Chapter 7 Flashcards

1
Q

What is the most popular and widely used public key cryptosystem?

A

RSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure communications channels.

A

Diffie-Hellman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What cryptographic algorithm doubles the size of any message that it encrypts?

A

ElGamal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five requirements for a cryptographic hash function?

A

The input can be of any length
The output has a fixed length
The hash function is east to compute for any input
Has one-way functionality
Collision resistant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What SHA algorithm produces a message digest using a 1,024-bit block size?

A

SHA-512

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What SHA uses a truncated version of the SHA-512 hash that drop 128 bits to produce a message digest using a 1,024-bit block size?

A

SHA-384

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What SHA produces a message digest using a 512-bit block size?

A

SHA-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What SHA uses a truncated version of the SHA-256 hash that drops 32 bits to produce a message digest using a 512-bit block size.

A

SHA-224

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is based on the Keccak algorithm, provides the same level of security as SHA-2, but is slower than SHA-2?

A

SHA-3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What message digest algorithm is vulnerable to collisions, preventing its use for ensuring message integrity?

A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What hashing algorithm is an alternative to the SHA-2 family that is used in applications such as Bitcoin cryptocurrency implementations?

A

RIPEMD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the most secure version of RIPEMD today?

A

RIPEMD-160

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What security goals are met with the implementation of a digital signature system?

A

Non-repudiation
Integrity
Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What digital signature algorithm implements a partial digital signature and guarantees the integrity of a message during transmission but doesn’t provide non-repudiation.

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the four rules for public key cryptography and digital signatures?

A

If you want to encrypt a confidential message, use the recipient’s public key

If you want to decrypt a confidential message sent to you, use your private key

If you want to digitally sign a message you are sending to someone else, use your private key

If you want to verify the signature on a message sent by someone else, use the sender’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can be combined with MD5, SHA-2, SHA-3 and is more efficient than the digital signature standard.

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What cryptographic algorithm relies on a shared secret key and does not provide any non-repudiation?

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What provides communicating parties the assurance that the people they are communicating with truly are who they claim to be.

A

Digital Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What international standard governs the information contained within digital certificates?

A

X.509

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What describes the use of a series of intermediate CAs?

A

Certificate Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of certificate where the CA simply verifies that the certificate subject has control of the domain name?

A

Domain Validation Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What type of certificate provides a higher level of assurance, and the CA verifies that the certificate owner is a legitimate business?

A

Extended Validation Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the requirements that must be performed before communicating with someone who provided you their digital certificate.

A

Verify the digital signature of the CA is authentic
You trust the CA
The certificate is not listed on a CRL or OCSP
The certificate contains the data you are trusting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What method instructs browsers to attach a certificate to a subject for an extended period of time?

A

Certificate Pinning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What document states the practices a CA employs when issuing or managing certificates?
CPS
26
What are three techniques someone can use to verify the authenticity of certificates and identify revoked certificates?
CRL OCSP CS
27
What are maintained by various CAs and contain the serial numbers of certificates that have been issued by a CA and that have been revoked.
CRL
28
What certificate technique has a disadvantage where certificates must be downloaded and cross-referenced periodically, introducing a period of latency.
CRL
29
What certificate protocol eliminates the latency when using a CRL by providing a means for real-time certificate verification?
OCSP
30
What is an extension to OCSP that relieves some of the burden placed on CAs by the original protocol?
Certificate Stapling
31
What describes the process where the web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server and then staples it to the user's digital certificate?
Certificate Stapling
32
What is the most common binary format for digital certificate files?
DER
33
What are the extensions for DER certificates?
.DER .CRT .CER
34
What format is an ASCII text version of the DER format?
PEM Privacy Enhanced Mail
35
What are the extensions for PEM certificates?
.PEM .CRT
36
What certificate file format is commonly used by Windows systems?
PFX
37
What are the extensions for PFX certificates?
.PFX .P12
38
What windows certificate file is stored in ASCII text format?
P7B
39
What web application encryption framework method is used to create secure communications channels that remain open for an entire web session?
TLS
40
What encryption technique protects entire communications circuits by creating a secure tunnel between two points using either hardware or software.
Link Encryption
41
What are the two main components that IPsec uses for security?
AH ESP
42
What provides assurances of message integrity, non-repudiation, and authentication?
AH
43
What provides confidentiality and integrity of packet contents ?
ESP
44
What IPsec security mechanisms prevents replay attacks?
AH ESP
45
What are the two modes of IPsec?
Transport Tunnel
46
What IPsec mode is designed for end-to-end encryption, encrypts only the packet payload and is for peer-to-peer communication?
Transport Mode
47
What IPsec mode encrypts the entire packet including the header and is designed for link encryption ?
Tunnel Mode
48
What represents the communication session and records any configuration and status information about the connection ?
SA
49
What is required for pairs of users or gateways to establish IPsec links?
SA
50
What can create a data store that nobody can tamper with or destroy ?
Blockchain
51
What type of encryption technology allows you to perform calculations on data without affecting the actual data ?
Homomorphic Encryption
52
What are the different cryptographic attacks ?
Analytic Implementation Statistical Brute-Force Fault Injection Side-Channel Timing
53
What is an algebraic manipulation that attempts to reduce the complexity of an algorithm?
Analytic Attack
54
What cryptographic attack focuses on exploiting the software coding flaws and errors but also the methodology used to program the system ?
Implementation Attack
55
What cryptographic attack exploits weaknesses in a crypto-system such as floating point errors and the inability to produce truly random numbers.
Statistical Attack
56
What attack uses massive amounts of processing power to methodically guess the key used to secure cryptographic communications.
Brute-Force Attack
57
What attack attempts to use factors such as high or low temperatures to cause a malfunction in a device ?
Fault Injection Attack
58
What attack monitors system activity and retrieve information that is actively being encrypted.
Side-Channel Attack
59
What attack is where the attacker measures precisely how long cryptographic operations take to complete and gains info about the process.
Timing Attack
60
What attack is where the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing.
Chosen Plaintext
61
What attack is where the attacker has the ability to decrypt chosen portions of the cipher text message.
Chosen Ciphertext
62
What attack seeks to substitute in a digitally signed communication a different message that produces the same message digest.
Birthday Attack
63
What attack is used against cryptographic algorithms that don’t incorporate temporal protections ?
Replay Attacks