Chapter 3 - Encryption

Question 1

What is CIA?

Answer 1

Confidentiality, Integrity, and Authentication, in the case of cryptography.

Question 2

What is a cipher?

Answer 2

A cipher is an algorithm that encrypts and decrypts.

Question 3

How can ciphers be public and still be secure?

Answer 3

Ciphers are only part of the actual encryption; a key is what actually allows the content (plaintext) to be read clearly from the ciphertext.

Question 4

What is a substitution cipher?

Answer 4

Pretty simple, where you substitute one letter (or bit) for another in each place.

Question 5

What is a transpostion cipher?

Answer 5

Transposition ciphers are simple as well, where the individual letters or bits are not changed, but change their orders.

Question 6

How are modern ciphers used?

Answer 6

Modern ciphers tend to use both substitution and transposition ciphers, repeatedly in mixed orders with different keys.

Question 7

What’s the difference between a cipher and a code?

Answer 7

A cipher is the way of encoding messages, codes are where one thing is substituted for another thing (STOP = 26733). Generally, it means symbols are used in place of whole words.

Question 8

What is a weakness of a code? How is this avoided?

Answer 8

If a code uses the same substitution for a thing, it becomes easily recognizable. This can be avoided by having multiple things that can be substituted for one plaintext word.

Question 9

How does the length of key bits change the number of possible keys?

Answer 9

The more key bits, the larger the number of possible keys, exponentially.

Question 10

What are the three stages of cryptographic systems?

Answer 10

The three stages of cryptographic systems are:

• The two parties agree upon a system to use.
• Handshaking stages go down.
• Encrypted communication happens.

Question 11

What is a key?

Answer 11

A key is a random string of 40 to 40,000 bits.

Question 12

How do keys affect ciphers?

Answer 12

Any given cipher will produce different ciphertext from the same plaintext, based on the key used.

Question 13

What is Kerckhoff’s Law?

Answer 13

Kerckhoff’s Law states that the secret to secure encryption is to keep keys secret, not the cipher.

Question 14

What is cryptanalysis?

Answer 14

Cryptanalysis is the process of breaking encryption.

Question 15

What is confidentiality?

Answer 15

Confidentiality is when people who intercept messages cannot understand them.

Question 16

What is symmetric key encryption?

Answer 16

Symmetric key deciphering is where a cipher is encrypted and decrypted at both ends with the same key.

Question 17

What is the benefit of symmetric key encryption?

Answer 17

Symmetric key encryption is fast, and takes little in the way of resources, so it is well-suited for small transactions, mobile devices, etc.

Question 18

What is an exhaustive search?

Answer 18

An exhaustive search is an attempt to learn a key by trying all possible keys until the right one is found.

Question 19

How does increasing key length affect the time of an exhaustive search?

Answer 19

Each additional bit in a key doubles the time it takes to find the result.

Question 20

Why is the word symmetric used in symmetric key encryption?

Answer 20

It is called “symmetric” key encryption because each side uses the same key to encrypt and decrypt.

Question 21

When two parties communicate with each other using symmetric key encryption, how many keys are used in total?

Answer 21

Symmetric key encryption uses a total of one key.

Question 22

What type of encryption cipher is almost always used in encryption for confidentiality?

Answer 22

Symmetric encryption is used in all but a tiny fraction of ciphers.

Question 23

What is the best way to thwart exhaustive searches by cryptanalysis?

Answer 23

The best way to thwart exhaustive (brute-force) searches is by increasing the key length of the key.

Question 24

If a key is 43 bits long, how much longer will it take to crack it by exhaustive search if it is extended to 45 bits?

Answer 24

It will take four times as long.

Question 25

If a key is 43 bits long, how much longer will it take to crack by exhaustive search if it is extended to 50 bits?

Answer 25

2^7th times as long.

Question 26

If a key is 40 bits long, how many keys must be tried, on average, to crack it?

Answer 26

2^40 attempts will be necessary (barring luck).

Question 27

How long must a symmetric encryption key be to be considered strong today?

Answer 27

Keys must be at least 100 bits long to be considered strong, and that is growing longer constantly as computers grow stronger.

Question 28

Why is cryptography not an automatic protection?

Answer 28

Cryptography can fail if one of the two parties isn’t vigilant, and cannot keep the key secure.

Question 29

What are the two advantages of RC4?

Answer 29

RC4 is extremely fast, and uses a small amount of RAM. It also can accept a wide array of key lengths.

Question 30

Why is a common RC4 key length 40 bits?

Answer 30

RC4’s most common key length is 40 bits due to national export restrictions held by countries, requiring that encryption to not be so strong as that the nation importing the system couldn’t break it if needed.

Question 31

How long is a DES key? Is this a strong length?

Answer 31

A DES key is actually 56 bits long, with an extra 8 bits of redundant padding, that can be computed provided you know the original 56 bits.This is far too short to be secure today.

Question 32

Describe block encryption with DES.

Answer 32

DES encrypts blocks of 64 bits at a time into blocks of 64 bits of ciphertext.

Question 33

How does 3DES work?

Answer 33

3DES is a very slow, but secure, encryption method. It applies three different DES keys in a row to each block of bits, giving an effective key length of 168 bits (3 * 56).

Question 34

What are the two common effective key lengths in 3DES? Are these lengths strong enough for communication in corporations?

Answer 34

The two common key lengths in 3DES are 168 bits, and 112 bits. It is strong enough for corporate communication, but its dreadfully slow and therefore expensive.

Question 35

What is the big advantage of AES over 3DES?

Answer 35

AES hosts longer key lengths (128 bits, 192 bits, and 256 bits), and takes very little processing power, low enough it can be used on cell phones.

Question 36

What are the three key lengths offered by AES?

Answer 36

128 bits, 192 bits, and 256 bits.

Question 37

What does AES stand for?

Answer 37

Advanced Encryption Standard

Question 38

Which strong symmetric key encryption cipher can be used with mobile devices?

Answer 38

AES can be handled by mobile devices, and is very strong.

Question 39

Which symmetric key encryption cipher will probably dominate symmetric key encryption in the near future?

Answer 39

AES will likely dominate.

Question 40

What is “security through obscurity” and why is the premise flawed?

Answer 40

Security through obscurity refers to the idea that as long as the details of the cipher algorithm are unknown or not well-known, the cipher is secure. The problem is that all it takes is research to destroy it.

Question 41

Distinguish between cryptography and cryptographic systems.

Answer 41

Cryptography is a method of secure communications. Cryptographic systems are packaged sets of cryptographic countermeasures used to protect dialogues (back and forth).

Question 42

Distinguish between cryptographic systems and cryptographic system standards.

Answer 42

Cryptographic systems are sets of cryptographic countermeasures, whereas cryptographic system standards are standard protocols and methods.

Question 43

Why is the first handshaking stage the negotiation of security methods and options?

Answer 43

Negotiation of security methods and options is needed to begin because nearly all cryptographic systems offer multiple methods for communication.

Question 44

What is an impostor?

Answer 44

An impostor is a source of a message that pretends to be an authorized source.

Question 45

What is mutual authentication?

Answer 45

Mutual authentication occurs when both parties in a dialogue authenticate themselves.

Question 46

Why is a secure keying phrase necessary?

Answer 46

A secure keying phase is necessary, because there are a number of keying methods that are vulnerable to key stealing.

Question 47

What three protections do cryptographic systems provide on a message-by-message basis?

Answer 47

Electronic signatures, which allows the receiver to authenticate each message.
Message integrity authentication, which rejects the message if an attacker captures it and alters it.
Encryption, which, well, duh.

Question 48

What is an electronic signature?

Answer 48

An electronic signature is a method by which the receiver can authenticate each message.

Question 49

Distinguish between the handshaking stages and ongoing communication.

Answer 49

Handshaking stages occur at the beginning of a dialogue, and verify the cryptographic system that will be used. Ongoing communication is when messages are actually being exchanged, and message-by-message authentication occurs.

Question 50

In SSL/TSL, what is a cipher suite?

Answer 50

A cipher suite is a specific set of security methods and options for a particular cryptographic system standard.

Question 51

What is quantum key distribution?

Answer 51

Quantum key distribution delivers keys that are the length of the entire message, and is not susceptible to cryptanalysis.

Question 52

What are the two advantages of quantum key distribution?

Answer 52

The first advantage is that the message is not susceptible to cryptanalysis. The second advantage is that if the keying information is intercepted, the act of it being observed alters it, allowing for both parties to know it was intercepted, and discard the key.

Question 53

Why is quantum key cracking a major threat to many traditional cryptographic methods?

Answer 53

Quantum key cracking can attempt to use potentially thousands of keys at once, and is far, far more effective than any method to date.

Question 54

What is the definition of a VPN?

Answer 54

A VPN is a virtual private network, which is created by using a cryptographic system to secure communications over an untrusted network.

Question 55

Why do companies transmit over the internet? Or over untrusted wireless networks?

Answer 55

Using a VPN to transmit over the internet is staggeringly cheaper than attempting to build their own WAN.

Question 56

What are the three types of VPNs? What do they each do?

