Cryptography

Question 1

IPsec SA

Answer 1

Security assocation: simplex connection used to negotiate ESP or AH

Question 2

difference between hashing and encrypting?

Answer 2

Hash is a one way function; Encryption assumes someone will decrypt

Question 2

substitution

Answer 2

replaces one character for another (providing confusion)

Question 3

modular math

Answer 3

26 letters in alphabet. Therefore, Y + C = B - or - 25 + 3 = 28 or 26 remainder 2 and 2 = B

Question 3

scytale

Answer 3

parchment wrapped around a rod, written on, then unwrapped

Question 3

triple DES

Answer 3

applies single DES three times per block; slow and complex

Question 4

RC5

Answer 4

symmetric, 0 to 2040 bit key, 32, 64, 128 bit blocks

Question 5

linear cryptanalysis

Answer 5

plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key

Question 5

IPsec

Answer 5

Internet protocol security: suite of protocols that provide a cryptographic layer to both IPv4 and IPv6; used to establish VPNs; overly complex with multiple overlapping parts

Question 6

ECC

Answer 6

elliptic curve cryptography: leverages one-way function that uses discrete logarithms as applied to elliptic curves; strong; less computational resources; used in low power devices

Question 6

AH

Answer 6

authentication header: provides authentication and integrity (no confidentiality); protects against replay attacks

Question 7

CFB

Answer 7

cipher feedback: stream cipher; like CBC only is a stream mode using feedback (chaining in stream mode); uses initialization vector; errors propogate

Question 7

differential cryptanalysis

Answer 7

seeks to find the difference between related plaintexts that are encrypted

Question 7

escrowed encryption

Answer 7

thrid-party organization holds a copy of the public/private key pari

Question 8

permutation

Answer 8

aka transposition; provides diffusion by rearrnagin the characters of the plaintest, anagram-style

Question 8

known plaintext

Answer 8

knowing the plaintext and cipher text allows you to figure out the key

Question 8

key escrow

Answer 8

a copy is retained by a third-pary org, often for the purposes of law enforcement

Question 9

ciphertext

Answer 9

encrypted message

Question 9

Single DES

Answer 9

encrypts 64 bits blocks of data with 56 bit key using 16 rounds of encryption

Question 10

HAVAL

Answer 10

hash of variable length: hash algorithm that craets message digests of 128, 160, 192, 224, 256 bit in length using 3,4, or 5 rounds

Question 10

CA

Answer 10

certifiate authorities: issues digital certificates

Question 11

rainbow tables

Answer 11

precomputed compliation of plaintexta dn matching ciphertexts; greatly speed up many tpes of password cracks

Question 12

5 modes of DES

Answer 12

1. ECB (Electronic Code book) 2. CBC (cipher block chaining) 3. CFB (Cipher feedback) 4. OFB (output feedback) 5. CTR (counter mode)

Question 14

polyalphabetic cipher

Answer 14

uses multiple alphabets

Question 15

S/MIME

Answer 15

secure Multipurpose Internet mail extensions: provides a standard way to formal e-mail (leverageing PKI)

Question 16

factoring

Answer 16

figuring out which two prime numbers multiplied provides an answer

Question 16

collisions

Answer 16

when two documents hash to the same value

Question 17

key clustering

Answer 17

occurs when two symmetric keys applied to the same plaintext produce the same ciphertext

Question 18

algorithm

Answer 18

set of instructions

Question 21

monoalphabetic cipher

Answer 21

uses one alphabet

Question 21

CTR

Answer 21

Counter: like OFB; stream cipher; uses a counteruses initialization vector; errors don't propogate

Question 22

secure hash algorithm

Answer 22

a series of hash algorithms; weak collision avoidance

Question 23

IDEA

Answer 23

international data encryption algorithm: symmetric block cipher designed to replace DES; 128 bit key, 64 bit block; slow

Question 24

CBC

Answer 24

cipher block chaining: block cipher; XORs previous encrypted block of ciphertext to next block of plaintext;uses initialization vector; errors propogate

Question 24

HMAC

Answer 24

hashed Message Authentication Code: combines a shared secret key with hashing; IPsec uses HMAC; two partices must pre-share secret key

Question 25

blowfish

Answer 25

symmetric, 32 to 448 bit keys; 64 bit block; open algorithm

Question 26

Diffie-Hellman

Answer 26

asymmetric pioneers; uses discrete logarithms to provide security, uses one-way factoring

Question 27

steganography

Answer 27

science of hidden communication; hides info inside of other files such as images

Question 28

cryptology

Answer 28

science of secure communications; encompasses both cryptography and cryptanalysis

Question 29

SSL

Answer 29

secure sockets layer: brings power of PKI to the web

Question 30

social engineering

Answer 30

it is what it is

Question 31

twofish

Answer 31

symmetric, 128 to 256 bit key, 128 bit block

Question 32

IPSec protocols

Answer 32

AH and ESP

Question 33

key storage

Answer 33

organization that issued the publi/private key pairs retains a copy

Question 34

PGP

Answer 34

pretty good privacy: brought asymmetric encryption to the masses; uses a web of trust model to authenticate digital certificates

Question 36

OFB

Answer 36

output feedback: stream cipher; uses the previous ciphertxt as the subkey before it is XORd; uses initialization vector; errors don't propogate

