Block 3 Part 3 Cryptography Flashcards
Hashing
True or false?
A hashing algorithm produces a unique hash for every different piece of data.
False - it should, but it doesn’t always.
Hashing
What do we call the situation whereby a hashing algorithm has produced the same hash for two different pieces of data?
A c___________
collision
Collisions
Malicious software has been known to take advantage of collisions by including a fake certificate whose hash c_______ with one from a certificate belonging to a genuine, safe application.
collides
Collisions
Are collisions rare or frequent?
Extremely rare - but that they exist at all means it is impossible to completely guarantee the integrity of data hashed using MD5
Salting
Salting is a process in which a computer adds a small amount of a_________ d_______ to a password before it is hashed.
additional data
Salting
A new salt is generated by a s_______ whenever a new password is created or an existing password is m__________.
server
modified
Salting
True or false?
The salt can either be added to the front of a password, the middle, or to the end.
False - It can be added to the front or to the
end.
Salting
True or false?
Typically, salting schemes use equal-length salts and hashes.
True
Key stretching
The primary goal is to slow down or make it computationally expensive for attackers to guess the original password through b_____-f_____ or d________ a_______.
brute-force
dictionary attacks
Encrypting hashes
We can further protect the password file using encryption, obscuring its contents to anyone not possessing a piece of data known as the k___.
key
Encrypting hashes
In the most secure systems, passwords are stored, encrypted and decrypted by h________ s________ m________ (HSM) plugged into a USB or Ethernet port on the host computer.
hardware security modules
The benefits and limitations of hashing
Put the following statements into the correct categories:
a) Hashing can:
b) Hashing cannot:
confirm data has not been changed since the hash was generated
confirm that data has never been changed
authenticate the creator or sender of data.
obscure passwords from casual inspection.
guarantee the confidentiality of data
Hashing can:
confirm data has not been changed since the hash was generated
obscure passwords from casual inspection.
Hashing cannot:
confirm that data has never been changed
guarantee the confidentiality of data
authenticate the creator or sender of data.
Encryption
Encryption is a field of m__________ concerned with o__________ information from unwanted viewers in such a way that the original information can be r_________ later.
mathematics
obscuring
recovered
Encryption
Computer encryption algorithms work on b_________ data, so any data that can be represented in binary can be encrypted.
binary
Encryption - Some terminology
Plaintext
Plaintext is information that can be directly read by humans or a machine. (For example, this flashcard is an example of plaintext.)
True or false?
The phrase ‘plaintext’ may refer to music, movies and computer programs as well as text.
True - Plaintext is an historic term pre-dating computers, when encryption was only used for text. Nowadays, anything can be encrypted, so the phrase ‘plaintext’ may refer to music, movies and computer programs as well as text.
Encryption - Some terminology
Ciphertext
Ciphertext is the e______ d_______.
encrypted data
Encryption - Some terminology
A key
A key is a piece of data that determines the v_________ of the ciphertext when plaintext is encrypted (and vice versa).
value
Encryption - Some terminology
A cipher
A cipher is the a___________ responsible for turning plaintext into ciphertext, and for restoring ciphertext to plaintext, using one or more keys.
algorithm
Encryption - Some terminology
Encryption
Encryption is the process of c_________ p_________ to c____________. (Occasionally you may see it called ‘encipherment’.)
converting
plaintext
ciphertext
Encryption - Some terminology
Decryption
Decryption is the process of r__________ ciphertext to plaintext (occasionally ‘decipherment’).
reverting
Encryption - Some terminology
The ROT13 cypher
The ROT13 cipher (short for ROTate 13) is
perhaps the simplest form of cryptography possible.
Encryption keys
An encryption key is a s______ of b_______.
string of bits
Encryption keys
The longer the string (the key length), the greater the number of possible keys.
For a key length of n, there are ______
possible keys
2^n possible keys
or 2 possible keys
Encryption keys
How does the number of possible keys change when we increase the key length by 1?
Increasing key length by 1 bit doubles the number of possible keys.
The problem with short keys
Short keys are vulnerable to b____-f______ attacks, where one or more computers attempt to decrypt ciphertext by testing every possible key until they produce recognisable plaintext.
brute-force
The problem with short keys
Testing a million keys per second may sound fast, but this can easily be achieved by a modest PC. Therefore, keys must be sufficiently long that they offer a very large number of possible values. Keys often have lengths of 128, 1024 or 2048 bits, producing unimaginably large numbers of possible key values (see Figure 3.3), rendering brute-force attacks useless.
Encryption that is resistant to brute-force attacks and whose algorithm has no known weaknesses is known as s________ e_________.
strong encryption
Safeguarding keys
True or false?
The key is the most important piece of information in any practical form of encryption.
