Chapter 7 Flashcards

1
Q

What is the most popular and widely used public key cryptosystem?

A

RSA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure communications channels.

A

Diffie-Hellman

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What cryptographic algorithm doubles the size of any message that it encrypts?

A

ElGamal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the five requirements for a cryptographic hash function?

A

The input can be of any length
The output has a fixed length
The hash function is east to compute for any input
Has one-way functionality
Collision resistant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What SHA algorithm produces a message digest using a 1,024-bit block size?

A

SHA-512

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What SHA uses a truncated version of the SHA-512 hash that drop 128 bits to produce a message digest using a 1,024-bit block size?

A

SHA-384

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What SHA produces a message digest using a 512-bit block size?

A

SHA-256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What SHA uses a truncated version of the SHA-256 hash that drops 32 bits to produce a message digest using a 512-bit block size.

A

SHA-224

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is based on the Keccak algorithm, provides the same level of security as SHA-2, but is slower than SHA-2?

A

SHA-3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What message digest algorithm is vulnerable to collisions, preventing its use for ensuring message integrity?

A

MD5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What hashing algorithm is an alternative to the SHA-2 family that is used in applications such as Bitcoin cryptocurrency implementations?

A

RIPEMD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the most secure version of RIPEMD today?

A

RIPEMD-160

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What security goals are met with the implementation of a digital signature system?

A

Non-repudiation
Integrity
Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What digital signature algorithm implements a partial digital signature and guarantees the integrity of a message during transmission but doesn’t provide non-repudiation.

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the four rules for public key cryptography and digital signatures?

A

If you want to encrypt a confidential message, use the recipient’s public key

If you want to decrypt a confidential message sent to you, use your private key

If you want to digitally sign a message you are sending to someone else, use your private key

If you want to verify the signature on a message sent by someone else, use the sender’s public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What can be combined with MD5, SHA-2, SHA-3 and is more efficient than the digital signature standard.

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What cryptographic algorithm relies on a shared secret key and does not provide any non-repudiation?

A

HMAC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What provides communicating parties the assurance that the people they are communicating with truly are who they claim to be.

A

Digital Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What international standard governs the information contained within digital certificates?

A

X.509

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What describes the use of a series of intermediate CAs?

A

Certificate Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What type of certificate where the CA simply verifies that the certificate subject has control of the domain name?

A

Domain Validation Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What type of certificate provides a higher level of assurance, and the CA verifies that the certificate owner is a legitimate business?

A

Extended Validation Certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What are the requirements that must be performed before communicating with someone who provided you their digital certificate.

A

Verify the digital signature of the CA is authentic
You trust the CA
The certificate is not listed on a CRL or OCSP
The certificate contains the data you are trusting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What method instructs browsers to attach a certificate to a subject for an extended period of time?

A

Certificate Pinning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What document states the practices a CA employs when issuing or managing certificates?

A

CPS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are three techniques someone can use to verify the authenticity of certificates and identify revoked certificates?

A

CRL
OCSP
CS

27
Q

What are maintained by various CAs and contain the serial numbers of certificates that have been issued by a CA and that have been revoked.

A

CRL

28
Q

What certificate technique has a disadvantage where certificates must be downloaded and cross-referenced periodically, introducing a period of latency.

A

CRL

29
Q

What certificate protocol eliminates the latency when using a CRL by providing a means for real-time certificate verification?

A

OCSP

30
Q

What is an extension to OCSP that relieves some of the burden placed on CAs by the original protocol?

A

Certificate Stapling

31
Q

What describes the process where the web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server and then staples it to the user’s digital certificate?

A

Certificate Stapling

32
Q

What is the most common binary format for digital certificate files?

A

DER

33
Q

What are the extensions for DER certificates?

A

.DER
.CRT
.CER

34
Q

What format is an ASCII text version of the DER format?

A

PEM
Privacy Enhanced Mail

35
Q

What are the extensions for PEM certificates?

A

.PEM
.CRT

36
Q

What certificate file format is commonly used by Windows systems?

A

PFX

37
Q

What are the extensions for PFX certificates?

A

.PFX
.P12

38
Q

What windows certificate file is stored in ASCII text format?

A

P7B

39
Q

What web application encryption framework method is used to create secure communications channels that remain open for an entire web session?

A

TLS

40
Q

What encryption technique protects entire communications circuits by creating a secure tunnel between two points using either hardware or software.

A

Link Encryption

41
Q

What are the two main components that IPsec uses for security?

A

AH
ESP

42
Q

What provides assurances of message integrity, non-repudiation, and authentication?

A

AH

43
Q

What provides confidentiality and integrity of packet contents ?

A

ESP

44
Q

What IPsec security mechanisms prevents replay attacks?

A

AH
ESP

45
Q

What are the two modes of IPsec?

A

Transport
Tunnel

46
Q

What IPsec mode is designed for end-to-end encryption, encrypts only the packet payload and is for peer-to-peer communication?

A

Transport Mode

47
Q

What IPsec mode encrypts the entire packet including the header and is designed for link encryption ?

A

Tunnel Mode

48
Q

What represents the communication session and records any configuration and status information about the connection ?

A

SA

49
Q

What is required for pairs of users or gateways to establish IPsec links?

A

SA

50
Q

What can create a data store that nobody can tamper with or destroy ?

A

Blockchain

51
Q

What type of encryption technology allows you to perform calculations on data without affecting the actual data ?

A

Homomorphic Encryption

52
Q

What are the different cryptographic attacks ?

A

Analytic
Implementation
Statistical
Brute-Force
Fault Injection
Side-Channel
Timing

53
Q

What is an algebraic manipulation that attempts to reduce the complexity of an algorithm?

A

Analytic Attack

54
Q

What cryptographic attack focuses on exploiting the software coding flaws and errors but also the methodology used to program the system ?

A

Implementation Attack

55
Q

What cryptographic attack exploits weaknesses in a crypto-system such as floating point errors and the inability to produce truly random numbers.

A

Statistical Attack

56
Q

What attack uses massive amounts of processing power to methodically guess the key used to secure cryptographic communications.

A

Brute-Force Attack

57
Q

What attack attempts to use factors such as high or low temperatures to cause a malfunction in a device ?

A

Fault Injection Attack

58
Q

What attack monitors system activity and retrieve information that is actively being encrypted.

A

Side-Channel Attack

59
Q

What attack is where the attacker measures precisely how long cryptographic operations take to complete and gains info about the process.

A

Timing Attack

60
Q

What attack is where the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing.

A

Chosen Plaintext

61
Q

What attack is where the attacker has the ability to decrypt chosen portions of the cipher text message.

A

Chosen Ciphertext

62
Q

What attack seeks to substitute in a digitally signed communication a different message that produces the same message digest.

A

Birthday Attack

63
Q

What attack is used against cryptographic algorithms that don’t incorporate temporal protections ?

A

Replay Attacks