Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

xx. Udemy - CISM Domain 3 - Information Security Program Development > Cryptopgraphy > Flashcards

Cryptopgraphy Flashcards

1
Q

Cryptography

Hashing is used for

A

INTEGRITY

  • Does not provide confidentiality or Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cryptography

Hash collision is what

A

Hashing of 2 different sets of data, 2 different types of plaintext provide the same hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cryptography

What is a Hash function

A

VARIABLE LENGTH plaintext (input) is hased into FIXED LENGTH value (output) or Message Digest (MD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Cryptography

MD5 fixed length hash

A

128 bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cryptography

8 Hash functions

A

SHA 1
SHA 2
SHA 3
HAVAL
RIPEMD
RIPEMD160
Salt (Salting)
Nonce

SHA - Secure Hash Algorithm
HAVAL - Hash of Variable Length
RIPEMD developed to ensure no government backdoors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cryptography

HAVAL
Hash Digest length variable lengths

A

128 bits
169 bits
192 bits
224 bits
256 bits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cryptography

Primary function and method of salting

A

Prevent dictionary attacks
Random data used as additional input to one way function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cryptography

Primary function of Nonce

A

Random number issue in authentication protocol to ensure old communications cannot be reused in replay attacks

Nonce - Number Once

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Cryptography

3 types of encryption

A
  1. Asymmetric
  2. Symmetric
  3. Hybrid Encryption

Asymmetric
* Does not need pre shared key. 2 keys per user i.e. 2 users, 4 keys. 10 users, 20 keys
* Slower, weaker per bit
Symmetric
* Faster, stronger per bit
* Needs pre-shared key.. Unmanagable with many users
Hybrid
* Uses Asymmetric encryption to share a symmetric key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Cryptography attacks

Steal the key

A

Recover the private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cryptography attacks

Brute force

A

Use entire key space and every possibly entry

Time consuming
Lots of false positives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Cryptography attacks

Key Stretching

A

Adds 1-2 seconds to password verification

Makes brute forcing unfeasible as time involved is to long

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cryptography attacks

Digraph attack

A

Looks for common pairs of letters
(TH, HE, IN, ER)

Similar to frequency analysis
Determine how often particular letters are used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Cryptography attacks

Man-in-the-middle (MITM)

A

Attack in middle, relays and may alter communication between 2 parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Cryptography attacks

Session Hijacking
(TCP Session hijacking)

A

Attacker takes over web users session ID and masquerades as the authorised user

Session IDs are predictable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Cryptography attacks

Social Engineering

A

Convincing people to give up information by manipulating their trust

Authority
Intimidation
Consensus
Scarcity
Urgency
Familiarity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Cryptography attacks

Social engineering Techniques

A
  1. Authority
  2. Intimidation
  3. Consensus
  4. Scarcity
  5. Urgency
  6. Familiarity

  1. Someone you believe you trust tells you to do something
  2. If you do not do something, then something bad will happen
  3. Following the crowd - everyone else was doing it
  4. Only a few things left available
  5. Do it now or under time constraints
  6. Common ground between you and the attacker to build trust
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Cryptography attacks

Rainbow Table

A

List of plaintext and matching ciphertexts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Cryptography attacks

Known Plaintext

A

Knowing plaintext and cipher text allows you to try and figure out the key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Cryptography attacks

Adaptive Chosen Plaintext

A

Similar to chosen plaintext but attack “adapts” following rounds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Cryptography attacks

Meet in the middle

A

Attacker has to know some parts of the plaintext and ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Cryptography attacks

Known Key

A

Attacker knows “something” about the key

8 characters, first letter has to be a capital
Makes targeting brute force or alternative methods easier

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Cryptography attacks

Differential Cryptananalysis

A

Trying to determine the difference between plaintexts

Tries to find the difference between the related plaintexsts; if the plaintext are only a few bits different, cant we discern anything

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Cryptography attacks

Linear Cryptanalysis

A

Attacker has a lot of plaintext/ciphertext pairs created with the same key

Attacker studies the pairs to learn information to deipher the key used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Cryptography attacks

Differential Linear Cryptanalysis

A

Differential and Linear Cryptanalysis combined

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Cryptography attacks

Side Channel Attack

A

Attackers use physical data to break a crypto system

CPU cycles
pwoer consumption while encrypting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Cryptography attacks

Implementation Attacks

A

Vulnerability left behind from poor or improper implementation

Easier to find a flaw in the system than break cryptography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Cryptography attacks

Key Clustering

A

2 different symmetric keys used to produce same ciphertext

When 2 different symmetric keys used on the same plaintext produce the same ciphertext, both can decrypt ciphertext from the other key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Cryptography attacks

