What asymmetric algorithm is based on the fact that 2 very large prime numbers can be multiplied easily but can’t be factored easily. Used for digital signatures and key encryption.
RSA
3DES features
Uses 168bit key
Uses 48 rounds of computation
AES features
Uses 128, 192, 256bit keys
Uses 14 rounds of computation
DES features
Based on 128bit lucifer algorithm
Uses 16 rounds of computation
Data origin authentication definition
A system based authentication that verifies the source of a message
Cryptanalysis definition
The process of studying ciphertext and cryptosystems to identify weaknesses
Key clustering definition
The same ciphertext generated from the same plaintext using two different keys
Cipher definition
An algorithm that uses random symbols to represent plaintext units or single letters in the form of ciphertext.
ciphertext definition
encrypted data that is unreadable until it is converted into plaintext.
3 characteristics of quantum cryptography
based on the laws of quantum mechanics
generates a cryptographic key that can be exchanged securely between remote users
combines quantum cryptographics with traditional algorithms to distribute secret keys
What method uses human interaction to obtain encryption keys and valuable information
social engineering
What method uses trial and error attack to try every possible key until it succeeds
brute force
What method examines multiple pieces of ciphertext to determine trends or statistical data
ciphertext only
What method examines power requirements and duration of the encryption process to find the encryption key
differential cryptanalysis
What method searches both plaintext and ciphertext from the same message to find the encryption key
known plaintext
What attack collects hash values in a table to save time in hash function attacks
rainbow table
What attack examines the plaintext and ciphertext for linear approximations
linear cryptanalysis
What attack exploits weak points in block ciphers with highly mathematical structures
algebraic
What attack decrypts ciphertext and examines the plaintext result to find the key
chosen ciphertext
What attack uses the algorithm and encryption device to find the encryption method
chosen plaintext
define ciphertext
data that has been encrypted
define plaintext
original text before encryption
define decipher
act of decrypting ciphertext
define encipher
act of encrypting plaintext
define work factor
estimated time and effort required to overcome a security control and break a cryptosystem
define algorithm
a small procedure used for encryption
define frequency analysis
main method of cryptanalysis and involves analysis of patterns of letters.
define running key cipher
uses real world objects such as book to describe each word by a sequence of numbers.
define substitution cipher
replaces bits, characters, or blocks with different bits, characters, or blocks
define transposition cipher
uses permutation to scramble letters and a key to determine the positions to which the characters are moved.
define concealment cipher
ensures every x word within a text is part of the real message.
define block cipher
applies a cryptographic key and algorithm to a block of data at once rather than one bit at a time.
define stream cipher
applies a cryptographic key and algorithm to one bit at a time in a data stream.
How many channels are used in quantum cryptography?
2
What are the two channels used for in quantum cryptography?
1 channel transmits quantum key material through single photon light pulses
1 channel carriers message traffic
define symmetric key encryption
uses a shared secret key for both encryption and decryption
define asymmetric key encryption
uses two separate keys for encryption and decryption
3 symmetric key strengths
Faster than asymmetric
difficult to break
cheaper than asymmetric
3 symmetric key weaknesses
needs to be secured properly
complex key management
does not provided authentication
3 Symmetric key algorithms
3DES
DES
AES
DES
divides plaintext into blocks of 64bits
16 rounds of transposition
uses 56bit key
uses IBM 128bit lucifer algorithm
3DES
uses 3 56bit keys
encrypts/decrypts data 3 times with the 3 keys
48 rounds in computation
AES
supports key sizes of 128, 192, 256
10, 12, 14 rounds of computation depending on key
Uses 16 rounds of cryptographic functions to work on 64bit data blocks
blowfish
A patent free algorithm that can use 128bit blocks.
uses 64bit and 128bit blocks
SAFER
uses variable key size and is used in the SSL protocol
RC4
A 128bit encryption algorithm that makes use of a
SPN cryptosystem and a pair of subkeys per round
CAST
7 asymmetric algorithms
RSA Digital Signature Algorithm Diffie Hellman Elliptic Curve Cryptography El Gamal Knapsack LUC
RSA key lengths
768, 1024
Digital Signature Algorithm key lengths
512, 1024
DSA algorithm
SHA-1
Where is DSA primarily used?
governments
Is diffie-hellman used for encryption or digital signatures?
no
What is diffie-hellman used for?
obtaining secret key between two parties
elliptic curve cryptography provides
digital signatures
secure key distribution
encryption
used for authentication and key encryption based on the fact that 2 very large prime numbers can be multiplied easily but can’t be factored easily
RSA
used for digital signatures only, uses a key length that varies from 512 to 1024bits and works with SHA-1.
DSA
used to perform key exchange over an insecure medium and vulnerable to man in the middle attacks.
