Chapter 3 - Cryptography Only

Question 1

Cryptology

Answer 1

Science of secure communications. Encompasses both cryptography and cryptoanalysis

Question 2

Cryptoanalysis

Answer 2

Science of breaking encrypted messages

Question 3

Cryptography

Answer 3

Creates messages whose meaning is hidden

Question 4

Permutation

Answer 4

Another word for Transposition. Provides diffusion by rearranging the characters of the plaintext, anagram-style.

Question 5

Work Factor

Answer 5

Describes how much effort it takes to break encryption

Question 6

Good Encryption

Answer 6

Not based on secret formulas but on good math.

Question 7

Monoalphabetic cipher

Answer 7

uses one alphabet: a specific letter is substituted for another. Susceptible to frequency analysis.

Question 8

Polyalphabetic cipher

Answer 8

uses multiple alphabets, a specific letter maybe used in one round and another the next round – addresses frequency analysis

Question 9

Modular Math

Answer 9

Modular math lies behind much of cryptography: simply put, modular math shows you what remains (the remainder) after division. It is sometimes called clock math because we use it to tell time: assuming 12 hour clock, 6 hours past 9:00pm is 3:00am. In other words, 9:6 is 15, divided 12 leaves remainder 3.

Question 10

XOr

Answer 10

Combining a key with plaintext via XOR creates a ciphertext. XOR-ing the same key to the ciphertext restores the original plaintext.

Rules: If two bits are different the answer is “1.” If two bits are the same the answer is “0.”

Question 11

Data at rest and Data in motion

Answer 11

Cryptography is able to protect data at rest and data in motion. Full disk encryption can protect data at rest and SSL or IPSEC VPN can protect data in motion.

Question 12

Protocol Governance

Answer 12

Describes the process of selecting the right method (cipher) and implementation for the right job, typically at an organization-wide scale.

Question 13

Egyptian Hieroglyphics

Answer 13

Hieroglyphics are stylized pictorial writing used in ancient Egypt.

Question 14

Spartan Scytale

Answer 14

The Scytale was used in ancient Sparta around 400BC. A strip of parchment was wrapped around a rod. The plaintext was encrypted by writing lengthwise down the rod. The message was then unwound and sent. When unwound the words appeared as a meaningless jumble. The receiver possessing a rod of the same diameter, wrapped the parchment across the rod, reassembling the message.

Question 15

Caeser Cipher and other rotational ciphers

Answer 15

The Ceasar cipher is am monoalphabetic rotation Cipher. Caeser rotated each letter of the plaintext forward three times to encrypt. Another common rotation cipher is rot-13, move the letter forward 13 times to encrypt.

Question 16

Vigenere Cipher

Answer 16

The Vignere Cipher is a polyalphabetic Cipher. A matrix is formed with the alphabet and lookups are done with the key (repeated up to the length of the plaintext) to form the cipher text.

Question 17

Cipher Disk

Answer 17

Cipher disks have two concentric disks, each with a alphabet around the periphery. They allow both monoalphabetic and polyalphabetic encryption. For monoalphabetic encryption two parties agree on a fixed starting offset and then turn the wheel once every X characters. For polyalphabetic encryption, do the same as before but turn where once every X characters and then turn the inner disk 1 character to the right after every 10 characters

Question 18

Jefferson Disks

Answer 18

Invention of Thomas Jefferson. It is also known has “Wheel Cipher”. The device contains 36 wooden disks in which each disk has random characters of the 26 characters of the alphabet printed along each disk in random order. The other party must posses the identical set of disks.

Order the disks into saying something, then pass the jumbled line to the other person. To decrypt they make the same jumble and then look for lines that make sense.

Question 19

Book Cipher

Answer 19

A book cipher uses whole words from a well-known text such as a dictionary. To encode, agree on a text source and note the page number, line and word offset of each word you would like to encode.

Looks something like . . . . As 12.4.5 I am 12.8.17, which translates to “As vengeance I am god!” 12 is the page, 4 is the row, 5 is 5 words from the left, etc.

Question 20

Running-key cipher

Answer 20

Running-key ciphers also use well-known texts as the basis for their keys: instead of using whole words, they use modulus math to “add” letters to each other.

Find a picture of this, pretty cool.

Question 21

Codebooks

Answer 21

Codebooks assign a code for important people, locations, and terms. Each word in the code-book has two codenames, Ex. the President was “Adam” or “Asia”, the secretary of state was “Abel” or “Austria”

Question 22

One-time Pad

Answer 22

A one-time pad uses identical paired pads of random characters, with a set amount of characters per page. Assume a pair of identical 100 page one time pads with 1000 random characters per page. Once created and securely distributed, to communicate use modular addition to encrypt and modular subtraction to decrypt. Discard page of pad once used. This is mathematically proven to be secure as long as pads are kept secure, and pages are never reused.

Question 23

Vernam Cipher

Answer 23

Named after Gilbert Vernam, created a teletypewriter capable of encypting and decrypting using paper rolls containing the encryption key (One time pad). The Vernam Cipher used bits, the one time pad bits were XORed to the plaintext bits.

Question 24

Hebern Machines and Purple

Answer 24

Hebern machines are a class of cryptograhic devices known as rotor machines named after Edward Hebern. They look like manual typewriters with electrified rotors.

Question 25

Enigma

Answer 25

Used by the Axis German powers during WWII. There were 3 finger wheels which could be set to any number from 1-26 which is to be used as key.

Question 26

Sigaba

Answer 26

The sigaba was a rotor machine used by the US in WWII. Due to it’s large size it had limited field use.

Question 27

Purple

Answer 27

Purple was the allied name for the encryption device used by the Japanese Axis powers in WWII. It is described as a rotor machine but actually a stepping-switch which encrypted plaintext by adding code words.

Question 28

Cryptography Laws

Answer 28

Intelligence derived from cryptoanalysis was arguably as powerful as any bomb. This leads to attempts to control cryptography through the same laws used to control bombs: munition laws.

Question 29

COCOM

Answer 29

Coordinating Committee for Multilateral Export Controls designed to control export of critical technologies (including cryptography) to “Iron Curtain” countries during the code war. US, Japan, EU, Australia, Turkey and rest of non-soviet countries were members during 1947-1994

Question 30

Wassenaar Arrangement

Answer 30

Created in 1996 after COCOM ended. Includes former soviet union countries and laxed many of the restrictions on exporting cryptography.

Question 31

Symmetric Encryption

Answer 31

Aka Secret key encryption uses one key to encrypt and decrypt. The key must be kept secret and often shared using out of band method.

Strengths: Speed and Cryptographic strength per bit of key.
Weakness: Key must be kept secure and shared before two parties can communicate.

Question 32

Stream Cipher

Answer 32

Each bit is independently encrypted in a “stream”

Question 33

Block mode

Answer 33

encrypt blocks of data each round: 64bits for DES, 128bits for AES. To emulate stream block size can be set to 1 bit.

Question 34

Initialization Vector

Answer 34

Ensure first encrypted block of data is random so identical plaintexts ecnrypt to different cipher texts

Question 35

Chaining

Answer 35

Uses feedback from previous cipher block to seed next block to be encrypted. This destroys patterns in resulting ciphertext

Question 36

DES

Answer 36

DES is the data encryption standard, which describes the Data Encryption Algorithm (DEA). Designed in the US to in 1976 to address standardization. Its a symmetric cipher that uses a 64bit block size (encrypts 64 bit each round) and a 56 bit key.

*Susceptible to brute force key attack due to advent of faster CPUs.

Question 37

Modes of DES

Answer 37

Electronic Code Book (ECB) 
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
Counter Mode (CTR)

Question 38

Electronic Code Book (ECB)

Answer 38

Earliest mode (hence – code book WWII), simplest and weakest, no vector, no chaining

• Should not be used anymore

Question 39

Cipher Block Chaining (CBC)

Answer 39

XORs previous encrypted block of cipher text to next block and users initialization vector, encryption errors can propagate destroying integrity

Question 40

Cipher Feedback (CFB)

Answer 40

Same as CBC but stream mode

Question 41

Output Feedback (OFB)

Answer 41

uses previous cipher text as feedback uses subkey before it is XORed to plaintext, not affected by encryption errors and will not propagate

Question 42

Counter Mode (CTR)

Answer 42

Latest, similar to OFB but uses a counter, can be parallelized

Question 43

3DES

Answer 43

Applies single DES three times per block. Formally called Triple Data Encryption Algorithm. Slow and complex compared to newer algorithms like AES and Twofish.

