Cryptographic Solutions

Question 1

DES (Data Encryption Standard)

Symetric, Block cypher

Answer 1

Widely used from the 1970s to the early 2000s

Question 2

Triple DES (3DES)

Symetric, Block cypher

Answer 2

Provides 112-bit key strength but is slower than DES

Question 3

IDEA (International Data Encryption Algorithm)

Symetric, Block cypher

Answer 3

Not as widely used as AES

Question 4

AES (Advanced Encryption Standard)

Symetric, Block cypher

Answer 4

■ Replaced DES and 3DES as the US government encryption standard
■ Widely adopted and considered the encryption standard for sensitive
unclassified information

Question 5

Blowfish

Symetric, Block cypher

Answer 5

Developed as a DES replacement but not widely adopted

Question 6

Twofish

Symetric, Block cypher

Answer 6

Open source and available for use

Question 7

RC Cipher Suite (RC4, RC5, RC6)

Symetric, Block cypher

Answer 7

■ RC4 is a stream cipher with variable key sizes from 40 to 2048 bits, used in SSL
and WEP
■ RC5 is a block cipher with key sizes up to 2048 bits
■ RC6, based on RC5, was considered as a DES replacement

Question 8

Diffie-Hellman

Asymetric

Answer 8

● Used for key exchange and secure key distribution
● Vulnerable to man-in-the-middle attacks, requires authentication
● Commonly used in VPN tunnel establishment (IPSec)

Question 9

RSA (Ron Rivest, Adi Shamir, Leonard Adleman)

Asymetric

Answer 9

● Used for key exchange, encryption, and digital signatures
● Relies on the mathematical difficulty of factoring large prime numbers
● Supports key sizes from 1024 to 4096 bits
● Widely used in organizations and multi-factor authentication

Question 10

Elliptic Curve Cryptography (ECC)

Asymetric

Answer 10

● Efficient and secure, uses algebraic structure of elliptical curves
● Commonly used in mobile devices and low-power computing
● Six times more efficient than RSA for equivalent security

Question 11

MD5 (Message Digest Algorithm 5)

Hashing

Answer 11

● Limited unique values, leading to collisions
● Not recommended for security-critical applications due to vulnerabilities

Question 12

SHA (Secure Hash Algorithm) Family

Hashing

Answer 12

● SHA-1
○ Produces a 160-bit hash digest, less prone to collisions than MD5
● SHA-2
○ Offers longer hash digests (SHA-224, SHA-256, SHA-348, SHA-512)
● SHA-3
○ Uses 224-bit to 512-bit hash digests, more secure, 120 rounds of
computations

Question 13

RIPEMD (RACE Integrity Primitive Evaluation Message Digest)

Hashing

Answer 13

Open-source competitor to SHA but less popular

Question 14

HMAC (Hash-based Message Authentication Code)

Hashing

Answer 14

Utilizes other hashing algorithms (e.g., HMAC-MD5, HMAC-SHA1,
HMAC-SHA256)

Question 15

Digital Signatures

Answer 15

■ Uses a hash digest encrypted with a private key
■ Sender hashes the message and encrypts the hash with their private key
■ Recipient decrypts the digital signature using the sender’s public key
■ Verifies integrity of the message and ensures non-repudiation

Question 16

Common Digital Signature Algorithms

Answer 16

■ DSA (Digital Security Algorithm)
■ RSA (Rivest-Shamir-Adleman)
● Supports digital signatures, encryption, and key distribution
● Widely used in various applications, including code signing

Question 17

Common Hashing Attack

Pass the Hash

Answer 17

A hacking technique that allows the attacker to authenticate to a remote
server or service by using the underlying hash of a user’s password
instead of requiring the associated plaintext password

Question 18

Common Hashing Attack

Brithday Attack

Answer 18

Occurs when two different messages result in the same hash digest
(collision)

Question 19

Increasing Hash Security

Key Stretching

Answer 19

● Technique that is used to mitigate a weaker key by creating longer, more
secure keys (at least 128 bits)
● Used in systems like Wi-Fi Protected Access, Wi-Fi Protected Access
version 2, and Pretty Good Privacy

Question 20

Increasing Hash Security

Salting

Answer 20

● Adds random data (salt) to passwords before hashing
● Ensures distinct hash outputs for the same password due to different
salts
● Thwarts dictionary attacks, brute-force attacks, and rainbow tables

Question 21

Increasing Hash Security

Nonces (Number Used Once)

Answer 21

● Adds unique, often random numbers to password-based authentication
processes
● Prevents attackers from reusing stolen authentication data
● Adds an extra layer of security against replay attacks

Question 22

Key Escrow

Answer 22

■ Storage of cryptographic keys in a secure, third-party location (escrow)
■ Enables key retrieval in cases of key loss or for legal investigations

Question 23

Digital Certificates

Answer 23

■ Digitally signed electronic documents■ Bind a public key with a user’s identity
■ Used for individuals, servers, workstations, or devices
■ Use the X.509 Standard

Question 24

Wildcard Certificate

Answer 24

● Allows multiple subdomains to use the same certificate
● Easier management, cost-effective for subdomains
● Compromise affects all subdomains

Question 25

SAN (Subject Alternate Name) field

Answer 25

● Certificate that specifies what additional domains and IP addresses are going to be supported ● Used when domain names don’t have the same root domain

Question 26

Single-sided certificate

Answer 26

Only requires the server to be validated

Question 27

Dual-sided certificate

Answer 27

○ Both server and user validate each other ○ Dual-sided for higher security, requires more processing power

