Chapter 7 Flashcards
(99 cards)
1
Q
in asymmetric cryptography, which key is used to encrypt a message?
A
receiver’s public key
2
Q
Which international standard was created by Rivest, Shamir, and Adleman?
A
RSA public key algorithm
3
Q
which algorithm relies on a component of set theory known as super-increasing sets, rather than large prime numbers?
A
Merkle-Hellman
4
Q
this algorithm is an extension of Diffie-Hallman, but its major disadvantage is that it doubles the size of any message that it encrypts
A
ElGamal
5
Q
this algorithm involves the equation Q = xP; and even if Q and P are known, x is incredibly difficult to solve. The major advantage of this algorithm is that you do not need a large key size to obtain the same amount of security as very large keys used in other algorithms
A
Elliptic Curve
6
Q
this algorithm relies on the ability of two users to generate a shared secret that they both know without ever actually transmitting it, and is used to set up TLS
A
Diffie-Hellman Key Exchange
7
Q
5 requirements of hash functions
A
- input can be any length
- output is fixed length
- relatively easy to compute
- one-way function
- collision resistant
8
Q
block size of HAVAL
A
1024-bit
9
Q
hash values of HAVAL
A
128, 160, 192, 224, and 256-bits
10
Q
SHA1 block size
A
512-bits
11
Q
SHA-1 message digest size
A
160-bit
12
Q
SHA-256 message digest size
A
256-bit
13
Q
SHA-256 block size
A
512-bit
14
Q
SHA-224 block size
A
512-bits
15
Q
SHA-224 message digest size
A
224-bits
16
Q
SHA-512 message digest size
A
512
17
Q
SHA-512 block size
A
1024
18
Q
SHA-384 message digest size
A
384
19
Q
SHA-384 block size
A
1024-bits
20
Q
which algorithm is the SHA-3 standard
A
Keccak
21
Q
This standard provides the same security as SHA-2, but is slower so it is not commonly used
A
SHA-3
22
Q
This hash algorithm was developed by Ronald Rivest, but collisions are possible
A
MD2, MD4, MD5
23
Q
MD5 block size
A
512
24
Q
MD5 message digest length
A
128 bits
25
what group of hashing functions is used as an alternative to SHA?
RIPEMD
26
RIPEMD message digest length
128-bit
27
Which variant of RIPEMD is still secure today?
RIPEMD-160
28
Which two major concepts do digital signature algorithms rely on?
public key encryption and hashing functions
29
4 steps of sending a digitally signed message
1. hash the message
2. encrypt the message digest using private key - this is the signature
3. appends signature to plaintext message
4. send the messages
30
3 steps of validating digital signatures.
1. decrypt digital signature using sender's public key
2. hash the plaintext message
3. compare the decrypted digest to the new digest to make sure they are the same
31
Which aspect of the CIA triad do digital signatures alone not address, and how can it be acheived?
they do not provide confidentiality. It can be acheived by encrypting the signed message with the receiver's public key.
32
this signature algorithm is a partial digital signature. it guarantees the integrity of a message but not nonrepudiation.
HMAC
33
what is the FIPS standard for digital signatures?
DSS - Digital Signature Standard
34
what is the DSS for hashing functions?
SHA-3
35
what are the 3 acceptable DSS encryption algorithms?
DSA (Digital Signature Algorithm)
RSA
ECDSA
36
what are endorsed copies of a public key?
digital certificates
37
what is the international standard for digital certificates?
X.509
38
what information is included on a X.509 certificate? (7 items)
1. version of X.509
2. serial number
3. signature algorithm
4. issuer name (name of CA)
5. validity period
6. subject name (CN, DN)
7. subject's public key
39
what entities assist CAs by allowing them to remotely validate user identities?
Registration Authorities (RAs)
40
how do CAs protect their root certificates?
using an offline CA that is used as needed to create intermediate CAs
41
3 Certificate Lifecycle steps
1. Enrollment
2. Verification
3. Revocation
42
which step of the certificate lifecycle involves proving your identity to the CA?
1. Enrollment
43
which step of the certificate lifecycle involves the certificate signing request?
1. Enrollment
44
which kind of certificate does the CA verify that the certificate subject has control of the domain name?
Domain validation certificate (DV)
45
which kind of certificate does the CA take steps to verify that the certificate owner is a legitimate business before issuing the certificate?
Extended Validation (EV) certificate
46
which step of the certificate lifecycle involves checking the validity of the various components of a certificate?
Verification
47
which protocol is used to check if certificates have been revoked?
OCSP (Online Certificate Status Protocol)
48
what do CAs distribute to revoke groups of certificates?
