CHAPTER 7_Cryptography Flashcards

Question 1

Q

Emphasis: Replay Attacks

Answer

A

Replay AttacksA big concern in distributed environments is the replay attack, in which an attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information. Many times, the data captured and resubmitted are authentication information, and the attacker is trying to authenticate herself as someone else to gain unauthorized access.

Question 2

Q

Bullets: Algebraic attack

Answer

A

Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic structure of mathematical functions.

Question 3

Q

Emphasis: work factor

Answer

A

As explained earlier in this chapter, work factor is the amount of time and resources it would take for someone to break an encryption method. In asymmetric algorithms, the work factor relates to the difference in time and effort that carrying out a one-way function in the easy direction takes compared to carrying out a one-way function in the hard direction. In most cases, the larger the key size, the longer it would take for the bad guy to carry out the one-way function in the hard direction (decrypt a message).

Question 4

Q

Bullets: Chosen-plaintext attack

Answer

A

Cryptanalysis attack where the attacker can choose arbitrary plaintexts to be encrypted and obtain the corresponding ciphertexts.

Question 5

Q

Emphasis: The pad must be made up of truly random values

Answer

A

• The pad must be made up of truly random values. This may not seem like a difficult task, but even our computer systems today do not have truly random number generators; rather, they have pseudorandom number generators.

Question 6

Q

Emphasis: asymmetric algorithms

Answer

A

Cryptography algorithms are either symmetric algorithms, which use symmetric keys (also called secret keys), or asymmetric algorithms, which use asymmetric keys (also called public and private keys). As if encryption were not complicated enough, the terms used to describe the key types only make it worse. Just pay close attention and you will get through this fine.

Question 7

Q

Emphasis: Trusted Platform Module

Answer

A

Trusted Platform ModuleThe Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. The TPM was devised by the Trusted Computing Group (TCG), an organization that promotes open standards to help strengthen computing platforms against security weaknesses and attacks.

Question 8

Q

Emphasis: block cipher

Answer

A

When a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time. Suppose you need to encrypt a message you are sending to your mother and you are using a block cipher that uses 64 bits. Your message of 640 bits is chopped up into 10 individual blocks of 64 bits. Each block is put through a succession of mathematical formulas, and what you end up with is 10 blocks of encrypted text. You send this encrypted message to your mother. She has to have the same block cipher and key, and those 10 ciphertext blocks go back through the algorithm in the reverse sequence and end up in your plaintext message.

Question 9

Q

Bullets: One-time pad

Answer

A

Encryption method created by Gilbert Vernam that is considered impossible to crack if carried out properly

Question 10

Q

Bullets: Diffie-Hellman algorithm

Answer

A

First asymmetric algorithm created and is used to exchange symmetric key values. Based upon logarithms in finite fields.

Question 11

Q

Bullets: Acquirer (merchant’s bank)

Answer

A

The financial institution that processes payment cards.

Question 12

Q

Emphasis: asynchronous

Answer

A

Synchronous cryptosystems use keystreams to encrypt plaintext one bit at a time. The keystream values are “in synch” with the plaintext values. An asynchronous cryptosystem uses previously generated output to encrypt the current plaintext values. So a stream algorithm would be considered synchronous, while a block algorithm using chaining would be considered asynchronous.

Question 13

Q

Bullets: Cryptology

Answer

A

The study of both cryptography and cryptanalysis

Question 14

Q

Explanations: El Gamal

Answer

A

El Gamal is a public key algorithm that can be used for digital signatures, encryption, and key exchange. It is based not on the difficulty of factoring large numbers but on calculating discrete logarithms in a finite field. El Gamal is actually an extension of the Diffie-Hellman algorithm.

Question 15

Q

Bullets: Cookies

Answer

A

Data files used by web browsers and servers to keep browser state information and browsing preferences.

Question 16

Q

Bullets: Replay attack

Answer

A

Valid data transmission is maliciously or fraudulently repeated to allow an entity gain unauthorized access.

Question 17

Q

Bullets: One-way hash

Answer

A

Cryptographic process that takes an arbitrary amount of data and generates a fixed-length value. Used for integrity protection.

Question 18

Q

Bullets: Statistically unpredictable keystream

Answer

A

Bits generated from the keystream generator cannot be predicted.

Question 19

Q

Emphasis: one-time pad

Answer

A

A one-time pad is a perfect encryption scheme because it is considered unbreakable if implemented properly. It was invented by Gilbert Vernam in 1917, so sometimes it is referred to as the Vernam cipher.

Question 20

Q

Explanation Bullets: PKI supplies the following security services:

Answer

A

Confidentiality
Access control
Integrity
Authentication
Nonrepudiation

Question 21

Q

Explanations: Types of Asymmetric Systems

Answer

A

As described earlier in the chapter, using purely symmetric key cryptography has three drawbacks, which affect the following:

Question 22

Q

Emphasis: Pretty Good Privacy (PGP)

Answer

A

Pretty Good Privacy (PGP) was designed by Phil Zimmerman as a freeware e-mail security program and was released in 1991. It was the first widespread public key encryption program. PGP is a complete cryptosystem that uses cryptographic protection to protect e-mail and files. It can use RSA public key encryption for key management and use IDEA symmetric cipher for bulk encryption of data, although the user has the option of picking different types of algorithms for these functions. PGP can provide confidentiality by using the IDEA encryption algorithm, integrity by using the MD5 hashing algorithm, authentication by using the public key certificates, and nonrepudiation by using cryptographically signed messages. PGP uses its own type of digital certificates rather than what is used in PKI, but they both have similar purposes.

Question 23

Q

Emphasis: Certificates

Answer

A

CertificatesOne of the most important pieces of a PKI is its digital certificate. A certificate is the mechanism used to associate a public key with a collection of components in a manner that is sufficient to uniquely identify the claimed owner. The standard for how the CA creates the certificate is X.509, which dictates the different fields used in the certificate and the valid values that can populate those fields. The most commonly used version is 3 of this standard, which is often denoted as X.509v3. Many cryptographic protocols use this type of certificate, including SSL.

Question 24

Q

Explanations: Digital Signatures

Answer

A

To do a digital signature, do I sign my name on my monitor screen?Response: Sure.

Question 25

Q

Bullets: Diffusion

Answer

A

Transposition processes used in encryption functions to increase randomness.

Question 26

Q

Bullets: MARS

Answer

A

Developed by the IBM team that created Lucifer

Question 27

Q

Emphasis: The Registration Authority

Answer

A

The Registration AuthorityThe registration authority (RA) performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.

Question 28

Q

Bullets: Stream cipher

Answer

A

Algorithm type that generates a keystream (random values), which is XORd with plaintext for encryption purposes.

Question 29

Q

Bullets: Public key

Answer

A

Value used in public key cryptography that is used for encryption and signature validation that can be known by all parties.

Question 30

Q

Explanations: What Does It Mean When an Algorithm Is Broken?

Answer

A

I dropped my algorithm.Response: Well, now it’s broken.

Question 31

Q

Explanations: Side-Channel Attacks

Answer

A

All of the attacks we have covered thus far have been based mainly on the mathematics of cryptography. Using plaintext and ciphertext involves high-powered mathematical tools that are needed to uncover the key used in the encryption process.

Question 32

Q

Explanations: Certificate Authorities

Answer

A

How do I know I can trust you?Response: The CA trusts me.

