Chapter 7 Flashcards
What is the most popular and widely used public key cryptosystem?
RSA
What uses large integers and modular arithmetic to facilitate the secure exchange of secret keys over insecure communications channels.
Diffie-Hellman
What cryptographic algorithm doubles the size of any message that it encrypts?
ElGamal
What are the five requirements for a cryptographic hash function?
The input can be of any length
The output has a fixed length
The hash function is east to compute for any input
Has one-way functionality
Collision resistant
What SHA algorithm produces a message digest using a 1,024-bit block size?
SHA-512
What SHA uses a truncated version of the SHA-512 hash that drop 128 bits to produce a message digest using a 1,024-bit block size?
SHA-384
What SHA produces a message digest using a 512-bit block size?
SHA-256
What SHA uses a truncated version of the SHA-256 hash that drops 32 bits to produce a message digest using a 512-bit block size.
SHA-224
What is based on the Keccak algorithm, provides the same level of security as SHA-2, but is slower than SHA-2?
SHA-3
What message digest algorithm is vulnerable to collisions, preventing its use for ensuring message integrity?
MD5
What hashing algorithm is an alternative to the SHA-2 family that is used in applications such as Bitcoin cryptocurrency implementations?
RIPEMD
What is the most secure version of RIPEMD today?
RIPEMD-160
What security goals are met with the implementation of a digital signature system?
Non-repudiation
Integrity
Authentication
What digital signature algorithm implements a partial digital signature and guarantees the integrity of a message during transmission but doesn’t provide non-repudiation.
HMAC
What are the four rules for public key cryptography and digital signatures?
If you want to encrypt a confidential message, use the recipient’s public key
If you want to decrypt a confidential message sent to you, use your private key
If you want to digitally sign a message you are sending to someone else, use your private key
If you want to verify the signature on a message sent by someone else, use the sender’s public key
What can be combined with MD5, SHA-2, SHA-3 and is more efficient than the digital signature standard.
HMAC
What cryptographic algorithm relies on a shared secret key and does not provide any non-repudiation?
HMAC
What provides communicating parties the assurance that the people they are communicating with truly are who they claim to be.
Digital Certificates
What international standard governs the information contained within digital certificates?
X.509
What describes the use of a series of intermediate CAs?
Certificate Chaining
What type of certificate where the CA simply verifies that the certificate subject has control of the domain name?
Domain Validation Certificates
What type of certificate provides a higher level of assurance, and the CA verifies that the certificate owner is a legitimate business?
Extended Validation Certificates
What are the requirements that must be performed before communicating with someone who provided you their digital certificate.
Verify the digital signature of the CA is authentic
You trust the CA
The certificate is not listed on a CRL or OCSP
The certificate contains the data you are trusting
What method instructs browsers to attach a certificate to a subject for an extended period of time?
Certificate Pinning
What document states the practices a CA employs when issuing or managing certificates?
CPS
What are three techniques someone can use to verify the authenticity of certificates and identify revoked certificates?
CRL
OCSP
CS
What are maintained by various CAs and contain the serial numbers of certificates that have been issued by a CA and that have been revoked.
CRL
What certificate technique has a disadvantage where certificates must be downloaded and cross-referenced periodically, introducing a period of latency.
CRL
What certificate protocol eliminates the latency when using a CRL by providing a means for real-time certificate verification?
OCSP
What is an extension to OCSP that relieves some of the burden placed on CAs by the original protocol?
Certificate Stapling
What describes the process where the web server contacts the OCSP server itself and receives a signed and timestamped response from the OCSP server and then staples it to the user’s digital certificate?
Certificate Stapling
What is the most common binary format for digital certificate files?
DER
What are the extensions for DER certificates?
.DER
.CRT
.CER
What format is an ASCII text version of the DER format?
PEM
Privacy Enhanced Mail
What are the extensions for PEM certificates?
.PEM
.CRT
What certificate file format is commonly used by Windows systems?
PFX
What are the extensions for PFX certificates?
.PFX
.P12
What windows certificate file is stored in ASCII text format?
P7B
What web application encryption framework method is used to create secure communications channels that remain open for an entire web session?
TLS
What encryption technique protects entire communications circuits by creating a secure tunnel between two points using either hardware or software.
Link Encryption
What are the two main components that IPsec uses for security?
AH
ESP
What provides assurances of message integrity, non-repudiation, and authentication?
AH
What provides confidentiality and integrity of packet contents ?
ESP
What IPsec security mechanisms prevents replay attacks?
AH
ESP
What are the two modes of IPsec?
Transport
Tunnel
What IPsec mode is designed for end-to-end encryption, encrypts only the packet payload and is for peer-to-peer communication?
Transport Mode
What IPsec mode encrypts the entire packet including the header and is designed for link encryption ?
Tunnel Mode
What represents the communication session and records any configuration and status information about the connection ?
SA
What is required for pairs of users or gateways to establish IPsec links?
SA
What can create a data store that nobody can tamper with or destroy ?
Blockchain
What type of encryption technology allows you to perform calculations on data without affecting the actual data ?
Homomorphic Encryption
What are the different cryptographic attacks ?
Analytic
Implementation
Statistical
Brute-Force
Fault Injection
Side-Channel
Timing
What is an algebraic manipulation that attempts to reduce the complexity of an algorithm?
Analytic Attack
What cryptographic attack focuses on exploiting the software coding flaws and errors but also the methodology used to program the system ?
Implementation Attack
What cryptographic attack exploits weaknesses in a crypto-system such as floating point errors and the inability to produce truly random numbers.
Statistical Attack
What attack uses massive amounts of processing power to methodically guess the key used to secure cryptographic communications.
Brute-Force Attack
What attack attempts to use factors such as high or low temperatures to cause a malfunction in a device ?
Fault Injection Attack
What attack monitors system activity and retrieve information that is actively being encrypted.
Side-Channel Attack
What attack is where the attacker measures precisely how long cryptographic operations take to complete and gains info about the process.
Timing Attack
What attack is where the attacker obtains the ciphertexts corresponding to a set of plaintexts of their own choosing.
Chosen Plaintext
What attack is where the attacker has the ability to decrypt chosen portions of the cipher text message.
Chosen Ciphertext
What attack seeks to substitute in a digitally signed communication a different message that produces the same message digest.
Birthday Attack
What attack is used against cryptographic algorithms that don’t incorporate temporal protections ?
Replay Attacks
