Cryptographic Solutions

Question 1

Practice & Study of writing & solving codes to hide the true meaning of the information.

Answer 1

Cryptography

Question 2

Process of converting ordinary information (plain text) into an unintelligible form (cipher text).

Answer 2

Encryption

Question 3

Inactive data that is being archived.

Answer 3

Data at Rest

Question 4

Data undergoing a current constant state of change.

Answer 4

Data in Use

Question 5

Data that moves across the network, resides inside RAM, or moves to & from the processor.

Answer 5

Data in Transit

Question 6

An algorithm that performs the encryption or decryption.

Answer 6

Cipher

Question 7

A mathematical function (formula) that defines how to encrypt or decrypt something.

Answer 7

Algorithm

Question 8

Where encryption strength comes from. Its length is proportional to the level of security it provides. The essential piece of information that determines the output of a cipher.

Answer 8

The Key

Question 9

Use the same key (single key), for both encryption & decryption. Encryption algorithm in which both the sender & the receiver must know the same shared secret using a privately held key.

Answer 9

Symmetric Algorithms
(Private Key)

Question 10

Use a pair of keys, (two), a public key for encryption & a private key for decryption. Encryption algorithm where different keys are used to encrypt & decrypt the data. Does not require a shared secret key, often referred to as public key cryptography since their key is considered to be freely & openly available to the public.

Answer 10

Asymmetric Algorithms
(Public Key)

Question 11

The practice of hiding secret data within ordinary, non-secret files or messages to avoid detection. Derived from Greek words meaning “covered writing,” and it is all about concealing a message within another so that the very existence of the message is hidden.

Answer 11

Steganography

Question 12

Process of disguising original data to protect sensitive information while maintaining its authenticity and usability.

Answer 12

Data Masking/Data Obfuscation

Question 13

A transformative technique in data protection that involves substituting sensitive data elements with non-sensitive equivalents called tokens which have no meaningful value.

Answer 13

Tokenization

Question 14

Utilizes asymmetric encryption to securely transfer a private key that can then be used with symmetric encryption.

Answer 14

Hybrid Implementation

Question 15

Utilizes a key stream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext.

Answer 15

Stream Cipher

Question 16

Breaks the input into fixed-length blocks of data & performs the encryption on each block.

Answer 16

Block Cipher

Question 17

Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create cipher text using an effective key strength of only 56-bits.

Answer 17

Data Encryption Standard (DES) -Symmetric

Question 18

Encryption algorithm which uses three separate symmetric keys to encrypt, decrypt, then encrypt the plain text into cipher text in order to increase the strength of DES

Answer 18

Triple DES (3DES)
Symmetric

Question 19

Symmetric block Cipher, which uses 64-bit blocks to encrypt plain text into cipher text

Answer 19

International Data Encryption Algorithm (IDEA)

Question 20

Symmetric block Cipher that uses 128-bit, 192-bit, or 256-bit blocks & a matching encryption key size to encrypt plain text into cipher text.

Answer 20

Advanced Encryption Standard (AES)

Question 21

Symmetric block Cipher that uses 64-bit blocks & a variable length encryption key to encrypt plain text into cipher text.

Answer 21

Blowfish

Question 22

Provides the ability to use 128-bit blocks in its encryption algorithm & uses 128-bit, 192-bit, or 256-bit encryption keys.

Answer 22

Twofish

Question 23

Created by Ron Rivest, a cryptographer who’s created six algorithms under the name RC which stands for the Rivest Cipher.

Answer 23

RC Cipher Suite

Question 24

Symmetric stream Cipher using a variable key size from 40-bits to 2048-bits that is used in SSL and WEP

Answer 24

Rivest Cipher (RC4)
Stream Cipher

Question 25

Symmetric block Cipher that uses key sizes up to 2048-bits.

Answer 25

Rivest Cipher (RC5)

Question 26

Symmetric block Cipher that was introduced as a replacement for DES but AES was chosen instead.

Answer 26

Rivest Cipher (RC6)

Question 27

A hash digest of a message encrypted with the sender's private key to let the recipient know the document was created & sent by the person claiming to have sent it. Created by hashing a file & then taking that resulting hash digest & encrypting it with a private key.

Answer 27

Digital Signature

Question 28

Used to conduct key exchanges & secure key distribution over an unsecure network.

Answer 28

Diffie-Hellman (DH)

Question 29

Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers. It can support key sizes between 1024-bits & 4096-bits.