Question 33

Q

Emphasis: session key

Answer

A

A session key is a single-use symmetric key that is used to encrypt messages between two users during a communication session. A session key is no different from the symmetric key described in the previous section, but it is only good for one communication session between users.

Question 34

Q

Bullets: CMAC

Answer

A

Cipher message authentication code that is based upon and provides more security compared to CBC-MAC.

Question 35

Q

Bullets: A keystream not linearly related to the key

Answer

A

If someone figures out the keystream values, that does not mean she now knows the key value.

Question 36

Q

Explanations: Running and Concealment Ciphers

Answer

A

I have my decoder ring, spyglasses, and secret handshake. Now let me figure out how I will encrypt my messages.

Question 37

Q

Explanations: PKI Steps

Answer

A

Now that we know some of the main pieces of a PKI and how they actually work together, let’s walk through an example. First, suppose that John needs to obtain a digital certificate for himself so he can participate in a PKI. The following are the steps to do so:

Question 38

Q

Bullets: El Gamal algorithm

Answer

A

Asymmetric algorithm based upon the Diffie-Hellman algorithm used for digital signatures, encryption, and key exchange.

Question 39

Q

Explanations: Analytic Attacks

Answer

A

Analytic attacks identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm. Examples include the Double DES attack and RSA factoring attack.

Question 40

Q

Bullets: Confusion

Answer

A

Substitution processes used in encryption functions to increase randomness.

Question 41

Q

Emphasis: Initialization Vectors

Answer

A

Initialization VectorsInitialization vectors (IVs) are random values that are used with algorithms to ensure patterns are not created during the encryption process. They are used with keys and do not need to be encrypted when being sent to the destination. If IVs are not used, then two identical plaintext values that are encrypted with the same key will create the same ciphertext. Providing attackers with these types of patterns can make their job easier in breaking the encryption method and uncovering the key. For example, if we have the plaintext value of “See Spot run” two times within our message, we need to make sure that even though there is a pattern in the plaintext message, a pattern in the resulting ciphertext will not be created. So the IV and key are both used by the algorithm to provide more randomness to the encryption process.

Question 42

Q

Bullets: Rijndael

Answer

A

Developed by Joan Daemen and Vincent Rijmen

Question 43

Q

Bullets: Cryptography

Answer

A

Science of secret writing that enables an entity to store and transmit data in a form that is available only to the intended individuals

Question 44

Q

Explanation Bullets: Out of these contestants, Rijndael was chosen. The block sizes that Rijndael supports are 128, 192, and 256 bits. The number of rounds depends upon the size of the block and the key length:

Answer

A

If both the key and block size are 128 bits, there are 10 rounds.
If both the key and block size are 192 bits, there are 12 rounds.
If both the key and block size are 256 bits, there are 14 rounds.

Question 45

Q

Emphasis: Online Certificate Status Protocol (OCSP)

Answer

A

Online Certificate Status Protocol (OCSP) is being used more and more rather than the cumbersome CRL approach. When using just a CRL, the user’s browser must either check a central CRL to find out if the certification has been revoked or the CA has to continually push out CRL values to the clients to ensure they have an updated CRL. If OCSP is implemented, it does this work automatically in the background. It carries out real-time validation of a certificate and reports back to the user whether the certificate is valid, invalid, or unknown. OCSP checks the CRL that is maintained by the CA. So the CRL is still being used, but now we have a protocol developed specifically to check the CRL during a certificate validation process.

Question 46

Q

Explanation Bullets: Disadvantages of end-to-end encryption include the following:

Answer

A

Headers, addresses, and routing information are not encrypted, and therefore not protected.

Question 47

Q

Explanation Bullets: Advantages of link encryption include the following:

Answer

A

All data are encrypted, including headers, addresses, and routing information.
Users do not need to do anything to initiate it. It works at a lower layer in the OSI model.

Question 48

Q

Emphasis: knapsack

Answer

A

Over the years, different versions of knapsack algorithms have arisen. The first to be developed, Merkle-Hellman, could be used only for encryption, but it was later improved upon to provide digital signature capabilities. These types of algorithms are based on the “knapsack problem,” a mathematical dilemma that poses the following question: If you have several different items, each having its own weight, is it possible to add these items to a knapsack so the knapsack has a specific weight?

Question 49

Q

Bullets: Issuer (cardholder’s bank)

Answer

A

The financial institution that provides a credit card to the individual.

Question 50

Q

Emphasis: online encryption

Answer

A

Link encryption, which is sometimes called online encryption, is usually provided by service providers and is incorporated into network protocols. All of the information is encrypted, and the packets must be decrypted at each hop so the router, or other intermediate device, knows where to send the packet next. The router must decrypt the header portion of the packet, read the routing and address information within the header, and then re-encrypt it and send it on its way.

Question 51

Q

Bullets: Keyspace

Answer

A

A range of possible values used to construct keys

Question 52

Q

Emphasis: Message Integrity

Answer

A

Message IntegrityParity bits and cyclic redundancy check (CRC) functions have been used in protocols to detect modifications in streams of bits as they are passed from one computer to another, but they can usually detect only unintentional modifications. Unintentional modifications can happen if a spike occurs in the power supply, if there is interference or attenuation on a wire, or if some other type of physical condition happens that causes the corruption of bits as they travel from one destination to another. Parity bits cannot identify whether a message was captured by an intruder, altered, and then sent on to the intended destination. The intruder can just recalculate a new parity value that includes his changes, and the receiver would never know the difference. For this type of protection, hash algorithms are required to successfully detect intentional and unintentional unauthorized modifications to data. We will now dive into hash algorithms and their characteristics.

Question 53

Q

Bullets: Multipurpose Internet Mail Extension

Answer

A

Standard that outlines the format of e-mail messages and allows binary attachments to be transmitted through email.

Question 54

Q

Emphasis: The pad must be securely distributed and protected at its destination

Answer

A

• The pad must be securely distributed and protected at its destination. This is a very cumbersome process to accomplish, because the pads are usually just individual pieces of paper that need to be delivered by a secure courier and properly guarded at each destination.

Question 55

Q

Bullets: Digital Rights Management (DRM)

Answer

A

Access control technologies commonly used to protect copyright material

Question 56

Q

Bullets: Secure Shell (SSH)

Answer

A

Network protocol that allows for a secure connection to a remote system. Developed to replace Telnet and other insecure remote shell methods.

Question 57

Q

Bullets: Hybrid cryptography

Answer

A

Combined use of symmetric and asymmetric algorithms where the symmetric key encrypts data and an asymmetric key encrypts the symmetric key.

Question 58

Q

Bullets: Triple DES

Answer

A

Symmetric cipher that applies DES three times to each block of data during the encryption process.

Question 59

Q

Emphasis: email Standards

Answer

A

email StandardsLike other types of technologies, cryptography has industry standards and de facto standards. Standards are necessary because they help ensure interoperability among vendor products. Standards usually mean that a certain technology has been under heavy scrutiny and has been properly tested and accepted by many similar technology communities. A company still needs to decide what type of standard to follow and what type of technology to implement.

Question 60

Q

Explanations: The Diffie-Hellman Algorithm

Answer

A

The first group to address the shortfalls of symmetric key cryptography decided to attack the issue of secure distribution of the symmetric key. Whitfield Diffie and Martin Hellman worked on this problem and ended up developing the first asymmetric key agreement algorithm, called, naturally, Diffie-Hellman.

