Cryptography Flashcards
What does IPSec define?
A) All possible security classifications for a specific configuration
B) A framework for setting up a secure communication channel
C) The valid transition states in the Biba model
D) TCSEC security categories
A framework for setting up a secure communication channel
IPSec is a security protocol that defines a framework for setting up a secure channel to exchange information between two entities.
What is the minimum number of cryptographic keys required for secure two-way communications in symmetric key cryptography? A) One B) Two C) Three D) Four
One
Symmetric key cryptography uses a shared secret key. All communicating parties utilize the same key for communication in any direction.
What is the length of the cryptographic key used in the Data Encryption Standard (DES) cryptosystem? A) 56 bits B) 128 bits C) 192 bits D) 256 bits
56 bits
DES uses a 56-bit key. This is considered one of the major weaknesses of this cryptosystem.
How many encryption keys are required to fully implement an asymmetric algorithm with 10 participants? A) 10 B) 20 C) 45 D) 100
20
In an asymmetric algorithm, each participant requires two keys: a public key and a private key.
What is the major disadvantage of using certificate revocation lists? A) Key management B) Latency C) Record keeping D) Vulnerability to brute force attacks
Latency
Certificate revocation lists (CRLs) introduce an inherent latency to the certificate expiration process due to the time lag between CRL distributions.
When correctly implemented, what is the only cryptosystem known to be unbreakable? A) Transposition cipher B) Substitution cipher C) Advanced Encryption Standard D) One-time pad
One-time pad
Assuming that it is used properly, the one-time pad is the only known cryptosystem that is not vulnerable to attacks.
Which AES finalist makes use of prewhitening and postwhitening techniques? A) Rijndael B) Twofish C) Blowfish D) Skipjack
Twofish
The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.
What kind of attack makes the Caesar cipher virtually unusable? A) Meet-in-the-middle attack B) Escrow attack C) Frequency analysis attack D) Transposition attack
Frequency analysis attack
The Caesar cipher (and other simple substitution ciphers) are vulnerable to frequency analysis attacks that analyze the rate at which specific letters appear in the ciphertext.
What type of cipher relies upon changing the location of characters within a message to achieve confidentiality? A) Stream cipher B) Transposition cipher C) Block cipher D) Substitution cipher
Transposition cipher
Transposition ciphers use a variety of techniques to reorder the characters within a message.
Which one of the following cipher types operates on large pieces of a message rather than individual characters or bits of a message? A) Stream cipher B) Caesar cipher C) Block cipher D) ROT3 cipher
Block cipher
Block ciphers operate on message “chunks” rather than on individual characters or bits. The other ciphers mentioned are all types of stream ciphers that operate on individual bits or characters of a message.
Richard wants to digitally sign a message he's sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest? A) Richard's public key B) Richard's private key C) Sue's public key D) Sue's private key
Richard’s private key
Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.
What block size is used by the Advanced Encryption Standard? A) 32 bits B) 64 bits C) 128 bits D) Variable
128 bits
The Advanced Encryption Standard uses a 128-bit block size, despite the fact that the Rijndael algorithm it is based on allows a variable block size.
What is the length of a message digest produced by the MD5 algorithm? A) 64 bits B) 128 bits C) 256 bits D) 384 bits
128 bits
The MD5 algorithm produces a 128-bit message digest for any input.
Which of the following links would be protected by WPA encryption? A) Firewall to firewall B) Router to firewall C) Client to wireless access point D) Wireless access point to router
Client to wireless access point
The WiFi Protected Access protocol encrypts traffic passing between a mobile client and the wireless access point. It does not provide end-to-end encryption.
If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message? A) Richard's public key B) Richard's private key C) Sue's public key D) Sue's private key
Sue’s public key
Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.
John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be? A) 160 bits B) 512 bits C) 1,024 bits D) 2,048 bits
160 bits
The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.
What type of cryptosystem commonly makes use of a passage from a well-known book for the encryption key? A) Vernam cipher B) Running key cipher C) Skipjack cipher D) Twofish cipher
Running key cipher
Running key (or “book”) ciphers often use a passage from a commonly available book as the encryption key.
What encryption technique does WPA use to protect wireless communications? A) TKIP B) DES C) 3DES D) AES
TKIP
WiFi Protected Access (WPA) uses the Temporal Key Integrity Protocol (TKIP) to protect wireless communications. WPA2 uses AES encryption.
What is the output value of the mathematical function 16 mod 3? A) 0 B) 1 C) 3 D) 5
1
1 is correct because 16 divided by 3 equals 5, with a remainder value of 1.
What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman's Pretty Good Privacy secure email system? A) ROT13 B) IDEA C) ECC D) El Gamal
IDEA
Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based upon the IDEA private key cryptosystem.
Many cryptographic algorithms rely upon the difficulty of factoring the product of large prime numbers. What characteristic of this problem are they relying upon?
A) It contains diffusion.
B) It contains confusion.
C) It is a one-way function.
D) It complies with Kerchoff’s principle.
It is a one-way function.
A one-way function is a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.
Which of the following tools can be used to improve the effectiveness of a brute-force password cracking attack? A) Rainbow tables B) Hierarchical screening C) TKIP D) Random enhancement
Rainbow tables
Rainbow tables contain precomputed hash values for commonly used passwords and may be used to increase the efficiency of password cracking attacks.
Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use? A) 160 bits B) 512 bits C) 1,024 bits D) 2,048 bits
160 bits
The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.
How many keys are required to fully implement a symmetric algorithm with 10 participants? A) 10 B) 20 C) 45 D) 100
45
The number of keys required for a symmetric algorithm is dictated by the formula (n*(n-1))/2, which in this case, where n = 10, is 45.
