Chapter 6 Flashcards

1
Q

What principle states that a cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

A

Kerckhoff’s Principle/Assumption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What standard defines the hardware and software requirements for cryptographic modules that the federal gov uses?

A

FIPS 140-2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What boolean mathmatics operation has the “^” symbol, where the X and Y values are true only in columns where both X & Y are true.

A

AND

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What boolean operation has the “v” symbol and only returns false when both input values are false.

A

OR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What boolean operation has the “~” and reverses the input values for only one variable at a time?

A

NOT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What boolean operation has the “⊕” and returns a true value when only one of the input values is true.

A

XOR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What mathmatical operation easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values.

A

One-Way Function

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What type of cryptosystem are all based on some type of one-way function?

A

Public Key Cryptosystems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is considered a nonce and is a random number that acts as a placeholder variable in mathematical functions.

A

IV

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What describes a cryptographic key being stored with a third party known as a recovery agent and when certain conditions are met, the recovery agent restores an authorized user’s access or decrypt the material themselves.

A

Key Escrow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What type of attack is a Ceasar cipher vulnerable to?

A

Frequency Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What technique protects against direct frequency analysis but is vulnerable to period analysis.

A

Polyalphabetic Substitution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What attack is an examination of frequency based on the repeated use of the key?

A

Period Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What cipher is as long as the message itself and is often chosen from a common book, newspaper, or magazine?

A

Running Key Cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What describes the change in the plaintext resulting in multiple changes spread throughout the ciphertext?

A

Diffusion

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What type of secret key exist only for a single session and is commonly used by the TLS protocol.

A

Ephemeral Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What are the major weaknesses with symmetric key cryptography?

A

Key distribution is a major problem
Does not implement non-repudiation
Isn’t scalable
Must be generated often

18
Q

How many symmetric keys do you need for communication between 5 participants?

19
Q

How many symmetric keys do you need for communication between 3 participants?

20
Q

How many symmetric keys do you need for communication between 2 participants?

21
Q

How many symmetric keys do you need for communication between 10 participants?

22
Q

How many symmetric keys do you need for communication between 100 participants?

23
Q

How many asymmetric keys do you need for communication between 5 participants?

24
Q

How many asymmetric keys do you need for communication between 10 participants?

25
How many asymmetric keys do you need for communication between 100 participants?
200
26
How many asymmetric keys do you need for communication between 2 participants?
4
27
How many asymmetric keys do you need for communication between 4 participants?
8
28
How many asymmetric keys do you need for communication between 3 participants?
6
29
What cryptographic mode takes the standard CTR mode of encryption and adds data authenticity controls to the mix, providing the recipient assurances of the integrity.
Galois/Counter Mode
30
What cryptographic mode combines a confidentiality mode with a data authenticity process?
CCM
31
What term describes XORing the plaintext with a separate subkey before the first round of encryption?
Prewhitening
32
What are the three main way to securely distribute symmetric keys?
Offline Distribution Public Key Encryption Diffie-Hellman Key Exchange Algorithm
33
What are the issues with distributing symmetric keys offline?
Mail can be Intercepted Telephones can be wiretapped Papers with keys can be thrown in the trash or lost
34
What involves the physical exchange of key material?
Offline Distribution
35
What involves two parties setting up an initial communications link, authenticating each other's identity, and exchanging a secret key over the secure public key link.
Public Key Encryption
36
What key distribution method is very useful when two parties are unable to physically exchange key material and there is no public key infrastructure.
Diffie-Hellman
37
What best practices should you follow with the storage of encryption keys?
Never store an encryption key on the same system where encrypted data resides Give two different individuals half of the key to practice split knowledge
38
What are the two key storing mechanisms you can choose from?
Software-Based Storage Mechanisms Hardware-Based Storage Mechanisms
39
What key storing mechanism store keys as digital objects on the system where they are used?
Software-Based Storage Mechanism
40
What key storing mechanism offers added security, more complex and expensive, and are dedicated hardware devices such as HSMs that manage keys for individuals or organizations.
Hardware-Based Storage Mechanism
41
What key recovery approach do orgs use when a group of individuals of a certain size who has RA privileges and wish to recover an encryption key, a certain number of them must agree to do so.
M of N Control