Cryptography

Question 1

Cryptography

Answer 1

The science of protecting the confidentiality and integrity of data

Question 2

Encryption

Answer 2

The process of transforming readable data (plaintext or cleartext) into an unreadable form (ciphertext)

Question 3

Decryption

Answer 3

The process of recovering the plaintext message from the ciphertext

Question 4

Cryptographic algorithm

Answer 4

Uses keys or multiple keys to encrypt or decrypt the message

Question 5

Caesar Cipher

Answer 5

Substitution cipher
Shifts letter a certain number of spaces in the alphabet
Modern ex: ROT13 – shifts letters 13 spaces so you can just run it again to decrypt
Other sub ciphers: Jefferson disk, Enigma machine

Question 6

What are some characteristics of modern cryptographic tools?

Answer 6

Open – you can understand the encryption process and still not be able to break the cipher
Algorithms depend on difficult mathematical problems called one-way problems

Question 7

Some characteristics of keyword ciphers?

Answer 7

Substitution cipher
Uses a key to determine what to sub for each letter
Vulnerable to frequency analysis

Question 8

Frequency analysis

Answer 8

Code-breaking method that uses information about frequently used letters in a language

Question 9

One-time pad

Answer 9

Unbreakable, when used properly
Uses random number grid common to both parties: called “shifts”

Question 10

Symmetric cryptography

Answer 10

AKA private key cryptography
Uses single key to encrypt and decrypt message
Keys must be shared between sender and receiver (key exchange)
Uses two types of cipher: block cipher and stream cipher

Question 11

Block cipher

Answer 11

Takes a predetermined number of bits (block) and encrypts that block

Question 12

What are some characteristics of block ciphers?

Answer 12

Most algorithms use them
They are slower, but more versatile
More susceptible to errors
Work better with messages whose sizes are fixed or known in advance

Question 13

Stream cipher

Answer 13

Encrypts each bit in the plaintext message one bit at a time
Better for encrypting data of unknown size or data in a continuous stream (like data over a network)

Question 14

Symmetric key algorithm examples

Answer 14

DES
3DES
AES

Question 15

Talk about DES algorithm

Answer 15

Uses block cipher with a 56-bit key
keyspace of 2 to the power of 56
Broken in 1999 by testing every possible key in 22 hours

Question 16

keyspace

Answer 16

number of possible keys

Question 17

3DES algorithm

Answer 17

DES used to encrypt each block three times with three different keys

Question 18

AES algorithm

Answer 18

Uses three different ciphers: 128 bit, 192 bit, and 256 bit

Question 19

What are three differences between 3DES and AES algorithms?

Answer 19

AES uses newer and completely different algorithm
AES uses longer and stronger keys and block length
AES is faster than 3DES

Question 20

Asymmetric cryptography

Answer 20

Uses 2 keys: one public and one private
Anyone can access public key
Private key is carefully guarded
Advantage: no need for key exchange

Question 21

Asymmetric key algorithm examples

Answer 21

RSA – widely used, including in Secure Sockets Layer (SSL) protocol
Elliptic curve cryptography – can use short keys while maintaining higher cryptographic strength
ECC is fast an efficient; can be used on lower grade systems

Question 22

Hash functions

Answer 22

3rd type of modern cryptography
Converts plaintext into unique and fixed-length value (hash)
Can’t use to discover contents of original message
Used to make sure message has not changed

Question 23

Hash collision

Answer 23

When two messages produce the same hash
When occurs, stop using algorithm–it is faulty

Question 24

What does a digital signature allow you to do? (3)

Answer 24

Sign a message so that others can detect any changes to the message after you’ve sent it
Ensure the message was legit sent by the expected party
Prevent the sender from denying that he sent the message (nonrepudiation)

Question 25

How is a digital signature utilized?

Answer 25

Sender generates a hash of the message and then uses his private key to encrypt the hash. Receiver uses public key to decrypt the hash and then hashes the message to see if they match

Question 26

What is the process for creating a digital certificate?

Answer 26

Created by taking the public key and identifying information (name, address, etc) and having them signed by a trusted entity that issues certificates: the certificate authority

Question 27

Certificate authority

Answer 27

Entity that issues certificates
Ex: VeriSign

Question 28

What does a digital certificate allow you to do?

Answer 28

Verify that a public key is truly associated with an individual

Question 29

What is the infrastructure that handles certificates on a large scale called?

Answer 29

Public key infrastructure (PKI)

Question 30

What are the two main components of public key infrastructure?

Answer 30

Certificate authorities that issue and verify certificates
Registration authorities that verify the identity of the individual associated with the certificate

Question 31

What is data at rest?

Answer 31

Data on a storage device of some kind that isn’t moving over a network, through a protocol, or across some other communication platform

Question 32

What is the primary method of protecting data at rest?

Answer 32

Encryption

Question 33

What protocols are used to protect data in motion?

Answer 33

Secure Sockets Layer (SSL)
Transport Layer Security (TLS)

Question 34

What is the relationship between SSL and TLS?

Answer 34

SSL is TLS’s predecessor. They are very similarly and often used interchangeably.

Question 35

What are some other protocols that SSL and TLS work in conjunction with?

Answer 35

Internet Message Access Protocol (IMAP)
Post Office Protocol (POP) for email
Hypertext Transfer Protocol (HTTP) for web traffic
VoIP for voice conversation and instant messaging

Question 36

What do VPNs do?

Answer 36

They encrypt all network traffic.

Question 37

What are the most common protocols used to secure VPNs?

Answer 37

Internet Protocol Security (IPsec)
SSL

Question 38

What is a main difference between SSL and IPsec?

Answer 38

IPsec requires a more complex hardware setup than SSL

Question 39

Why is it difficult to protect data in use?

Answer 39

Because it is hard to control what authorized users do with the data.