CRL - Certificate Revocation Lists
49
when browsers attach a certificate to a subject for an extended period of time
certificate pinning
50
this is an extension to the OCSP; where the web server sends clients a timestamped response from an OCSP server to alleviate some of the burden of all the clients individually sending requests
Certificate Stapling
51
maximum response time within which a CA will perform a requested revocation
revocation request grace period
52
4 reasons to revoke a certificate
1. certificate was compromised
2. erroneously issued
3. details changed
4. security association changed
53
4 digital certificate formats
Distinguished Encoding Rules (DER)
Privacy Enhanced Mail (PEM)
Personal Information Exchange (PFX)
P7B
54
Binary digital certificate formats (2)
DER and PFX
55
Text digital certificate formats (2)
PEM and P7B
56
.der digital certificate format
DER - Digital Encoding Rules
57
.crt Digital certificate format
DER - Distinguished Encoding Rules
PEM - Privacy Enhanced Mail
58
.cer digital certificate format
DER - Distinguished Encoding Rules
59
.pem digital certificate format
PEM - Privacy Enhanced Mail
60
61
.pfx digital certificate format
PFX - Personal Information Exchange
62
.p12 digital certificate format
PFX - Personal Information Exchange
63
most common binary digital certificate format
DER - Digital Encoding Rules
64
ASCII text version of DER format
PEM - Privacy Enhanced Mail
65
can you tell if a .crt file is binary or text without looking at the contents of the file?
No, this extension is used for both DER (binary) and PEM (text) formats,
66
digital certificate that is commonly used by windows systems
PFX - Personal Information Exchange
67
ASCII text Windows digital certificate format
P7B
68
most well known example of hybrid cryptography
TLS - Transport Layer Security
69
in hybrid cryptography, what method is used to distribute keys?
asymmetric/public key cryptography
70
a chip that resides on the motherboard of the devices that can store and manage keys used for full disk encryption
TPM - Trusted Platform Module
71
which secure email system combines the CA hierarchy with the "web of trust"
PGP - Pretty Good Privacy
72
which secure email system uses the RSA encryption algorithm?
S/MIME
73
How can you protect your organization from POODLE attacks?
Only allow connections to sites using TLS (via active directory browser configurations or a proxy)
74
what is the minimum secure version of TLS?
TLS 1.2
75
hiding messages within another message by altering the least significant bits
steganography
76
two methods of circuit encryption
1. Link encryption
2. end-to-end encryption
77
which type of circuit encryption encrypts the header data?
link encryption
78
which kind of encryption is SSH?
end-to-end
79
what are the two big components of an IPsec connection?
AH - Authentication Header
ESP - Encapsulating Security Payload
80
which part of IPsec provides message integrity and non-repudiation?
AH - Authentication Header
81
which part of IPsec provides confidentiality with encryption?
Encapsulating Security Payload (ESP)
82
IPsec modes of operation
transport mode - only the payload is encrypted (end-to-end encryption)
tunnel mode - header is encrypted (link encryption)
83
a distributed and immutable public ledger
blockchain
84
cryptography in situations where computing power and energy are limited
lightweight cryptography
85
purpose of homomorphic encryption
being able to perform calculations on data that may include PII or PHI so that the data is never revealed to the researcher.
86
attacks that use algebraic manipulation to reduce the complexity of the algorithm
analytic attack
87
exploits weaknesses in the implementation of a crypto system - exploits the software code used to program the encryption
implementation attack
88
exploits statistical weaknesses in a cryptosystem
statistical attack
89
compromising the integrity of a device by causing some kind of external fault (high-voltage, temperature extremes) to induce a malfunction
fault injection attack
90
using information like power consumption or EM radiation to monitor system activity and retrieve information that is actively being encrypted
Side-Channel Attack
91
a random value added to the end of a password before the OS hashes the password
salt
92
counting the number of times each letter appears in the cipher text and using knowledge of language and frequently used letters to attempt to crack cyphertext
freqency analysis/ciphertext-only attack
93
attack cracks an encryption code by having both a ciphertext and plain text version of a message
known plaintext attack
94
attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing in order to derive the key used
chosen plaintext
95
attacker decrypts chosen portions of the ciphertext message to discover the key
chosen ciphertext
96
attacker encrypts plaintext message using every possible key (k1) and the ciphertext is decrypted using all possible keys (k2). When a match is found, the key pair is used to defeat the double encryption method in use.
Meet in the Middle
97
attacker intercepts all communications between two parties, including the setup of a cryptographic session
man in the middle
98
attacker finds flaws in a hashing function where two inputs can produce the same output
Birthday attack, collision attak, reverse hash matching
99
attacker intercepts a request for authentication and then replays the captured message to open a new session
replay attack
