Cryptography

Question 1

What is ECC?

Answer 1

Elliptic Curve Cryptography is a public-key cryptographic algorithm that uses elliptic curves to achieve security. ECC keys are smaller than RSA keys while still providing equivalent security. This makes ECC more efficient for devices with limited resources, such as mobile phones and embedded systems.

Question 2

What is an ephemeral key?

Answer 2

An ephemeral key is a temporary cryptographic key that is generated for each session. Ephemeral keys are used in conjunction with long-term keys to provide perfect forward secrecy (PFS).

Question 3

Define PFS.

Answer 3

Perfect Forward Secrecy is a security property of cryptographic protocols that ensures that even if the long-term key used to establish a secure session is compromised, all past and future communications encrypted under that session key remain secure. PFS is achieved by using a different, ephemeral key for each session.

Question 4

What is CBC?

Answer 4

Cipher Block Chaining is a mode of operation for a block cipher that encrypts data in blocks. Each block of data is XORed with the previous ciphertext block before being encrypted by the block cipher. This chaining of blocks makes it more difficult for attackers to decrypt the data, even if they have knowledge of one of the blocks.

Question 5

What is ECB?

Answer 5

Electronic Codebook is a mode of operation for a block cipher that encrypts each block of data independently. This means that the same plaintext block will always produce the same ciphertext block, regardless of the other blocks of data in the message. ECB is not as secure as CBC, but it is simpler to implement and can be faster in some cases.

Question 6

Define GCM.

Answer 6

Galois/Counter Mode is a mode of operation for a block cipher that combines the benefits of CBC and CTR modes. It is as secure as CBC, but it is also more efficient. GCM is often used in protocols such as TLS and IPsec.

Question 7

Define Symmetric Encryption and Asymmetric Encryption.

Answer 7

Symmetric encryption is an encryption method that uses the same key for both encryption and decryption. This means that the sender and receiver must agree on the key before they can communicate securely. Symmetric encryption is typically faster than asymmetric encryption, but it is also less secure. Asymmetric encryption is an encryption method that uses two different keys: a public key and a private key. The public key is used to encrypt data, and the private key is used to decrypt data. The public key can be shared with anyone, but the private key must be kept secret. Asymmetric encryption is more secure than symmetric encryption, but it is also slower.

Question 8

What is AES?

Answer 8

Advanced Encryption Standard is a block cipher that uses a 128-bit, 192-bit, or 256-bit key. It is considered to be the most secure symmetric encryption algorithm available.

Question 9

Define RSA.

Answer 9

RSA is a public-key cryptosystem that uses two 2048-bit keys. It is considered to be one of the most secure asymmetric encryption algorithms available.

Question 10

Define steganography.

Answer 10

steganography is the practice of hiding a secret message within another message or medium. The purpose of steganography is to conceal the existence of the message, making it more difficult for unauthorized parties to detect and intercept it.

Question 11

What is IPSEC?

Answer 11

Internet Protocol Security is a set of protocols that provide security for IP communications. IPsec can be used to protect data confidentiality, data integrity, and data origin authentication.

Question 12

List the two different modes of IPSEC.

Answer 12

1. Transport mode protects the data portion of an IP packet, but not the IP header. This means that the source and destination addresses of the packet are still visible. Transport mode is typically used for host-to-host communications, such as between two computers.
2. Tunnel mode encapsulates the entire IP packet in another IP packet. This means that the source and destination addresses of the inner packet are hidden from the outside world. Tunnel mode is typically used for gateway-to-gateway communications, such as between two routers.

Question 13

What is ESP?

Answer 13

Encapsulating Security Payload provides encryption and authentication for IP packets. ESP uses a symmetric-key encryption algorithm to encrypt the data portion of the packet. ESP can also be used to authenticate the packet using AH (Authentication header).

Question 14

What is Authentication Header (AH)?

Answer 14

authentication header is an IPsec protocol that provides authentication and integrity for IP packets. AH uses a cryptographic hash function to create a message authentication code (MAC) for each packet. The MAC is then used to verify the authenticity and integrity of the packet.

Question 15

What is CRC?

Answer 15

cyclic redundancy check is a checksum algorithm that is used to verify the integrity of data. CRCs are used in a variety of applications, including data storage, data transmission, and file verification.

Question 16

Define SHA.

Answer 16

secure hash algorithm is a family of cryptographic hash functions that are used to create digital fingerprints of data. SHAs are used in a variety of applications, including data integrity verification, password hashing, and digital signatures.

Question 17

What is OCSP?

Answer 17

Online Certificate Status Protocol is a real-time protocol that allows a client to query a Certificate Authority (CA) to determine whether a particular certificate is revoked. OCSP is generally considered to be more efficient than CRLs, as it only requires a single request to the CA to check the status of a certificate.

Question 18

What is CRL?

Answer 18

Certificate Revocation List is a list of digital certificates that have been revoked by their CA. This list is typically published by the CA and made available to clients so that they can check the status of a certificate before using it.

Question 19

What is SAN?

Answer 19

subject alternative name is a digital certificate which allows multiple domains to be protected by a single certificate.

Question 20

What is a DIR certificate?

Answer 20

Distinguished Encoding Rules certificates is the most common format for digital certificates. They are used by a variety of applications, including web browsers, email clients, and VPNs. They are encoded in binary and have .der and .cer file extensions.

Question 21

What is a PEM digital certificate?

Answer 21

Privacy Enhanced Email Digital Certificate is a certificate typically used to secure email communications, but they can also be used for other purposes, such as securing web traffic or authenticating users. They are encoded in ASCII format and use .pem, .crt, .cer and .key file extensions.

Question 22

Define PFX.

Answer 22

Personal Information Exchange is a file format that is used to store digital certificates and their associated private keys. It is a popular format for storing certificates used for code signing, email encryption, and other applications that require a private key. Uses .pfx and .p12 file extensions.

Question 23

What is the P7B Digital Certificate Format?

Answer 23

P7B is a popular format for storing certificates used for website security, email encryption, and other applications that require a chain of trust. Generally used for Windows and Tomcat servers, encoded in ASCII, and use .p7b and .p7c file extensions.

Question 24

What is stapling?

Answer 24

stapling allows for checking digital certificate revocation status without contacting Certificate Authority (CA).

Question 25

What is pinning?

Answer 25

Pinning is a deprecated security mechanism designed to defend HTTPS websites against impersonation attacks performed with the use of fraudulent digital certificates.

Question 26

What is key escro?

Answer 26

Key escro is a trusted third-party storage solution providing backup source for cryptographic keys