Chapter 6 Flashcards
4 fundamental goals of cryptography
- confidentiality
- integrity
- authentication
- non-repudiation
which goal ensures data remains private?
Confidentiality
Integrity
Authentication
Non-repudiation
Confidentiality
which kind of cryptography uses a shared secret key?
Symmetric
which kind of cryptography uses a combiniation public and private key?
asymmetric
which goal ensures that data is not altered without authorization?
Confidentiality
Integrity
Authentication
Non-Repudiation
Integrity
what do encrypted message digests (digital signatures) enforce?
integrity
which goal verifies the claimed identity of system users?
Confidentiality
Integrity
Authentication
Non-Repudiation
Authentication
What does a challenge-response protocol prove?
Authentication
which goal assures that someone cannot claim they never did something?
Confidentiality
Integrity
Authentication
Non-Repudiation
Non-Repudiation
which cryptosystem ensures nonrepudiation?
asymmetric
what is key space?
the range of values that are valid for use as a key for an algorithm
2^n where n is the bit size of the key
algorithms are made known and public, allowing anyone to examine and test them to ensure that a cryptographic system is secure even if everything about they system except the key is known
Kerckhoff’s principle
which standard defines the hardware and software requirements for cryptographic modules used by the federal government?
FIPS - Federal Information Processing Standard
random number that acts as a placeholder variable
nonce
key escrow
a cryptographic key is stored with a third party (recovery agent) for safekeeping
work function
the amount of time it takes to brute-force an encryption system
how is a code different than a cipher
a cipher is a mathematical function that hides the true meaning of the original message. A code works on words or phrases and can be used to shorten phrases and is not necessarily meant to hide the meaning of the message.
Requirements for successful use of one-time pad
- key must be generated randomly
- key must be at least as long as the message
- pads must be protected against physical disclosure
- each pad must be used only one time
in this cipher, the encryption key is as long as the message and is chosen from a common book, newspaper, or magazine
running key cipher / book cipher
this cipher operates on chunks of a messages
block ciphers
this cipher operates on one character or bit of a message at a time
stream ciphers
key management best practices (3)
store keys securely
select keys using an approach that has as much randomness as possible
destroy keys when they are no longer needed
in what type of cryptography is the same key used to encrypt and decrypt the message?
symmetric
secret key
private key
“S”ymmetric = “S”ame key
4 problems of symmetric key cryptography
- key distribution - how do you share a key securely?
- does not implement non-repudiation
- not scalable - need to have a separate shared key for each person you talk to
- keys must be regenerated often
major strength of symmetric key cryptography
it can be implemented (encryption and decryption) very quickly
which type of cryptography requires two separate (but related) keys to encrypt and decrypt?
Asymmetric
6 strengths of asymmetric key cryptography
- each user only needs a single public and private key
- users are easily removed
- key regeneration is only required when a private key is compromised
- provides integrity, authentication, and nonrepudiation
- key distribution is simple
- no pre-existing link needs to exist for secure data exchange
Which cryptographic mode encrypts 64-bit blocks with a chosen secret key?
Electronic Code Book (ECB)
which cryptographic method uses XOR on each block with the block of ciphertext immediately preceding it before it is encrypted?
CBC - Cipher Block Chaining
as the memory buffer becomes full, it is encrypted; this mode uses and IV and chaining similarly to CBC but uses real-time data
CFB - Cipher Feedback Mode
this mode is similar to CFB, but XORs plaintext with a seed value that is created from the IV
OFB - Output FeedBack mode
stream cipher
uses a counter that increments for each operation
errors do not propogate
CTR - Counter Mode
adds data authenticity controls to CTR mode with authentication tags
GCM - Galois/Counter Mode
combination of CTR with CBC-MAC
used with 128-bit block length and requires use of a nonce for each transmission
CCM - Counter with Cipher Block Chaining Message Authentication Code Mode
authenticated modes of encryption (2)
GCM - Galois/Counter Mode
CCM
unauthenticated modes of encryption
ECB - Electronic Code Book
CBC - Cipher Block Chaining
CFB - Cipher Feedback
OFB - Output Feedback
CTR - Counter
DES block size
64 bits
DES modes
ECB
CBC
CFB
OFB
CTR
DES key length
56 bits
8 bits of a 64 bit key are supposed to be used for parity
DES rounds of encryption
16
4 variants of 3DES
DES-EEE3
DES-EDE1
DES-EEE2
DES-EDE2
block size of IDEA (International Data Encryption Algorithm)
64 bits
starting key size of IDEA
128 bits
size and number of subkeys of IDEA
52 16-bit subkeys
5 modes of IDEA
the unauthenticated modes
ECB, CBC, CFB, OFB, CTR
Blowfish block size
64-bit
this encryption algorithm was released for public use with no license required and created by Bruce Schneier
Blowfish
Skipjack block size
64-bits
Skipjack key size
80 bit
which encryption algorithm supports key escrow?
Skipjack
which cipher was integrated into the WEP, WPA, SSL, and TLS protocols?
RC4
Is RC4 still secure?
No
key sizes of RC4
40 - 2048
is RC4 block or stream?
stream
is RC5 block or stream?
block
block sizes of RC5
32, 64, or 128 bits
key sizes of RC5
0 and 2040
is RC6 block or stream?
block
block size of RC5
128-bit
key size of RC5
128, 192, or 256-bit keys
three key strengths allowed by AES
128, 192, 256-bit
which cipher replaced DES?
Rijndael
AES rounds of encryption for 128-bit keys
10 rounds
AES rounds for 192-bit keys
12 rounds
AES rounds required for 256-bit keys
14 rounds
Which kinds of algorithms use a Feistel network?
CAST
is Twofish block or stream?
block
Twofish block size
128-bits
which algorithm uses the prewhitening and postwhitening techniques?
Twofish
3 methods used to exchange secret keys
offline distribution
public key encryption
diffie-hellman key exchange algorithm
which key storage option stores keys as digital objects on the system where they are used?
software-based key storage
which key storage mechanism is easier to implement?
software-based key storage
which key storage mechanism uses dedicated hardware devices like flash drives or smartcards?
Hardware-based storage
which enterprise device manages keys for an organization?
HSM - Hardware Security Modules
what is the purpose of key escrow systems?
to allow the government to obtain to cryptographic key for a particular communication from a central storage facility
two major approaches to key escrow
fair cryptosystem
escrowed encryption standard
which key escrow approach splits the keys up into two or more pieces, each of which is provided to a different independent third party that the government can retrieve the parts from in order to reconstruct the key
fair crypotsystems
which escrow approach provides the government a technological means to decrypt cipher text?
escrowed encryption standard
