6.1 Basic concepts of cryptography

Question 1

Symmetric encryption

Answer 1

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Question 2

Modes of operation

Answer 2

The way a cryptographic product processes multiple blocks.

Question 3

Asymmetric algorithms

Answer 3

A

Question 4

Hashing

Answer 4

Hashing is the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string.

Question 5

Salt

Answer 5

A random or pseudo-random number or string.

Question 6

Elliptic curve cryptography

Answer 6

An asymmetric encryption technique that leverages the algebraic structures of elliptic curves over finite fields.

Question 7

Key exchange

Answer 7

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Question 8

Digital signatures

Answer 8

A message digest that has been encrypted again with a user’s private key.

Question 9

Diffusion

Answer 9

Means that predictable features of the plaintext should not be evident in the ciphertext

Question 10

Confusion

Answer 10

Means that predictable features of the plaintext should not be evident in the ciphertext

Question 11

Collision

Answer 11

When a function produces the same hash value for two different inputs

Question 12

Steganography

Answer 12

Hiding a message within another message or data

Question 13

Obfuscation

Answer 13

The art of making a message difficult to understand

Question 14

Stream vs. block

Answer 14

In a stream cipher, each byte or bit of data in the plaintext is encrypted one at a time.

In a block cipher, the plaintext is divided into equal-size blocks (usually 64- or 128-bit). Each block is then subjected to complex transposition and substitution operations, based on the value of the key used.

Question 15

Key strength

Answer 15

A

Question 16

Session keys

Answer 16

A one-time encryption key used to symmetrically encrypt one communication session only

Question 17

Ephemeral key

Answer 17

Using a different secret key for each session.

Question 18

Data in transit

Answer 18

The state when data is transmitted over a network. Examples of types of data that may be in transit include website traffic, remote access traffic. In this state, data can be protected by a transport encryption protocol, such as TLS or IPSec.

Question 19

Data at rest

Answer 19

This state means that the data is in some sort of persistent storage media. Examples of types of data that may be at rest include financial information stored in databases, archived audiovisual media, operational policies and other management documents, system configuration data, and more.

Question 20

Data in use

Answer 20

This is the state when data is present in volatile memory, such as system RAM or CPU registers and cache. Examples of types of data that may be in use include documents open in a word processing application, database data that is currently being modified, event logs being generated while an operating system is running.

Question 21

Random/pseudorandom number generation

Answer 21

Uses software routines to simulate randomness. The generator usually uses data from the system, such as mouse and keyboard input timing, process IDs, and hard drive samples, as a seed. The seed state is then passed through a mathematical formula in order to output a pseudorandom number.

Question 22

Key stretching

Answer 22

A technique to make the key generated from a user password stronger is by—basically—playing around with it lots of times.

Question 23

Implementation vs. algorithm selection

Answer 23

It is important to realize that just because an algorithm, such as AES, is considered strong does not mean that the implementation of that cipher in a programming library is also strong. The implementation may have weaknesses.

Question 24

Crypto service provider

Answer 24

(CSP) A cryptographic module that implements Microsoft’s CryptoAPI.

Question 25

Crypto modules

Answer 25

Algorithms underpinning cryptography that are interpreted and packaged as a computer program or programming library.

Question 26

Perfect forward secrecy

Answer 26

A characteristic of session encryption that ensures if a key used during a certain session is compromised, it should not affect data previously encrypted by that key.

Question 27

Security through obscurity

Answer 27

Means keeping something a secret by hiding it.

Question 28

Low power devices

Answer 28

Some technologies require more processing cycles and memory space. This makes them slower and means they consume more power. Consequently, some algorithms and key strengths are unsuitable for handheld devices and embedded systems, especially those that work on battery power. Another example is a contactless smart card, where the card only receives power from the reader and has fairly limited storage capacity, which might affect the maximum key size supported.

Question 29

Low latency

Answer 29

If cryptography is deployed with a real time-sensitive channel, such as voice or video, the processing overhead on both the transmitter and receiver must be low enough not to impact the quality of the signal.

Question 30

Supporting integrity

Answer 30

Encryption guarantees the message is tamper-proof

Question 31

Supporting obfuscation

Answer 31

Cryptography is effectively used with messages. Cryptography cannot be used with source code because it obfuscates the code too much to the point where the computer can't compile the code.

Question 32

Supporting authentication

Answer 32

If you are able to encrypt a message in a particular way, it follows that the recipient of the message knows with whom he or she is communicating (that is, the sender is authenticated).

Question 33

Supporting non-repudiation

Answer 33

Non-repudiation is the concept that the sender cannot deny sending the message. If the message has been encrypted in a way known only to the sender, it follows that the sender must have composed it.

Question 34

Resource vs. security constraints

Answer 34

The comparative strength of one cipher over another largely depends on the bit-strength of the key and the quality of the algorithm. Some algorithms have known weaknesses and are deprecated for use in particular contexts

Question 35

Nonce

Answer 35

the principal characteristic of a nonce is that it is never reused ("number used once") within the same scope (that is, with the same key value). It could be a random or pseudo-random value, or it could be a counter value.

Question 36

IV

Answer 36

(Initialization Vector) The principal characteristic of an IV is that it be random (or pseudo-random).

Question 37

Supporting confidentiality

Answer 37

A cryptographic (or encrypted) message can only be understood by someone with the right decrypting cipher