Question 61

Q

Explanations: Cryptosystems

Answer

A

A cryptosystem encompasses all of the necessary components for encryption and decryption to take place. Pretty Good Privacy (PGP) is just one example of a cryptosystem. A cryptosystem is made up of at least the following:

Question 62

Q

Bullets: Authorization

Answer

A

Upon proving identity, the individual is then provided with the key or password that will allow access to some resource.

Question 63

Q

Explanations: Hardware vs. Software Cryptography Systems

Answer

A

Encryption can be done through software or hardware, and there are trade-offs with each. Generally, software is less expensive and provides a slower throughput than hardware mechanisms. Software cryptography methods can be more easily modified and disabled compared to hardware systems, but it depends on the application and the hardware product.

Question 64

Q

Emphasis: Wireless Security Woes

Answer

A

Wireless Security WoesWe covered the different 802.11 standards and the Wired Equivalent Privacy (WEP) protocol in Chapter 6. Among the long laundry list of security problems with WEP, not using unique session keys for data encryption is one of them. If only WEP is being used to encrypt wireless traffic, then in most implementations, just one static symmetric key is being used over and over again to encrypt the packets. This is one of the changes and advancements in the 802.11i standard, which makes sure each packet is encrypted with a unique session key.

Answer 65

A

We went from DES to Triple-DES (3DES), so it might seem we skipped Double-DES. We did. Double-DES has a key length of 112 bits, but there is a specific attack against Double-DES that reduces its work factor to about the same as DES. Thus, it is no more secure than DES. So let’s move on to 3DES.

Answer 66

A

In some resources, you may run across rc5-w/r/b or RC5-32/12/16. This is a type of shorthand that describes the configuration of the algorithm:

Answer 67

A

Simple substitution algorithm created by Julius Caesar that shifts alphabetic values three positions during its encryption and decryption processes

Answer 68

A

To understand how Diffie-Hellman works, consider an example. Let’s say that Tanya and Erika would like to communicate over an encrypted channel by using Diffie-Hellman. They would both generate a private and public key pair and exchange public keys. Tanya’s software would take her private key (which is just a numeric value) and Erika’s public key (another numeric value) and put them through the Diffie-Hellman algorithm. Erika’s software would take her private key and Tanya’s public key and insert them into the Diffie-Hellman algorithm on her computer. Through this process, Tanya and Erika derive the same shared value, which is used to create instances of symmetric keys.

Answer 69

A

Algorithm design requirement so that slight changes to the input result in drastic changes to the output.

Answer 70

A

Operations can be run in parallel, which decreases processing time.
Errors are contained. If an error takes place during the encryption process, it only affects one block of data.
Only usable for the encryption of short messages.
Cannot carry out preprocessing functions before receiving plaintext.

Answer 71

A

Hey, I have a disposable key!Response: Amazing. Now go away.

Answer 72

A

Mode that IPSec protocols can work in that provides protection for packet data payload.

Answer 73

A

Which should I use, the stream cipher or the block cipher?Response: The stream cipher, because it makes you look skinnier.

Answer 74

A

Which should I use, the stream cipher or the block cipher?Response: The stream cipher, because it makes you look skinnier.

Answer 75

A

Message is encrypted with a symmetric key and the symmetric key is encrypted with an asymmetric key. Collectively this is called a digital envelope.

Answer 76

A

Algorithm chosen to fulfill the Data Encryption Standard. Block symmetric cipher that uses a 56-bit true key size, 64-bit block size, and 16 rounds of computation.

Answer 77

A

Act of transforming data into an unreadable format

Answer 78

A

Substitution cipher that creates keystream values, commonly from agreed-upon text passages, to be used for encryption purposes

Answer 79

A

Expanding the plaintext by duplicating values. Commonly used to increase the plaintext size to map to key sizes.

Answer 80

A

Encryption method used by the sender of data that encrypts individual messages and not full packets.

Answer 81

A

Data in readable format, also referred to as cleartext

Answer 82

A

Key Derivation FunctionsFor complex keys to be generated, a master key is commonly created, and then symmetric keys are generated from it. For example, if an application is responsible for creating a session key for each subject that requests one, it should not be giving out the same instance of that one key. Different subjects need to have different symmetric keys to ensure that the window for the bad guy to capture and uncover that key is smaller than if the same key were to be used over and over again. When two or more keys are created from a master key, they are called subkeys.

Answer 83

A

Sequence of bits that are used as instructions that govern the acts of cryptographic functions within an algorithm

Answer 84

A

MACs and hashing processes can be confusing. The following table simplifies the differences between them.

Answer 85

A

Sending data through an alternate communication channel.

Answer 86

A

The Internet Protocol Security (IPSec) protocol suite provides a method of setting up a secure channel for protected data exchange between two devices. The devices that share this secure channel can be two servers, two routers, a workstation and a server, or two gateways between different networks. IPSec is a widely accepted standard for providing network layer protection. It can be more flexible and less expensive than end-to-end and link encryption methods.

Answer 87

A

Social Engineering AttacksAttackers can trick people into providing their cryptographic key material through various social engineering attack types. Social engineering attacks have been covered in earlier chapters. They are nontechnical attacks that are carried out on people with the goal of tricking them into divulging some type of sensitive information that can be used by the attacker. The attacker may convince the victim that he is a security administrator that requires the cryptographic data for some type of operational effort. The attacker could then use the data to decrypt and gain access to sensitive data. The attacks can be carried out through persuasion, coercion (rubber-hose cryptanalysis), or bribery (purchase-key attack).

Answer 88

A

Secure Electronic Transaction (SET) is a security technology proposed by Visa and MasterCard to allow for more secure credit card transaction possibilities than what is currently available. SET has been waiting in the wings for full implementation and acceptance as a standard for quite some time. Although SET provides an effective way of transmitting credit card information, businesses and users do not see it as efficient because it requires more parties to coordinate their efforts, more software installation and configuration for each entity involved, and more effort and cost than the widely used SSL method.

Answer 89

A

De facto asymmetric algorithm used for encryption, digital signatures, and key exchange. Based upon the difficulty of factoring large numbers into their original prime numbers.

Answer 90

A

Values that are used with algorithms to increase randomness for cryptographic functions.

Answer 91

A

The idea of a hashing function is simple. You run a message through a hashing algorithm, which in turn generates a hashing value. It must have been too simple, because someone threw in a lot of terms to make it more confusing:

Answer 92

A

In known-plaintext attacks, the attacker has the plaintext and corresponding ciphertext of one or more messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.

Answer 93

A

Secure ShellSecure Shell (SSH) functions as a type of tunneling mechanism that provides terminal-like access to remote computers. SSH is a program and a protocol that can be used to log into another computer over a network. For example, the program can let Paul, who is on computer A, access computer B’s files, run applications on computer B, and retrieve files from computer B without ever physically touching that computer. SSH provides authentication and secure transmission over vulnerable channels like the Internet.

Answer 94

A

There are two kinds of keys present in the static memory: Endorsement Key (EK) and Storage Root Key (SRK):

Answer 95

A

Ensuring the authenticity and integrity of a message through the use of hashing algorithms and asymmetric algorithms. The message digest is encrypted with the sender’s private key.

