Cryptography

Question 1

What is a hash? What is the goal of hashing?

Answer 1

A number derived from performing a calculation on data (i.e. file). Creates a fixed-size string of bits/hexadecimal characters that cannot be reversed.
Hashing verifies data integrity.

Question 2

What is encryption? What are the 2 different types of encryption?

Answer 2

Scrambling/ciphering data to make it unreadable if an attacker intercepts it. Will typically include an algorithm and a key.
Symmetric: same key encrypts+decrypts data.
Asymmetric: Uses a public+private key pair. What one key encrypts, the matching key decrypts.

Question 3

Message Digest 5 (MD5)

Answer 3

Produces a 128-bit hash of data (32 hex characters). Been in use since 1992, no longer considered secure today.

Question 4

Secure Hash Algorithm (SHA)

Answer 4

A hashing algorithm that is grouped into 4 families:
SHA-0: not used
SHA-1: creates a 160-bit hash
SHA-2: includes 4 versions: SHA-256, SHA-512, SHA-224, and SHA-512
SHA-3: alternative to SHA-2

Question 5

Hash-Based Message Authentication Code (HMAC)

Answer 5

Combines a hashing algorithm with a shared secret (i.e. HMAC-MD5). Provides both integrity and authenticity

Question 6

RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

Answer 6

Another hashing algorithm used for integrity, but not as common as others.

Question 7

Bcrypt

Answer 7

A key-stretching technique used mainly in Linux and UNIX distributions, protects passwords stored in the shadow password file. Salts the password (adding extra bits) before encrypting with Blowfish.

Question 8

Password Based Key Derivation Function 2 (PBKDF2)

Answer 8

A key stretching technique that uses 64-bit salts and a pseudo-random function (i.e. HMAC) for password protection. Used by algorithms such as WPA2, Cisco OS, etc.

Question 9

Initialization Vector (IV)

Answer 9

Provides a starting value for a cryptographic algorithm, either a fixed-sized random or pseudo-random number

Question 10

XOR

Answer 10

A logical operation that compares 2 inputs. If the inputs are the same, it outputs a 1 (true). If not, it outputs a 0 (false).

Question 11

What is the difference between a block cipher and a stream cipher?

Answer 11

Block Cipher encrypts data into specific-sized blocks, while a stream cipher encrypts as a stream of bits/bytes rather than fixed-size blocks.

Question 12

Cipher Block Chaining (CBC)

Answer 12

Cipher mode that uses an IV for randomization when encrypting the 1st block, then combines each subsequent block with the previous one via XOR operation. Can sometimes suffer from pipeline delays.

Question 13

Counter (CTM) Mode

Answer 13

Cipher mode that converts a block cipher into a stream cipher. Combines an IV with a counter and uses the result to encrypt each plaintext block. IV remains the same, but CTM combines it with the counter value, resulting in a different encryption key each time.

Question 14

Galois Counter Mode (GCM)

Answer 14

Cipher mode that combines the counter mode of operation with Galois mode of authentication. Provides data authenticity (integrity) and confidentiality.

Question 15

Substitution Cipher

Answer 15

Replaces plaintext with ciphertext using a fixed system (example: ROT13)

Question 16

Advanced Encryption Standard (AES)

Answer 16

Symmetric block cipher that encrypts data in 128-bit blocks. Can use key sizes of 128 bits (AES-128), 192 bits (AES-192) or 256 bits (AES-256). Algorithm of choice for many applications due to its speed, strength, and efficiency.

Question 17

DES/3DES

Answer 17

DES is a symmetric block cipher that encrypts data in 64-bit blocks, but uses a key size of only 56 bits, can be cracked via brute force attack.
3DES is similar, but encrypts data in 3 separate passes. More resource-intensive than AES, but is still a suitable alternative if necessary.

Question 18

RC4 (Rivest Cipher 4)

Answer 18

Symmetric stream cipher that was the encryption mechanism of choice for SSL/TLS. Speculated that RC4 can be cracked, so it is recommended to be disabled and use AES instead.

Question 19

Blowfish

Answer 19

Symmetric block cipher that encrypts data in 64-bit blocks and supports key sizes between 32 and 448 bits. Can be faster than AES in some instances.

Question 20

Twofish

Answer 20

Symmetric block cipher. Similar to Blowfish, but encrypts data in 128-bit blocks and supports key sizes of 128, 192, or 256 bits.

Question 21

Certificate (in context of cryptography)

Answer 21

A digital document that will typically include the public key and information on the certificate’s owner. Issued and managed by a Certificate Authority (CA). Also used for authentication and digital certificates.

Question 22

What elements are generally included within a certificate?

Answer 22

Serial number, issuer, validity dates, subject, public key, usage.

Question 23

RSA

Answer 23

Asymmetric encryption method that uses the mathematical properties of prime numbers to generate secure public and private keys. Current recommended key size is 2,048 bits until 2030.

Question 24

What is the difference between a static key and ephemeral key?

Answer 24

Static key is semipermanent and remains the same over a long period of time. Ephemeral key has a very short lifespan, is re-created for each session.

Question 25

Perfect Forward Secrecy

Answer 25

Indicates that a cryptographic system will generate random public keys for each session and will not use a deterministic algorithm to do so.
Given the same input, a different public key will be generated.

Question 26

Elliptic Curve Cryptography (ECC)

Answer 26

Requires less processing power than other cryptographic methods, and is therefore considered with smaller wireless devices and other lower-power devices.

Question 27

Diffie-Hellman (DH)

Answer 27

A key exchange algorithm used to privately share a symmetric key between 2 parties. Supports static and ephemeral keys (static is based on RSA)
Diffie-hellman ephemeral (DHE) uses ephemeral keys
Elliptic curve Diffie-Hellman (ECDH) also uses ephemeral keys, but via ECC

Question 28

Steganography

Answer 28

The practice of hiding data within a file.

Can hide messages within the “white space” of a jpeg or gif file, or hide data by manipulating bits in a file.

Question 29

What are the 3 security benefits of a digital signature?

Answer 29

Integrity, authentication, and non-repudiation.

Question 30

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Answer 30

Popular standard used to digitally sign+encrypt email. Uses RSA for asymmetric encryption and AES for symmetric encryption.

Question 31

Pretty Good Privacy (PGP)

Answer 31

A method for securing email communication that can encrypt, decrypt, and digitally sign email.

Question 32

What is a cipher suite?

Answer 32

A combination of cryptographic algorithms that provides several layers of security for SSL/TLS. Provides Encryption, authentication, and integrity. Over 200 names cipher suites, identified as a string of hex characters.