True
Safeguarding keys
We must assume that a malicious party knows which form of e__________ we are using and understands the algorithms used to encrypt and decrypt data.
However, any encrypted messages are safe so long as the value of the k____ is not known to the attackers.
encryption
key
Symmetric encryption
If the same _______ is used to both encrypt and decrypt a ciphertext, it is know as symmetric encryption.
Does ROT13 use symmetric encryption?
Yes, it does.
Symmetric encryption
Highly secure symmetric encryption can be performed at very high speeds.
For this reason, most encrypted data sent over networks uses one of a relatively small number of symmetric a__________.
algorithms
DES
What does DES stand for?
The Data Encryption Standard
DES
In 1973, the United States National Bureau of Standards proposed a s__________ algorithm to encrypt unclassified data.
single
DES
What was the name of the algorithm that the NBS chose?
Lucifer
DES
The NSA mandated reducing the key length of the final Data Encryption Standard from the 64 bits proposed by IBM to ___ bits.
56
How DES works
DES breaks plaintext into 64-bit blocks, each of which is divided into two halves. One half is scrambled using an algorithm (the F-function) which stretches, mixes and substitutes bits within the 32-bits. The two halves are recombined, then swapped and the process repeated. This is repeated sixteen times to produce the final DES ciphertext. Decryption of DES ciphertext is performed by reversing the process using the same key.
Does DES use symmetric encryption?
Yes, it uses the same key for both encryption and decryption.
True or false?
DES is no longer used.
True - It became too easy to brut-force it.
The stopgap between DES and AES was called: T______ D___
Triple DES
The replacement for DES was: the A_________ E__________ S___________ (AES)
Advanced Encryption Standard
True or false?
The AES is a symmetric cipher?
True
AES supports key lengths of _____, 192 or ____ bits
128
192
256
(all much longer than DES or even the effective length of 3DES).
Amongst other purposes, AES is used to protect data on hard disk p___________, safeguarding Wi-Fi c_________, in password managers and protecting gamers from h_________.
partitions
connections
hacking
The key distribution problem
Why is having a shared key for encryption and decryption a problem?
Because someone might nick it!!!
The key distribution problem
The solution to the ‘key distribution problem’ is:
a____________ encryption
asymmetric encryption
Asymmetric cryptography
In Asymmetric cryptography as uses must create two keys.
What are they?
A private key and a public key.
Asymmetric cryptography
Alice wants to send a message to Bob, so she asks Bob to send her his public key which she will use to encrypt the message.
- Can Bob use his public key to decrypt
the message? - Can Alice decrypt the message she wrote
once she has encrypted it with Bob’s
public key? - If Bob wants to send Alice a private
what does he need from Alice? - Does Alice have the same private key
as Bob? - Why must Alice and Bob keep their
private keys secure?
- No, only Bob’s private key can decrypt
the message. - Only Bob’s private key can decrypt
the message. - He needs her public key so that he can
use it to encrypt the message. - No, she has her own private key.
- Because if someone steals them, they
can use them to decrypt the messages.
Asymmetric key strength
Unlike symmetric keys, which are rarely longer than 256 bits, asymmetric keys are typically very large – usually 1024, 2048 or 4096 bits long.
Do the longer keys mean that asymmetric keys are stronger than symmetric keys?
No - it has something to do with the underlying mathematics involved in generating them, we haven’t learnt about this yet.
Asymmetric versus symmetric encryption
True or false?
Almost all encryption is performed using symmetric encryption.
True
In spite of asymmetric encryption’s ability to avoid the key distribution problem, there are many advantages to using symmetric encryption.
Asymmetric versus symmetric encryption
The advantages of symmetric encryption:
a. Symmetric encryption is f____
b. It uses small k_____
c. It is well-suited to encrypting any
amount of d_____
a. fast
b. keys
c. data
Digital certificates
Genuine keys must be authenticated by a trusted third party.
A digital certificate a_____________ public keys and digital signatures.
authenticates
Digital certificates
A typical digital certificate consists of many items including,
A version number
A unique serial number…
Can you name another?
the name of the organisation that issued the certificate.
First date this certificate is valid.
Last date this certificate is valid.
The certificate holder’s public key.
Digital certificates
Most digital certificates are issued by one of a relatively small number of certificate authorities (CAs) who perform the task of authenticating p_______ k____ h_______.
public key holders
Can we trust the certificate authorities?
In 2017, it was revealed that certificate agencies owned by Symantec had issued a number of digital certificates under questionable circumstances. In order to protect users, G______ took the decision to first downgrade and eventually block Symantec digital certificates in its C________ web browser.
Most certificate authorities realise the reputational damage of being ‘named and shamed’ for improper certificate security and the possible financial damages from affected clients.
Google
Chrome
