CH24 Cryptography Flashcards
Which of the following cryptographic algorithms is classified as asymmetric?
a. ECC
b. RC4
c. Twofish
d. DES
a. ECC
Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. As a public-key cryptosystem, it relies on an asymmetric algorithm.
Twofish, RC4, and DES are all symmetric algorithms.
Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption?
a. DES with a 56-bit key
b. AES with a 256-bit key
c. ECC with a 256-bit key
d. Randomized one-time use pad
d. Randomized one-time use pad
The only truly unbreakable encryption is one that uses a one-time use pad. This ensures that every message is encrypted with a different shared key that only the two owners of the one-time use pad would know. This technique ensures that there is no pattern in the key for an attacker to guess or find. Even if one of the messages could be broken, all of the other messages would remain secure since they use different keys to encrypt them. Unfortunately, one-time use pads require that two identical copies of the pad are produced and distributed securely before they can be used.
A company has recently experienced a data breach and has lost nearly 1 GB of personally identifiable information about its customers. You have been assigned as part of the incident response team to identify how the data was leaked from the network. Your team has conducted an extensive investigation, and so far, the only evidence of a large amount of data leaving the network is from the email server. There is one user that has sent numerous large attachments out of the network to their personal email address. Upon closer inspection, those emails only contain pictures of that user’s recent trip to Australia. What is the most likely explanation for how the data left the network?
a. Steganography was used to hide the leaked data inside the user’s photos
b. The file were downloaded from home while connected to the corporate VPN
c. The data was hashed and then emailed to the personal email account
d. The data was encrypted and emailed it to their spouse’s email account
a. Steganography was used to hide the leaked data inside the user’s photo
The most likely explanation is that the user utilized steganography to hide the leaked data inside the photos from their trip. Steganography is the process of hiding one message inside another. By hiding the customer’s information within the digital photos, the incident response team would not be able to see the data being hidden without knowing to look for it inside the seemingly benign pictures from the trip.
Which of the following hashing algorithms results in a 160-bit fixed output?
a. SH-2
b. NTLM
c. MD-5
d. RIPEMD
d. RIPEMD
OBJ-2.8: RIPEMD creates a 160-bit fixed output. SHA-2 creates a 256-bit fixed output. NTLM creates a 128-bit fixed output. MD-5 creates a 128-bit fixed output.
Which of the following cryptographic algorithms is classified as symmetric?
a. Diffie Hellman
b. RSA
c. AES
d. ECC
c. AES
OBJ-2.8: The Advanced Encryption Standard (AES) is a symmetric-key algorithm for encrypting digital data. It was established as an electronic data encryption standard by NIST in 2001. AES can use a 128-bit, 192-bit, or 256-bit key, and uses a 128-bit block size.
Which of the following cryptographic algorithms is classified as symmetric?
a. ECC
b. RSA
c. Diffie-Hellman
d. Twofish
d. Twofish
OBJ-2.8: Twofish is a symmetric key block cipher with a block size of 128 bits and key sizes up to 256 bits. ECC, RSA, and Diffie-Hellman are all asymmetric algorithms.
Which of the following cryptographic algorithms is classified as asymmetric?
a. 3DES
b. PGP
c. RC4
d. AES
b. PGP
OBJ-2.8: Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, emails, files, directories, and whole disk partitions and to increase the security of email communications. PGP is a public-key cryptosystem and relies on an asymmetric algorithm. AES, RC4, and 3DES are all symmetric algorithms.
Frank and John have started a secret club together. They want to ensure that when they send messages to each other, they are truly unbreakable. What encryption key would provide the STRONGEST and MOST secure encryption?
a. Randomized one-time use pad
b. ECC with a 256-bit key
c. AES with a 256-bit key
d. DES with a 56-bit key
a. Randomized one-time use pad
OBJ-2.8: The only truly unbreakable encryption is one that uses a one-time use pad. This ensures that every message is encrypted with a different shared key that only the two owners of the one-time use pad would know. This technique ensures that there is no pattern in the key for an attacker to guess or find. Even if one of the messages could be broken, all of the other messages would remain secure since they use different keys to encrypt them. Unfortunately, one-time use pads require that two identical copies of the pad are produced and distributed securely before they can be used. DES and AES both rely on a single shared secret key, making it vulnerable to attack. DES has already been broken, while AES remains unbroken (today). With enough time and computing power, though, an AES key could be discovered. RSA is also vulnerable to attack with enough time and computing power.
Which of the following cryptographic algorithms is classified as symmetric?
a. GPG
b. DSA
c. DES
d. ECC
c. DES
OBJ-2.8: The Data Encryption Standard (DES) is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for applications, it was the standard used from 1977 until the early 2000s. GPG, ECC, and DSA are all asymmetric algorithms.
Keith wants to validate the application file that he downloaded from the vendor of the application. Which of the following should he compare against the file to verify the integrity of the downloaded application?
a. Private key of the file
b. Public key of the file
c. File size and file creation date
d. MD5 or SHA1 hash digest of the file
d. MD5 or SHA1 hash digest of the file
OBJ-2.8: Keith should conduct a hash of the downloaded file and compare it against the MD5 hash digest listed on the server of this file. This file needs to be a verifiable MD5 hash file to validate the file integrity has not been compromised during the download. This is an important step to ensure the file was not modified in transit during the download. The other options are insufficient to guarantee the integrity of the downloaded file since integrity checking relies on comparing hash digests. A public or private key would not be assigned solely to a single file, nor do they provide integrity on their own. Public and private keys are used to ensure data confidentiality, whereas a hash digest ensures integrity. The file size and file creation date are additional forms of metadata that could help validate a file’s integrity. Still, they are of a much lower quality and trust factor than using a hash digest. Therefore MD5 or SHA1 is a better choice.