate hash in the reduction table.

Stop if the hash is generated in the chain that started from the candidate password.

Reverse the hash to generate password.

Hash the candidate password and repeat reduction and hashing.

A

Hash the candidate password and repeat reduction and hashing.
Correct! This is done to iterate over all of the possible hash combinations for the password with which the password-hash pair might have been stored in the table.

CSE539 - Applied Cryptography (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions