3.1 Encryption

Question 1

What is cryptography?

Answer 1

The use of mathematical algorithms to transform information into an encrypted form that is not readable by unauthorized individuals.

Question 2

What two basic operations do cryptography depend upon?

Answer 2

Encryption and decryption.

Question 3

What does encryption essentially do?

Answer 3

Converts information from plaintext into ciphertext.

Question 4

What does decryption do?

Answer 4

Converts ciphertext messages back into their plaintext form.

Question 5

What do algorithms serve as in cryptography?

Answer 5

Mathematical recipes.

Question 6

What are the two inputs required by encryption algorithms?

What’s the output produced by them?

Answer 6

Inputs:

1. The Plaintext Message (P)
2. The Encryption Key (K)

Output: The Encrypted Ciphertext (C)

Question 7

What are the two inputs required by description algorithms?

What’s the output produced by them?

Answer 7

Inputs:

1. The Ciphertext (C)
2. The Decryption Key (K)

Output: The Plaintext Message (P)

Question 8

What are the two major categories of encryption algorithms?

Answer 8

1. Symmetric

2. Asymmetric

Question 9

What’s the key characteristic of symmetric encryption?

Answer 9

Encryption and decryption use the same secret key.

Question 10

What’s the key characteristic of asymmetric encryption?

Answer 10

Encryption and decryption use different keys from the same pair.

Question 11

How many keys do asymmetric cryptography use, and what are they called?

Answer 11

2 Keys:
The Public Key – freely distributed to communication partners.
The Private Key – kept secret.

Question 12

What must the relationship of the keys be in asymmetric cryptography?

Answer 12

They must be from the same pair.

Question 13

How does asymmetric cryptography work?

Answer 13

Anything encrypted with one key from a pair can be decrypted with the other key from the same pair.

Question 14

Which one is faster? Symmetric or asymmetric cryptography?

Answer 14

Symmetric cryptography.

Question 15

What’s more suitable for large organizations, symmetric or asymmetric cryptography?

Answer 15

Asymmetric cryptography.

In asymmetric cryptography, each user needs only 2 keys, whereas in symmetric cryptography each user needs a key for each of the other users.

Question 16

What are the five goals of cryptography?

Answer 16

1. Confidentiality – No unauthorized access.
2. Integrity – No unauthorized modification.
3. Authentication – Proof of identity claims.
4. Obfuscation – Hiding sensitive data.
5. Non-Repudiation – Verification of origin.

Question 17

When cryptography is used to protect the confidentiality of information, what are the three states of data that must be considered?

Answer 17

1. Data at Rest
2. Data in Transit
3. Data in Use

Question 18

What is data at rest?

Answer 18

Data that is stored on a hard drive or other storage.

Question 19

What is data in transit?

Answer 19

Data that are being transmitted over a network connection.

Question 20

What is data in use?

Answer 20

Data that are being actively processed in memory.

Question 21

What technology do we use to achieve non-repudiation?

Answer 21

Digital signatures.

Question 22

Which one of the two main categories of cryptography allows for non-repudiation?

Answer 22

Asymmetric cryptography.

Question 23

What’s the trade-off involved in choosing a method of encryption?

Answer 23

Security Strength vs. Resource Consumption

Question 24

What is code in the context of cryptography?

Answer 24

A system that substitutes one word or phrase for another; intended to provide secrecy and/or efficiency.

Question 25

What is a cipher in the context of cryptography?

Answer 25

A system that uses mathematical algorithms to encrypt and decrypt messages.

Question 26

What are the two different ways that ciphers process a message called?

Answer 26

1. Stream Ciphers

2. Block Ciphers

Question 27

How do stream ciphers process a message?

Answer 27

It operates on one character, or bit, of a message at a time.

Question 28

How do block ciphers process a message?

Answer 28

They operate on large segments of the message at the same time.

Question 29

What are the two basic building blocks that ciphers use to perform their encryption and decryption operations?

Answer 29

1. Substitution Ciphers
2. Transposition Ciphers

These are the building blocks of modern cryptography.

Question 30

What do substitution ciphers do?

Answer 30

They change the characters in a message.

Question 31

What are rotation ciphers?

Answer 31

They are simple substitution ciphers that shift each letter by an increment.

Question 32

What do transportation ciphers do?

Answer 32

They rearrange the characters in a message.

Question 33

What does XOR stand for, and what is it?

Answer 33

Exclusive OR

A logical operation that is true when exactly one of the two input values is true.

Question 34

Why does cryptography rely upon pseudorandom number generation?

Answer 34

Because we lack a source of truly random numbers.

Question 35

What must we do it achieve “confusion” in cryptography?

Answer 35

Every bit of the ciphertext must depend upon more than one bit of the encryption key.

Question 36

What does “diffusion” dictate?

Answer 36

It dictates that changing a single bit of the plaintext should change about 50% of the ciphertext bits.

Question 37

What is obfuscation in the context of software development?

Answer 37

Using cryptography to hide source code from other users.

Question 38

Should you try to build your own encryption algorithm? Why?

Answer 38

No. Not unless you really know what you’re doing.

This is because encryption is really complicated. It uses sophisticated mathematical algorithms, and even the smallest flaw in an algorithm can render that algorithm insecure.

Question 39

What is security through obscurity? Is it a good thing?

Answer 39

It means that the security of an algorithm depends upon the secrecy of its approach.

No, it is not a good thing. In fact, if the vendor of an encryption algorithm is using this approach, it’s a big red flag.

Question 40

When your encryption key gets longer, what happens to the security and performance of your encryption?

Answer 40

The security goes up while the performance goes down.

Question 41

What kind of encryption algorithm should you choose?

Answer 41

One that is well-tested and proven to be secure.

Question 42

What is the One-Time Pad?

Answer 42

It’s an unbreakable encryption algorithm where the sender and receiver have identical pads that contain a string of random letters the number of which is at least as long as the total of the characters of all of the messages that the sender and receiver will exchange.

Question 43

What often happens to cryptographic algorithms as they age?

Answer 43

They become insecure.

Question 44

What is NIST?

Answer 44

The National Institute of Standards and Technology

Question 45

What are the five stages in the cryptographic lifecycle offered by the NIST?

Answer 45

1. Initiation
2. Development and Acquisition
3. Implementation and Assessment
4. Operations and Maintenance
5. Sunset

Question 46

What happens at the initiation phase of the cryptographic lifecycle?

Answer 46

Gather requirements for the new cryptographic system.

Question 47

What happens in the development and acquisition phase of the cryptographic lifecycle?

Answer 47

Find an appropriate combination of hardware, software, and algorithms that meet objectives.

Question 48

What happens in the implementation and assessment phase of the cryptographic lifecycle?

Answer 48

Configure and test the cryptographic system.

Question 49

What happens in the operations and maintenance phase of the cryptographic lifecycle?

Answer 49

Ensure the continued secure operation of the cryptographic system.

Question 50

What happens in the sunset phase of the cryptographic lifecycle?

Answer 50

Phase-out the system and destroy/archive keying material.

Question 51

What is the simplest way to take an existing cipher and make it stronger?

Answer 51

Increase the length of the encryption key.

Question 52

Alice would like to be able to prove to Charlie that a message she received actually came from Bob. What cryptographic goal is Alice trying to enforce?

Answer 52

Non-repudiation.

Question 53

Bob is planning to use a cryptographic cipher that rearranges the characters in a message. What type of cipher is Bob planning to use?

Answer 53

Transposition cipher.

Question 54

What operation uses a cryptographic key to convert plaintext into ciphertext?

Answer 54

Encryption.