Symmetric Key Algorithms Flashcards
Ch 6 of (ISC)2 CISSP Official Study Guide
1
Q
What function does this stand for ^?
A
The AND operation where both inputs have to be true for a true output value. Only an X and Y of 1 produce and output value of 1.
2
Q
What function does this symbol stand for? v
A
The OR operation. Only one value needs to be TRUE in order to produce a TRUE value.
e.g. 1 +0 = 1 but 0 = 0 = 0
3
Q
What function does this symbol represent? ~
A
The NOT operation. The NOT operation is the opposite of the function so a 1 with the NOT operation applied is 0 and vice versa.
4
Q
What function does this symbol represent? ⊕
A
The exclusive OR operation. If one value OR the other is TRUE then the result is TRUE. 1 + 1= 0 but 1 +0=1
5
Q
What is a NONCE?
A
A random number that acts as a placeholder variable in mathematical functions.
6
Q
Give an example of a NONCE.
A
An IV or initialization vector which is a random bit string that is the same length as the block size and is XORed with the message. They are used to create unique ciphertext everytime the the same message is encrypted using the SAME KEY.
7
Q
What is SPLIT KNOWLEDGE?
A
When information or privelige is split among different users so no one perosn has the ability to compromise the security of an environment.
8
Q
What is a TRANSPOSITION CIPHER?
A
Rearrangement of letters
9
Q
What is a SUBSTITUTION CIPHER?
A
Uses an encryption algorithm to replace the letters of a message
10
Q
What other name is a ONE TIME PAD known as?
A
Vernam Cipher
11
Q
What are the requirements or rules for keeping a ONE TIME PAD secure?
A
- Must be randomly generated.
- Must be physically protected against disclosure
- Can be used only ONCE
- Key must be at least as long as the message
12
Q
What other name is a RUNNING KEY CIPHER known as?
A
A BOOK CIPHER
13
Q
A Transpostion CI{HER is also known as a ________________ Cipher.
A
BLOCK
14
Q
A STREAM CIPHER works on a _____ at a time
A
BIT
15
Q
What causes CONFUSION in Cryptography?
A
When the relationship between the plaintext and the key is so complicated that moving the text around is not enough to decipher it
16
Q
What causes DIFFUSION in Cryptography?
A
When a change in the plain text causes multiple changes in throughout the ciphertext.
17
Q
What are some of the issues with SYMMETRIC KEY Cryptography?
A
- Key Distribution is problematic- must have a secure method to EXCHANGE keys
- Does not provide non-repudiation
- Not SCALABLE
- Keys have to be regenerated often- if a person leaves every key know (exchnaged) must be regenerated
18
Q
How is SYMMETRIC KEY ENCRYPTION accomplished? (How many keys)
A
Each participant has ONE secret key that must be known to both parties. Two keys used.
19
Q
How is ASYMMETRIC KEY encryption accomplished?
A
Using a PUBLIC Key (known to all) and a PRIVATE KEY (Known only to one side).
Person encrypting uses the recipient’s PUBLIC KEY which is decrypted by the PRIVATE KEY of the recipinent.
20
Q
What is the formula to determine the number of SYMMETRIC KEYS required?
A
Number of Keys= n(n-1)/2
21
Q
What are the advantages of ASYMMETRIC KEY encryption?
A
- Addition of new users requies generation of only one public-private key pair
- Key revocation of one key is easy to accomplish
- Provides Repudiation, Authentication and nonrepudiation
- Key distribution simple- public key can be made available to anyone and public key cannot derive the private key
- No pre-existing communications need to exist (such as sharing a secret key as in symmetric key cryptography).
22
Q
Name the modes of DES Symmetric encrption algorithm
A
- Cipher Block Mode (CBC)
- Cipher Feedback Mode (CFM)
- Output Feedback Mode (OFM)
- Counter Mode (CTR)
23
Q
1. How does ECB work
2. Name security flaw(s),
3. What algorith is it part of,?
4. What does ECB stand for?
A
- Encrypts 64 bit blocks withthe same secret key
- Subject to eavesdropping
- DES
- Electronic Codebook
24
Q
1. How does CBC work
2. Name security flaw(s),
3. What algorith is it part of,?
4. What does CBC stand for?
A
- Each block of unencrypted text is XORed with the block of ciphertext immediatley preceding it before its encrypted with DES. CBC also implments a IV amd XORs the first block of the message prodcuing aunique output. IV must be sent to recipient in plaintext,
- If one block is corrupted errors propogate makign decryption impossible
- DES
- Cipher Block Chaining Mode
25
**1. How does CFB work**
**2. Name security flaw(s),**
**3. What algorith is it part of,?**
**4. What does CFB stand for?**
1. Streaming version of CBC. XORs and uses IV. Uses memory buffers the same block size instead of breaking the message into blocks. As buffer becomes full it gets encrypted. Uses real time data (done in the buffer) and uses IV and chaining.
