Chapter 2 Foundations of Cryptography

Question 1

What is cryptography?

Answer 1

Cryptography is the science of taking data, making it hidden in some way so others can’t see it, and then bringing the data back.

Question 2

What is the main goal of cryptography?

Answer 2

The main goal of cryptography is to provide confidentiality to information.

Question 3

What is obfuscation in the context of cryptography?

Answer 3

Obfuscation is the process of taking something that makes sense and hiding it so it does not make sense to the casual observer.

Question 4

What are the two main techniques used in obfuscation?

Answer 4

Diffusion and confusion.

Question 5

What is diffusion in cryptography?

Answer 5

Diffusion makes data less visible and less obvious.

Question 6

What is confusion in cryptography?

Answer 6

Confusion stirs up the data, making it difficult to recognize.

Question 7

What are encryption and decryption?

Answer 7

Encryption is the process of converting plain text into hidden data, while decryption is the process of converting it back to its original form.

Question 8

What is the Caesar cipher?

Answer 8

The Caesar cipher is one of the oldest types of cryptography, involving shifting letters by a fixed number of positions.

Question 9

How does a Caesar cipher work?

Answer 9

A Caesar cipher shifts each letter of the plaintext by a fixed number of positions down the alphabet.

Question 10

What is ROT5 in a Caesar cipher?

Answer 10

: ROT5 means each letter in the plaintext is shifted by 5 positions down the alphabet.

Question 11

What is cryptanalysis?

Answer 11

Cryptanalysis is the process of breaking encrypted codes.

Question 12

What is the Vigenère cipher?

Answer 12

The Vigenère cipher is a method that uses a key to apply multiple Caesar ciphers to plaintext, making it more secure.

Question 13

How does the Vigenère cipher work?

Answer 13

It uses a key to determine the shift value for each letter in the plaintext, creating a more complex encryption.

Question 14

What are the two essential components of any encryption algorithm?

Answer 14

An algorithm and a key.

Question 15

What is exclusive OR (XOR) in binary encryption?

Answer 15

XOR is a binary operation used in some encryption algorithms where each bit of the output is the sum of the corresponding bits in the input, modulo 2.

Question 16

What is Kerckhoffs’s principle?

Answer 16

Kerckhoffs’s principle states that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

Question 17

Why is it important that encryption algorithms are open standards?

Answer 17

Open standards allow everyone to test and verify the security of the encryption, ensuring it is robust and not easily broken.

Question 18

What are the three components of the CIA of security?

Answer 18

Confidentiality, Integrity, and Availability.

Question 19

How is confidentiality typically achieved in security?

Answer 19

Through encryption, using methods like symmetric or asymmetric encryption, and block or stream ciphers.

Question 20

What does integrity ensure in terms of data security?

Answer 20

Integrity ensures that the data has not been altered between the time it was created and the time it is accessed.

Question 21

What is a hash function in cryptography?

Answer 21

: A hash function is a mathematical function that takes an input (or message) and returns a fixed-size string of bytes, which appears random.

Question 22

What is a message digest?

Answer 22

A message digest is the fixed-length output (or hash value) of a hash function, representing the input data.

Question 23

What happens to a hash value if even a small change is made to the input?

Answer 23

The hash value will be completely different if even a small change is made to the input.

Question 24

Why are hash functions important for verifying data integrity?

Answer 24

Hash functions allow users to verify that data has not been altered by comparing hash values before and after transmission or storage.

Question 25

What is MD5?

Answer 25

MD5 (Message Digest version 5) is an older hash function that produces a 128-bit hash value, created by Ron Rivest.

Question 26

What is the main issue with MD5 and SHA-1 hash functions?

Answer 26

Both MD5 and SHA-1 are prone to collisions, where two different inputs produce the same hash value.

Question 27

What is SHA-2 and why is it important?

Answer 27

SHA-2 (Secure Hash Algorithm 2) is a family of hash functions that produce hash values of different lengths, like SHA-256 and SHA-512, and are much less prone to collisions.

Question 28

What is RIPEMD?

Answer 28

RIPEMD (RACE Integrity Primitives Evaluation Message Digest) is a family of hash functions that produce hash values of different lengths, like 128, 160, 256, and 320 bits, and is an open standard.

Question 29

How are hashes used in password storage?

Answer 29

Passwords are often stored as hash values on a system’s hard drive, rather than in plain text, to protect the actual passwords.

Question 30

How do hashes contribute to web page security?

Answer 30

Hashes are used in combination with asymmetric and symmetric encryption to protect data on encrypted web pages.