Question 28

Self-Signed Certificates

Answer 28

● Digital certificate that is signed by the same entity whose identity it certifies ● Provides encryption but lacks third-party trust ● Used in testing or closed systems

Question 29

Third-Party Certificates

Answer 29

● Digital certificate issued and signed by trusted certificate authorities (CAs) ● Trusted by browsers and systems ● Preferred for public-facing websites

Question 30

Root of Trust

Answer 30

● Highest level of trust in certificate validation ● Trusted third-party providers like Verisign, Google, etc. ● Forms a certification path for trust

Question 31

Certificate Authority (CA)

Answer 31

● Trusted third party that issues digital certificates ● Certificates contain CA's information and digital signature ● Validates and manages certificates

Question 32

Registration Authority (RA)

Answer 32

● Requests identifying information from the user and forwards certificate request up to the CA to create a digital certificate ● Collects user information for certificates ● Assists in the certificate issuance process

Question 33

Certificate Signing Request (CSR)

Answer 33

● A block of encoded text with information about the entity requesting the certificate ● Includes the public key ● Submitted to CA for certificate issuance ● Private key remains secure with the requester

Question 34

Certificate Revocation List (CRL)

Answer 34

● Maintained by CAs ● List of all digital certificates that the certificate authority has already revoked ● Checked before validating a certificate

Question 35

Online Certificate Status Protocol (OCSP)

Answer 35

● Determines certificate revocation status or any digital certificate using the certificate's serial number ● Faster but less secure than CRL

Question 36

OCSP Stapling

Answer 36

● Alternative to OCSP ● Allows the certificate holder to get the OCSP record from the server at regular intervals ● Includes OCSP record in the SSL/TLS handshake ● Speeds up the secure tunnel creation

Question 37

Public Key Pinning

Answer 37

● Allows an HTTPS website to resist impersonation attacks from users who are trying to present fraudulent certificates ● Presents trusted public keys to browsers ● Alerts users if a fraudulent certificate is detected

Question 38

Key Escrow Agents

Answer 38

● Securely store copies of private keys ● Ensures key recovery in case of loss ● Requires strong access controls

Question 39

Key Recovery Agents

Answer 39

● Specialized type of software that allows the restoration of a lost or corrupted key to be performed ● Acts as a backup for certificate authority keys

Question 40

Blockchain

Answer 40

■ Shared immutable ledger for transactions and asset tracking ■ Builds trust and transparency ■ Widely associated with cryptocurrencies like Bitcoin ■ Is essentially a really long series of information with each block containing information in it

Question 41

Block Structure

Answer 41

● Chain of blocks, each containing ○ Previous block's hash ○ Timestamp ○ Root transactions (hashes of individual transactions) ● Blocks are linked together in a chronological order

Question 42

Public Ledger

Answer 42

● Secure and anonymous record-keeping system ● Maintains participants' identities ● Tracks cryptocurrency balances ● Records all genuine transactions in a network

Question 43

Smart Contracts

Answer 43

● Self-executing contracts with code-defined terms ● Execute actions automatically when conditions are met ● Transparent, tamper-proof, and trust-enhancing

Question 44

TPM (Trusted Platform Module) | Encryption Tools

Answer 44

● Dedicated microcontroller for hardware-level security ● Protects digital secrets through integrated cryptographic keys ● Used in BitLocker drive encryption for Windows devices ● Adds an extra layer of security against software attacks

Question 45

HSM (Hardware Security Module) | Encryption Tools

Answer 45

● Physical device for safeguarding and managing digital keys ● Ideal for mission-critical scenarios like financial transactions ● Performs encryption operations in a tamper-proof environment ● Ensures key security and regulatory compliance

Question 46

Key Management System | Encryption Tools

Answer 46

● Manages, stores, distributes, and retires cryptographic keys ● Centralized mechanism for key lifecycle management ● Crucial for securing data and preventing unauthorized access ● Automates key management tasks in complex environments

Question 47

Secure Enclaves | Encryption Tools

Answer 47

● Coprocessor integrated into the main processor of some devices ● Isolated from the main processor for secure data processing and storage ● Safeguards sensitive data like biometric information ● Enhances device security by preventing unauthorized access

Question 48

Steganography

Answer 48

● Conceals a message within another to hide its very existence ● Used alongside encryption for added security

Question 49

Tokenization

Answer 49

● Substitutes sensitive data with non-sensitive tokens ● Reduces exposure of sensitive data during transactions ● Commonly used for payment systems to comply with security standards

Question 50

Data Masking (Data Obfuscation)

Answer 50

● Disguises original data to protect sensitive information ● Common in industries handling personal data

Question 51

Downgrade Attacks

Answer 51

■ Force systems to use weaker or older cryptographic standards or protocols ■ Exploit known vulnerabilities or weaknesses in outdated versions

Question 52

Collision Attacks

Answer 52

■ Find two different inputs producing the same hash output ■ Vulnerabilities in hashing algorithms, e.g., MD5, can lead to collisions

Question 53

Post-quantum cryptography

Answer 53

A new kind of cryptographic algorithm that can be implemented using today’s classic computers but is also impervious to attacks from future quantum computers

Question 54

NIST selected four post-quantum cryptography standards

Answer 54

● CRYSTALS-Kyber - general encryption needs ● Digital signatures ○ CRYSTALS-Dilithium ○ FLACON ○ SPHINCS+