Diffie-Hellman
secure message format
receiver’s public key encrypts this message format
open message format
sender’s private key encrypts the message
secure and signed format
message is encrypted by the sender’s private key and then again encrypted with the receiver’s public key.
What are 3 cipher types?
block cipher
stream cipher
one-time pad
stream cipher
treats message as a stream of bits
3 goals of message authentication
integrity of data
identify sender
identify uniqueness of data
5 requirements of a strong hash function
input data can be of any length
output or MD value of the data has a fixed length
MD value can be calculated for any input data
function should be collision free by generating a unique MD value for each input data
should support 1 way function. Data can’t be derived from MD value.
7 hash functions
MD2 MD4 MD5 HAVAL SHA-1 SHA-3 RIPEMD-160
MD2
support computers with 8bit processors
pads original message so total length is divisible by 16
16byte checksum is added to padded message
MD4
support computers with 32bit processors
HAVAL
Generates a variable length output with 3 to 5 rounds of operation
MD5
generates a 128bit MD value
supports computers with 32bit processors
SHA-1
helps create digital signatures
generates a 160bit MD value
collision attack
multiple unique inputs generate the same MD value
aliasing attack
restarts the hash algorithm through any input. Easier for the attacker to create an input that would generate the same hash value.
birthday paradox
probability that 2 entities in a group can share a common feature
define MAC - Message authentication code
a secret key added to a message
define HMAC
hash based message authentication code - a secret key added to the message, then hashed.
receiver adds secret key to message, then hashed.
provides data origin authentication but fails to provide data confidentiality
message sent in clear text
CBC-MAC cipher block chaining MAC
message is encrypted. Last block is used as MAC value message send in clear text.
Mitigation methods for MD hashes
digital signatures
shared secret keys
digital signatures provide
integrity
authentication
non-repudiation
X-KISS
XML Key information service specification
outlines the syntax that applications should use to delegate some or all tasks need to process the key information element.
X-KRSS
XML Key registration service specification
defines the protocols needed fro to register public key information
3 characteristics of XML key management specification 2.0
protocol allows interoperability with services required to establish and maintain trust
message share a common format to be carried by SOAP over HTTP
the protocol consists of pairs of requests and responses
Asymmetric key cryptography is used for the following
A. encryption of data, access control, steganography
B. steganography, access control, non-repudication
C. non-repudiation, steganography, encryption of data
D. encryption of data, non-repudiation, access control.
D. encryption of data, non-repudiation, access control.
Which of the following supports asymmetric key cryptography? A. diffie-hellman B. rijndael C. blowfish D. sha-256
A. diffie-hellman
What is an important disadvantage of using a public key algorithm compared to a symmetric algorithm?
A. a symmetric algorithm provides better access control
B. a symmetric algorithm is a faster process.
C. a symmetric algorithm provides non-repudiation of delivery
D. A symmetric algorithm is more difficult to implement.
B. a symmetric algorithm is a faster process.
When a user needs to provide message integrity, what option is best?
A. Send a digital signature of the message to the recipient
B. encrypt the message with a symmetric algorithm and send it
C. encrypt the message with a private key so the recipient can decrypt with the corresponding public key
D. Create a checksum, append it to the message, encrypt the message, send it to the recipient.
D. Create a checksum, append it to the message, encrypt the message, send it to the recipient.
A CA provides which benefits to a user?
A. protection of public keys of all users
B. history of symmetric keys
C. proof of non-repudiation of origin
D. validation that a public key is associated with a particular user.
D. validation that a public key is associated with a particular user.
What is the output length of a RIPEMD-160 hash? A. 160bits B. 150bits C. 128bits D. 104bits
A. 160bits
ANSI X0.17 is concerned primarily with A. protection and secrecy of keys B. financial records and retention of encrypted data C. formalizing a key hierarchy D. the lifespan of key-encrypting keys
A. protection and secrecy of keys
When a certificate is revoked, what is the proper procedure?
A. setting new key expiry dates
B. Updating the certificate revocation list
C. removal of the private key from all directories
D. notification to all employees of revoked keys
B. Updating the certificate revocation list
Which is true about link encryption?
A. link encryption is advised for high-risk environments, provides better traffic flow confidentiality, and encrypts routing information.
B. link encryption is often used for frame relay or satellite links, is advised for high-risk environments and provides better traffic flow confidentiality
C. link encryption encrypts routing information, is often used for frame relay or satellite links, and provides traffic flow confidentiality
D. link encryption provides better traffic flow confidentiality, is advised for high-risk environments and provides better traffic flow confidentiality.