Answer 96

A

Each device will have at least one security association (SA) for each secure connection it uses. The SA, which is critical to the IPSec architecture, is a record of the configurations the device needs to support an IPSec connection. When two devices complete their handshaking process, which means they have agreed upon a long list of parameters they will use to communicate, these data must be recorded and stored somewhere, which is in the SA. The SA can contain the authentication and encryption keys, the agreed-upon algorithms, the key lifetime, and the source IP address. When a device receives a packet via the IPSec protocol, it is the SA that tells the device what to do with the packet. So if device B receives a packet from device C via IPSec, device B will look to the corresponding SA to tell it how to decrypt the packet, how to properly authenticate the source of the packet, which key to use, and how to reply to the message if necessary.

Answer 97

A

• The pad must be as long as the message. If it is not as long as the message, the pad will need to be reused to cover the whole message. This would be the same thing as using a pad more than one time, which could introduce patterns.

Answer 98

A

Instance when two different keys generate the same ciphertext from the same plaintext

Answer 99

A

Practice of uncovering flaws within cryptosystems

Answer 100

A

Uses three different keys for encryption, and the data are encrypted, decrypted, encrypted.

Answer 101

A

We went from DES to Triple-DES (3DES), so it might seem we skipped Double-DES. We did. Double-DES has a key length of 112 bits, but there is a specific attack against Double-DES that reduces its work factor to about the same as DES. Thus, it is no more secure than DES. So let’s move on to 3DES.

Answer 102

A

Cryptanalysis attack that uses identified statistical patterns.

Answer 103

A

Method of hiding data in another media type with the goal of secrecy

Answer 104

A

It provides more flexibility to the user in choosing what gets encrypted and how.
Higher granularity of functionality is available because each application or user can choose specific configurations.
Each hop device on the network does not need to have a key to decrypt each packet.

Answer 105

A

A one-way function is a mathematical function that is easier to compute in one direction than in the opposite direction. An analogy of this is when you drop a glass on the floor. Although dropping a glass on the floor is easy, putting all the pieces back together again to reconstruct the original glass is next to impossible. This concept is similar to how a one-way function is used in cryptography, which is what the RSA algorithm, and all other asymmetric algorithms, are based upon.

Answer 106

A

Adding material to plaintext data before it is encrypted.

Answer 107

A

Symmetric keys that have a short lifespan, thus providing more protection than static keys with longer lifespans.

Answer 108

A

Encryption method that uses an algorithm that changes out (substitutes) one value for another value

Answer 109

A

Ancient encryption tool that used a type of paper and rod used by Greek military factions

Answer 110

A

Methods of EncryptionAlthough there can be several pieces to an encryption process, the two main pieces are the algorithms and the keys. As stated earlier, algorithms used in computer systems are complex mathematical formulas that dictate the rules of how the plaintext will be turned into ciphertext. A key is a string of random bits that will be used by the algorithm to add to the randomness of the encryption process. For two entities to be able to communicate via encryption, they must use the same algorithm and, many times, the same key. In some encryption technologies, the receiver and the sender use the same key, and in other encryption technologies, they must use different but related keys for encryption and decryption purposes. The following sections explain the differences between these two types of encryption methods.

Answer 111

A

International Data Encryption Algorithm (IDEA) is a block cipher and operates on 64-bit blocks of data. The 64-bit data block is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it. The key is 128 bits long, and IDEA is faster than DES when implemented in software.

Answer 112

A

HTTP SecureHTTP Secure (HTTPS) is HTTP running over SSL. (HTTP works at the application layer, and SSL works at the transport layer.) Secure Sockets Layer (SSL) uses public key encryption and provides data encryption, server authentication, message integrity, and optional client authentication. When a client accesses a web site, that web site may have both secured and public portions. The secured portion would require the user to be authenticated in some fashion. When the client goes from a public page on the web site to a secured page, the web server will start the necessary tasks to invoke SSL and protect this type of communication.

Answer 113

A

In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the key used in the encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with the same key.

Answer 114

A

Developed by Ross Anderson, Eli Biham, and Lars Knudsen

Answer 115

A

Synchronous versus AsynchronousSynchronous cryptosystems use keystreams to encrypt plaintext one bit at a time. The keystream values are “in synch” with the plaintext values. An asynchronous cryptosystem uses previously generated output to encrypt the current plaintext values. So a stream algorithm would be considered synchronous, while a block algorithm using chaining would be considered asynchronous.

Answer 116

A

If this is your first time trying to understand cryptography, you may be exasperated by now. Don’t get too uptight. Many people are new to cryptography, because all of this magic just seems to work in the background without us having to understand it or mess with it.

Answer 117

A

DES was later replaced by the Rijndael algorithm as the Advanced Encryption Standard (AES) by NIST. This means that Rijndael is the new approved method of encrypting sensitive but unclassified information for the U.S. government; it has been accepted by, and is widely used in, the public arena today.

Answer 118

A

Bits generated by the keystream must be random.

Answer 119

A

Give me your A and I will change it out for an M. Now, no one can read your message.Response: That will fool them.

Answer 120

A

Cryptanalysis attack where the attacker chooses a ciphertext and obtains its decryption under an unknown key.

Answer 121

A

Algebraic attacks analyze the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure. For instance, attacks on the “textbook” version of the RSA cryptosystem exploit properties of the algorithm, such as the fact that the encryption of a raw “0” message is “0.”

Answer 122

A

Keyed cryptographic hash function used for data integrity and data origin authentication.

Answer 123

A

Act of transforming data into a readable format

Answer 124

A

Purely symmetric key cryptography provides confidentiality only, not authentication or nonrepudiation.

Answer 125

A

The individual authorized to use a credit card.

Answer 126

A

In ECB mode, a block of plaintext and a key will always give the same ciphertext. This means that if the word “balloon” were encrypted and the resulting ciphertext was “hwicssn,” each time it was encrypted using the same key, the same ciphertext would always be given. This can show evidence of a pattern, enabling an evildoer, with some effort, to discover the pattern and get a step closer to compromising the encryption process.

Answer 127

A

Linear CryptanalysisLinear cryptanalysis is another type of attack that carries out functions to identify the highest probability of a specific key employed during the encryption process using a block algorithm. The attacker carries out a known-plaintext attack on several different messages encrypted with the same key. The more messages the attacker can use and put through this type of attack, the higher the confidence level in the probability of a specific key value.

Answer 128

A

Cryptographic hash function that uses a symmetric key value and is used for data integrity and data origin authentication.

Answer 129

A

Block symmetric cipher that uses variable block sizes (32, 64, 128) and variable-length key sizes (0–2040).

Answer 130

A

Up to this point, we have figured out that symmetric algorithms are fast but have some drawbacks (lack of scalability, difficult key management, and they provide only confidentiality). Asymmetric algorithms do not have these drawbacks but are very slow. We just can’t seem to win. So we turn to a hybrid system that uses symmetric and asymmetric encryption methods together.

Answer 131

A

Auguste Kerckhoffs published a paper in 1883 stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known. He asserted that if security were based on too many secrets, there would be more vulnerabilities to possibly exploit.

Answer 132

A

A ciphertext-only attack is the most common type of active attack because it is very easy to get ciphertext by sniffing someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has so little information about the encryption process.

Answer 133

A

Start with the BasicsWhy do we connect to the Internet? At first, this seems a basic question, but as we dive deeper into the query, complexity creeps in. We connect to download MP3s, check email, order security books, look at web sites, communicate with friends, and perform various other tasks. But what are we really doing? We are using services provided by a computer’s protocols and software. The services may be file transfers provided by FTP, remote connectivity provided by Telnet, Internet connectivity provided by HTTP, secure connections provided by SSL, and much, much more. Without these protocols, there would be no way to even connect to the Internet.

