Cryptographic Solutions

Question 1

Symmetric Algorithm

Answer 1

Encryption algorithm in which both the sender and the receiver must know the same shared secret using a privately held key.

Private Key

Single Key

Question 2

Asymmetric Algorithm

Answer 2

Encryption algorithm where different keys are used to encrypt and decrypt the data

Most common examples are Diffie-Hellman, RSA, and Elliptic Curve Cryptography (ECC)

Public Key

2 Different Keys

Question 3

Stream Cipher

Answer 3

Utilizes keystream generator to encrypt data bit by bit using a mathematical XOR function to create ciphertext

Question 4

Block Cipher

Answer 4

Breaks the input into fixed-length blocks of data and performs the encryption on each block

Question 5

Data Encryption Standard (DES)

Answer 5

Symmetric Algorithm

Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using effective key strength of only 56 bits.

Question 6

Triple DES (3DES)

Answer 6

Symmetric Algorithm

The encryption algorithm uses three separate symmetric keys to encrypt, decrypt, and then encrypt the plaintext into ciphertext to increase the strength of DES.

Question 7

International Data Encryption Algorithm (IDEA)

Answer 7

Symmetric Algorithm

Symmetric Block Cipher uses 64-bit blocks to encrypt plaintext into ciphertext.

Question 8

Advanced Encryption Standard (AES)

Answer 8

Symmetric Algorithm

Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into ciphertext.

Question 9

Blowfish

Answer 9

Symmetric Algorithm

Symmetric block cipher uses 64-bit blocks and a variable-length encryption key to encrypt plaintext into cipher.

Question 10

Twofish

Answer 10

Symmetric Algorithm

It provides the ability to use 128-bit blocks in its encryption algorithm and uses 128-bit, 192-bit, or 256-bit encryption.

Question 11

RC Cipher Suite

Answer 11

Symmetric Algorithms

It was created by Ron Rivest, a cryptographer who’s created six algorithms under the name “RC,” which stands for The Rivest Cipher.

RC4 - Symmetric stream cipher using a variable key size from 40 bits to 2048 bits that is used in SSL and WEP.

RC5 - Symmetric block cipher that uses key sizes up to 2048 bits.

RC6 - Symmetric block cipher that was introduced as a replacement for DES but AES was the chosen instead.

Question 12

Diffie-Hellman (DH)

Answer 12

Asymmetric Algorithm

Used to conduct key exchanges and secure key distribution over an unsecured network.
Used for key exchange inside of creating a VPN tunnel establishment as part of IPSec.

Question 13

RSA (Rivest, Shamir, and Adleman)

Answer 13

Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers.

Can support key sizes between 1024 bites and 4096 bits.

Question 14

Elliptic Curve Cryptography (ECC)

Answer 14

Asymmetric Algorithm

Heavily used in mobile devices and it’s based on the algebraic structure of elliptical curves over finite fields to define its keys.

ECC with a 256-bit key is just as secure as RSA with a 2048-bit key.

Question 15

Hashing

Answer 15

A one-way cryptographic function that takes an input and produces a unique message digest as its output.
The hash digest is always the same length.

Question 16

MD5

Answer 16

Creates a 128-bit hash value that is unique to the input value

Question 17

SHA-1

Answer 17

Creates a 160-bit hash digest, which significantly reduces the number of collisions that occur

Question 18

SHA-2

Answer 18

Family of has functions that contain longer hash digests.

Question 19

SHA-3

Answer 19

A newer family of hash functions, and its hash digest can go between 224 and 512 bits.

Question 20

RIPEMD (Race Integrity Primitive Evaluation Message Digest)

Answer 20

Comes in 160-bit and 320-bit versions

Question 21

RIPEMD-160

Answer 21

Open-source hashing algorithm that was created as a competitor to the SHA family.

Question 22

HAMC (Hash-Based Message Authentication Code)

Answer 22

Used to check the integrity of a message and provide some level of assurance that its authenticity is real

Question 23

Digital Security Standard (DSS)

Answer 23

Relies on a 160-bit message created by the digital security algorithm

Question 24

Pass-the-Hash Attack

Answer 24

A hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying has of a user’s password instead of requiring the associated plaintext password.

Question 25

Mimikatz

Answer 25

Provides the ability to automate the process of harvesting the hashes and conducting the attack

Question 26

Birthday Attack

Answer 26

It occurs when an attacker is able to send two different messages through a has algorithm, and it results in the same identical has digest, referred to as a collision.

Question 27

Birthday Paradox

Answer 27

“If you have a random group of people, the chances are you are going to have two people in that group with the same birthday.”

Question 28

Key Stretching

Answer 28

A technique that is used to mitigate a weaker key by increasing the time needed to crack it.

Question 29

Salting

Answer 29

Adding random data into a one-way cryptographic has to help protect against password cracking techniques.

Question 30

Dictionary Attack

Answer 30

When an attacker tries every word from a predefined list.

Question 31

Brute-Force Attack

Answer 31

When an attacker tries every possible password combination.

Question 32

Rainbow Tables

Answer 32

Precomputed tables for reversing cryptographic hash functions.

Question 33

Nonce

Answer 33

Stands for “Number Used Once” is a unique, often random number that is added to the password-based authentication process.

Question 34

Steganography

Answer 34

Concealing a message within another so that the very existence of the message is hidden.

The primary goal isn’t just to prevent unauthorized access to the data, but to prevent the suspicion that there’s any hidden data at all.

Frequently used alongside encryption for an extra layer of security.

Question 35

Tokenization

Answer 35

Transformative technique in data protection that involves substituting sensitive data elements with non-sensitive equivalents, called tokens, which have no meaningful value.

Question 36

Data Masking

Answer 36

It is used to protect data by ensuring that it remains recognizable but does not actually include sensitive info.

Prevalent in industries that handle vast amounts of PII.

Question 37

Downgrade Attack

Answer 37

It aims to force a system into using a weaker or older cryptographic standard or protocol than it currently utilizes.

Question 38

Collision Attack

Answer 38

It aims to find two different inputs that produce the same hash output.

Collisions can allow malicious actors to impersonate trusted entities, forge digital signatures, or distribute tampered data while appearing genuine.