Chapter 7– PKI and Cryptographic Applications Flashcards
- In the RSA public key cryptosystem, which one of the following numbers will always be largest?
n
n
The number n is generated as the product of the two large prime numbers, p and q. Therefore, n must always be greater than both p and q. Furthermore, it is an algorithm constraint that e must be chosen such that e is smaller than n. Therefore, in RSA cryptography, n is always the largest of the four variables shown in the options to this question.
- Which cryptographic algorithm forms the basis of the El Gamal cryptosystem?
Diffie-Hellman
Diffie-Hellman
The El Gamal cryptosystem extends the functionality of the Diffie-Hellman key exchange protocol to support the encryption and decryption of messages.
- If Richard wants to send an encrypted message to Sue using a public key cryptosystem, which key does he use to encrypt the message?
Sue’s public key
Sue’s public key
Richard must encrypt the message using Sue’s public key so that Sue can decrypt it using her private key. If he encrypted the message with his own public key, the recipient would need to know Richard’s private key to decrypt the message. If he encrypted it with his own private key, any user could decrypt the message using Richard’s freely available public key. Richard could not encrypt the message using Sue’s private key because he does not have access to it. If he did, any user could decrypt it using Sue’s freely available public key.
- If a 2,048-bit plaintext message were encrypted with the EL Gamal public key cryptosystem, how long would the resulting ciphertext message be?
4,096 bits
4,096 bits
The major disadvantage of the El Gamal cryptosystem is that it doubles the length of any message it encrypts. Therefore, a 2,048-bit plain-text message would yield a 4,096-bit ciphertext message when El Gamal is used for the encryption process.
- Acme Widgets currently uses a 1,024-bit RSA encryption standard companywide. The company plans to convert from RSA to an elliptic curve cryptosystem. If it wants to maintain the same cryptographic strength, what ECC key length should it use?
160 bits
160 bits
The elliptic curve cryptosystem requires significantly shorter keys to achieve encryption that would be the same strength as encryption achieved with the RSA encryption algorithm. A 1,024-bit RSA key is cryptographically equivalent to a 160-bit elliptic curve cryptosystem key.
- John wants to produce a message digest of a 2,048-byte message he plans to send to Mary. If he uses the SHA-1 hashing algorithm, what size will the message digest for this particular message be?
160 bits
160 bits
The SHA-1 hashing algorithm always produces a 160-bit message digest, regardless of the size of the input message. In fact, this fixed-length output is a requirement of any secure hashing algorithm.
- Which one of the following technologies is considered flawed and should no longer be used?
WEP
WEP
The WEP algorithm has documented flaws that make it trivial to break. It should never be used to protect wireless networks.
- What encryption technique does WPA use to protect wireless communications?
TKIP
TKIP
WiFi Protected Access (WPA) uses the Temporal Key Integrity Protocol (TKIP) to protect wireless communications. WPA2 uses AES encryption.
- Richard received an encrypted message sent to him from Sue. Which key should he use to decrypt the message?
Richard’s private key
Richard’s private key
Sue would have encrypted the message using Richard’s public key. Therefore, Richard needs to use the complementary key in the key pair, his private key, to decrypt the message.
- Richard wants to digitally sign a message he’s sending to Sue so that Sue can be sure the message came from him without modification while in transit. Which key should he use to encrypt the message digest?
Richard’s private key
Richard’s private key
Richard should encrypt the message digest with his own private key. When Sue receives the message, she will decrypt the digest with Richard’s public key and then compute the digest herself. If the two digests match, she can be assured that the message truly originated from Richard.
- Which one of the following algorithms is not supported by the Digital Signature Standard?
El Gamal DSA
El Gamal DSA
The Digital Signature Standard allows federal government use of the Digital Signature Algorithm, RSA, or the Elliptic Curve DSA in conjunction with the SHA-1 hashing function to produce secure digital signatures.
- Which International Telecommunications Union (ITU) standard governs the creation and endorsement of digital certificates for secure electronic communication?
X.509
X.509
X.509 governs digital certificates and the public key infrastructure (PKI). It defines the appropriate content for a digital certificate and the processes used by certificate authorities to generate and revoke certificates.
- What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?
IDEA
IDEA
Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.
- What TCP/IP communications port is used by Transport Layer Security traffic?
443
443
Transport Layer Security uses TCP port 443 for encrypted client-server communications.
- What type of cryptographic attack rendered Double DES (2DES) no more effective than standard DES encryption?
Meet-in-the-middle attack
Meet-in-the-middle attack
The meet-in-the-middle attack demonstrated that it took relatively the same amount of computation power to defeat 2DES as it does to defeat standard DES. This led to the adoption of Triple DES (3DES) as a standard for government communication.