Answer 29

RSA (Rivest, Shamir, & Adleman)

Question 30

Heavily used in mobile devices & it's based on the algebraic structure of elliptical curves over finite fields to define its keys.

Answer 30

Elliptic Curve Cryptography (ECC)

Question 31

ECC version of the popular Diffie-Hellman key exchanges protocol.

Answer 31

Elliptic Curve Diffie-Hellman (ECDH)

Question 32

Uses a different key for each portion of the key establishment process inside the Diffie-Hellman key exchanges.

Answer 32

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)

Question 33

Used as a public key encryption algorithm by the US Government in their digital signatures.

Answer 33

Elliptic Curve Digital Signature Algorithm (ECDSA)

Question 34

One-way cryptographic function that takes an input & produces a unique message digest as its out put.

Answer 34

Hashing

Question 35

Creates a 128-bit hash value that is unique to the input file.

Answer 35

MD5

Question 36

Creates a 160-bit hash digest, which significantly reduces the number of collisions that occur.

Answer 36

SHA-1

Question 37

Family of hash functions that contain longer hash digests (SHA-224, SHA-256, SHA-384, & SHA-512). Uses 64 to 80 rounds of computations for its message digest.

Answer 37

SHA-2

Question 38

Newer family of hash functions, & its hash digest can go between 224 bits & 512 bits. Uses 120 rounds of computations to create its message digest for each unique file.

Answer 38

SHA-3

Question 39

Comes in 160-bit, 256-bit, and 320-bit versions.

Answer 39

RIPEMD (Race Integrity Primitive Evaluation Message Digest)

Question 40

Open-source hashing algorithm that was created as a competitor to the SHA family.

Answer 40

RIPEMD-160

Question 41

Used to check the integrity of a message & provides some level of assurance that its authenticity is real. It will be paired with other algorithms to do the work.

Answer 41

HMAC (Hash-based Message Authentication Code)

Question 42

Relies upon a 160-bit message digest created by the Digital Security Algorithm.

Answer 42

Digital Security Standard (DSS)

Question 43

Hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a user's password instead of requiring the associated plain text password.

Answer 43

Pass the Hash Attack

Question 44

Provides the ability to automate the process of harvesting the hashes & conducting the attack.

Answer 44

Mimikatz

Question 45

Occurs when an attacker is able to send two different messages through a hash algorithm & it results in the same identical hash digest, referred to as a collision. The probability that two distinct inputs, when processed through a hashing function, will produce the same output, or a collision.

Answer 45

Birthday Attack

Question 46

If you have a random group of people, the chances are you are going to have two people in that group with the same birthday. The paradox itself posits that in a group of just 23 people, there's a better than 50/50 chance that two of them share the same birthday.

Answer 46

Birthday Paradox

Question 47

Technique that is used to mitigate a weaker key by increasing the time needed to crack it.

Answer 47

Key Stretching

Question 48

Adding random data into a one-way cryptographic hash to help protect against password cracking techniques.

Answer 48

Salting

Question 49

When an attacker tries every word from a predefined list.

Answer 49

Dictionary Attack

Question 50

When an attacker tries every possible password combination.

Answer 50

Brute-force Attack

Question 51

Pre-computed tables for reversing cryptographic hash functions.

Answer 51

Rainbow Tables

Question 52

Stands for "number used once", is a unique, often random number that is added to a password-based authentication process.

Answer 52

Nonce

Question 53

An entire system of hardware, software, policies, procedures, & people that is based on asymmetric encryption. The system that creates the asymmetrical key pairs that consist of those public & private keys that are used in the encryption & decryption process. Framework for managing digital keys & certificates that facilitate secure data transfer, authentication, & encrypted communications over networks.

Answer 53

Public Key Infrastructure (PKI)

Question 54

This encryption & decryption process is just one small part of the overall PKI architecture.

Answer 54

Public Key Cryptography

Question 55

Issues digital certificates & keeps the level of trust between all of the certificate authorities around the world.

Answer 55

Certificate Authority

Question 56

Process where cryptographic keys are stored in a secure, third-party location, which is effectively an "escrow".

Answer 56

Key Escrow

Question 57

Asymmetric encryption and decryption.

Answer 57

Public Key Encryption

Question 58

Digitally signed electronic document that binds a public key with a user's identity.

Answer 58

Digital Certificate

Question 59

Allows all of the subdomains to use the same public key certificate and have it displayed as valid.

Answer 59

Wildcard Certificate

Question 60

Certificate that specifies what additional domains & IP addresses are going to be supported.

