Encryption Flashcards
Does TLS use symmetric or asymmetric encryption?
Both. Have them talk through how each are used. The key (sorry) is that they understand the initial exchange is done using asymmetric and that bulk data encryption requires speed and therefore symmetric algorithms.
What’s the difference between symmetric and
public-key cryptography?
Standard stuff here: make sure they know that symmetric uses a single key while public-key uses two.
In public-key cryptography you have a public and a private key,
and you often perform both encryption and signing functions.
Which key is used for which function?
You encrypt with the other person’s public key, and you sign with your own private. If they confuse the two, don’t put them in charge of your PKI project.
Describe the process of a TLS session being set up
when someone visits a secure website.
Look for the standard responses, with the client sending helo with ciphers, server responding with a public key and picking a cipher, agreement on a shared key, etc. But then dive deeper into the questions below.
If someone steals the server’s private key can they
decrypt all previous content sent to that server?
We’re looking for conversations about Perfect Secrecy here, threats to encrypted data, etc.
What are some common ways that TLS is attacked,
and/or what are some ways it’s been attacked in the past?
Look for a conversation about weak ciphers, vulnerabilities like Heartbleed, BEAST, etc. It’s not necessarily crucial that they remember every themed vulnerability and the exact specifics, but they should know what the issue was, why it was a problem, and what the fix was.
Cryptographically speaking, what is the main
method of building a shared secret over a public medium?
Diffie-Hellman. And if they get that right you can follow-up with the next one.
What’s the difference between Diffie-Hellman and RSA?
Diffie-Hellman is a key-exchange protocol, and RSA is an encryption/signing protocol. If they get that far, make sure they can elaborate on the actual difference, which is that one requires you to have key material beforehand (RSA), while the other does not (DH). Blank stares are undesirable.
What kind of attack is a standard Diffie-Hellman exchange vulnerable to?
Man-in-the-middle, as neither side is authenticated.
What is Forward Secrecy?
Forward Secrecy is a system that uses ephemeral session keys to do the actual encryption of TLS data so that even if the server’s private key were to be compromised, an attacker could not use it to decrypt captured data that had been sent to that server in the past.
What’s the difference between encoding, encryption, and hashing?
Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.
What is an IV used for in encryption?
An IV is used to initiate encryption by providing an addition (third) input in addition to the cleartext and the key. In general you want IVs that are random and unpredictable, which are used only once for each message. The goal is to ensure that two messages encrypted with the same key do not result in the same ciphertext.
What is an IV used for in encryption?
An IV is used to initiate encryption by providing an addition (third) input in addition to the cleartext and the key. In general you want IVs that are random and unpredictable, which are used only once for each message. The goal is to ensure that two messages encrypted with the same key do not result in the same ciphertext.
What are block and stream ciphers?
What are the differences, and when would you use one vs. the other?
Block-based encryption algorithms work on a block of cleartext at a time, and are best used for situations where you know how large the message will be, e.g., for a file. Stream ciphers work on single units of cleartext, such as a bit or a byte, and they’re best used when you’re not sure how long the message will be.
What are some examples of symmetric encryption algorithms?
DES, RCx, Blowfish, Rijndael (AES)
