Chapter 6 - Cryptography And SYmmetric Key Algorithms

Question 1

Modulo function

Answer 1

The module function is just as important to cryptography as the logical operations are. For example, 8 mod 6 = 2

Question 2

Codes vs Ciphers

Answer 2

Codes work on words and phases whereas ciphers work on individual characters and bits.

Question 3

Differences between Caesar cipher, Vigenere cipher, and one-time pad.

Answer 3

The only differences are key length.

The Caesar shift cipher uses a key length one, the Vigenere cipher uses a longer value (usually a word or sentence), and the one-time pad uses a key that is as long as the message itself.

Question 4

DES

Answer 4

DES uses a 54-bit key to drive the encryption and decryption process.

However, the DES specification calls for a 64-bit key. The remaining 8 bits are supposed to contain parity information to ensure that the other 56 bits are accurate.

Question 5

Counter mode (CTR) of DES

Answer 5

CTR mode allows you to break an encryption or decryption operation into multiple independent steps. This makes CTR mode well suited for use in parallel computing.

Question 6

RC5

Answer 6

Rivest Cipher 5, or RC5, is a symmetric algorithm patented by Rivest, Shamir, and Adleman (RSA) Data Security. RC5 is a block cipher of variable block sizes (32, 64, or 128 bits) that uses key sizes between 0 length and 2,040 bits.

Question 7

S-RPC

Answer 7

Secure RPC (S-RPC) employs Diffie-Hellman for key exchange.

Question 8

Which type of crypto system can provide nonrepudiation?

Answer 8

Nonrepudiation provides the assurance to the recipient that the message was originated by the sender and not someone masquerading as the sender.

Secret key, or symmetric key, cryptosystems do not provide this guarantee. If Jim and Bob participate in a secret system communication system, they can both produce the same encrypted message using their shared secret key.

Question 9

Definition of M of N Control

Answer 9

If only a single key escrow recovery agent exists, there is opportunity for fraud and abuse of this privilege.

M of N Control requires that a minimum number of agents (m) out of the total number of agents (n) work together to perform high-security tasks.

Question 10

Major advantage of OFB (Output Feedback Mode)

Answer 10

In OFB mode, DES XORs the plain text with a seed value. For the first encrypted block, an initialization vector is used to create the seed value. The major advantage of OFB mode are there is no chaining function and transmission error do not propagate to affect the decryption of future blocks.

Question 11

One-Way Functions

Answer 11

A one-way function is a mathematical operation that easily produces output values for each possible combinations of input but makes it impossible to retrieve the input values. It rely on the difficulty of factoring the product of large prime numbers.

Question 12

Advanced Encryption Standard block sizes and key strength sizes

Answer 12

AES only allows the processing of 128-bit blocks.

But AES cipher allows the use of three strengths: 128 bits, 192 bits, and 246 bits.

Question 13

Running Key Ciphers

Answer 13

Running key cipher, the encryption key is as long as the message itself and is often chosen from a common book.

Question 14

Twofish Algorithm

Answer 14

The Twofish algorithm developed by Bruce Schneier was another one of the AES finalists.

Twofish uses two techniques not found in other algorithms:

• Prewhiting involves XORing the pain text with a separate subkey before the first round of encryption.
• Postwhitening uses a similar operation after the 16th round of encryption.

Question 15

The Data Encryption Standard (DES) encryption algorithm characteristics?

Answer 15

DES works with 64 bit blocks of text using a 64 bit key (with 8 bits used for parity, so the effective key length is 56 bits).

Some people are getting the Key Size and the Block Size mixed up.

The block size is usually a specific length. For example DES uses block size of 64 bits which results in 64 bits of encrypted data for each block. AES uses a block size of 128 bits, the block size on AES can only be 128 as per the published standard FIPS-197.

Question 16

PGP uses which of the following to encrypt data?

Answer 16

Notice that the question specifically asks what PGP uses to encrypt. For this, PGP uses a symmetric key algorithm. PGP then uses an asymmetric key algorithm to encrypt the session key and then sends it securely to the receiver. It is a hybrid system where both types of ciphers are being used for different purposes.

Whenever a question talks about the bulk of the data to be sent, Symmetric is always best to choice to use because of the inherent speed within Symmetric Ciphers. Asymmetric ciphers are 100 to 1000 times slower than Symmetric Ciphers.