C. link encryption encrypts routing information, is often used for frame relay or satellite links, and provides traffic flow confidentiality
Which is the sequence that controls the operation of the cryptographic algorithm? A. encoder B. decoder wheel C. cryptovariable D. cryptographic routine
C. cryptovariable
The process used in most block ciphers to increase their strength is A. diffusion B. confusion C. step function D. SP-network substitution/permutation
D. SP-network
substitution/permutation
Which of the following best describes fundamental methods of encrypting data? A. substitution and transposition B. 3DES and PGP C. symmetric and asymmetric D. DES and AES
C. symmetric and asymmetric
Cryptography supports all of the core principles of information security except A. availability B. confidentiality C. integrity D. authenticity
D. authenticity
A way to defeat frequency analysis as a method to determine the key is to use A. substitution ciphers B. transposition ciphers C. polyalphabetic ciphers D. inversion ciphers
C. polyalphabetic ciphers
The running key cipher is based on A. modular arithmetic B. XOR mathematics C. factoring D. exponentiation
A. modular arithmetic
They only cipher system said to be unbreakable by brute force is A. AES B. DES C. one-time pad D, 3DES
C. one-time pad
A message protected by steganography would most likely be found in a A. public key B. algorithm C. private key D. picture file
D. picture file
Which is the best choice for implementing encryption on a smart card? A. blowfish B. elliptic curve C. twofish D. quantum
B. elliptic curve
An email with a document attachment from a known individual is received with a digital signature. The email client is unable to validate the signature. What is the best course of action?
A. open the attachment to determine if the signature is valid
B. determine why the signature can’t be validated prior to opening the attachment
C. delete the email
D. forward the email to another address with a new signature.
B. determine why the signature can’t be validated prior to opening the attachment
The vast majority of virtual private networks use A. SSL/TLS and IPSec B. El Gamal and DES C. 3DES and Blowfish D. TwoFish and IDEA
A. SSL/TLS and IPSec
There are several components involved with steganography. Which of the following refers to a file that has hidden information in it? A. Stego-medium B. Concealment cipher C. Carrier D. Payload
C. Carrier
What is stego-medium?
Medium in which information is hidden.
Which of the following correctly describes the relationship between SSL and TLS?
A. TLS is the open community version of SSL
B. SSL can be modified by developers to expand the protocol’s capabilities.
C. TLS is a proprietary protocol, while SSL is an open community protocol.
D. SSL is more extensible and backward compatible with TLS.
A. TLS is the open community version of SSL
Which of the following incorrectly describes steganography?
A. It is a type of security through obscurity
B. Modifying the most significant bit is the most common method used.
C. Steganography does not draw attention to itself like encryption does.
D. Media files are ideal for steganographic transmission because of their large size.
B. Modifying the most significant bit is the most common method used.
Which of the following correctly describes a drawback of symmetric key systems?
A. Computationally less intensive than asymmetric systems
B. Work much more slowly than asymmetric systems
C. Carry out mathematically intensive taks
D. Key must be delivered via secure courier.
D. Key must be delivered via secure courier.
Which of the following occurs in a PKI environment?
A. The RA creates the certificate, and the CA signs it.
B. The CA signs the certificate
C. The RA signs the certificate
D. The user signs the certificate
B. The CA signs the certificate
Encryption can happen at different layers of an operating system and network stack. Where does PPTP encryption take place? A. Data link layer B. Within applications C. Transport layer D. Data link and physical
A. Data link layer
Which of the following best describe the difference between public key cryptography and public key infrastructure?
A. Public key cryptography is the use of an asymmetric algorithm, while public key infrastructure is the use of a symmetric algorithm
B. Public key cryptography is used to create public/private key pairs, and public key infrastructure is used to perform key exchange and agreement
C. Public key cryptography provides authentication and non-repudiation, while public key infrastructure provides confidentiality and integrity
D. Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms
D. Public key cryptography is another name for asymmetric cryptography, while public key infrastructure consists of public key cryptographic mechanisms
Which of the following best describes Key Derivation Functions?
A. Keys are generated from a master key
B. Session keys are generated from each other
C. Asymmetric cryptography is used to encrypt symmetric keys
D. A master key is generated from a session key
A. Keys are generated from a master key
The elliptic curve cryptosystem is an asymmetric algorithm. What sets it apart from other asymmetric algorithms?
A. It provides digital signatures, secure key distribution, and encryption
B. It computes discrete logarithms in a finite field
C. It uses a larger percentage of resources to carry out encryption
D. It is more efficient
D. It is more efficient
If implemented properly, a one-time pad is a perfect encryption scheme. Which of the following incorrectly describes a requirement for implementation?
A. The pad must be securely distributed and protected at its destination.
B. The pad must be made up of truly random values
C. The pad must always be the same length
D. The pad must be used only one time
C. The pad must always be the same length
Sally is responsible for key management within her organization. Which of the following incorrectly describes a principle of secure key management?