Answer 134

A

Encryption method that hides a secret message within an open message

Answer 135

A

Another application of the TPM is “sealing” a system’s state to a particular hardware and software configuration. Sealing a computing system through TPM is used to deter any attempts to tamper with a system’s configurations. In practice, this is similar to how hashes are used to verify the integrity of files shared over the Internet (or any other untrusted medium).

Answer 136

A

“Binding” a hard disk drive is the most common usage scenario of the TPM—where the content of a given hard disk drive is affixed with a particular computing system. The content of the hard disk drive is encrypted, and the decryption key is stored away in the TPM chip. To ensure safe storage of the decryption key, it is further “wrapped” with another encryption key. Binding a hard disk drive makes its content basically inaccessible to other systems, and any attempt to retrieve the drive’s content by attaching it to another system will be very difficult. However, in the event of the TPM chip’s failure, the hard drive’s content will be rendered useless, unless a backup of the key has been escrowed.

Answer 137

A

32-bit words, which means it encrypts 64-bit data blocks
Using 12 rounds
With a 16-byte (128-bit) key

Answer 138

A

One-Way FunctionsA one-way function is a mathematical function that is easier to compute in one direction than in the opposite direction. An analogy of this is when you drop a glass on the floor. Although dropping a glass on the floor is easy, putting all the pieces back together again to reconstruct the original glass is next to impossible. This concept is similar to how a one-way function is used in cryptography, which is what the RSA algorithm, and all other asymmetric algorithms, are based upon.

Answer 139

A

In some resources, you may run across rc5-w/r/b or RC5-32/12/16. This is a type of shorthand that describes the configuration of the algorithm:

Answer 140

A

Component of a stream algorithm that creates random values for encryption purposes.

Answer 141

A

Cryptanalysis process used to identify weaknesses within cryptosystems by locating patterns in resulting ciphertext

Answer 142

A

Cryptanalysis attack where the attacker is assumed to have access only to a set of ciphertexts.

Answer 143

A

List that is maintained by the certificate authority of a PKI that contains information on all of the digital certificates that have been revoked.

Answer 144

A

The symmetric key must be delivered to its destination through a secure courier.

Answer 145

A

Block symmetric cipher that uses 64-bit block sizes and variable-length keys.

Answer 146

A

A combination of HTTP and SSL\TLS that is commonly used for secure Internet connections and e-commerce transactions.

Answer 147

A

Block symmetric cipher that uses a 128-bit block size and variable-length key sizes (128, 192, 256). Built upon the RC5 algorithm.

Answer 148

A

Asymmetric algorithm based upon the algebraic structure of elliptic curves over finite fields. Used for digital signatures, encryption, and key exchange.

Answer 149

A

Set of mathematical and logic rules used in cryptographic functions

Answer 150

A

Digital identity used within a PKI. Generated and maintained by a certificate authority and used for authentication.

Answer 151

A

Cryptanalysis method that uses the study of how differences in an input can affect the resultant difference at the output.

Answer 152

A

Symmetric algorithm type that encrypts chunks (blocks) of data at a time.

Answer 153

A

Symmetric vs. Asymmetric AlgorithmsCryptography algorithms are either symmetric algorithms, which use symmetric keys (also called secret keys), or asymmetric algorithms, which use asymmetric keys (also called public and private keys). As if encryption were not complicated enough, the terms used to describe the key types only make it worse. Just pay close attention and you will get through this fine.

Answer 154

A

Component of PKI that validates the identity of an entity requesting a digital certificate.

Answer 155

A

As the number of people who need to communicate increases, so does the number of symmetric keys required, meaning more keys must be managed.

Answer 156

A

Statistical AttacksStatistical attacks identify statistical weaknesses in algorithm design for exploitation—for example, if statistical patterns are identified, as in the number of zeros compared to the number of ones. For instance, a random number generator (RNG) may be biased. If keys are taken directly from the output of the RNG, then the distribution of keys would also be biased. The statistical knowledge about the bias could be used to reduce the search time for the keys.

Answer 157

A

Encryption method that uses two different key types, public and private. Also called public key cryptography.

Answer 158

A

The medium in which the information is hidden

Answer 159

A

Cryptanalysis attack that tries to uncover a mathematical problem from two different ends.

Answer 160

A

Some things you can tell the public, but some things you just want to keep private.

Answer 161

A

This processes the merchant payment. It may be an acquirer.

Answer 162

A

Counter (CTR) Mode Counter Mode (CTR) is very similar to OFB mode, but instead of using a randomly unique IV value to generate the keystream values, this mode uses an IV counter that increments for each plaintext block that needs to be encrypted. The unique counter ensures that each block is XORed with a unique keystream value.

Answer 163

A

Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted.

Answer 164

A

Encryption method that shifts (permutation) values

Answer 165

A

Gee, cryptography just isn’t complex enough. Let’s mix some quantum physics in with it.

Answer 166

A

Cryptosystem used to integrate public key cryptography with e-mail functionality and data encryption, which was developed by Phil Zimmerman.

Answer 167

A

Protocol within the IPSec suite used for integrity and authentication.

Answer 168

A

Analytic attacks identify algorithm structural weaknesses or flaws, as opposed to brute force attacks, which simply exhaust all possibilities without respect to the specific properties of the algorithm. Examples include the Double DES attack and RSA factoring attack.

Answer 169

A

Block CiphersWhen a block cipher is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through mathematical functions, one block at a time. Suppose you need to encrypt a message you are sending to your mother and you are using a block cipher that uses 64 bits. Your message of 640 bits is chopped up into 10 individual blocks of 64 bits. Each block is put through a succession of mathematical formulas, and what you end up with is 10 blocks of encrypted text. You send this encrypted message to your mother. She has to have the same block cipher and key, and those 10 ciphertext blocks go back through the algorithm in the reverse sequence and end up in your plaintext message.

Answer 170

A

Stream ciphers were developed to provide the same type of protection one-time pads do, which is why they work in such a similar manner. In reality, stream ciphers cannot provide the level of protection one-time pads do, but because stream ciphers are implemented through software and automated means, they are much more practical.

Answer 171

A

Concept that an algorithm should be known and only the keys should be kept secret

Answer 172

A

Single key cryptography
Secret key cryptography
Session key cryptography
Private key cryptography
Shared-key cryptography

Answer 173

A

Let’s put all of these cryptography pieces in a bowl and figure out how they all work together.

Answer 174

A

Cryptanalysis attack where the attacker is assumed to have access to sets of corresponding plaintext and ciphertext.

Answer 175

A

U.S. encryption standard that replaced DES. Block symmetric cipher that uses 128-bit block sizes and various key lengths (128, 192, 256).

Answer 176

A

I am the manager of all keys!Response: I feel so sorry for you.

Answer 177

A

Use of quantum mechanical functions to provide strong cryptographic key exchange.

Answer 178

A

Algorithm that was chosen for the Data Encryption Standard, which was altered and renamed Data Encryption Algorithm.

Answer 179

A

Total knowledge zero. Yep, that’s how I feel after reading all of this cryptography stuff!Response: Just put your head between your knees and breathe slowly.