Answer 60

Subject Alternate Name (SAN) Field

Question 61

Only requires the server to be validated.

Answer 61

Single-Sided Certificate

Question 62

Requires both the server & the user to be validated.

Answer 62

Dual-Sided Certificate

Question 63

Digital Certificate that is signed by the same entity whose identity it certifies.

Answer 63

Self-Signed Certificate

Question 64

Digital Certificate issued & signed by a trusted certificate authority (CA)

Answer 64

Third-Party Certificate

Question 65

Each certificate is validated using the concept of a root of trust or the chain of trust.

Answer 65

Root of Trust

Question 66

Trusted third party who is going to issue these digital certificates.

Answer 66

Certificate Authority

Question 67

A request for identifying information from the user & forwards that certificate request up to the certificate authority to create the digital certificate.

Answer 67

Registration Authority

Question 68

A block of encoded text that contains information about the entity requesting the certificate.

Answer 68

Certificate Signing Request

Question 69

Servers as an online list of digital certificates that the certificate authority has already revoked.

Answer 69

Certificate Revocation List

Question 70

Allows to determine the revocation status of any digital certificate using its serial number. An alternative to the Certificate Revocation List.

Answer 70

Online Certificate Status Protocol (OCSP)

Question 71

Allows the certificate holder to get the OCSP record from the server at regular intervals.

Answer 71

OCSP Stapling

Question 72

Allows an HTTPS website to resist impersonation attacks from users who are trying to present fraudulent certificates.

Answer 72

Public Key Pinning

Question 73

Occurs when a secure copy of a user's private key is being held.

Answer 73

Key Escrow

Question 74

Specialized type of software that allows the restoration of a lost or corrupted key to be performed.

Answer 74

Key Recovery Agent

Question 75

A shared immutable ledger for recording transactions, tracking assets, and building trust. A really long series of information with each block containing information. Each block also contains the hash for the block before it.

Answer 75

Blockchain

Question 76

A record-keeping system that maintains participants' identities in a secure & anonymous format.

Answer 76

Public Ledger

Question 77

Self-executing contracts where the terms of agreement or conditions are written directly into lines of code. The decentralized & transparent nature of the Blockchain ensures that once it's deployed, it cannot be altered, making the agreement tamper-proof & trustworthy.

Answer 77

Smart Contracts

Question 78

Used for business transactions & it promotes new levels of trust & transparency using this immutable public ledgers.

Answer 78

Permissioned Blockchain

Question 79

Dedicated micro-controller designed to secure hardware through integrated cryptographic keys.

Answer 79

Trusted Platform Module (TPM)

Question 80

Physical device that safeguards and manages digital keys, primarily used for mission-critical situations like financial transactions. Not only does it securely generate cryptographic keys, but it also provides accelerated cryptographic operations.

Answer 80

Hardware Security Module (HSM)

Question 81

Integrated approach for generating, distributing, & managing cryptographic keys for devices & applications. Creation to destruction.

Answer 81

Key Management System

Question 82

Co-processor integrated into the main processor of some devices, designed with the sole purpose of ensuring data protection. By keeping this data separate from the main processor, even if a device gets compromised, the data within it remains untouched.

Answer 82

Secure Enclave

Question 83

Used to protect data by ensuring that it remains recognizable but does not actually include sensitive information. Prevalent in industries that handle vast amounts of personal data.

Answer 83

Data Masking

Question 84

Techniques & strategies that adversaries employ to exploit vulnerabilities in cryptographic systems with the intent to compromise the confidentiality, integrity, or authenticity of data.

Answer 84

Cryptographic Attacks

Question 85

Aims to force a system into using a weaker or older cryptographic standard or protocol than what it's currently utilizing.

Answer 85

Downgrade Attack

Question 86

Aims to find two different inputs that produce the same hash output.

Answer 86

Collision Attack

Question 87

A computer that uses quantum mechanics to generate & manipulate quantum bits (qubits) in order to access enormous processing powers.

Answer 87

Quantum Computing

Question 88

A communications network that relies on qubits made of photons (light) to send multiple combinations of ones & zeros simultaneously which results in tamper resistant & extremely fast communications.

Answer 88

Quantum Communication

Question 89

A quantum bit composed of electrons or photons that can represent numerous combinations of ones & zeros at the same time through superposition.

Answer 89

Qubit

Question 90

A new kind of cryptographic algorithm that can be implemented using today's classical computers but is also impervious to attacks from future quantum computers.

Answer 90

Post-quantum Cryptography