Pass the hash

A

Attacker obtains a hased password and can pass it on to a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Kerberos Exploitation

Overpass the Hash

A

Used when NTLM is disabled

NTLM = New Technology Lan Manager
* Suite of microsoft protocols for authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Kerberos Exploitation

Pass the Ticket

A

Attackets collect tickets held in the Isass.exe process
Inject tickets impersonating the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Kerberos Exploitation

Silver Ticket

A

Uses NTLM hash of a service account to make a TGS ticket

TGS
* Ticket granting service

33
Q

Kerberos Exploitation

Golden Ticket

A

Attacker gains access to the hash of the Kerberos service account and can create any tickets they want within AD

34
Q

Kerberos Exploitation

Kerberos Brute Force

A

Attackers guess password and username as windows reports if a username is invalid

35
Q

Kerberos Exploitation

ASREPRoast

A

Used to identify users who do not have Kerberos Pre-authentication enabled

Attacker sends auth request to KDC
KDC responds with clients encrypted password
Attacker can decrypt offline
KDC
* Key Distribution Center

36
Q

Kerberos Exploitation

Kerberoasting

A

Attacker collects encrypted TGS tickets
Attempts to decrypt them offline

Looking for users that do not have Kerberos pre-authentication enabled

37
Q

Kerberos Exploitation

Fault Injection

A

Attacker trying to compromise the integrity of cryptographic devices by introducing external faults

Active side channel attacks
Putting temperature up causing machine to use more power

38
Q

Symmetric Encryption

Requires a pre-shared key

A

n(n-1) / 2

Formula helps detemine number of keys required

39
Q

Data Encryption Standard: DES

5 different modes

Data Encryption Standard
(DES)

A
  1. Block
  2. Stream
  3. Initialisation Vector
  4. If encryption
40
Q

Symmetric Encryption: DES

Electronic Code Book
(ECB)

Data Encryption Standard
(DES)

A

No initialisation vector or chaining

2 separate encryptions with the same plaintext woudl produce the identical ciphertext

41
Q

Symmetric Encryption: DES

Ciper Block Chaining
(CBC)

Data Encryption Standard
(DES)

A

First block encrytped uses the initialising vector
Subsequent block uses XOR from the first block

If ther is an error in encryption, every encryption there after will have an error

42
Q

Symmetric Encryption: DES

Cipher Feedback
(CFB)

Data Encryption Standard
(DES)

A

Uses stream cipher instead of block ciper like CBC

43
Q

Symmetric Encryption: DES

Output Feedback
(OFB)

Data Encryption Standard
(DES)

A

Use a subkey before XOR’ing process

44
Q

Symmetric Encryption: DES

Counter
(CTR)

Data Encryption Standard
(DES)

A

Uses feedback to apply XOR’ing
i.e. First block XOR’d with 1, second block with 2, third block with 3

45
Q

Symmetric Encryption: DES

Triple DES
(3DES)

Data Encryption Standard
(DES)

A

3 rounds of DES encryption rather than 1
3 key modes

K1 - 3 different keys, 112 bit
K2 - 2 different keys, 80 bit
k3 - same key 3 times

46
Q

Symmetric Encryption: DES

International Data Encryption Algorithm
(IDEA)

Data Encryption Standard
(DES)

A

128 bit, 64 bit block size
Patented and slower than AES

47
Q

Symmetric Encryption: AES

Initial Round

Advanced Encryption Standard
(AES)

A

AddRoundKey
Each byte combined wiht block of the round key using bitwise XOR

Metric, Open Source, Secure

48
Q

Symmetric Encryption: AES

Rounds;
SubBytes

Advanced Encryption Standard
(AES)

A

Non linear substitution step
each byte replaced with another according to lookup table

49
Q

Symmetric Encryption: AES

Rounds;
ShiftRows

Advanced Encryption Standard
(AES)

A

Transposition Step
Last three rows of the state shifted a certain number of steps

50
Q

Symmetric Encryption: AES

Rounds;
MixColumns

Advanced Encryption Standard
(AES)

A

Mixing operation
combines four btes in each column

51
Q

Symmetric Encryption: AES

Number of cycles for;
128 bit key
192 bit key
256 bit key

Advanced Encryption Standard
(AES)

A
  1. 10 cycles
  2. 12 cycles
  3. 14 cycles
52
Q

Symmetric Encryption: Blowfish

Blowfish

A

64 bit block
32 - 448 bit key length
No longer secure

53
Q

Symmetric Encryption: Twofish

Twofish

A

128 bit block
128, 192, 256 bit key length
Secure

54
Q

Symmetric Encryption: Feistel Cipher

Functional operation

A

Splits plaintext block into 2 halves
Process goes through several rounds of XOR’ing
4 bits on right do not change each round