2. Assume that errors propogate?
3. DES
4. Cipher Feedback Mode
26
**1. How does OFB work?**
**2. Name security flaw(s) or advantages,**
**3. What algorith is it part of,?**
**4. What does OFB stand for?**
1. XORs plaintext with a seed value. For first block IV is used to create seed value and then running DES. Future seed values are derived by running DES on previous seed values.
2. No chaining function- errors do not propogate to affect decryption
3. DES
4. Output Feedback Mode
27
**1. How does CBTRwork**
**2. Name security flaw(s),**
**3. What algorith is it part of,?**
**4. What does CTR stand for?**
1. Stream cipher similiar to CFB. Similar to CFB but does not use a seed value, uses a counter that increments for each operation.
2. Uses chaining so may propogate errors?
3. DES
4. Counter Mode
28
Name the versions of TRIPLE DES (3 DES), the number of encryption/decryption operations and keys and the key lengths of each.
1. DES-EEE3, 3 encryption operations, 3 Keys, 168 BIT KEYS
2. DES-EDE3, 2 encryption operations with decryption in the middle, 3 keys, 168 BIT KEYS
3. DES-EEE2, 3 Encryption operations, and 2 Keys, 112 BIT KEYS
4. DES-EDE2, Two encryption operations with a decryption operation in the middle, 112 BIT KEYS
29
1. What is IDEA?,
2. How does it work?
3. What modes is it capable of operating in?
4. What secure e-mail package is based off of IDEA?
1. International Data Encryption Algorithm
2. Operates on 64 bit block of text, begins with a 128 bit key, broken into 52 16 bit subkeys which act on input text with XOR and Modulus operations to produce encrypted/decrypted versions of the input message
3. Same modes as DES: ECB, CBC, CFB, OFB,, CTR
4. PGP- Pretty Good Privacy
30
**1. What is BLOWFISH**
**2. How does it work?**
**3. How many bits does it use?**
**4. What are its advantages?**
1. A symmetric cryptographic alogrithm
2. Works on 64 bit blocks of text
3. Allows variable key lengths from 32 to 448 bits
5. Faster thaIDEA and DES
31
1. **What is Skipjack?**
2. **How does it work?**
3. **What does it support that is unique?**
1. A symmetric encryption algorithm
2. Works on 64 bit-blocks of text. Uses an 80 bit key and supports the four modes of operation of DES (CBC, OFB, ECB, CTR)
3. Supports escrow of encryption keys- NIST and Dept. of Treasury have the keys
32
1. **What is RC5?**
2. **How does i work?**
3. **What are the security implications of the algorithm?**
1. Rivest Cipher 5, a symmetric algorithm
2. It is a variable block cipher 32, 64, or 128 bits and uses key sizes 0-2,040 bits
3. 64 bit key took 4 years to crack a single message
33
1. **What is AES?**
2. **Name the three key sizes and the round of encryption associated with each?**
1. Advanced Encryption Standard/Rijndael (Symmetric Encyption)
2. 128 bit key=10 rounds of encryption
192 bit key= 12 rounds of encryption
256 bit key= 14 rounds of encryption
34
1. **What is TWOFISH?**
2. **How does it work**
3. **What two special techniques does it apply to its encryption??**
## Footnote
1. It's a block AES cipher
2. It operates on 128 bit blocks of data and uses keys up to 256 bits
3. Does *PREWHITENING*- XORing the plaintext witha subkey before first round of encryption, THEN does *POSTWHITENING* which a similar operationn but done aftet the 16 th round of encryption
35
## Footnote
**In regards to SYMMETRIC KEY management, what are three methods to accomplish?**
**1. Offline distribution**- Has to be physically provided
**2. Public Key Encryption**- Used to set up the initial communication link- then the parties switch to Private Key encryption which is faster.
**3. Diffie-Hellman**- use when there is no offline or public key encryption is avilable- random large integers slected and calculatiosn performed- each party uses theri integers to produce a result and exchange to verify they got the same results
36
What are the key lengths of:
**RSA**
**DSA**
**Elliptic Curve**
RSA= 1,024
DSA=1,024
Elliptic Curve=160 bits
37
In Publick Key Cryptography, Bob wants to se nd a message to Sue, what does
he use to encrypt the message and how does Sue Decrypt the message?
Bob uses Sue's Public Key to encrypt the message. Sue uses her
Private Key to decrypt the message.
