Chapter 2

Question 1

This is the original message or data that is fed into the algorithm as input.

a. Plaintext
b. Encryption Algorithm
c. Secret Key
d. Ciphertext
e. Decryption Algorithm

Answer 1

a. Plaintext

Part of the symmetric encryption scheme

Question 2

performs various substitutions and transformations on the plaintext.

a. Plaintext
b. Encryption Algorithm
c. Secret Key
d. Ciphertext
e. Decryption Algorithm

Answer 2

b. Encryption Algorithm

Question 3

The ______ is also input to the encryption algorithm. The exact substitutions and transformations performed by the algorithm depend on the _____.

a. Plaintext
b. Encryption Algorithm
c. Secret Key
d. Ciphertext
e. Decryption Algorithm

Answer 3

c. Secret Key

Question 4

This is the scrambled message produced as output. It depends on the plaintext and the secret key. For a given message, two different keys will produce two different _______.

a. Encryption Algorithm
b. Ciphertext
c. Decryption Algorithm

Answer 4

b. Ciphertext

Question 5

This is essentially the encryption algorithm run in reverse. It takes the ciphertext and the secret key and produces the original plaintext.

a. Plaintext
b. Encryption Algorithm
c. Decryption Algorithm

Answer 5

c. Decryption Algorithm

Question 6

_________ rely on the nature of the algorithm plus perhaps some knowledge of the general characteristics of the plaintext or even some sample plaintext-ciphertext pairs. This type of attack exploits the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used. If the attack succeeds in deducing the key, the effect is catastrophic: All future and past messages encrypted with that key are compromised.

a. Cryptanalytic Attacks
b. Brute-Force Attack

Answer 6

a. Cryptanalytiic Attacks

Question 7

______ is to try every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained. On average, half of all possible keys must be tried to achieve success.

a. Cryptanalytic Attacks
b. Brute-Force Attack
c. Hash Function
d. Weak Collision Resistant

Answer 7

b. Brute-Force Attack

Question 8

There are two general approaches to attacking a symmetric encryption scheme. what are they?

Answer 8

1. Cryptanalytic Attacks
2. Brute-Force Attack

Question 9

What is the most widely used encryption scheme?

a. Advanced Encryption Standard (AES)
b. Data Encryption Standard (DES)
c. Digital Signature Standard
d. Secure Hash Algorithm (SHA)

Answer 9

b. Data Encryption Standard (DES)

DES takes a plaintext block
of 64 bits and a key of 56 bits, to produce a ciphertext block of 64 bits.

Question 10

alternative techniques developed to increase the security of symmetric block encryption for large sequences.

overcomes the weaknesses of ECB

a. One-way Hash Function
b. Second Preimage Resistant
c. Secure Hash Function
d. Modes of operation

Answer 10

d. Modes of operation

To increase the security of symmetric block encryption for large sequences of data, a number of alternative techniques have been develped. these modes overcome the weaknesses of Electronic Codebook (ECB); each mode has its own particular advantages.

Question 11

This is the simplest approach to multiple-block encryption.

• Each block of plaintext is encrypted using the same key
• Cryptanalysts may be able to exploit regularities in the plaintext.

a. Electronic Codebook (ECB)
b. Message Authentication Code (MAC)
c. Encryption

Answer 11

a. Electronic Codebook (ECB)

For lengthy messages, the ECB mode may not be secure. A cryptanalyst may
be able to exploit regularities in the plaintext to ease the task of decryption. For
example, if it is known that the message always starts out with certain predefined
fields, then the cryptanalyst may have a number of known plaintext-ciphertext pairs
to work with.

Question 12

processes the input one block of elements at a time, producing an output block for each input block

a. Block Cipher
b. Stream Cipher
c. Ciphertext
d. cryptanalysis

Answer 12

a. Block Cipher

The advantage of a block cipher is that you can reuse
keys.
For applications that deal with blocks of data, such as file
transfer, e-mail, and database, block ciphers may be more appropriate.

Block Ciphers are far more common than stream ciphers.

Question 13

processes the input elements continuously, producing output one element at a time, as it goes along.

a. Block Cipher
b. Stream Cipher
c. Ciphertext
d. cryptanalysis

Answer 13

b. Stream Cipher

The primary advantage of a stream cipher is that stream ciphers are almost always faster and use far less code than do block ciphers. . For applications that require encryption/decryption of a stream of data, such as over a data communications channel or a browser/Web link, a stream cipher might be the better alternative.

Question 14

______ protects against active attacks, verifies received message is authentic, and can use conventional encryption.

Answer 14

Message Authentication

Question 15

As with Symmetric Encrption, what are the two approaches to attacking a secure hash function?

Answer 15

Cryptanalysis and Brute-Force Attack

Question 16

A hash of a password is stored by an _______.

Answer 16

Operating System

a hash of a password is stored by an operating system rather than the password itself. Thus, the actual password is not retrievable by a hacker who gains access to the password file. In simple terms, when a user enters a password, the hash of that password is compared to the stored hash value for verification. This application requires preimage resistance and perhaps second preimage resistance.

Question 17

Public-Key cryptography is _______, involving the use of two seppare keys, in contrast to symmtric encryption, which uses only one key.

Answer 17

Asymmetric

The use of two keys has profound consequences in the areas of confidentiality, key distribution, and authentication.

Question 18

The security of any encryption scheme depends on _____ and _____.

Answer 18

1) The length of the key
2) The computational work involved in breaking a cipher.

Question 19

The essential steps are the following:

1. Each user generates a pair of keys to be used for the encryption and decryption of messages.
2. Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. As Figure 2.7a suggests, each user maintains a collection of public keys obtained from others.
3. If Bob wishes to send a private message to Alice, Bob encrypts the message using Alice’s public key.
4. When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice’s private key.

