6.1 Compare and contrast basic concepts of cryptography.

Question 1

Encryption gives you ______

Answer 1

Confidentiality

Question 2

Digital Signatures give you __________

Answer 2

Non-repudiation

Question 3

Hashing gives you _____

Answer 3

Integrity

Question 4

Encryption definition

Answer 4

A cryptographic technique that converts data from plaintext (cleartext) into code (ciphertext)

Question 5

Ciphers

Answer 5

A specific set of actions used to encrypt data

Question 6

Cryptanalysis

Answer 6

The science of breaking codes and ciphers

Question 7

One-way Function

Answer 7

Mathematical operation that easily produces an output for each possible combination of inputs but makes it impossible to retrieve input values

Question 8

Symmetric Algorithms

Answer 8

A single, shared key, secret-key, private-key encryption.
Used to encrypt large sized bulk data.
**Encrypt and decrypt with the same shared, secret key.

Question 9

to protect passwords they are _____ before being stored

Answer 9

HASHed

Question 10

drawback to Symmetric Algorithms

Answer 10

Doesn’t scale well (Key Distribution)

Question 11

Asymmetric Algorithms

Answer 11

a pair of public and private key.
uses public key to encrypt it
uses private key to decrypt

Question 12

Private key

Answer 12

– Used by you to Decrypt messages to you
– Must keep private
– Never give out your Private Key

Question 13

Public key

Answer 13

– Used by others to encrypt messages to you.
– Everyone you want to has access to your Public Key.
– Located on the CA

Question 14

Public Key Infrastructure (PKI) pertains to two things for the test.

Answer 14

• Digital certificates used to verify websites

- Asymmetric encryption

Question 15

Hashing

Answer 15

• Used to store passwords
• Used to verify INTEGRITY
• Also called Message digest, checksum, hash value
• Used in Digital Signatures

Question 16

Nonce

Answer 16

imply a number that is used only once.

Question 17

IV (Initialization Vector)

Answer 17

• A random number used in combination with a secret key as a means to encrypt data.
• Sometimes referred to as a nonce

Question 18

Salt

Answer 18

A random string of data used to modify a password hash.

Question 19

Elliptic Curve

Answer 19

ECC is a public-key cryptosystem based upon complex mathematical equations of elliptic curves.

ECC uses smaller key sizes than traditional public-key cryptosystem.

As a result, it is faster and consumes fewer resources, making it more ideal for mobile and wireless devices.

Question 20

PAD a ______

Answer 20

Password

Question 21

SALT a _____

Answer 21

HASH

Question 22

ECC - Elliptic Curve

Answer 22

Used for CellPhones

Question 23

on test question about the military going to the field and you must encrypt cell phones. What encryption standard are you going to use

Answer 23

SHA256

Question 24

Key Exchange

Answer 24

Can use IKE - pre-existing VPN tunnel - IN-Band

Can setup a new VPN tunnnel just to send keys - ISAKMP - OUT-of-Band

Question 25

Digital Signatures

Answer 25

Sender signs using their Private key

Supports both Integrity and Nonrepudiation

Receiver decrypts the hash and verifies the data with the sender’s Public key

Question 26

Diffusion

Answer 26

A change in one bit on input has drastic changes in output

Question 27

Collision

Answer 27

Happens when two different messages produce the same hash value.

Question 28

Steganography

Answer 28

The process of hiding a message in a medium such as a digital image, audio file, or other file.

Question 29

Program for steganography

Answer 29

– QuickStego

– Snow

Question 30

Obfuscation

Answer 30

The action of making something obscure, unclear, or unintelligible. TO HIDE

Question 31

What two ways can you tell something is hidden inside another file?(steganography)

Answer 31

the HASH value

or TripWire

Question 32

Block Cipher

Answer 32

encrypting a block of data at a time

Question 33

stream cipher

Answer 33

encrypts one bit or byte at a time.

Question 34

The only streaming cipher

Answer 34

RC4

Question 35

Key Strength / Key Space

Answer 35

Keyspace is defined by the number of bits the key uses

he larger the keyspace;
– the more possible key values
– the more random the entire process becomes
– increases the strength of the cryptosystem

Question 36

Session Keys

Answer 36

A session key is an encryption and decryption key that is randomly generated to ensure the security of a communications session between two entities.

IT IS SINGLE USE - discarded at end of session.

Question 37

Ephemeral

Answer 37

Temporary (ephemeral key is same as session key)

Question 38

Data-in-Transit

Answer 38

Data while it is being transferred from one system to another, or in RAM getting ready to be used.

Question 39

Data-at-Rest

Answer 39

Data stored, on a server/HDD/CD etc

Question 40

Data-in-Use

Answer 40

Data actively being used, such as in a program you have open.

Question 41

Pseudo-random Number Generation

Answer 41

A program written for, and used in, probability and statistics applications when large quantities of random digits are needed.

Question 42

Key Stretching

Answer 42

Refers to processes used to take a key that might be a bit weak and make it stronger, usually by making it longer.

Question 43

Perfect Forward Secrecy

Answer 43

Forward secrecy is a property of any key exchange system, which ensures that if one key is compromised, subsequent keys will not also be compromised

Question 44

Which type of algorithm uses a public key and a private key that is then used to encrypt and decrypt data and messages sent and received?
A. Elliptic curve
B. Symmetric encryption algorithms
C. Asymmetric encryption algorithms \
D. Paired algorithms

Answer 44

C. Asymmetric encryption algorithms

Question 45

Mary claims that she didn’t make a phone call from her office to a competitor and tell them about developments at her company. Telephone logs, however, show that such a call was placed from her phone, and time clock records show that she was the only person working at the time. What do these records provide?
A. Integrity
B. Confidentiality
C. Authentication
D. Nonrepudiation

Answer 45

D. Nonrepudiation

Question 46

In Cryptography a \_\_\_\_\_\_\_ is a random number which is used only once and added to a key to make an encryption algorithm stronger.
A. Initialization Vector
B. Nonce
C. PRNG
D. Ephemeral Key

Answer 46

A. Initialization Vector