38
1. **What type of encryption algorithm is RSA?**
2. **What does the system depend on for the strength of its security?**
3. **What will be the largest value?**
1. RSA is a Public Key cryptosystem
2. It depends upon the difficulty of factoring large prime numbers
3. *n* will always be the largest value if the choice is between *p* and *q*
39
1. **What type of algorih is Merkele-Hellman**
2. **What theory did it rely on for its security?**
3. **Is the algorithm considered secure today?**
1. It is an Asmmetric Public Key algorithm
2. Super-increasing sets rtaher than factoring large prime numbers
3. It is no longer considered secure
40
How long are the key lengths for:
**1. RSA**
**2. DSA**
**3. Elliptic curve**
1. RSA= 1,024 bits
2. DSA= 1024 bits
3. Elliptic curve =160 bits
41
1. **What type of algorithm is El Gamal**
2. **What is a major problem with E lGamal?**
3. **What is unique and considered an advantage with El Gamal?**
1. El Gammal is an Assymetric key exchange algorithm like Diffie Hellman
2. It doubles the lenghth of any message it encrypts which creates issue with transmission over narrow bandwitdh communication circuits
3. It was released to the public domain, it was free to use by anyone
42
**1. What is Elliptic Curve?**
**2. What is the Eliiptic Curve equation?**
3**. How many keys in Elliptic Curve are equal to 1024 RSA?**
1. Elliptic Curve is an assymetric public key algotrithm encryption algorithm
2. . y=x3 + ax + b and Q =xp
3. 1024 bit RSA keys are equivalent to 160 bit- Elliptic Curve key.
43
What is a HASH FUNCTION and what is it used for?
1. Hash functions take a message and create a unique output value called a message digest. Message digest by the recipient must match.
2. Hash functions are used for digital signatures for repudiation
44
1. **How long is a HASH functions message digest (normally)?**
2. **What are the FIVE basic requirements for a cryptographic hash?**
1. Most are 128 bits or larger, but can also be derived froma single bit
**2. Five basic requirments of a crypto hash:**
1. The input can be of any length
2. The output has a FIXED length
3. The hash function is ONE WAY
4. Hash function is relatively easy to compute for any input
5. The hash function is collison free
45
**1. What is MD4 and how does it work?**
**2. Is it still secure?**
1. MD4 is a message digest algorithm that makes the message 64 bits smaller than 512 bits. It processes 512 bit blocks with a final output of a 128 bit message digest.
2. It is no longer considered secure- it had a collision problem.
46
**1. What is MD5 and how does it work?**
**2. Is it still secure?**
1. Is is a hash algorithm which produces 512-bit block messages- but it uses four rounds to compute the message length of 128 bits.
2. It is not loger considered secure.
47
What are the HASH value lengths for HAVAL (MD5 variant) and what does it stand for?
1. Hash of Variable Length
2. 128, 160, 192, 224 and 256 buts
48
1. What is HMAC, what does it stand for and what is its hash value length?
1. Hash Message Authenticating Code (HMAC).
2. Its key length is variable
49
**What are the key lengths of:**
**MD2**
**MD4**
**MD%**
Each has a key length of 128 bits.
50
**What is the key length for SHA-1?**
160 bits
51
**What does HASHING to messages provide and how can Privacy be**
**implemented with hashing?**
1. Provides Authentication, integrity and non-repudiation.
For privacy the entire message can be encrypted with the public key.
52
**What is HMAC and what is it used for?**
1. Stands for Hashed Message Authentication Code.
2. It guarantess integrity but does not provide non-repudiation and cna be combined with SHA-3 using a shared secret key (therefore does not provide non-repudiation).
53
**What are the algorithms that are part of the DSS (Digital Signature Standard)?**
1. DSA (Digital Signature algorithm) in FIPS 186-4
2. RSA (Rivest-Shamir- Adelman) ANSI x9.31
3. ECDSA (Elliptic Curve DSA- ANSI x9.62
54
**'What are Schorr and Nyberg-Rueppel?**
Dignature signature algorithms.
55
**What are these terms associated with certificate authorities (CAs)?**
CPV= Certificate path validation
Enrollment= you supply your public key and CA issues a digitally signed certificate
Verification= Using the CAs piblic key to verify a certificate is authenticate
CRL= Certificate revocation list or OCSP= Online Certificate Status Protocol
56
**1. What are the specific disk encryption technologies for Windows?**
**2. What about Mac OS?**
**3. What does OS Vera Crypt support?**
1. BitLocker amd EFS (Encrypting File System)
2. FileVault encryption
3. Linux, Windows, and Mac
57
**What should you do if your require confidentiality**
**with an e-mail?**
You should encrypt the message.
58
**If you need to ensure integrity of an**
**e-mail message what should you do?**
You should digitally sign the message
59
**What should you apply to an e-mail if you need authentication, integrity and/or non-repudiation?**
You should digitally sign the message.