With this approach, all participants have access to public key, and private keys are generated locally by each participant and therefore need never be distributed. As long as a user protects his or her ____, incoming communication is secure. At any time, a user can change the____ and publish the companion public key to replace the old public key.

Answer 19

Private Key

Question 20

This is the readable message or data that is fed into the algorithm as input.

Answer 20

Plaintext

Question 21

The ___ _____ performs various transformations on the plaintext.

Answer 21

Encryption Algorithm

Question 22

This is a pair of keys that have been selected so that if one is used for encryption, the other is used for decryption.

Answer 22

Public and Private Key

The exact transformations performed by the encryption algorithm depend on the public or private key that is provided as input.

Question 23

This is the scrambled message produced as output. it depends on the plaintext and the key. for a given message, two different keys will produce two different _____.

Answer 23

Cyphertext

Question 24

This algorithm accepts the ciphertext and the matching key and produces the original plaintext.

Answer 24

Decryption algorithm

Question 25

These are the requirements for _______

1) Computationally easy to create key pairs
2) Useful if either key can be used for each role
3) Computationally infeasible for opponent to otherwise recover original message.
4) Computationally infeasible for opponent to determine private key from public key.
5) Computationally easy for receiver knowing pricate key to decrypt ciphertext.
6) computationally easy for sender knowing public key to encrypt messages.

Answer 25

Public-Key Cryptosystems

1) It is computationally easy for a party B to generate a pair
2. It is computationally easy for a sender A, knowing the public key and the message to be encrypted, M, to generate the corresponding ciphertext: C = E(PUb, M)
3. It is computationally easy for the receiver B to decrypt the resulting ciphertext using the private key to recover the original message: M = D(PRb,C) = D[PRb, E(PUb, M)]
4. It is computationally infeasible for an opponent, knowing the public key, PUb, to determine the private key, PRb.
5. It is computationally infeasible for an opponent, knowing the public key, PUb, and a ciphertext, C, to recover the original message, M.

We can add a sixth requirement that, although useful, is not necessary for all public-key applications:

6. Either of the two related keys can be used for encryption, with the other used for decryption.
   M = D[PUb, E(PRb, M)] = D[PRb, E(PUb, M)]

Question 26

____ are used for authenticating both source and data integrity.

It is important to emphasize that the ____ does not provide confidentiality. That is, the message being sent is safe from alteration but not safe from eavesdropping. This is obvious in the case of a signature based on a portion of the message, because the rest of the message is transmitted in the clear. Even in the case of complete encryption, there is no protection of confidentiality because any observer can decrypt the message by using the sender’s public key.

Answer 26

Digital Signatures

Suppose that Bob wants to send a message to Alice. Although it is not important that the message be kept secret, he wants Alice to be certain that the message is indeed from him. For this purpose, Bob uses a secure hash function, such as SHA-512, to generate a hash value for the message and then encrypts the hash code with his private key, creating a digital signature. Bob sends the message with the signature attached. When Alice receives the message plus signature, she (1) calculates a hash value for
the message; (2) decrypts the signature using Bob’s public key; and (3) compares the calculated hash value to the decrypted hash value. If the two hash values match, Alice is assured that the message must have been signed by Bob. No one else has Bob’s private key and therefore no one else could have created a ciphertext that could be decrypted with Bob’s public key. In addition, it is impossible to alter the message without access to Bob’s private key, so the message is authenticated both in terms of source and in terms of data integrity.

Question 27

_____ protects a message without needing to first arrage for a sender and receiver to have the same secret key.

Answer 27

Digital Envelopes

****equates to the same thing as a sealed envelope containing an unsigned letter.

The general approach is shown in Figure 2.9. Suppose Bob wishes to send a confidential message to Alice, but they do not share a symmetric secret key. Bob does the following:

1. Prepare a message.
2. Generate a random symmetric key that will be used this one time only.
3. Encrypt that message using symmetric encryption the one-time key.
4. Encrypt the one-time key using public-key encryption with Alice’s public key.
5. Attach the encrypted one-time key to the encrypted message and send it to Alice.

Only Alice is capable of decrypting the one-time key and therefore of recovering the original message. If Bob obtained Alice’s public key by means of Alice’s
public-key certificate, then Bob is assured that it is a valid key.

Question 28

The distribution of numbers in the sequence should be uniform; that is, the frequency of occurrence of each of the numbers should be approximately the same.

Answer 28

Uniform Distribution

Question 29

No one value in the sequence can be inferred from the others.

Answer 29

Independence

Question 30

What are the two criteria used to validate that a sequence of numbers is random?

Answer 30

Uniform Distribution and Independence

Question 31

In applications such as reciprocal authentication and session key generation, the requirement is not so much that the sequence of numbers be statistically random but that the successive members of the sequence are ______

Answer 31

Unpredictable

With “true” random sequences, each number is statistically independent of other numbers in the sequence and therefore unpredictable.

Question 32

Cryptographic applications typically make use of algorithmic techniques for random number generation. These algorithms are deterministic and therefore produce
sequences of numbers that are not statistically random. However, if the algorithm is good, the resulting sequences will pass many reasonable tests of randomness. Such numbers are referred to as ________.

Answer 32

Pseudorandom Numbers

Question 33

A ______ uses a nondeterministic source to produce randomness.

• most operate by measuring unpredictable natural processes (e.g. radiation, gas discharge, leaky capacitors)
• increasingly provided on modern processors

Answer 33

true random number generator (TRNG)

Question 34

What is one of the principal security requirements of a computer system?

Security mechanisms to provide such protection include access control, intrusion detection, and intrusion prevention schemes. . But beyond technical approaches, these approaches can become vulnerable because of human factors.

Answer 34

Protection of Stored Data