Module 20: Cryptography

Question 1

Symmetric Encryption

Answer 1

Uses the same (secret/shared/private) cryptographic key for encryption and decryption

Question 2

Asymmetric Encryption

Answer 2

Uses different encryption and decryption keys (public and private keys)

Question 3

GAK (Government Access to Keys)

Answer 3

The government is given whole keys (or partial keys that they can crack the rest of) that they hold and use to be used only in cases of court warrants (analogous to wiretapping)

Question 4

Substitution Cipher

Answer 4

A classical cipher where locks of plaintext replaced with cipher text

Question 5

Transposition Cipher

Answer 5

A classical cipher where letters of plaintext are shifted

Question 6

Private Key Cipher

Answer 6

A key based cipher where the same key is used for encryption and decryption

Question 7

Public Key Cipher

Answer 7

A key based cipher where different keys are used to encrypt and decrypt

Question 8

Block Cipher

Answer 8

An input based cipher where blocks of a fixed size are encrypted

Question 9

Stream Cipher

Answer 9

An input based cipher where a continuous stream is encrypted

Question 10

Data Encryption Standard (DES)

Answer 10

Enciphers and deciphers blocks of data consisting of 64 bits under control of a 56 bit key. Considered weak by many standards today, oftentimes used to encrypt the data 3 times consecutively (3DES) until AES can be implemented

Question 11

Advanced Encryption Standard (AES)

Answer 11

A symmetric key block cipher that iterates over an encryption pass. Default is a 128-bit block size, but can have 128, 192, 256 variants.

Question 12

RC4

Answer 12

Variable key size symmetric key stream cipher with byte-oriented operations and is based on the user of a random permutation

Question 13

RC5

Answer 13

Parameterized algorithm with a variable block size, variable key size, and a variable number of rounds. Key size is 128-bits, 2-bit working registers

Question 14

RC6

Answer 14

Symmetric key block cipher derived from RC5 with 2 additional features: Integer multiplication and 4 bit working registers

Question 15

Twofish

Answer 15

Candidate for replacement of DES. Uses encryption block sizes of 128-bits, and key sizes of up to 256-bits.

Question 16

Digital Signature Algorithm (DSA)

Answer 16

Specified by FIPS 186-2, it may be used in the generation and verification of digital signatures for sensitive, unclassified applications. Computed in such a way that both the identity and the integrity of the data can be verified.

Question 17

Rivest Shamir Aldeman (RSA)

Answer 17

The de facto internet encryption standard. Uses a 256-bit key. Uses modular arithmetic and elementary number theories to perform computations using large prime numbers

Question 18

Diffie-Hellman Algorithm

Answer 18

Cryptographic protocol that allows 2 parties to establish a shared key over an insecure channel

Question 19

Message Digest Functions

Answer 19

Hash functions that calculate a unique fixed-size bit string representation of any arbitrary block of info.
Extra info:
- 50% chance to change output if any bit changes
- Computationally infeasible to have 2 files with the same hash

Question 20

MD5

Answer 20

Takes a message of arbitrary length and outputs a 128-bit fingerprint (message digest) of the input. MD5 is not collision resistant

Question 21

Secure Hashing Algorithm (SHA)

Answer 21

Algorithm used to generate secure one-way hashes

Question 22

SHA1

Answer 22

160-bit digest from a message with a max length of (264-1) bits. Similar algorithm to MD5

Question 23

SHA2

Answer 23

Family of 2 hash functions:

1. SHA-256 which uses 32-bit words
2. SHA-512, which uses 64-bit words

Question 24

SHA3

Answer 24

Uses sponge construction in which message blocks are XOR’ed into the initial bits of the state, which is then invertibly permuted

Question 25

RACE Integrity Primitives Evaluation Message Digest (RIPEMD-160)

Answer 25

160-bit hash algorithm. Has 128, 256, and 320 bit variations.
Compression Function: 80 stages of 5 blocks that execute 16 times each.
Repeats twice by combining results and using modulo 32 addition.

Question 26

Hash-based Message Authentication Code (HMAC)

Answer 26

Widely used message authentication code that makes use of a cryptographic key combined with a cryptographic hash. Hash is typically SHA-1 or MD5.

Question 27

Public Key Infrastructure (PKI)

Answer 27

Set of hardware, software, people, policies, and procedures required to create, manage, distribute, use, store, and revoke certificates.

Question 28

PKI Certificate Management System

Answer 28

Generates, distributes, stores and verifies certificates

Question 29

PKI Validation Authority

Answer 29

Stores certificates, with their public keys

Question 30

PKI Certificate Authority

Answer 30

Issues and verifies digital certificates

Question 31

PKI End User

Answer 31

Requests, manages, and uses certificates

Question 32

PKI Registration Authority

Answer 32

Acts as the verifier for the certificate authority

Question 33

Secure Socket Layer (SSL)

Answer 33

Uses RSA asymmetric encryption to encrypt data over an SSL connection

Question 34

Transport Layer Security (TLS)

Answer 34

Uses RSA 1024 or RA 2048. Used to establish a secure connection between client and server.

Question 35

TLS Handshake protocol

Answer 35

Allows the client and server to exchange keys and select encryption protocols, authenticating each other

Question 36

TLS Record Protocol

Answer 36

Provides secure connections with an encryption method

Question 37

Pretty Good Privacy (PGP)

Answer 37

Combines conventional and public key to provide a protocol used to encrypt and decrypt data. Typically used for compression, digital signing, message encryption, emails, files, and directories.