Question 31

What is the significance of a hash function producing a fixed-size output?

Answer 31

A fixed-size output ensures that the hash value is always the same length, regardless of the size of the input, which is important for consistency and security.

Question 32

What is the purpose of using hashes in downloading patches or updates?

Answer 32

Hashes ensure that the patch or update has not been tampered with during transmission, by allowing the recipient to verify the hash value against the original.

Question 33

What is a collision in hash functions?

Answer 33

A collision occurs when two different inputs produce the same hash value, which can compromise the integrity of the hash function.

Question 34

What is cryptanalysis?

Answer 34

Cryptanalysis is the study and practice of breaking cryptographic algorithms to access protected data.

Question 35

Why is it difficult to attack modern encryption algorithms like AES directly

Answer 35

Modern encryption algorithms like AES are carefully developed, publicly understood, and constantly tested for weaknesses, making them very difficult to crack.

Question 36

What is one strategy for successfully attacking an encryption system?

Answer 36

One strategy is to trick someone into using a weaker encryption algorithm instead of a stronger one, making it easier to crack the system.

Question 37

What is an example of a weak encryption algorithm that can be easier to crack?

Answer 37

Arc4 used in the WEP (Wired Equivalent Privacy) protocol is an example of a weak encryption algorithm that can be easier to crack.

Question 38

What is the significance of implementation in cryptographic attacks?

Answer 38

Poor implementation of an encryption algorithm can create weak spots that attackers can exploit, even if the algorithm itself is strong.

Question 39

What was the main issue with the WEP encryption protocol?

Answer 39

The main issue with WEP was its short key lengths and poor implementation of Arc4, which made it vulnerable to attacks.

Question 40

What percentage of wireless networks are estimated to still use WEP?

Answer 40

Approximately 5 to 8% of wireless networks are estimated to still use WEP.

Question 41

What is one way attackers can compromise encrypted data by targeting keys?

Answer 41

Attackers can use brute force attacks or other methods to discover encryption keys, giving them access to the encrypted data.

Question 42

What is the difference between a password and a key in encryption?

Answer 42

A password is often transformed into a key through processes like stretching and adding salts to make it suitable for encryption.

Question 43

What are the three main areas of focus when conducting cryptographic attacks?

Answer 43

The three main areas of focus are attacking the algorithm, attacking the implementation, and attacking the key.

Question 44

Where are passwords typically stored on a system?

Answer 44

Passwords are stored as hashes in a secure location, such as a list or database on the system.

Question 45

What is the process for verifying a password during login?

Answer 45

The system hashes the entered password and compares it to the stored hash. If they match, the user is authenticated.

Question 46

What is a brute force attack?

Answer 46

A brute force attack involves trying all possible combinations of characters to guess a password.

Question 47

What is a dictionary attack?

Answer 47

A dictionary attack uses a precompiled list of human words and common passwords to guess a password.

Question 48

What is a pre-hashed dictionary table?

Answer 48

A pre-hashed dictionary table includes both the original words and their corresponding hash values to speed up the cracking process.

Question 49

What is a rainbow table?

Answer 49

A rainbow table is a precomputed table of hash values that uses advanced math (reduction functions) to make it more efficient for searching hashes.

Question 50

How do attackers typically obtain password hashes for cracking?

Answer 50

Attackers may use bootable disks or other methods to access and copy the list of usernames and password hashes from a system for offline attacks.

Question 51

What is salting in password security?

Answer 51

Salting involves adding a random value to a password before hashing it to make precomputed attacks, like those using rainbow tables, more difficult.

Question 52

How does salting protect against rainbow table attacks?

Answer 52

Salting changes the hash value of the password, requiring attackers to regenerate the rainbow table for each unique salt value.

Question 53

What is key stretching?

Answer 53

Key stretching involves using algorithms to repeatedly hash a password and other inputs to make it more resistant to brute force attacks.

Question 54

What is an example of key stretching in wireless networks?

Answer 54

An example is the Password-Based Key Derivation Function 2 (PBKDF2) used in WPA encryption, which hashes the password multiple times with the SSID.

Question 55

What are the main types of password attacks to be aware of for exams?

Answer 55

The main types are brute force attacks, dictionary attacks, and rainbow table attacks.

Question 56

How do salting and key stretching improve password security?

Answer 56

Salting adds unique values to passwords before hashing, while key stretching increases the computational effort needed to crack passwords.

Question 57

Why are human words commonly used in passwords?

Answer 57

Human words are easier to remember, making them a frequent choice for passwords despite being more vulnerable to dictionary attacks.