Chapter 8 - Cryptography

Question 1

what is cryptography?

8 - 245

Answer 1

the study of cryptographic algorithms

Question 2

what is a cipher?

8 - 245

Answer 2

a method used to encode characters to hide their value

Question 3

2 methods of ciphering (nonmathematical)

8 - 246

Answer 3

substitution (shift the letters over) and

transposition (break the letters into separate blocks and then scramble the blocks)

Question 4

how do you do ROT13?

8 - 247

Answer 4

shift the letter by 13. works backwards and forwards.

Question 5

what was the enigma typewriter?

8 - 248

Answer 5

typewriter that implemented a multi-alphabet substitution cipher

Question 6

what is steganography?

8 - 248

Answer 6

process of hiding a message in a medium like a digital image, audio file, or other file

Question 7

what is the most common method of steganography?

8 - 248

Answer 7

least significant bit method

Question 8

3 major areas of modern cryptography

8 - 249

Answer 8

symmetric - same key at each end, which will be a secret (private) key
asymmetric
hashing algorithms

Question 9

what are the two kinds of ciphers that symmetric methods use?

8 - 250

Answer 9

block cipher

steam cipher

Question 10

9 examples that use symmetric algorithms

8 - 250

Answer 10

Data Encryption Standard - replaced by AES, uses 56 bit key
Triple-DES - more secure than DES, uses 3 56 bit keys
Advanced Encryption Standard - uses the Rijndael algorithm, key sizes are 128, 192, 256
AES256 - US Govt Top Secret, 256 bit
CAST - Carlisle Adams and Stafford Tavares
Ron’s Cipher - RC4, RC5, and RC6. max key size 2048.
Blowfish and Twofish - symmetric block cipher, variable length keys, 64 bit block cipher
International Data Encryption Algorithm - Swiss developed, 128 bit
One-Time Pads - the only truly secure cryptographic implementations, uses a key that is as long as a plaintext message

Question 11

two kinds of key exchange

8 - 251

Answer 11

in-band
and
out-band

Question 12

what is a common approach to achieving forward secrecy

8 - 251

Answer 12

use ephemeral keys

Question 13

you are exchanging keys over an insecure medium and IPSec is not part of the scenario. what algorithm will you be using?

8 - 253

Answer 13

Diffie-Hellman

Question 14

this cryptography is similar to RSA but uses smaller key and is based on the idea of using points on a curve

8 - 253

Answer 14

Elliptic Curve Cryptography

Question 15

a hashing algorithm is different from cryptography because it has these 3 characteristics

8 - 255

Answer 15

it must be one-way
variable length input produces fixed length output
the algorithm must have few or no collisions

Question 16

when you are key stretching, how do you usually make it stronger?

tell me 2 types of key stretching

8 - 256

Answer 16

make it longer

Password-Based Key Derivation Function 2 - applies a hash or HMAC to the password/passphrase along with salt to produce a derived key

Bcrypt - used with passwords, essentially uses a derivation of the Blowfish algorithm, converted to a hashing algorithm, to hash a password and add Salt to it

Question 17

common code breaking techniques. tell me 5

8 - 257

Answer 17

frequency analysis - looking at blocks to determine patterns
chosen plaintext - obtain the ciphertexts corresponding to a set of plaintexts of their own choosing
related key attack - like a chosen plaintext attack, except the attacker can obtain ciphertexts encrypted under two different keys
brute force attacks - apply every possible combination of characters
exploiting human error - not encrypting when you should

Question 18

what does WPA use? what does WPA2 use?

8 - 258

Answer 18

TKIP

CCMP

Question 19

the three most important concepts in security

8 - 259

Answer 19

confidentiality
integrity
availability

Question 20

what are the two things that HMAC uses?

8 - 260

Answer 20

hashing algorithm and a symmetric key

Question 21

what’s a digital signature?

8 - 261

Answer 21

validates the integrity of the message and the sender

Question 22

what is nonrepudiation responsible for?