Answer 180

A

Statistical attacks identify statistical weaknesses in algorithm design for exploitation—for example, if statistical patterns are identified, as in the number of zeros compared to the number of ones. For instance, a random number generator (RNG) may be biased. If keys are taken directly from the output of the RNG, then the distribution of keys would also be biased. The statistical knowledge about the bias could be used to reduce the search time for the keys.

Answer 181

A

Manipulating individuals so that they will divulge confidential information, rather than by breaking in or using technical cracking techniques.

Answer 182

A

We have covered diffusion, confusion, avalanche, IVs, and random number generation. Some other techniques used in algorithms to increase their cryptographic strength are listed here:

Answer 183

A

Secure HTTPThough their names are very similar, there is a difference between Secure HTTP (S-HTTP) and HTTP Secure (HTTPS). S-HTTP is a technology that protects each message sent between two computers, while HTTPS protects the communication channel between two computers, messages and all. HTTPS uses SSL/TLS and HTTP to provide a protected circuit between a client and server. So, S-HTTP is used if an individual message needs to be encrypted, but if all information that passes between two computers must be encrypted, then HTTPS is used, which is SSL over HTTP.

Answer 184

A

There should be no dominance in the number of zeroes or ones in the keystream.

Answer 185

A

Secure/Multipurpose Internet Mail Extensions, which outlines how public key cryptography can be used to secure MIME data types.

Answer 186

A

HAVAL is a variable-length, one-way hash function and is a modification of MD5. It processes message blocks twice the size of those used in MD5; thus, it processes blocks of 1,024 bits. HAVAL can produce hashes from 128 to 256 bits in length.

Answer 187

A

A cryptosystem encompasses all of the necessary components for encryption and decryption to take place. Pretty Good Privacy (PGP) is just one example of a cryptosystem. A cryptosystem is made up of at least the following:

Answer 188

A

Types of CiphersSymmetric encryption ciphers come in two basic types: substitution and transposition (permutation). The substitution cipher replaces bits, characters, or blocks of characters with different bits, characters, or blocks. The transposition cipher does not replace the original text with different text, but rather moves the original values around. It rearranges the bits, characters, or blocks of characters to hide the original meaning.

Answer 189

A

Chosen-Plaintext AttacksIn chosen-plaintext attacks, the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

Answer 190

A

Secure MIME (S/MIME) is a standard for encrypting and digitally signing electronic mail and for providing secure data transmissions. S/MIME extends the MIME standard by allowing for the encryption of e-mail and attachments. The encryption and hashing algorithms can be specified by the user of the mail package, instead of having it dictated to them. S/MIME follows the Public Key Cryptography Standards (PKCS). S/MIME provides confidentiality through encryption algorithms, integrity through hashing algorithms, authentication through the use of X.509 public key certificates, and nonrepudiation through cryptographically signed message digests.

Answer 191

A

Generation of secret keys (subkeys) from an initial value (master key)

Answer 192

A

A concealment cipher is a message within a message. If my other supersecret spy buddy and I decide our key value is every third word, then when I get a message from him, I will pick out every third word and write it down. Suppose he sends me a message that reads, “The saying, ‘The time is right’ is not cow language, so is now a dead subject.” Because my key is every third word, I come up with “The right cow is dead.” This again means nothing to me, and I am now turning in my decoder ring.

Answer 193

A

Several types of symmetric algorithms are used today. They have different methods of providing encryption and decryption functionality. The one thing they all have in common is that they are symmetric algorithms, meaning the sender and receiver are using two instances of the same key.

Answer 194

A

Mode that IPSec protocols can work in that provides protection for packet headers and data payload.

Answer 195

A

Asymmetric algorithm based upon a subset sum problem (knapsack problem). It has been broken and no longer used.

Answer 196

A

Attack that uses information (timing, power consumption) that has been gathered to uncover sensitive data or processing functions.

Answer 197

A

This is an example of a substitution cipher, because each character is replaced with another character. This type of substitution cipher is referred to as a monoalphabetic substitution cipher because it uses only one alphabet, whereas a polyalphabetic substitution cipher uses multiple alphabets.

Answer 198

A

Made up of truly random values
Used only one time
Securely distributed to its destination
Secured at sender’s and receiver’s sites
At least as long as the message

Answer 199

A

Look, I scrambled up the message so no one can read it.Response: Yes, but now neither can we.

Answer 200

A

Technology that encrypts full packets (all headers and data payload) and is carried out without the sender’s interaction.

Answer 201

A

The Trusted Platform Module (TPM) is a microchip installed on the motherboard of modern computers and is dedicated to carrying out security functions that involve the storage and processing of symmetric and asymmetric keys, hashes, and digital certificates. The TPM was devised by the Trusted Computing Group (TCG), an organization that promotes open standards to help strengthen computing platforms against security weaknesses and attacks.

Answer 202

A

So Output Feedback Mode (OFB) is a mode that a block cipher can work in when it needs to emulate a stream because it encrypts small amounts of data at a time, but it has a smaller chance of creating and extending errors throughout the full encryption process.

Answer 203

A

When two different messages are computed by the same hashing algorithm and the same message digest value results.

Answer 204

A

Attacks Against One-Way Hash FunctionsA strong hashing algorithm does not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, this is called a collision. An attacker can attempt to force a collision, which is referred to as a birthday attack. This attack is based on the mathematical birthday paradox that exists in standard statistics. Now hold on to your hat while we go through this—it is a bit tricky:

Answer 205

A

Secure e-commerce standard developed by Visa and MasterCard that has not been accepted within the marketplace.

Answer 206

A

The algorithm, the set of rules also known as the cipher, dictates how enciphering and deciphering take place. Many of the mathematical algorithms used in computer systems today are publicly known and are not the secret part of the encryption process. If the internal mechanisms of the algorithm are not a secret, then something must be. The secret piece of using a well-known encryption algorithm is the key. A common analogy used to illustrate this point is the use of locks you would purchase from your local hardware store. Let’s say 20 people bought the same brand of lock. Just because these people share the same type and brand of lock does not mean they can now unlock each other’s doors and gain access to their private possessions. Instead, each lock comes with its own key, and that one key can only open that one specific lock.

Answer 207

A

In chosen-plaintext attacks, the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted.

Answer 208

A

Value used in public key cryptography that is used for decryption and signature creation and known to only key owner.

Answer 209

A

Digital WatermarkingHave you ever tried to copy something that was not yours that had an embedded logo or trademark of another company? (If so, shame on you!) The embedded logo or trademark is called a digital watermark. Instead of having a secret message within a graphic that is supposed to be invisible to you, digital watermarks are usually visible. These are put into place to deter people from using material that is not theirs. This type of steganography is referred to as Digital Rights Management (DRM). The goal is to restrict the usage of material that is owned by a company or individual.

Answer 210

A

Public key infrastructure (PKI) is a different animal. It is not an algorithm, a protocol, or an application—it is an infrastructure based on public key cryptography.

Answer 211

A

Digital EnvelopesWhen cryptography is new to people, the process of using symmetric and asymmetric cryptography together can be a bit confusing. But it is important to understand these concepts, because they really are the core, fundamental concepts of all cryptography. This process is not just used in an e-mail client or in a couple of products—this is how it is done when data and a symmetric key must be protected in transmission.