Answer 56

The three types of VPNs are as follows:
Host-to-Host VPN - Connects a single client to a single server. Things like online banking sites use this.
Remote Access VPN - Connects a single client to a secured internal network.
Site-to-Site VPN - Site-to-site VPN protects traffic flowing between two sites.

Question 57

What does a VPN gateway do for a remote access VPN?

Answer 57

A VPN gateway for a remote access VPN authenticates remote access users.

Question 58

What does a VPN gateway do for a site-to-site VPN?

Answer 58

A VPN gateway for a site-to-site VPN has two roles; the sending gateway encrypts, the receiving gateway encrypts.

Question 59

What is the difference between SSL and TSL?

Answer 59

There isn’t one, SSL was renamed to TSL by the Internet Engineering Task Force.

Question 60

What type of VPN was SSL/TSL designed for?

Answer 60

SSL/TSL was designed for a host-to-host VPN.

Question 61

What has SSL/TSL started to find use for?

Answer 61

SSL/TSL has started to find use as a remote host VPN standard.

Question 62

What layer does SSL/TSL operate on?

Answer 62

SSL/TSL operates on the transport layer.

Question 63

What types of applications can SSL/TSL protect?

Answer 63

SSL/TSL can only protect applications that are written to be SSL/TSL-aware, generally browsers, webservers, and e-mail programs.

Question 64

What are the two commonly used SSL/TSL applications?

Answer 64

The two most commonly used SSL/TSL applications are web browsers and webservers.

Question 65

Why is SSL/TSL popular?

Answer 65

Nearly every computer today has a web browser, which is already prepared to handle SSL/TSL, and it’s nearly completely free.

Question 66

SSL/TLS was created for host-to-host (browser–webserver) communication. What device can turn SSL/TLS into a remote access VPN?

Answer 66

An SSL/TSL gateway is necessary to convert SSL/TSL into a remote access VPN. The remote client’s browser establishes a connection with the gateway, instead of individual hosts within the site.

Question 67

In SSL/TLS remote access VPNs, to what device does the client authenticate itself?

Answer 67

The client authenticates itself to the SSL/TSL gateway, in SSL/TSL remote access VPNs.

Question 68

When a remote client transmits in an SSL/TLS VPN, how far does confidential transmission definitely extend?

Answer 68

When a remote client transmits through an SSL/TSL VPN, confidentiality goes as far as the SSL/TSL gateway, and no further.

Question 69

What three services do SSL/TLS gateways commonly provide?

Answer 69

SSL/TSL gateways commonly provide the following services:
Authentication (using a public key), connections to authorized resources within the site, and security for services within the site/network beyond the gateway.

Question 70

What is webification?

Answer 70

Webification is when a SSL/TSL gateway converts something that most browsers wouldn’t be able to interpret (such as the results of a db query) into a website for viewing.

Question 71

What software does the client need for basic SSL/TLS VPN operation?

Answer 71

For basic SSL/TSL VPN, a client simply needs a web browser. That’s it!

Question 72

For what purposes may the client need additional downloaded software?

Answer 72

Additional software, or plugins, might be needed in order to have transparent access to a subnet, or to provide other services, such as clearing the data that SSL/TSL tends to leave behind on clients.

Question 73

Why installing the additional downloaded software on the browser may be problematic?

Answer 73

Installing additional downloaded software often requires admin credentials on the client machine, which isn’t often the case.

Question 74

At what layer does IPsec operate?

Answer 74

IPsec operates on the internet layer, letting it protect the IP packet and everything within said packet’s data field.

Question 75

What layers does IPsec protect?

Answer 75

IPsec protects the higher layers, and does so “transparently”, that is, there’s no obfuscation. Transport layer protocols and application layer protocols are not even aware of IPsec’s presence.

Question 76

Why is IPsec’s transparent protection attractive compared with SSL/TLS’ nontransparent protection?

Answer 76

The transparency of IPsec’s protection reduces implementation and operating costs, because there’s no obfuscation to work around.

Question 77

What versions of IP can be used with IPsec?

Answer 77

IPv4 and IPv6 can both be used with IPsec.

Question 78

Distinguish between transport and tunnel modes in IPsec in terms of packet protection.

Answer 78

IPsec transport mode is host-to-host security, with each host communicating securely with one another, things becoming encrypted upon transmission. This is very secure, and very expensive. It also renders firewalls useless, as everything is encrypted, and the firewall can’t do its job.
IPsec tunnel mode involves two IPsec gateways, which encrypt and decrypt messages to and from their respective clients, and transmit securely between them and the other gateway. This is far cheaper, allows for the use of firewalls past the gateway, but the internal network is far less secure.