attacks Flashcards
(32 cards)
cipher cracking methodology that involves identifying patterns and variations in the probability of codes.
i.e. a three-letter ciphered text combination spotted at the beginning of a string too often could tip us off that those three letters correlate the letters THE in the English alphabet.
Frequency Analysis
Why should Diffie-Hellman not be used? What should we use instead?
It is vulnerable to man in the middle and downgrade attacks. Use PKI and ephemeral keys instead.
Which symmetric stream is resistant to timing attacks?
ChaCha
NOBUS
(‘nobody but us’) backdoor. This is where it is mathematically possible for government agents to crack the encryption, but no-one else can
Key escrow.
This is where a copy of the encryption key is kept in escrow so that it can be used by a government agent
Where the intruder uses brute force to decrypt the ciphertext and tries every possible key.
Exhaustive search
Known plaintext attack.
Where the intruder knows part of the ciphertext and the corresponding plaintext.
The known ciphertext and plaintext can then be used to decrypt the rest of the ciphertext.
Where the intruder sends a message to the target, this is then encrypted with the target’s private-key and the intruder then analyses the encrypted message.
For example, an intruder may send an e-mail to the encryption file server and the intruder spies on the delivered message.
Chosen-ciphertext.
Where the intruder inserts or modifies messages.
Active attack
Where the intruder takes a legitimate message and sends it into the network at some future time.
The replay system
Where the intruder mixes parts of two different encrypted messages and is able to create a new message. This message is likely to make no sense but may trick the receiver into doing something that helps the intruder.
Cut-and-paste.
Some encryption schemes use the time of the computer to create the key. Resetting this time or determining the time that the message was created can give some useful information to the intruder.
Time resetting.
Diffie-Helman handshakes are vulnerable to what?
MiTM
side path attack?
.
What three things is AES vulnerable to?
AES has proven to be free from major vulnerabilities, but poor implementation of the encryption method leaves it susceptible to attacks such as:
Brute force, use of Non-Random Numbers, and copy-and-paste.
Difference between Time attack and Time resetting?
Time attack - analyzing the amount of time needed for decryption to calculate the key.
Time resetting - Changing or observing the local time on a device to foil certain encryption schemes.
What is RSA vulnerable to?
RSA suffers from several weaknesses and is susceptible to numerous attacks and cracking methods including factorization of prime numbers used within the algorithm.
What addresses the problems of brute forcing an MD5 hash?
The APR1 format combats this by iterating the hash value 1,000 times and salting the value.
What addresses the problems of brute forcing an MD5 hash?
The Apache-defined APR1 format combats this by iterating the hash value 1,000 times and salting the value.
Looks for a rollover of the same value for an IV
Replay attack
Which encryption algorithm did the National Institute of Standards and Technology (NIST) designate as a specification for the encryption of electronic information?
AES
Which type of cipher is ChaCha?
stream
What is SHA hashed stored passwords vulnerable to and why?
SHA method has for storing passwords does not have a salt making it open to rainbow table attacks and brute force.
This is where part of the message has some significance to the original and generates the same hash signature. This is defined as a Pre-image attack.
Similar context.