8 - 262

Answer 22

prevents one party from denying actions they carried out

Question 23

tell me the 4 main trust models of PKI

8 - 262

Answer 23

bridge - peer to peer relationship between the root CAs
hierarchal - root CA at top provides all the info
hybrid - two root CAs, but the peer to peer occurs between the intermediate CAs
mesh - expands the bridge, more than 2

Question 24

what does X.509 define?

8 - 267

Answer 24

defines the certificate formats and fields for public keys

Question 25

who developed Secure Electronic Transaction?

8 - 270

Answer 25

visa and mastercard

Question 26

tell me what Kerckhoff’s principle is.

8 - 254

Answer 26

states that the security of an algorithm should depend only on the secrecy of the key and not on the secrecy of the algorithm itself

Question 27

this is the most widely used and recommended hashing algorithm

8 - 255

Answer 27

SHA2

Question 28

the strength of a cryptographic system is determined by what?

what is strength also known as?

8 - 257

Answer 28

how difficult it is to crack

work factor

Question 29

in terms of THIS chapter, what does MAC stand for and what is it derived from?

8 - 260

Answer 29

message authentication code

the message and the shared key

Question 30

what is the mechanism used to propose a standard?

8 - 264

Answer 30

the Request for Comments, the RFC

Question 31

Pretty Good Privacy uses symmetrical and asymmetrical systems. During the encryption process, the public key uses another kind of key to create the ciphertext. What is that other type of key called and what does it use?

8 - 272

Answer 31

session key

uses a one-use random number

Question 32

how does the Caesar cipher work?

8 - 246

Answer 32

shift each letter to the right by 3

Question 33

Vigenere cipher

8 - 246

Answer 33

most famous example of a multi-alphabet substitution. each letter in the keyword generated a different substitution alphabet

Question 34

Two-key systems are referred to as what?

8 - 252

Answer 34

public-key cryptography

Question 35

tell me 4 asymmetric algorithms

8 - 254

Answer 35

diffie-hellman - key agreement
ElGamal - tranmit digital signatures and key exchanges
Elliptic Curve - an option to RSA that uses less computing power than RSA and is popular in smaller devices like smartphones.
RSA - most commonly used public key algorithm, RSA is used for encryption and digital signatures

Question 36

tell me the hashing algorithms

8 - 255, 256

Answer 36

Secure Hash Algorithm - one way hash, 160 bit, SHA2 has the strongest collision resistance
Message Digest Algorithm - newest is MD5, 128 bit
RIPEMD - RACE integrity primitives evaluation message digest - based on MD4
GOST - symmetric cipher, variable length message into a fixed length output of 256 bits
LANMAN - authentication protocol, used LM Hash and two DES keys, replaced by NTLM
NTLM - uses MD4/5 hashing algorithms, less preferred than Kerberos

Question 37

tell me about Rainbow Tables and Salt

8 - 256

Answer 37

rainbow table - all of the possible hashes are computed in advance

salt - countermeasure to password cracking tools, the salt is the addition of bits at key locations, either before or after the hash

Question 38

key escrow. what is it?

8 - 262

Answer 38

keys are held in this type of account in case the government needs to get at them

Question 39

certificate revocation list

8 - 262

Answer 39

list a certificates that a specific CA states should no longer be used

Question 40

what is XKMS?

8 - 270

Answer 40

XML Key Management Specification, designed to allow XML based programs access to PKI services

Question 41

what is MIME?

8 - 270

Answer 41

the de facto standard for email messages

Question 42

2 primary protocols used by IPSec

8 - 274

Answer 42

authentication header, protocol 51
encapsulating security paylod, protocol 50
both can operate in either the transport o tunnel mode

Question 43

what is PKI?

8 - 278

Answer 43

Public Key Infrastructure

two key, asymmetric system with 4 main components:
CA, RA, RSA, and digital certificates

Question 44

what is granularity?

8 - 285

Answer 44

the ability to manage individual resources in the CA network