Answer 212

A

Key escrow is a process or entity that can recover lost or corrupted cryptographic keys; thus, it is a common component of key recovery operations. When two or more entities are required to reconstruct a key for key recovery processes, this is known as multiparty key recovery. Multiparty key recovery implements dual control, meaning that two or more people have to be involved with a critical task.Trusted Platform Module

Answer 213

A

Certification authority
Registration authority
Certificate repository
Certificate revocation system
Key backup and recovery system
Automatic key update
Management of key histories
Timestamping
Client-side software

Answer 214

A

Automated method of maintaining revoked certificates within a PKI.

Answer 215

A

This term refers to a mathematical analysis used to try and break a math problem from both ends. It is a technique that works on the forward mapping of a function and the inverse of the second function at the same time. The attack works by encrypting from one end and decrypting from the other end, thus meeting in the middle.

Answer 216

A

Attack where the attacker does interact with processing or communication activities.

Answer 217

A

Block symmetric cipher that uses a 128-bit key and 64-bit block size.

Answer 218

A

There are three kinds of keys (or values) present in the versatile memory: Attestation Identity Key (AIK), Platform Configuration Register Hashes (PCR), and storage keys:

Answer 219

A

One entity can prove something to be true without providing a secret value.

Answer 220

A

Hey, is there a really complex protocol that can provide me with network layer protection?Response: Yep, IPSec.

Answer 221

A

Stream symmetric cipher that was created by Ron Rivest of RSA. Used in SSL and WEP.

Answer 222

A

Key management is critical for proper protection. The following are responsibilities that fall under the key management umbrella:

Answer 223

A

A signal, data stream, or file that has hidden information (payload) inside of it

Answer 224

A

End-to-end encryption happens within the applications.
SSL encryption takes place at the transport layer.
PPTP encryption takes place at the data link layer.
Link encryption takes place at the data link and physical layers.

Answer 225

A

An asymmetric algorithm performs encryption and decryption by using public and private keys that are related to each other mathematically.
A symmetric algorithm performs encryption and decryption by using a shared secret key.
A symmetric key is used to encrypt and/or decrypt the actual message.
Public keys are used to encrypt the symmetric key for secure key exchange.
A secret key is synonymous with a symmetric key.
An asymmetric key refers to a public or private key.

Answer 226

A

Algorithm used to create values that are used in cryptographic functions to add randomness

Answer 227

A

Much faster (less computationally intensive) than asymmetric systems.
Hard to break if using a large key size.

Answer 228

A

Cryptanalysis attack that exploits vulnerabilities within the algorithm structure.

Answer 229

A

Public vs. Secret AlgorithmsThe public mainly uses algorithms that are known and understood versus the secret algorithms where the internal processes and functions are not released to the public. In general, cryptographers in the public sector feel as though the strongest and best-engineered algorithms are the ones released for peer review and public scrutiny, because a thousand brains are better than five, and many times some smarty-pants within the public population can find problems within an algorithm that the developers did not think of. This is why vendors and companies have competitions to see if anyone can break their code and encryption processes. If someone does break it, that means the developers must go back to the drawing board and strengthen this or that piece.

Answer 230

A

Better key distribution than symmetric systems.
Better scalability than symmetric systems
Can provide authentication and nonrepudiation

Answer 231

A

The same as DES-EDE3, but uses only two keys, and the first and third encryption processes use the same key.

Answer 232

A

Multipurpose Internet Mail Extension (MIME) is a technical specification indicating how multimedia data and e-mail binary attachments are to be transferred. The Internet has mail standards that dictate how mail is to be formatted, encapsulated, transmitted, and opened. If a message or document contains a binary attachment, MIME dictates how that portion of the message should be handled.

Answer 233

A

The key length should be long enough to provide the necessary level of protection.
Keys should be stored and transmitted by secure means.
Keys should be extremely random, and the algorithm should use the full spectrum of the keyspace.
The key’s lifetime should correspond with the sensitivity of the data it is protecting. (Less secure data may allow for a longer key lifetime, whereas more sensitive data might require a shorter key lifetime.)
The more the key is used, the shorter its lifetime should be.
Keys should be backed up or escrowed in case of emergencies.
Keys should be properly destroyed when their lifetime comes to an end.

Answer 234

A

Attack where the attacker does not interact with processing or communication activities, but only carries out observation and data collection, as in network sniffing.

Answer 235

A

Differential CryptanalysisThis type of attack also has the goal of uncovering the key that was used for encryption purposes. This attack looks at ciphertext pairs generated by encryption of plaintext pairs with specific differences and analyzes the effect and result of those differences. One such attack was invented in 1990 as an attack against DES, and it turned out to be an effective and successful attack against DES and other block algorithms.

Answer 236

A

The Advanced Encryption StandardAfter DES was used as an encryption standard for over 20 years and it was cracked in a relatively short time once the necessary technology was available, NIST decided a new standard, the Advanced Encryption Standard (AES), needed to be put into place. In January 1997, NIST announced its request for AES candidates and outlined the requirements in FIPS PUB 197. AES was to be a symmetric block cipher supporting key sizes of 128, 192, and 256 bits. The following five algorithms were the finalists:

Answer 237

A

Cryptographic attack that exploits the mathematics behind the birthday problem in the probability theory forces collisions within hashing functions.

Answer 238

A

Protocol within the IPSec suite used for integrity, authentication, and encryption.

Answer 239

A

In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

Answer 240

A

Data Encryption Standard (DES)
Triple-DES (3DES)
Blowfish
International Data Encryption Algorithm (IDEA)
RC4, RC5, and RC6
Advanced Encryption Standard (AES)

Answer 241

A

Total knowledge zero. Yep, that’s how I feel after reading all of this cryptography stuff!Response: Just put your head between your knees and breathe slowly.

Answer 242

A

Key distribution and management are more complex because each hop device must receive a key, and when the keys change, each must be updated.
Packets are decrypted at each hop; thus, more points of vulnerability exist.

Answer 243

A

As stated earlier, the goal of using a one-way hash function is to provide a fingerprint of the message. If two different messages produce the same hash value, it would be easier for an attacker to break that security mechanism because patterns would be revealed.

Answer 244

A

Asymmetric cryptography, which uses public and private key values for cryptographic functions.

Answer 245

A

Block cipher mode that combines the CTR encryption mode and CBC-MAC. One encryption key is used for both authentication and encryption purposes.

Answer 246

A

Block symmetric algorithm chosen by NIST as an encryption standard in 1976. It uses a 56-bit true key bit size, 64-bit block size, and 16 rounds of computation.

Answer 247

A

A one-way hash is a function that takes a variable-length string (a message) and produces a fixed-length value called a hash value. For example, if Kevin wants to send a message to Maureen and he wants to ensure the message does not get altered in an unauthorized fashion while it is being transmitted, he would calculate a hash value for the message and append it to the message itself. When Maureen receives the message, she performs the same hashing function Kevin used and then compares her result with the hash value sent with the message. If the two values are the same, Maureen can be sure the message was not altered during transmission. If the two values are different, Maureen knows the message was altered, either intentionally or unintentionally, and she discards the message.

Answer 248

A

Requires a secure mechanism to deliver keys properly.
Each pair of users needs a unique key, so as the number of individuals increases, so does the number of keys, possibly making key management overwhelming.
Provides confidentiality but not authenticity or nonrepudiation.

Answer 249

A

How does DES work again?Response: With voodoo magic and a dead chicken.