A. Keys should be backed up or escrowed in case of emergencies
B. The more a key is used, the shorter its lifetime should be
C. Less secure data allows for a shorter key lifetime
D. Keys should be stored and transmitted by secure means
C. Less secure data allows for a shorter key lifetime
Mandy needs to calculate how many keys must be generated for the 260 employees using the company's PKI asymmetric algorithm. How many keys are required? A. 33,670 B. 520 C. 67,340 D. 260
B. 520
Which of the following works similarly to stream ciphers? A. one-time pad B. AES C. Block D. RSA
A. one-time pad
There are two main types of symmetric ciphers: stream and block. Which of the following is not an attribute of a good stream cipher? A. Statistically unbiased keystream B. Statistically predictable C. Long periods of no repeating patterns D. Keystream not linearly related to key
B. Statistically predictable
Which of the following best describes how a digital signature is created?
A. The sender encrypts a message digest with his private key
B. The sender encrypts a message digest with his public key
C. The receiver encrypts a message with his private key
D. The receiver encrypts a message digest with his public key
A. The sender encrypts a message digest with his private key
In cryptography, different steps and algorithms provide different types of security services. Which of the following provides only authentication, non-repudiation, and integrity?
A. Encryption algorithm
B. Hash algorithm
C. Digital signature
D. Encryption paired with a digital signature
C. Digital signature
What security service does an encryption algorithm provide?
confidentiality
What security service does a hashing algorithm provide?
data integrity
Advanced Encryption Standard is an algorithm used for which of the following? A. Data integrity B. Bulk data encryption C. Key recovery D. Distribution of symmetric keys
B. Bulk data encryption
SSL is a de facto protocol used for securing transactions that occur over untrusted networks. Which of the following best describes what takes place during an SSL connection setup process?
A. The server creates a session key and encrypts it with a public key
B. The server creates a session key and encrypts it with a private key
C. The client creates a session key and encrypts it with a private key
D. The client creates a session key and encrypts it with a public key
D. The client creates a session key and encrypts it with a public key
The CA is responsible for revoking certificates when necessary. Which of the following correctly describes a CRL and OCSP?
A. The CRL was developed as a more streamlined approach to OCSP
B. OCSP is a protocol that submits revoked certificates to the CRL
C. OCSP is a protocol developed specifically to check the CRL during a certificate validation process.
D. CRL carries out real-time validation of a certificate and reports to the OCSP
C. OCSP is a protocol developed specifically to check the CRL during a certificate validation process.
End to end encryption is used by users, and link encryption is used by service providers. Which of the following correctly describes these technologies?
A. Link encryption does not encrypt headers and trailers
B. Link encryption encrypts everything but data link messaging
C. End to end encryption requires headers to be decrypted at each hop
D. End to end encryption encrypts all headers and trailers
B. Link encryption encrypts everything but data link messaging
What is encrypted in end to end encryption?
data payload
What is encrypted in link encryption?
headers, trailers, payload
If Marge uses her private key to create a digital signature on a message she is sending to George, but she does not show or share her private key with George, what is it an example of? A. key clustering B. avoiding a birthday attack C. providing data confidentiality D. zero knowledge proof
D. zero knowledge proof
How do you determine keyspace size?
2 to the key size.
keysize 8 = 2 to the 8th power - 256
What is Kerchkhoff’s principle and why is it relevant?
A. One-time pads should be just as long as the message, otherwise patterns will be shown.
B. A public key needs to be associated with an individual’s identity for true non-repudiation.
C. The only secret portion to a crypto system should be the key so the algorithms can be stronger.
D. More than one alphabet should be used in substitution ciphers to increase the workfactor.
C. The only secret portion to a crypto system should be the key so the algorithms can be stronger.
Which of the following is a requirement for a secure Vernam cipher?
A. The pad must be used just one time
B. A symmetric key must be encrypted with an asymmetric key.
C. The private key must be only known to the owner
D. It needs to hid the existence of a message.
A. The pad must be used just one time
What is another name for a Vernam cipher?
One time pad
Which of the following is not addressed in the Wassenaar arrangment?
A. Symmetric Algorithms
B. Asymmetric algorithms
C. Intangibles that could be downloaded from the internet
D. Products exported to terrorist countries
C. Intangibles that could be downloaded from the internet
Which of the following is a true difference between an asymmetric and symmetric algorithm?
A. Symmetric algorithms are faster because they use substitution and transposition.
B. Asymmetric algorithms are slower because they use substitution and transposition.
C. Asymmetric algorithms are best implemented in hardware and symmetric in software
D. Asymmetric algorithms are more vulnerable to frequency analysis attacks
A. Symmetric algorithms are faster because they use substitution and transposition.
