Cryptography

Question 1

DES

Answer 1

Data Encryption Standard - symmetric cryptosystem, older and obsolete.
-Uses an algorithm called Lucifer, which in the DES implementation, has a 64-bit key size.
-8 bits are for computational overhead, so true key size is 56 bits.
-Any blocks less than 64 bits in size are padded
- 5 different block cipher modes of operation
-16 rounds of encryption

Question 2

DES ECB

Answer 2

Electronic Code Book - a given piece of plaintext will always produce the same piece of ciphertext. Very predictable, easily broken

Question 3

DES CBC

Answer 3

Cipher block chaining - much stronger encryption by XORing the previous block to the block being encrypted, the first block acts as an initialization vector (IV). Every block of plaintext will have a different ciphertext

Question 4

DES CFB

Answer 4

Cipher feedback mode - plaintext is XORed into the IV after each round, similar to CBC mode.

Question 5

DES OFB

Answer 5

Output feedback - similar to CFB mode, takes the result of the previous encryption of the IV and key before the plaintext is XORed

Question 6

DES CTR

Answer 6

Counter mode - uses a random 64-bit block as the first IV, then increments a specified number or counter for every subsequent block of plaintext. Best performance.

Question 7

3DES or TDES

Answer 7

Triple DES (Data Encryption standard) - symmetric, better, later iteration of DES. Uses three distinct iterations of encryptions on plaintext. DES uses single 56-bit keys, 3DES uses three 56-bit keys.
-Thus, 3DES has a 168-bit key
-Same modes as DES, repeats them 3 times with 3 different keys
-Suffers from some of the same weaknesses as DES

Question 8

AES

Answer 8

Advanced Encryption Standard - symmetric block cipher
-block sizes of 128 bits
-key sizes of 128, 192, and 256 bits
-10 rounds for 128-bit keys, 12 rounds for 192-bit keys, 14 rounds for 256-bit keys
-Has different modes, similar to DES.
Attacks on AES are usually side-channel attacks, which target a faulty implementation rather than the cryptosystem itself
- tends to use the lower-latency Galois/Counter Mode
-Sometimes called Rijndael

Question 9

AES GCM

Answer 9

AES Galois/Counter Mode - starts with CTR mode, adds a special data type known as a Galois field to add integrity. Authenticated encryption mode. Low latency, good performance

Question 10

Blowfish

Answer 10

Symmetric Block Cipher - accepts 64-bit blocks, wide range of variable key links, from 32-bits to 448 bits.
-16 rounds of encryption, just like DES.
-widely implemented, considered a good choice and strong
-public domain, free to use

Question 11

Twofish

Answer 11

Symmetric block algorithm, uses 128-block size
-128-bit, 192-bit, or 256-bit keys
-Like DES, uses 16 rounds of encryption
-Successor to Blowfish
-Public domain, freely available to use

Question 12

RC4

Answer 12

Rivest Cipher 4 - symmetric streaming algorithm, not block.
-One round of encryption
-Can use key sizes from 40 to 2048 bits in length
-Very fast protocol, as all streaming ciphers are
-Key stream (stream of pseudorandom bits injected into encryption) which is combined with plaintext using XOR to encrypt it into ciphertext
-Most popularly used in wireless encryption with WEP, which is obsolete and cryptographically broken protocol
Can be found in versions of SSL/TLS
-some documented weaknesses

Question 13

RSA

Answer 13

Asymmetric algorithm, enables creation of a public-private key pair
Generates keys based on the mathematical problem of the difficulty of factoring two very large prime numbers (each up to several hundred digits in length)
-One round of encryption
-Key sizes from 1024 to 4096 bits
-very secure, but keys of smaller sizes have been broken, based on faulty implementations of RSA though.
-de facto asymmetric algorithm used in PK cryptography implementations

Question 14

Diffie-Hellman (DH)

