crypotgraphy Flashcards
(17 cards)
What is the importance of cryptography in digital security?
Cryptography is fundamental to digital security, similar to how locks are essential to physical security. However, it is not sufficient on its own and must be used correctly within a secure system.
What are the two golden rules for using cryptography?
- Do not invent your own cryptographic algorithms. 2. Avoid implementing your own cryptographic systems unless absolutely necessary, due to high risk of critical bugs.
What caused the Heartbleed vulnerability?
A missing bounds check in OpenSSL’s TLS heartbeat extension allowed attackers to read up to 64KB of server memory, potentially leaking private keys, passwords, and sensitive data.
What is the principle of Kerckhoff and why is it important?
Kerckhoff’s principle states that a cryptosystem should remain secure even if everything about the system, except the key, is public knowledge. Keeping keys secret is essential.
What is the idea behind zk-SNARKs used in Zcash?
Zero-knowledge Succinct Non-Interactive Arguments of Knowledge allow a user to prove possession of information without revealing it, enabling privacy-preserving cryptocurrency transactions.
What flaw was discovered in Zcash’s implementation of zk-SNARKs?
A 2018 flaw allowed computation of the master secret using publicly available logs, raising ethical concerns about disclosing vulnerabilities in deployed systems.
What happened with SIDH and SIKE in post-quantum cryptography?
Though once promising, SIDH/SIKE was broken in 2022 by researchers using advanced elliptic curve theory, showing the risk of relying on obscure mathematics.
What is the Diffie–Hellman key exchange method?
A key agreement protocol where two parties exchange values raised to secret powers modulo a large prime, arriving at a shared secret key, relying on the Discrete Logarithm Problem.
What is RSA and how does it work?
RSA uses two large prime numbers to create a public/private key pair. Encryption is done using the public key, and decryption with the private key. It also supports digital signatures.
What are digital signatures and how are they used?
A digital signature proves authenticity of a message. The sender signs a hash of the message using their private key; the recipient verifies it with the sender’s public key.
What is a symmetric key cipher and what are its key properties?
A cipher using the same key for encryption and decryption. Key properties include resistance to plaintext and ciphertext attacks, and non-malleability.
What is a Man-in-the-Middle attack in cryptography?
An attacker intercepts and relays messages between two parties in a key exchange, making each believe they are communicating directly, compromising secrecy.
What is Meet-in-the-Middle attack?
An attack where encryption is composed of two layers. The attacker computes all outputs from the first layer and compares them with decryptions from the second, reducing complexity.
What is AES and how does it improve upon DES?
AES supports larger block and key sizes (128, 192, 256 bits) and is more secure than DES, which was eventually broken due to its short 56-bit key.
What makes hash functions cryptographically secure?
They are collision-resistant, pre-image resistant, and second pre-image resistant, making it hard to find different inputs that produce the same output.
Why are MD5 and SHA-1 no longer considered secure?
Both have known collisions. SHA-1 has been officially deprecated, and collisions can now be computed with moderate resources, making them unsafe for digital signatures.
What are cryptographically secure pseudo-random number generators (CSPRNGs)?
CSPRNGs produce unpredictable sequences. They resist forward prediction and backward reconstruction even if part of the internal state is known.