Question 44

Triple DES Encryption Order and Keying Options

Answer 44

1TDES EDE – Encrypt, Decrypt, Encrypt with 1 key – results in same cipher text as DES for backwards compatibility
2TDES EDE – Encrypt with key 1, Decrypt with key 2 (same as encrypt), and Encrypt with key 1 – results in 112bit key strength – used with legacy hardware with limited memory
3TDES EDE – Encrypt with key 1, Decrypte with key 2, Encrypt with key 3, results with 168bit key strength, effective strength is 112bit due to MiTM attack

Question 45

International Data Encryption Algorithm (IDEA)

Answer 45

International replacement to DES using 128bit key and 64bit block size. Drawbacks are patent encumbrance and slow speed compared to AES.

Question 46

Advanced Encryption Standard (AES)

Answer 46

Current US standard symmetric block cipher using 128bit (10 rounds), 192bit (12 rounds), 256bit (14 rounds) keys and 128bit blocks of data. It is open and free to use

Question 47

Choosing AES

Answer 47

NIST sought input from the public for DES replacement in 1997 that would be faster and more secure. The five finalists were; MARS, RC6, Rijndael, Serpent and two fish. Rijndeal was chosen and became the AES standard due to best combination of security, performance, efficiency, and flexibility.

Question 48

AES Functions

Answer 48

ShiftRows – Provides diffusion by shifting rows of the state. It treats each row like a row of blocks, sifhting each a different amount

MixColumns – Provides diffusion by mixing the columns of the state via finite field mathematics

SubBytes – Provides confusion by subsituting the bytes of a state

AddRoundkey – is the final function applied in each round. It XORs the state with the subkey. The subkey is derived from the key and is different for each round of AES

Question 49

Blowfish and Twofish

Answer 49

Blowfish – Uses 32 through 448bit (default 128bit) keys and 64bit blocks
Twofish – Uses 128 through 256 bit keys and 128bit blocks
Both are free and unpatented and AES finalists

Question 50

RC5 and RC6

Answer 50

RC5 – Key size range from 0 – 2040bit and 32,64, or 128 bit blocks
RC6 – Key size 128,192 or 256 bit key, and encrypte 128 bit blocks – based on RC5 and AES finalist

Question 51

Asymmetric Algorithm

Answer 51

Solves the challenge of pre-shared keys, the asymmetric encryption (aka public key encryption) uses two keys; you encrypt with one and decrypt with other. One key is made public. Whoever that wants to communicate with you will download and use the public key to encrypt

Question 52

Asymmetric Methods

Answer 52

Factoring Prime Numbers – Basis of the RSA algorithm , An example of one-way function (easy to computer one way but not the other). Factoring large composite number is so difficult that the composite number can be safely publicly posted (public key). The primes that are multiplied (which is easy) to create the public key must be kept private (private key)

Question 53

Discrete Logarithm

Answer 53

Discrete logarithm – Computing logorithms to groups is hard to solve, thus forms the basis to Diffie-Helman and ElGamal asymmetric algorithms

Question 54

Diffie-Hellman Key Agreement Protocol

Answer 54

Allows two parties to securely agree on a symmetric key via public channel such as internet with no prior key exchange.

Question 55

Elliptic Curve Cryptography

Answer 55

ECC uses one way function that uses discrete logarithms applied to elliptic curves. This is harder than discrete logorithms and are much more secure and stronger per bit. ECC requires less computational resources due to shorter keys and are used in low power devices due to this reason.

Question 56

Asymmetric and Symmetric Tradeoffs

Answer 56

Asymmetric algorithms are slower, and weaker per bit length compared to symmetric. Both encryption algorithms are used together, ie Asymmetric such as RSA is used to exchange secret keys and the symmetric key (session key) is used to create a session used to encrypt the subsequent data, leveraging the best of both worlds.

Question 57

Hash Functions

Answer 57

Hash functions provides encryption using an algorithm with no key (aka one-way hash). There is no way to reverse the encryption. The primary use case is for integrity checks. MD5(128bit) and SHA1(160bit) are older and have weaknesses. Recommendation is use SHA-2

Question 58

Collisions

Answer 58

Hashes are not unique and different plaintext can result in the same hash.

Question 59

MD5

Answer 59

Created by Ronald Rivest. MD5 creates a 128bit hash however, has been discovered where collisions can be found in a practical amount of time.

Question 60

Secure Hash Algorithm

Answer 60

SHA1 was announced in 1993 as FIPS 180 standards, however it is now considered weak due to poor collission avoidance. SHA2 was announced in 2001. It includes SHA-224, SHA256, SHA-384 and SHA-512 with the differing hash values. In 2015 SHA-3 has been finalized