Answer 250

A

As stated earlier, a block cipher performs mathematical functions on blocks of bits. A stream cipher, on the other hand, does not divide a message into blocks. Instead, a stream cipher treats the message as a stream of bits and performs mathematical functions on each bit individually.

Answer 251

A

In reality, encryption can happen at different layers of an operating system and network stack. The following are just a few examples:

Answer 252

A

The same as DES-EEE3, but uses only two keys, and the first and third encryption processes use the same key.

Answer 253

A

Sue and Joe are going to get married, but before they do, they have a prenuptial contract drawn up that states if they get divorced, then Sue takes her original belongings and Joe takes his original belongings. To ensure this contract is not modified, it is hashed and a message digest value is created.

Answer 254

A

Reduce redundancy before plaintext is encrypted. Compression functions are run on the text before it goes into the encryption algorithm.

Answer 255

A

Used to establish security associates and an authentication framework in Internet connections. Commonly used by IKE for key exchange.

Answer 256

A

The registration authority (RA) performs the certification registration duties. The RA establishes and confirms the identity of an individual, initiates the certification process with a CA on behalf of an end user, and performs certificate life-cycle management functions. The RA cannot issue certificates, but can act as a broker between the user and the CA. When users need new certificates, they make requests to the RA, and the RA verifies all necessary identification information before allowing a request to go to the CA.

Answer 257

A

Data Encryption Standard (DES) has had a long and rich history within the computer community. The National Institute of Standards and Technology (NIST) researched the need for the protection of sensitive but unclassified data during the 1960s and initiated a cryptography program in the early 1970s. NIST invited vendors to submit data encryption algorithms to be used as a cryptographic standard. IBM had already been developing encryption algorithms to protect financial transactions. In 1974, IBM’s 128-bit algorithm, named Lucifer, was submitted and accepted. The NSA modified this algorithm to use a key size of 64 bits (with 8 bits used for parity, resulting in an effective key length of 56 bits) instead of the original 128 bits, and named it the Data Encryption Algorithm (DEA). Controversy arose about whether the NSA weakened Lucifer on purpose to enable it to decrypt messages not intended for it, but in the end the modified Lucifer became a national cryptographic standard in 1977 and an American National Standards Institute (ANSI) standard in 1978.

Answer 258

A

Component of a PKI that creates and maintains digital certificates throughout their life cycles.

Answer 259

A

The hash should be computed over the entire message.
The hash should be a one-way function so messages are not disclosed by their values.
Given a message and its hash value, computing another message with the same hash value should be impossible.
The function should be resistant to birthday attacks (explained in the upcoming section “Attacks Against One-Way Hash Functions”).

Answer 260

A

• The pad must be used only one time. If the pad is used more than one time, this might introduce patterns in the encryption process that will aid the evildoer in his goal of breaking the encryption.

Answer 261

A

Diving into NumbersCryptography is really all about using mathematics to scramble bits into an undecipherable form and then using the same mathematics in reverse to put the bits back into a form that can be understood by computers and people. RSA’s mathematics are based on the difficulty of factoring a large integer into its two prime factors. Put on your nerdy hat with the propeller and let’s look at how this algorithm works.

Answer 262

A

Cryptanalysis method that uses the study of affine transformation approximation in encryption processes.

Answer 263

A

Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
Counter Mode (CTR)

Answer 264

A

Digital Signature StandardBecause digital signatures are so important in proving who sent which messages, the U.S. government decided to establish standards pertaining to their functions and acceptable use. In 1991, NIST proposed a federal standard called the Digital Signature Standard (DSS). It was developed for federal departments and agencies, but most vendors also designed their products to meet these specifications. The federal government requires its departments to use DSA, RSA, or the elliptic curve digital signature algorithm (ECDSA) and SHA. SHA creates a 160-bit message digest output, which is then inputted into one of the three mentioned digital signature algorithms. SHA is used to ensure the integrity of the message, and the other algorithms are used to digitally sign the message. This is an example of how two different algorithms are combined to provide the right combination of security services.

Answer 265

A

In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem.

Answer 266

A

Data Encryption Standard (DES)
3DES (Triple DES)
Blowfish
Twofish
International Data Encryption Algorithm (IDEA)
RC4, RC5, and RC6
Advanced Encryption Standard (AES)
Secure and Fast Encryption Routine (SAFER)
Serpent

Answer 267

A

As you have read, you can use ECB mode for the process of encrypting small amounts of data, such as a key or PIN value. These components will be around 64 bits or more, so ECB mode works as a true block cipher. You can use CBC mode to encrypt larger amounts of data in block sizes of 64 bits. In situations where you need to encrypt a smaller amount of data, you need the cipher to work like a stream cipher and to encrypt individual bits of the blocks, as in CFB. In some cases, you still need to encrypt a small amount of data at a time (one to eight bits), but you need to ensure possible errors do not affect your encryption and decryption processes.

Answer 268

A

A message can be encrypted, which provides confidentiality.
A message can be hashed, which provides integrity.
A message can be digitally signed, which provides authentication, nonrepudiation, and integrity.
A message can be encrypted and digitally signed, which provides confidentiality, authentication, nonrepudiation, and integrity.

Answer 269

A

In known-plaintext attacks, the attacker has the plaintext and corresponding ciphertext of one or more messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be deciphered and read.

Answer 270

A

Key Management PrinciplesKeys should not be in cleartext outside the cryptography device. As stated previously, many cryptography algorithms are known publicly, which puts more stress on protecting the secrecy of the key. If attackers know how the actual algorithm works, in many cases, all they need to figure out is the key to compromise a system. This is why keys should not be available in cleartext—the key is what brings secrecy to encryption.

Answer 271

A

U.S. standard that outlines the approved algorithms to be used for digital signatures for government authentication activities.

Answer 272

A

Algebraic attacks analyze the vulnerabilities in the mathematics used within the algorithm and exploit the intrinsic algebraic structure. For instance, attacks on the “textbook” version of the RSA cryptosystem exploit properties of the algorithm, such as the fact that the encryption of a raw “0” message is “0.”

Answer 273

A

Is the Internet tied up into a web?Response: Well, kind of.

Answer 274

A

Now, how many times does the one-way hash run again?Response: One, brainiac.

Answer 275

A

Hardware or software implementation of cryptography that contains all the necessary software, protocols, algorithms, and keys

Answer 276

A

Encryption method where the sender and receiver use an instance of the same key for encryption and decryption purposes.

Answer 277

A

Cipher block chaining message authentication code uses encryption for data integrity and data origin authentication.

Answer 278

A

The following are examples of asymmetric key algorithms:

Answer 279

A

In quantum cryptography, photon polarization is commonly used to represent bits (1 or 0). Polarization is the orientation of electromagnetic waves, which is what photons are. Photons are the particles that make up light. The electromagnetic waves have an orientation of horizontal or vertical, or left hand or right hand. Think of a photon as a jellybean. As a jellybean flies through the air, it can be vertical (standing up straight), horizontal (lying on its back), left handed (tilted to the left), or right handed (tilted to the right). (This is just to conceptually get your head around the idea of polarization.)

Answer 280

A

The information that is to be concealed and transmitted

Answer 281

A

Using a portion (subkey) of a key to limit the exposure of the key. Key schedules are used to generate subkeys from master keys.

Brainscape's Knowledge GenomeTM

CHAPTER 7_Cryptography Flashcards

Brainscape's Knowledge Genome^TM