Chapter 11: Cryptography

Question 1

US encryption export policy focuses on these three things

Answer 1

review of products before sale

streamlined post export reporting

license review of certain products to foreign governments

Question 2

Cryptosystem

Answer 2

Disguises messages for all but the intended recipient

Question 3

Cryptography

Answer 3

the craft of designing, building, and using cryptosystems

Question 4

Cryptanalyisis

Answer 4

the craft of breaking a cryptosystem

Question 5

Cryptology

Answer 5

the umbrella study of all cryptography

Question 6

Transposition

Answer 6

Letters are rearranged

Question 7

Substitution

Answer 7

Letters are swapped out

Question 8

Plaintext

Answer 8

A message before running through a cryptosystem

Question 9

Ciphertext

Answer 9

A message in it cryptographed form

Question 10

Symmetric key cryptography

Answer 10

one key is used both to encrypt and decrypt

Example: Data Encryption Standard (DES)

Question 11

3DES

Answer 11

128 bit key that is used to encrypt data three times (or “folds” the data); commonly used by banks at ATMs

Question 12

Advanced Encryption Standard (AES)

Question 13

Identification Friend or Foe (IFF) standard

Answer 13

Uses keys (that get changed out frequently) to decode “challenges” These challenges are sent with a preamble that warns that the encrypted message is coming. If the transponder cannot decrypt the challenge, it is then marked as “not a friend”

Question 14

Asymmetric key encryption

Answer 14

Uses two keys, a public key that you share to anyone you want to send a message to, and a private key that you keep secret. The keys are mathematically related but not derived either one from the other. Public Key Infrastructures (PKI) are examples of this.

Question 15

Public Private Key (PPK) allows for

Answer 15

Authentication:

Privacy:

Message integrity:

Question 16

Hashing

Answer 16

A one way trip for data that distills a strong down into a tiny string. It is not reverse engineerable. It provides security by rehashing data and seeing if hashes match correctly, which tells if the data is intact or not, or can tell if a password matches or not. The result is called a MAC or a message authentication code

Question 17

Message digest

Answer 17

a unique fingerprint rendered out of a message via a hashing algorithm.

Question 18

Digital signing

Answer 18

You append the message digest to your message (and encrypt it with your own private key for transmission) so that the recipient can decrypt the digest and attempt to render the same fingerprint and see if they match.

Question 19

Secure Hashing Algorithm (SHA)

Answer 19

Algorithms designed for hashing. We are up to SHA-3 now.

Question 20

Digital certificates

Answer 20

Public-private key sets created and issued by a trusted authority to ensure legitimacy

Question 21

Certificate authority (CA)

Answer 21

Issues the certificates and maintains rules on how the certs may be used and when and under what circumstances. This could be for commerce, inside an individual company

Question 22

Block ciphers

Answer 22

Designed to encrypt large chunks of data at once, such as on a file system. DES, 3DES, and AES are examples of this.

Question 23

Secure Sockets Layer (SSL)

Answer 23

A protocol for client/server applications that is the de facto standard for ensuring integrity and privacy of information across the internet. Denoted by the “S” in https and used in online payments

Question 24

Transport Layer Security (TLS)

Answer 24

A protocol that emphasizes the following:

Cryptographic security: creates a secure connection

Interoperability: allows for secure communication without require a code exchange between applications

Extensibilitiy: provides a framework for public key and bulk encryption to grow into, eliminating the need to create other new structures

Relative efficiency: TLS caches session data to allow for a minimization of back and forth data and CPU resource consumption

Question 25

Pretty Good Privacy (PGP)

Answer 25

Distributed key system that does not rely on a central certificate authority. Users can sign other users’ keys to provide validity. Often used to encrypt emails where the password to decrypt is sent via a secondary route to ensure security

Question 26

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Answer 26

Implemented, in many cases, along with Open PGP. Did not work because the two protocols did not work together and users could not communicate.