Question 37

COCOM

Answer 37

coordinating committee for multilateral expert controls: in effect from '47 to '94

Question 38

PKI

Answer 38

public key infrastructure: leverages all three forms of encryption to provide and manage digital certificates

Question 40

hash function

Answer 40

one-way encryuption using an algorithm and no key; no way to reverse the encryption

Question 41

work factor

Answer 41

describes how long it will take to break a cryptosystem

Question 42

vigenere cipher

Answer 42

polyalphabetic cipher

Question 43

one-way function

Answer 43

math that is easy one way, but hard another. Ie 7 to the 13th power is easy to figure. 96,889,010,407 is 7 to what power is much, much harder

Question 45

purple

Answer 45

stepping-switch device built with phone sitch hardware; later models were red and jade

Question 47

chaining

Answer 47

seeds previous encrypted block into th enext block to be encrypted; destroys patterns in ciphertext

Question 48

Wassenaar Arrengement

Answer 48

successor to COCOM; initiated in 1996; relaxed many restrictions on exporting cryptography

Question 49

diffusion

Answer 49

order of the plaintext should be diffused or dispersed in the ciphertext

Question 50

ORA

Answer 50

organizational registration authorities: authenticate the ID of a certificate holder before issuing a certificate to them

Question 51

clipper chip

Answer 51

used skipjack algorithm; symmetrick cipher with 80 bit key; used in EES

Question 53

symmetric encryption

Answer 53

Encryption that uses 1 key to encrypt and decrypt; aka "secret" key encryption; strengths include speed and cryptographic strength per bit of key

Question 54

DES

Answer 54

data encryption standard: describes data encryption algortihm; federal standard symmetric cipher; 64 bit block, 56 bit key

Question 56

plaintext

Answer 56

unencrypted message

Question 57

Jefferson disks

Answer 57

sort of an early cipher disk, but not really used much

Question 58

side-channel

Answer 58

use physical data to break a cryptosystem

Question 59

ISAKMP

Answer 59

manages the SA creation process

Question 60

AES

Answer 60

advanced encryption standard: 128 bit, 192 bit, 256 bit keys, 128 bit blocks; open algorithm, free to use

Question 61

RC6

Answer 61

symmetric 128, 192, 256 bit key, 128 bit blocks

Question 62

cipher disk

Answer 62

two concentric disks each with alphabet around perimeter; allows mono and poly alphabetic encryption

Question 63

ElGamal

Answer 63

asymmetric algorithm using one way factoring

Question 64

protocol governance

Answer 64

describes the process of selecting the right mothod (cipher) and implementation for the right job

Question 65

birthday attack

Answer 65

used to create hash collisions

Question 66

IKE

Answer 66

Internet Key exchange: negotiates the algorithm selection process for Ipsec

Question 68

ECB

Answer 68

electronic code book: block cipher; simplest and weakest form of DES; no initialization vector or chaining; errors don't propogate

Question 69

SPI

Answer 69

security parameter Index: identifies each simplex SA connection

Question 71

three types of modern encryption

Answer 71

symmetric, asymmetric, hashing

Question 72

codebooks

Answer 72

assign codewords for important things

Question 73

assymmetric encryption

Answer 73

encryption that uses 2 keys; if you encrypt with one, you may decrypt with the other

Question 74

TLS

Answer 74

transport layer security: successor to SSL

Question 76

confusion

Answer 76

relationship between the plaintext and ciphertext should be as confused or reandom as possible

Question 76

MAC

Answer 76

message authentication code: hash function that uses a key; provides integrity and authenticity

Question 78

5 components of PKI

Answer 78

1. Certification authorities issue/revoke certs 2. Organization registration authorities vouch for binding between public keys and cert holder ID 3. cert holders that are issues certs and can sign digital docs 4. clietns that validate digital signatures and their cert paths from a know public key 5. repositories that store and make availabe certs and cert revocation lists

Question 79

caesar cipher

Answer 79

simple rotation cipher

Question 80

cryptanalysis

Answer 80

science of breaking encrypted messages (recovering their meaning)

Question 81

book cipher

Answer 81

uses whole words from a well-known bok such as a dictionary; agree on page, line, word offset and source

Question 83

cryptography

Answer 83

creates messages whoe meaning is hidden; can provide confidentiality and intregrity; can also provide authentication and non-repudiation

Question 84

MD5

Answer 84

message Digest 5: 128 bit hash based on any input length

Question 85

digital signatures

Answer 85

provide non-repudiation

Question 86

brute force

Answer 86

generates the entire keyspace; effective attack against all key-based ciphers except one-time pad; only provably unbreakable form of crypto

Question 87

known key

Answer 87

means the cryptanalyst knows something about the key, not cecessarily knows the key

Question 88

implmentation attacks

Answer 88

exploit a mistake made while implementation a service, application, or system

Question 90

CRL

Answer 90

certificate revocation list: list of certificates that have been revoked

Question 91

ESP

Answer 91

encapsulating security payload: provides confidentiality by encypting packet data; may also provide authentication and integrity

Question 92

XOR

Answer 92

exclusive Or: two bits are are the same, answer is true; if two bits are different, answer is false

Question 93

meet-in-the-middle

Answer 93

encrypts on one side, decrypts on the other and meets in the middle