Question 17

Which public key algorithm does both encryption and digital signature?

Answer 17

RSA can be used for encryption, key exchange, and digital signatures.

Question 18

What can be defined as an instance of two different keys generating the same ciphertext from the same plaintext?

Answer 18

Key clustering happens when a plaintext message generates identical ciphertext messages using the same transformation algorithm, but with different keys.

Also means one key is used to encrypt two different messages and they both end up with the same cipher text.

Question 19

Rijandel block length and key length

Answer 19

Rijndael and AES differ only in the range of supported values for the block length and cipher key length.

For Rijndael, the block length and the key length can be independently specified to any multiple of 32 bits, with a minimum of 128 bits, and a maximum of 256 bits.

AES fixes the block length to 128 bits, and supports key lengths of 128, 192 or 256 bits only.

Question 20

Cryptography does NOT help in which area?

Answer 20

Cryptography is a detective control in the fact that it allows the detection of fraudulent insertion, deletion or modification.

It also is a preventive control is the fact that it prevents disclosure, but it usually does NOT offers any means of detecting disclosure.

Question 21

Confusion

Answer 21

In the Block Cipher method called Confusion, the relationship between the plaintext and key are so complicated that the attacker can’t alter the plaintext in an attempt to determine the key used to encrypt the plaintext.

Question 22

Differences between confusion and diffusion.

Answer 22

A strong cipher contains the right level of two main attributes: confusion and diffusion. Confusion is commonly carried out through substitution, while diffusion is carried out by using transposition. For a cipher to be considered strong, it must contain both of these attributes to ensure that reverse-engineering is basically impossible. The randomness of the key values and the complexity of the mathematical functions dictate the level of confusion and diffusion involved.

Question 23

What is FIPS-140 standard used for?

Answer 23

Hardware and software cryptographic modules

The 140 series of Federal Information Processing Standards (FIPS) are U.S. government computer security standards that specify requirements for cryptography modules.

As of December 2006, the current version of the standard is FIPS 140-2, issued on 25 May 2001.

Question 24

Block ciphers

Answer 24

Block ciphers do not use public cryptography (private and public keys).

Block ciphers is a type of symmetric-key encryption algorithm that transforms a fixed-size block of plaintext (unencrypted text) data into a block of ciphertext (encrypted text) data of the same length. They are appropriate for software implementations and can operate internally as a stream. See more info below about DES in Output Feedback Mode (OFB), which makes use internally of a stream cipher.

Question 25

Running Cipher

Answer 25

In classical cryptography, the running key cipher is a type of polyalphabetic substitution cipher in which a text, typically from a book, is used to provide a very long keystream. Usually, the book to be used would be agreed ahead of time, while the passage to be used would be chosen randomly for each message and secretly indicated somewhere in the message.

Question 26

Diffie-Hellman

Answer 26

The Diffie-Hellman key agreement protocol (also called exponential key agreement) was developed by Diffie and Hellman [DH76] in 1976 and published in the ground-breaking paper “New Directions in Cryptography.” The protocol allows two users to exchange a secret key over an insecure medium without any prior secrets.

Question 27

Stream Cipher

Answer 27

stream cipher generates what is called a keystream
A stream cipher is a type of symmetric encryption algorithm that operates on continuous streams of plain text and is appropriate for hardware-based encryption.
Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher. A stream cipher generates what is called a keystream (a sequence of bits used as a key).
Stream ciphers can be viewed as approximating the action of a proven unbreakable cipher, the one-time pad (OTP), sometimes known as the Vernam cipher. A one-time pad uses a keystream of completely random digits. The keystream is combined with the plaintext digits one at a time to form the ciphertext. This system was proved to be secure by Claude Shannon in 1949. However, the keystream must be (at least) the same length as the plaintext, and generated completely at random. This makes the system very cumbersome to implement in practice, and as a result the one-time pad has not been widely used, except for the most critical applications.
A stream cipher makes use of a much smaller and more convenient key — 128 bits, for example. Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad. However, this comes at a cost: because the keystream is now pseudorandom, and not truly random, the proof of security associated with the one-time pad no longer holds: it is quite possible for a stream cipher to be completely insecure if it is not implemented properly as we have seen with the Wired Equivalent Privacy (WEP) protocol.
Encryption is accomplished by combining the keystream with the plaintext, usually with the bitwise XOR operation.

Question 28

Modes of DES Summary

Answer 28

Pg 144 Eric book

Question 29

Zero Knowledge Proof

Answer 29

Someone tells you something without telling you more information than you need to know. In cryptography it means that you have a specific key without sharing the key or showing it to anyone.

Question 30

What kind of Encryption technology does SSL utilize?

Answer 30

Hybrid

SSL use public-key cryptography to secure session key, while the session key (secret key) is used to secure the whole session taking place between both parties communicating with each other.

Question 31

Electronic Code Book mode of DES encryption

Answer 31

Electronic Code Book (ECB) is the simplest and weakest form of DES. It uses no initialization vector or chaining. Identical plaintexts with identical keys encrypt to identical ciphertexts. Two plaintexts with partial identical portions (such as the header of a letter) encrypted with the same key will have partial identical ciphertext portions.

Question 32

Entropy

Answer 32

Entropy is a measure of the randomness of data collected by an application or an operating system and used to create a cryptography key. While having a random key is a good start, the key must also remain.

Question 33

Block ciphers perform substitution by using which of the following?

Answer 33

Substitution boxes, or S-boxes, are used within block ciphers. They use lookup table to determine how a block of data is encrypted or decrypted. The key is used to decide which S-box to utilize with each block.

Question 34

A key stream generator is used in what type of cipher?

Answer 34

Stream cipher. Keystream generators are used in stream ciphers to produce a random stream of bits. These bits are XORed to the message, which results in an encrypted message (cipher text). The keystream generator is similar to the one-time pad concept.

Question 35

IDEA

Answer 35

IDEA is a block cipher that uses a 128-bit key. It uses a 64-bit block that is broken down into 16 sunblocks and then sent through eight rounds of permutations.

IDEA was actually thought to be the next DES algorithm but because it was patented and required licensing fees, it was not adopted.

Question 36

Knapsack

Answer 36

Knapsack is an asymmetric algorithm.

Question 37

Least Significant bit (LSB)

Answer 37

LSB is the bit position in a binary integer. The LSB is sometimes referred to as the rightmost bit, due to the convention in positional notation of writing less significant digits further to the right. In the following bits 11111110, the LSB is 0.

Question 38

CBC

Answer 38

Cipher Block Chaining (CBC), chains blocks of messages together so that the encryption process will look different each time. Without CBC, if a message were encrypted and decrypted over and over, patterns will begin to surface. However,CBC attaches previous blocks onto the next current block, which means that the result will always be different.

This is way of adding more randomness to the process of encryption.

Question 39

MD2

Answer 39

128 bit hash value

Question 40

ECB

Answer 40

ELectronic Code Block does not using any chaining. This means that the same plaintext will create the same cipher text every time it is encrypted with the same key. Which means DES is typically used when small amounts of data are encrypted, such as tam and PIN numbers.

Question 41

Concealment Cipher

Answer 41

Concealment ciphers, also called null cipher, disguise messages within the text or body of a message, such as using every other word in a sentence to form a different message.

Question 42

Message authentication code

Answer 42

MAC is the use of a symmetric key and a hashing algorithm. The only party that could properly check the integrity of the message is the one that has the other copy of the symmetric key.

Question 43

Steganography components

Answer 43

The carrier file is a file that has information hidden inside of it.
The stego-medium is the medium in which the information is hidden.
The payload is the information that is to be concealed.

Question 44

Cryptography vs Cryptanalysis vs Cryptology

Answer 44

Cryptography – Study of encrypting messages

Cryptanalysis – Study of decrypting messages

Cryptology – Study of the mathematics behind encryption/decryption

Question 45

Cryptovariable is another name for a key.

Answer 45

N/A

Question 46

Caesar algorithm

Answer 46

In the Caesar algorithm the alphabet serves as the algorithm and the key is the number of locations that are shifted during the encryption and decryption process.

Question 47

Concealment cipher vs steganography

Answer 47

Concealment ciphers disguise messages within the text or body of a message, such as using every other word in a sentence to form a different message.
Steganography hides messages within the slack bits of pictures, music files, etc.