Chapter 6 Cryptography and Symmetric Key Algorithms Flashcards

1
Q

What is key space?

A

Every algorithm has one. It is the range of values that are valid for use as a key for a specific algorithm. Defined by the bit size, which is the number of binary bits in the key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Kerchoff’s principle?

A

A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is cryptography, cryptoanalysis, and cryptology?

A

Cryptography is the art of creating and implementing secret codes and ciphers.

Cryptoanalysis is he study of methods to defeat codes and ciphers.

Cryptology is cryptography and cryptanalysis together.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a noonce?

A

A random number that acts as a placeholder in math functions. When the function is executed, the nonce is replaced with a random number. Must be a unique number each time. This is used in the initialization vector, a random bit string that is the same length as the block size.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Zero Knowledge proof?

A

Prove your knowledge of a fact to a third party without revealing the fact itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is split knowledge?

A

Information necessary to perform an operation is divided. Key escrow–might need multiple agents to be able to pull a key out of escrow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the work function?

A

Usually represents the time and effort necessary to conduct a brute force attack against an encryption system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is M of N?

A

Minimum number of agents out of total number of agents required to perform a task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are codes vs ciphers?

A

Codes are cryptographic systems of symbols that represent words or phrases. Example of 10-4 representing “I received your communication and understand it.” Can be secret but does not have to be.

Ciphers are always meant to hide the true meaning of the message. They convert from plaintext to cipher text on a bit, character, or block basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are transposition ciphers?

A

Rearrange the letters of a plaintext message.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are substitution ciphers?

A

Replace each character or bit of the plaintext message with a different character.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the Caesar cipher?

A

Shifted each letter of the alphabet three letters to the right. Aka ROT3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the requirements of a one-time pad?

A

Must be randomly generated.

Must be physically protected against disclosure

Must be used only once.

The key must be at least as long as the message to be encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a running key cipher?

A

AKA a book cipher. The encryption key is as long as the message itself and chosen from a book, newspaper, etc. Advantage is you don’t have to exchange one-time pads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between confusion and diffusion?

A

Confusion occurs when the relationship between the plaintext and the key is so complicated that an attacker can’t continue altering the plaintext and analyzing the results to determine the key.

Diffusion occurs when a change in the plaintext results in multiple changes in the cipher text. Example: first do substitution and then do transposition. The substitution introduces confusion and the transposition adds diffusion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How many keys do you need for symmetric key system?

A

n(n-1) divided by 2.

17
Q

What is Electric Code Book Mode?

A

Simplest mode to understand and least secure. Each time it processes a 64-bit block, it will encrypt it with a chosen secret. That means that that if encounters the same block, it will produce the same ciphertext. Currently impractical for anything but small data, such as keys and parameters used to initiate other communications.

18
Q

What is Cipher Block Chaining Mode?

A

Each block of unencrypted text is XORed with the block of ciphertext before it before it is encrypted. Uses an IV with the first block. The IV must be sent to the recipient; for example, you could send in plain form or used ECB. If one block is corrupted, everything after is is corrupted.

19
Q

What is Ciper Feedback Mode?

A

CFB. Streaming version of CBC. Instead of breaking a message into blocks, it uses memory buffers of the same size. When the buffer becomes full, it is encrypted and sent to the recipients.

20
Q

What is Output Feedback Mode?

A

Similar to CFB, but instead of XORing an encrypted version of the previous block, it XORs the plaintext with a seed value. For the first block, it uses an IV; future seed values run an algorithm on the previous seed value. Avoids the same corruption problems.

21
Q

What is Counter Mode?

A

CTR. Uses a stream cipher, but instead of using the previous value, it ues a simple counter that increments for each operation. Well suited for parallel computing.

22
Q

What is Galois/Counter Mode?

A

GCM. Takes CTR and adds data authenticity through authentication tags.

23
Q

What is Counter with Cipher Block Chaining Message Authentication Code Mode?

A

Combines CTR for confidentiality with CBC-Message Authentication Code for authenticity. CCM is only used for block ciphers with a 128-bit block. Requires a nonce that changes with each transmission.

GCM and CCM are known as authenticated models of encryption. Other ones called unauthenticated encryption.

24
Q

Describe DES.

A

64-bit cipher that had five modes of operation: ECB, CBC, CFB, OFB, and CTR. All of the modes operated on 64 bits of of plaintext at a time. Key was 56 bits. Used 16 rounds of XOR for each encryption operation.

25
Q

Describe Triple DES.

A

Uses the same algorithm. Several different variants. DES-EDE3 and EEE-3 us three independent keys. E=encryption and D=decryption. EDE3 encrypts the data with K1, decrypts with K2, and encrypts with K3. EEE3 encrypts with all three keys in sequential order. Effective strength is 112 bits. Only EEE3 is considered secure, but only through 2023.

26
Q

Describe the International Data Encryption Algorithm.

A

IDEA block cipher was developed in response to problems with DES. Still used 64-bit blocks. Begins operation with 128-bit key. It is broken up into 52 16-bit keys. The subkeys use XOR and modulus operations to produce the ciphertext. Same 5 modes as DES. Used in PGP.

27
Q

Describe Blowfish.

A

Also 64-bit blocks. Variable length keys from 32 bits to 448 bits. Faster than both IDEA and DES. Was released for public use. Often used for SSH.

28
Q

Describe Skipjack.

A

Approved for USG use. 64-bit blocks. Uses an 80-bit key.. Also supports the escrow of encryption keys. NIST and Treasury hold a portion of the information required to reconstruct a key. Was to be used in Clipper and Capstone chips. Not embraced because people did not trust the USG.

29
Q

Describe Rivest Ciphers.

A

RC4–developed in 1987. Single round of encryption, variable length keys between 40 and 2048 bits. Used in WEP, WPA, SSL and, TLS. Not considered secure today. Stream cipher.

RC5–Block cipher. Either 32, 64, or 128 bitts at a time. Key size between 0 and 2040. Not considered secure.

RC6–Block cipher. 128-bit blocks, 128/192/256 bit keys. Candidate for AES but not selected.

30
Q

Describe AES.

A

AES uses 128/192/256 bit keys. AES specifies 128-bit blocks, but Rijndael can handle a block size equal to the key length. 10 rounds for 128-bit keys, 12 rounds for 192 bit, 14 rounds for 256 bit keys.

31
Q

Describe CAST.

A

CAST 128 uses either 12 or 16 rounds with a key between 40 and 128 bits on 64-bit blocks.

CAST 256 uses 48 rounds of encryption with 128/160/192/224/256 bit keys on 128 bit blocks.

32
Q

Describe Twofish.

A

128 bit blocks, up to 256 bit keys. Used prewhitening (XOR the plaintext with a separate subkey before the first round of encryption) and postwhitening (similar operation after the 16th round).