Answer 14

Asymmetric cryptosystem, DH protocols enable asymmetric key exchange to give both sides of a conversation a single symmetric key. a non-secure channel can establish secure comms
-Faster connection compared to RSA. RSA has great security, requires a lot of computation. DH = speed!
-uses discrete logarithms, modulo arithmetic, and prime numbers to generate key pairs
-part of key exchange process requires each side to generate a temporary, ephemeral key (Diffie-Hellman Ephemeral) (DHE)
-relies on pseudorandom number generation to create ephemeral keys, which in most cases relies on aspects of the underlying system like dates, MAC address of the NIC, other seemingly random information, but these aren’t random. However, alternatives exist.
-Can use a larger modulus. DH Groups have preset moduluses. Group 1, 2, 5, 14, 768, 1024, 1546, and 2048 bits

Question 15

Elliptic-Curve Diffie-Hellman Ephemeral

Answer 15

• skips pseudorandom number generation and instead uses ephemeral keys calculated using elliptic-curve cryptography. Has groups. Group 19, 20, 21, 25-bits, 384-bits, and 521-bit elliptic curves

Question 16

PGP/GPG

Answer 16

Pretty Good Privacy - Asymmetric cryptography application/protocol suite. Can use both asymmetric and symmetric keys. bulk encryption, data at rest encryption (file and FDE, full disk encryption), key pair generation, and key exchange.
-PGP uses a web of trust, rather than a public key infrastructure
Commercialized, proprietary, but it has an open-source equivalent, Gnu Privacy Guard (GPG)
Comply with the OpenPGP standard, an IETF standard published asd RFC 4880

Question 17

ECC

Answer 17

Elliptic-curve cryptography, asymmetric cryptographic method based on problems involving the algebraic structure of elliptic curves over finite fields
- special uses involving mobile devices, low computational power and memory usage, widely implemented in smartphones and low-power mobile devices
-smaller key sizes, but are harder to break. Largest known ECC key broken is 112-bits, but a 768-bit key has been broken with RSA.

Question 18

ElGamal

Answer 18

Asymmetric algorithm that can be used for digital signatures and general encryption
partially based on Diffie-Hellman key exchange algorithms. Uses mathematical problems related to computing discrete logarithms
Used in hybrid cryptosystems, encrypts a small symmetric key and a faster scheme encrypts the message
Widely used in open standards, including PGP and GPG
US Gov’t’s Digital Signature Algorithm (DSA)

Question 19

MD5

Answer 19

Message Digest 5 - hashing algorithm
-generates a 128-bit hash, 32 hexadecimal characters long
-replaces MD4
-has weaknesses, researchers have demonstrated collisions many times
many low-security situations stilluse it
-part of other cryptographic methods, including EAP (extensible authentication protocol), as part of its EAP-MD5 implementation
128-bit has, 32 hexadecimal characters regardless of text length

Question 20

SHA

Answer 20

Secure Hash Algorithm -initially released as SHA-0, several iterations now, including SHA-1, SHA-2, and SHA-3
SHA-1 - 160-bits, 40-character hashes. A contemporary of MD5 with similar flaws
SHA-2 - made up of two algorithms, SHA-256 and SHA-512, each has minor versions including SHA-224 and SHA-384
SHA-3 uses a hash function called Keccak that makes it different internally than SHA-1 and SHA-2.
Has 40-character hashes
SHA-3, implementation of the Keccak hashing function. the best version.
Developed by the NSA

Question 21

RIPEMD

Answer 21

RACE Integrity Primitives Evaluation Message Digest - hashing algorithm not often seen in practical implementation. Developed in an open-standard type of environment
Comes in 128- 160-, 256-, and 320-bit versions. Not in widespread use.
RIPEMD-160 is the most common iteration

Question 22

HMAC

Answer 22

Hash-based Message Authentication Code - used in conjunction with a symmetric key to authenticate and verify message integrity
-can use either MD5 or SHA series of hashing algorithms (HMAC-MD5 or HMAC-SHA1/2/3)
-produces a hash value, the Message Authentication Code (MAC)
HMAC uses a secret (symmetric) key with the hashing process, so a given message produces a unique hash using that symmetric key