55
Q

Symmetric Encryption: RC4

RC4

A

Used by WEP/WPA/SSL/TLS
40-2048 bit key length
Not Secure

56
Q

Symmetric Encryption: RC5

RC5

A

32, 64, 128 bit block
0-2040 bit key length
Uses Feistel cipher
Secure

57
Q

Symmetric Encryption: RC6

RC5

A

128 bit blocks
128, 192, 256 bit key length
Secure

58
Q

Asymmetric Encryption

2 Keys

A

Public Key
Private Key

Public Key
* Publically available
* Used by others to encrypt messages sent to you
* cipher text cannot be decrypted without the public key
Private Key
* Keep this safe
* Used to decrypt messages sent with your public key

59
Q

Asymmetric Encryption

Confidentiality

A

Keep our secret secret

60
Q

Asymmetric Encryption

Digital Signatures

A

Objective is authentcity and non repudiation

Prove that email or whom signed document came from who we expected it
Person sending a message uses their private key. They are the only person with their private key

61
Q

Asymmetric Encryption

Prime Number Factorization

A

Factoring large prime numbers using one way factorisation

Hard to discern the 2 numbers multupled together to form a result
11095213 = 1373 x 8081
If you just had 11095213 = y X z what is Y and Z

62
Q

Asymmetric Encryption

Discrete Logarithms

A

Add something to the nth power

5 to 12th power = 244140625
Asking the question 244140625 is nth to what power is very hard to reverse engineer

63
Q

Asymmetric Encryption

RSA Cryptography

A

Creates public/private key pair

64
Q

Asymmetric Encryption

Diffie-Hellman
(DH)

A

Securely exchange cryptographi keys over public channel

Earliest asymmetric key

65
Q

Asymmetric Encryption

Elliptic Curve Cryptography
(ECC)

A

One way function
Patented - costs money to use

66
Q

Asymmetric Encryption

EIGamal

A

Based on Diffie-Hellmen key exchange

67
Q

Asymmetric Encryption

Digital Signature Algorithm
(DSA)

A

Key generation has 2 phases

68
Q

Asymmetric Encryption

Knapsack

A

Public key only used for encryption
Private key used only for decryption
not secure

69
Q

Implementing Cryptography

Public Key Infrastructure
(PKI)

A

Asymmetric and Symmetric Encryption
Hashing to manage digital certificates
Private key kept secret

If private key lost, anythng encrypted with the public key is inaccessible
Key Escrow - a 3rd party organisation keeps your keys

70
Q

Implementing Cryptography

Digital Signatures

A

Provides Integrity and non-repudiation

Example in email system
* Person A creates email
* Email hashed
* Hased encrypted using private key
* Emailed sent to person B
* Person B receives email, generates hash and decrypts person A signature with public key

71
Q

Implementing Cryptography

Digital Certificates

A

Public keys signed with digital signatures

Example
* Server based SSL - assigned to and stored on server
* Client based Digital signature - assigned to person and stored on PC

72
Q

Implementing Cryptography

Digital Certificate Certificate Authority
(CA)

A

Issues and revokes certificates

Can be run internally on your own organisation network OR;
Can be public i.e. Verisign, godaddy etc..

73
Q

Implementing Cryptography

Digital Certificate Organisation Registration Authorities
(ORA)

A

Within an orgnaisation
Authenticates certificate holder prior to certificate issuance

74
Q

Implementing Cryptography

Digital Certificate Certification Revocation List
(CRL)

A

Maintained by CA
Certs revoked if private key compromised

75
Q

Implementing Cryptography

Digital Certificate Online Certification Status Protocol
(OCSP)

A

Client/server hybrid
Keeps lists of revoked certificates

76
Q

Implementing Cryptography

Message Authentication Code
(MAC)

A

Provides Integrity and Authentcity
Hash Function (using a key)

77
Q

Implementing Cryptography

Hashed Message Authentication Code
(HMAC)

A

Pre-shared key exchanged
Sender uses XOR

78
Q

Implementing Cryptography

Secure Socket Layer
(SSL)

A

Used for Web Traffic
Currently v3

Good to use in teh past when you wanted to ensure you were delivering secure web services

79
Q

Implementing Cryptography

Transport Layer Security
(TLS)

A

Used for Web Traffic (more secure than SSL)
Used for internet chat and email client acccess

xx. Udemy - CISM Domain 3 - Information Security Program Development (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions