CH24 Cryptography

Question 1

What is Cryptography?

Answer 1

the practice and study of writing and solving codes in order to hid the true meaning of information

Question 2

What is Encryption?

Answer 2

Process of converting ordinary information (plaintext) into an unintelligible form (ciphertext)

Encryption protects data at rest, data in transit, or data in use.

Data at rest – Inactive data that is archived, such as data resident on a hard disk drive.

Data in Transit – Data crossing the network or data that resides in a computer’s memory.

Data in Use – Data that is undergoing constant change

Question 3

What is a cipher ?

Answer 3

an algorithm which performs the encryption or decryption

Question 4

What is a Key in regards to Cryptography?

Answer 4

the essential piece of information that determines the output of a cipher

Question 5

What is Symmetric key encryption?

Answer 5

you have a single key that‘s used encrypt and decrypt the data.

Confidentiality can be assured with symmetric encryption. But you can’t assure non-repudiation. If multiple people knows the key and one of the person who knows the key goes in and changes the data, you wouldn’t know who has done it. It could be anyone of the people who has the key.

Key distribution can be challenging with symmetric encryption. More users that need to share a secret, you need to be able to distribute all of these shared secret keys. As more and more people know what the keys are, there’s less and less confidentiality

Question 6

What is Asymmetric encryption?

Answer 6

you’re going to get two different keys. One key to encrypt the data and the second key to decrypt it

Question 7

What is Symmetric Algorithm (Private Key Encryption)?

Answer 7

Encryption algorithm in which both the sender and the receiver must know the same secret using a privately held key.

Question 8

What is Asymmetric Algorithm (Public Key Encryption)?

Answer 8

Encryption algorithm where different keys are used to encrypt and decrypt the data.

For the exam :
Asymmetric encryption is also known as public key cryptography.
Two keys are used in public key cryptography.

Question 9

What is Hybrid implementation in regards to encryption?

Answer 9

utilizes asymmetric encryption to securely transfer a private key that can then be used with symmetric encryption

Question 10

What is Stream cipher?

Answer 10

perform their computations and encryption a single byte at a time. It utilizes a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext

Question 11

Block cipher

Answer 11

breaks the input into fixed-length blocks of data and performs the encryption on each block. It is easier to implement through software solution

Question 12

What is Data Encryption Standard (DES) Encryption algorithm?

Answer 12

Encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create ciphertext using an effective key strength of only 56-bits. Not as secure these days. DES used to be the standard for encryption.
Block cipher, Symmetric Algorithm

Question 13

What is 3 DES Encryption algorithm?

Answer 13

Encryption algorithm which uses three separate symmetric keys to encrypt, decrypt, then encrypt the plaintext into ciphertext in order to increase the strength of DES

Block cipher, Symmetric Algorithm

Question 14

What is 3 DES Encryption algorithm?

Question 15

What is Advanced Encryption Standard (AES) Encryption algorithm?

Answer 15

Symmetric block cipher that uses 128-bit, 192-bit, or 256-bit blocks and a matching encryption key size to encrypt plaintext into ciphertext. AES is the standard for encrypting sensitive US Government data.

Block cipher, Symmetric Algorithm

Question 16

What is Blowfish Encryption algorithm?

Answer 16

Symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt plaintext into ciphertext

Block cipher, Symmetric Algorithm

Question 17

What is Twofish Encryption algorithm?

Answer 17

Symmetric block cipher that replaced blowfish and uses 128-bit blocks and a 128-bit, 192-bit, or 256-bit encryption key to encrypt plaintext into ciphertext

Block cipher, Symmetric Algorithm

Question 18

What is Rivest Cipher (RC4) Encryption algorithm?

Answer 18

Symmetric stream cipher using a variable key size from 40-bits to 2048-bits that is used in SSL and WEP

Stream cipher, Symmetric Algorithm

Question 19

What is Rivest Cipher (RC5) Encryption algorithm?

Answer 19

Symmetric block cipher with a key sizes up to 2048-bits

Block cipher, Symmetric Algorithm

Question 20

What is Rivest Cipher (RC6) Encryption algorithm?

Answer 20

Symmetric block cipher that was introduced as a replacement for DES but AES was chosen instead

Block cipher, Symmetric Algorithm

Question 21

Exam Notes

Answer 21

For the exam : be able to identify which of these are block ciphers and which are stream ciphers. The only stream cipher is RC4. All others are block cipher.

For the exam : be able to identify the algorithm as either symmetric ciphers or asymmetric ciphers. Symmetric cyphers : DES, 3DES, IDEA, AES, Blowfish, Twofish, and the Rivest Ciphers

For the exam : Remember that Diffi-Hellmen is an asymmetric algorithm. It’s used for the key exchange inside of creating a VPN tunnel establishment as part of IPSec.

Question 22

What is Digital Signature?

Answer 22

a hash digest of a message encrypted with the sender’s private key to let the recipient know the document was created and sent by the person claiming to have sent it.

Question 23

What is Diffie-Hellman (DH) ?

Answer 23

Used to conduct key exchanges and secure key distribution over an unsecure network. Used for the establishment of a VPN tunnel using IPSec

For the exam : Remember that Diffi-Hellmen is an asymmetric algorithm. It’s used for the key exchange inside of creating a VPN tunnel establishment as part of IPSec

Question 24

What is Rivest, Shamir, and Adleman (RSA)?

Answer 24

Asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers. RSA can use key sizes of 1024-bits to 4096-bits.

RSA is widely used for key exchange, encryption, and digital signatures

Question 25

Elliptic Curve Cryptography (ECC)

Answer 25

Algorithm that is based upon the algebraic structure of elliptic curves over finite fields to define the keys. ECC with a 256-bit key is just as secure as RSA with 2048-bit key.

▪ ECDH - Elliptic Curve Diffie-Hellman
▪ ECDHE - Elliptic Curve Diffie-Hellman Ephemeral
▪ ECDSA - Elliptic Curve Digital Signature Algorithm

ECC is most commonly used for mobile devices and low-power computing
device

Question 26

What is Pretty Good Privacy (PGP)?

Answer 26

an encryption program used for signing, encrypting, and decrypting emails. PGP uses older algorithm called, IDEA (from symmetric algorithm).

PGP is a hybrid cryptographic tool because it uses symmetric cipher for the bulk data encryption, but it uses RSA, a asymmetric cipher, to create the digital signatures used in signing its emails and to send the session keys over an untrusted network.

PGP uses key sizes of 128 bits or more for symmetric functions and key sizes between 512 bits and 2048 bits for its asymmetric function.

Question 27

What is GNU Privacy Guard (GPG) ?

Answer 27

a newer updated version of the PGP encryption suite that uses AES for its symmetric encryption functions. It is freely available and non-patented encryption solution that’s available for Linux, Windows, and Macintosh OS

Question 28

What is Key Management in regards to Cryptography?

Answer 28

refers to how an organization will generate, exchange, store, and use encryption keys.

The strength of an encryption system lies in the key strength.
Keys must be securely stored.
Keys needs to be changed periodically

Question 29

What is One-Time Pad?

Answer 29

a stream cipher that encrypts plaintext information with a secret random key that is the same length as the plaintext input

One-time pads are not commonly used

Question 30

What is Pseudo-Random Number Generator (PRNG) ?

Answer 30

a simulated random number stream generated by a computer that is used in cryptography, video games, and more

Question 31

What is Steganography ?

Answer 31

the way to hide message within other messages (or picture). Data isn’t encrypted, it’s just hidden.

Question 32

What is Blockchain?

Answer 32

a shared, immutable ledger for recording transactions, tracking assets and building trust. (Ex: cryptocurrency)

Question 33

What is Public Ledger ?

Answer 33

a record-keeping system that maintains participants’ identities in secure and anonymous form, their respective cryptocurrency balances, and a record book of all the genuine transactions executed between network participants

A permissioned blockchain is used for business transactions and promotes new levels of trust and transparency using an immutable public ledger

Question 34

What is Quantum Computing ?

Answer 34

A computer that uses quantum mechanics to generate and manipulate quantum bits (qubits) in order to access enormous processing powers

Question 35

What is Quantum Communication?

Answer 35

A communications network that relies on qubits made of photons (light) to send multiple combinations of 1s and 0s simultaneously which results in tamper resistant and extremely fast communications.

Question 36

What is Qubit ?

Answer 36

a quantum bit composed of electrons or photons that can represent numerous combinations of 1s and 0’s at the same time through superposition

Question 37

What is Post-quantum Cryptography?

Answer 37

A new kind of cryptographic algorithms that can be implemented using today’s classical computers but is also impervious to attacks from future quantum computers.

Question 38

What is Ephemeral ?

Answer 38

A cryptographic key that is generated for each execution of a key establishment process. It is short lived.

Ephemeral keys are short-lived and used in the key exchange for WPA3 to create perfect forward secrecy.

Question 39

What is Homomorphic Encryption ?

Answer 39

encryption method that allows calculations to be performed on data without decrypting it first.

It’s good thing to use with your cloud provider.

It can be used for privacy-preserving outsourced storage and computation.