60
**What should you apply to an e-mail if your message requires authentication, integrity, non-repudiation and confidentiality?**
You should **_encrypt and digitally sign_** your message.
61
**What is PGP and what are some of the commercial versions used for?**
PGP is Pretty Goof Privacy and is an e-mail encryption algorithm. The commercial version provides the following:
1. RSA for KeyExchange
2. IDEA for encryptio/decryptio
3. MD5 for message digest
62
**What types of encryption does the Freeware version of PGP use for encryption and for key management?**
1. Cast for encryption/decryption
2. Diffie-Hellman for key exchange
63
**What does S/MIME stand for and what encryption**
**algorithm does S/MIME use?**
1. Secure Muliti-Purpose Mail Extension
2. RSA
64
**What is Link Encryption?**
It is encryption that encrypts traffic entering the tunnel on one end and decrypts it on the other end. This ensures communications are secure between to distinct points.
65
What is end to end encryption?
Protect communicatiosn between two parties (e.g. user and server). This portects from monitoring on an encrypted side or traffic sent over an unencrypted link.
66
**What are the differences between Link Encryption and**
**End to End encryption?**
**Link encryption** includes the data, the header, trailer, address and routing data, whihc means it must be decrypted and reencrypted from hop to hop.
**End to end encryption** only encrypts only the data, so it moves faster during transmissions.
67
**What are the two main components of IPSEC?**
1. The AH (Authenication Header) which provides message integrity and non-repudiation, authentication, access control and prevents replay attacks.
2. ESP (Encapsulating Security Payload) provides confidentiality and integrity of packet contents only, provides encryption and limited authentication, prevents replay attacks.
68
**What are the two function modes of IPSEC?**
1. Transport Mode- only packet and payload protected, used for peer to perr
2. Tunnel Mode- entire packet inlcuidng the header is encrypted. For gateway to gateway communications.
69
**What protocl is IPSEC often paired with?**
L2TP- Layer 2 Tunneling Protocol
70
1. **What is used to set up an IPSEC session?**
2. **How many sessions do you need for bi-directional communication?**
3. **How many sessions do you need if you set up bi-directional with AH and ESP?**
1. A Security Association (SA)
2. If you want to set up biderectional comm. you need two SAs.
3. If you want to set up bidirectionla using AH and ESP you need 4 SA's.
71
1. **What is WEP?**
2. **How many bits is it?**
3. **What networkign standard is it described in?**
4. **Is it secure?**
1. Wireless Encryption Protocol
2. 64 and 128 bits
3. IEEE 802.11
4. No it was replaced by WPA
72
1. **What is WPA2?**
2. **How was it improved over WEP?**
3. **What wireless security standard is it used in?**
1. Wifi Protected Access
2. Temporal Key Integrity Protocol (TKIP) and AES encryption
3. 802.1X, must use a *supplicant*
73
What is an **analytic attack**?
1. A cryptographic attack where algabraic manipulation is done to reduce the complexity of the algorithm (attack on logic)
74
**What is an implementation attack?**
It's an attack that exploits the weakness in the implementation of the cryptosystem, exploit of software code, focus on methodology of the code
75
**What is a statistical attack?**
An attack on a crypto system that attempts to exploit statistical weakness such as floating-point errors and inability to produce truly random numbers, looks for vulnerability in the hardware and OS *hosting* the application.
76
What is a Rainbow table?
1. A table of pre-computed values for cryptographic hashes
fpr passwords stored in hash form, Used for password cracking.
77
1. **What is a SALT?**
2. **What can it be combined with to make it more effective?**
3. **What are some hashing functions?**
1. It is a random value added to the end of a password before the OS hashes the password
2. Key Stretching
3. **PBKDF2**, **bcrypt** and **scrypt**
78
**How do the following crypto attacks work:**
1. **Known plaintext**
2. **Chosen ciphetext**
3. **Chosen Plain text**
1. Using an encrypted copy of the message and the plaintext
2. Having the ability to decrypt a portion of the cipher text message and use the decrypted portion to discover the key
3. Can encrypt chosen plaintext, then anlayze the output of the ciphertext
79
**How does the following crypto attack work:**
**Meet in the Middle**
Used for TWO round encryption. Takes known plaintext, encrypt using every possible key (k1), equivalent ciphertext decrypted using all possible keys (k2). When a match is found k1 and k2 represent both portions of the double encryption.
80
**How does the Birthday attack work**
**and what is it also known as?**
## Footnote
Seeks to find flaws in the one to one nature of hashing. Works by substitution of a digitally signed message with the same message digest thereby maintaining the validity of the original digital signature.
The birthday attack is also known as the collison attack and reverse hashing
81
**What is a replay attack?**
Interecept encrypted messages between two parties (most likely request for authentication), then replays the captured session to open a new session. Can be defeated by time stamps or expiration periods.
