1.3

Question 1

what is key mgmt about?

Answer 1

generating, verrification, exchange, storage and destruction of keys

Question 2

basic components of key mgmt are:

Answer 2

automated and random keygens, key strength verification, encrypted key storage, secure key exchange, short lifetimes, revoking and destroying keys that have expired or are compromised

Question 3

describe hash algorithm

Answer 3

hash will take info, run math on it and produce a string called a digest

Question 4

what is hash vulnerable to?

Answer 4

it is vulnerable to MITM and has no security with transmitted data

Question 5

what do you have to use that you have security with transmitted data?

Answer 5

HMAC

Question 6

examples for HMAC

Answer 6

md5, sha-2

Question 7

what is the full name for hmac?

Answer 7

hashed message authentication code

Question 8

how is hmac built?

Answer 8

hash + a key that is only known by both parties

Question 9

what does the hash algorithm in general secure? CIA

Answer 9

integrity

Question 10

what does encryption secure? CIA

Answer 10

confidentiality

Question 11

how many keys does a symmetrical encryption use?

Answer 11

one key to encrypt and decrypt

Question 12

examples for symmetrical encryption?

Answer 12

3des and aes

Question 13

what has to be done before any encryption happens?

Answer 13

a secure channel needs to be created before any encryption happens for the key mgmt

Question 14

for what data encryption is a symmetrical encryption useful?

Answer 14

it is useful for bulk data encryption

Question 15

how many keys does the asymmetrical encryption use?

Answer 15

a pair of keys to encrypt and decrypt

Question 16

is the asymmetrical encryption faster or slower than the symmetrical?

Answer 16

slower

Question 17

of what keys consists the asymmetrical encryption?

Answer 17

of a public and a private key

Question 18

examples for asymmetrical encryption

Answer 18

rsa, dh

Question 19

which application use the asymmetrical encryption?

Answer 19

ssh, ike and ssl

Question 20

what three basic security services are digital signatures providing?

Answer 20

it authenticates a source proving that a certain party has seen and signed the data in questions, guarantees that the data has not changed from the time it was signed, proves to a third party that the data exchange did take place

Question 21

which functionality are digital signatures providing?

Answer 21

the same as handwritten signatures

Question 22

where are digital signatures commonly used? and why?

Answer 22

in code signing to verify the integrity (Vollständigkeit) of downloaded files and in digital certificates to verify the identity of an organization or individual

Question 23

what are the basic four properties of digital signatures?

Answer 23

the signatures is authentic (echt), the signature is not forgeable (schmiedbar), the signature is not reusable (wiederverwendbar) and the signer cannot claim later that they did not sign it

Question 24

what are digital certificates used for?

Answer 24

to authenticate and verify that a user sending a message is who they claim to be

Question 25

for what is RSA commonly used?

Answer 25

it is commonly used for generating and verifying digital signatures

Question 26

which framework is used to secure exchange info between parties?

Answer 26

PKI (public key infrastructure)

Question 27

how to authenticate with asymmetric encyrption

Answer 27

the one who sends does it encrypt with the private key and they other one decrypts it with the public key of the one who sent it

Question 28

for what is CA (certificate authority)used for?

Answer 28

it plays the role of the trusted third party and issues certs that show the identity of companies and users, which are used to sign messages to ensure no tampering

Question 29

the different topologies for PKIs

Answer 29

single root, hierarchical and cross certified