Unit 3 4 Flashcards
The analysis of cryptography algorithms is called cryptanalysis. What is a goal of cryptanalysis?
To generate random numbers
To calculate the entropy of a message
To recover the plaintext of an encrypted message without having the key
To determine the encoding of a message
To recover the plaintext of an encrypted message without having the key
After applying an encryption algorithm to a message as input, what is the right term to refer to the output?
Cleartext
Ciphertext
Encryption key
Plaintext
Ciphertext
What does cryptanalysis attempt to discover?
1 / 1 point
Encryption key
Entropy
Randomness
Encoding
Encryption key
One-time pad (OTP) is perfectly secure as long as certain constraints are met. What are these constraints?
1 / 1 point
Keys must not contain English letters. The same key may not be used too many times. Keys must be re-generated periodically.
Keys must be random enough. Keys must be long enough. Keys can only be used once and should never be reused.
Keys must be complicated enough. Keys must be long enough. Keys must be re-generated periodically.
Keys must be random enough. Keys may be reused. Keys must be re-generated periodically.
Keys must be random enough. Keys must be long enough. Keys can only be used once and should never be reused.
Question 4
If a cryptographic algorithm is computationally secure, what can we conclude about the algorithm?
1 / 1 point
A computationally secure crypto algorithm cannot be broken with the current computer technology within a reasonable period of time. The expense of breaking it will exceed the value of the information protected by the crypto algorithm.
The time required to brute force a password for a message that is encrypted by this cryptographic algorithm is over 25 years on a powerful server.
This cryptographic algorithm provides authentication. No one will be able to decrypt the ciphertext unless he or she is the legitimate owner of the message and has the key.
The key cannot be brute forced by attackers.
A computationally secure crypto algorithm cannot be broken with the current computer technology within a reasonable period of time. The expense of breaking it will exceed the value of the information protected by the crypto algorithm.
A one-way hash function takes a variable-length input string and generates an output string. What does this output string look like?
1 / 1 point
A fixed-length string
A random-sized string
A zero-length string
A variable-length string whose length is determined by the nature of the input string
A fixed-length string
Given an encryption algorithm over the integer domain enc(plain, key) = plain - key with key being 20, please encrypt integer 100. What is the encryption result?
1 / 1 point
An integer, 80
An integer, 10020
An integer, 0xe0
A string, “10020”
An integer, 80
In the context of secure public-key cryptosystems where a public key and a private key are used for encryption and decryption, which statement about calculating keys is most accurate?
1 / 1 point
Calculating one key from the other key is impossible.
Calculating one key is easy when the other key is known.
Calculating the public key from a private key is easy, but calculating the private key from a public key is difficult.
Calculating the private key from a public key is possible, but calculating the public key from a private key is difficult.
Calculating one key from the other key is impossible.
In secure asymmetric cryptosystems (or public-key crypto systems) with a private key and a public key, how is the encryption performed?
The encryption is performed using a private key.
The encryption is performed using two public keys but not the private key.
The encryption is performed using two private keys but not the public key.
The encryption is performed using both a private key and a public key.
The encryption is performed using a private key.
Which statement regarding the security of specific hashing algorithms is most accurate?
1 / 1 point
MD4 is vulnerable to collision attacks and is no longer secure.
SHA1 is widely used and is still considered secure.
MD5 is widely used and is still considered secure.
SHA256 is vulnerable to collision attacks and is no longer secure.
MD4 is vulnerable to collision attacks and is no longer secure.
The predictability of random number sequences generated by a pseudo random number generator (PRNG) is related to its seed. Which seed is the most secure?
1 / 1 point
The output of another secure random number generator (e.g., byte sequences from /dev/random on Linux, or CryptGenRandom() on Windows)
An integer that is hard-coded in the program (e.g., 0xc0decafe)
The current time converted to an epoch timestamp (also known as Unix time, which is seconds passed since 00:00:00 UTC on Jan. 1st 1970)
A string that is hard-coded in the program (e.g., 0x61616161, converted from string “aaaa”)
The output of another secure random number generator (e.g., byte sequences from /dev/random on Linux, or CryptGenRandom() on Windows)
When a secure public-key crypto system is in use, which attack is impossible?
Power side-channel attacks
Brute forcing the private key
Timing side-channel attacks
Deriving the private key from a public key (e.g., factorizing N for RSA and recovering p and q)
Brute forcing the private key
Which action is GnuPG incapable of doing?
Performing encryption
Signing documents
Sniffing network traffic
Performing decryption
Sniffing network traffic
Address Resolution Protocol (ARP) is a protocol used on Local Area Networks (LAN). What does it do?
ARP maps IP addresses to MAC addresses.
ARP maps domain names to IP addresses.
ARP maps machines to machines.
ARP maps services to ports.
ARP maps IP addresses to MAC addresses.
Tcpdump is a tool for capturing traffic. Consider this command line:
tcpdump -i any -w dump.pcap
What do -i and -w mean in this command line?
1 / 1 point
- i means specifying a network interface; -w means filtering expressions
- i means specifying an interval of seconds between capturing; -w means filtering expressions
- i means specifying a network interface; -w means writing captured traffic to a file
- i means specifying an interval of seconds between capturing; -w means writing captured traffic to a file
-i means specifying a network interface; -w means writing captured traffic to a file