Chapter 9: Cryptography and Symmetric Key Algorithms

Question 1

What are the goals of cryptography?

Answer 1

Confidentiality, integrity, authentication, and nonrepudiation.

Question 2

What is the purpose of confidentiality?

Answer 2

It insures that data remains private while at rest or in transit.

Question 3

What is the purpose of integrity?

Answer 3

It ensures that data is not altered without authorization.

Question 4

What is the purpose of authentication?

Answer 4

It verifies that the claimed identity of system users is accurate.

Question 5

What is the purpose of nonrepudiation?

Answer 5

It provides assurance t the recipient that a message was actually originated by the sender and not by someone masquerading as them.

Question 6

What is “key space”?

Answer 6

The range of values that are valid as a key for a specific algorithm.

Question 7

What is the Kerchoff Principle?

Answer 7

The principle that a cryptographic system should be secure even if everything is known about the system except the key.

Question 8

What is a private key cryptosystem?

Answer 8

One in which all participants use a shared secret key.

Question 9

What is a public key cryptosystem?

Answer 9

Each participant has their own pair of keys.

Question 10

What is a cryptovariable?

Answer 10

Another name for a key.

Question 11

What is cryptography?

Answer 11

The art and practice of implementing secret codes and cyphers.

Question 12

What does FIPS 140-2 define?

Answer 12

Hardware and software requirements for cryptographic modules that the government uses.

Question 13

What defines hardware and software requirements for cryptographic modules for government use?

Answer 13

FIPS 140-2

Question 14

What is boolean mathematics?

Answer 14

The definition of rules for bits and bytes that form the nervous system of a computer. AND, OR, NOT, XOR, etc.

Question 15

What is a one way function?

Answer 15

A mathematical operation that easily produces output values for each possible combination of inputs, but makes it impossible to retrieve the input values.

Question 16

What kind of function are all public key cryptosystems based on?

Answer 16

A one way function.

Question 17

What is a nonce?

Answer 17

A random number that acts as a placeholder in mathematical functions. A “number used once”.

Question 18

What is a zero-knowledge proof?

Answer 18

A proof that shows that a party has a particular piece of information without revealing that piece of information.

Question 19

What is split knowledge?

Answer 19

Separation of duties over two or more persons, such as giving n parts of a key to n people and requiring a certain number of them to work together to access an object.

Question 20

What is a work function or work factor?

Answer 20

A measure of the effort or time required to circumvent a cryptographic system. It should be greater than the value of the asset to be effective.

Question 21

What is a code?

Answer 21

A cryptographic system of symbols that represents words or phrases. Not usually intended to provide confidentiality. Example: the 10-system used by law enforcement.

Question 22

What is a cipher?

Answer 22

Always intended to hide the meaning of a message. Generally alter or rearrange the bits of a message.

Question 23

What is a transposition cipher?

Answer 23

An encryption algorithm that rearranges the leters of a plaintext message.

Question 24

What is a substitution cipher?

Answer 24

An encryption algorithm that replaces each character of the plaintext with a different character.

Question 25

What is a one-time pad?

Answer 25

A substitution cipher that uses a different substitution alphabet for each letter of the message.

Question 26

What are the requirements for a one time pad?

Answer 26

It must be randomly generated
It must be physically protected against disclosure.
It must be used only once.
The key must be at least as long as the message.

Question 27

What is a running key cipher?

Answer 27

An encryption key is chosen from something like a book beginning at a certain place in the text.

Question 28

What is a block cipher?

Answer 28

A cipher that operates on a message in chunks, applying the algorithm to the entire chunk at once.

Question 29

What is a stream cipher?

Answer 29

A cipher that operates on one character or bit of a message at a time.

Question 30

Describe confusion and diffusion in cryptographic terms

Answer 30

Confusion occurs when the relationship betwen the plaintext and the key is so complicated that the attacker can’t merely continue altering the plaintext and analyzing the resulting ciphertext to determine the key.

Diffusion occurs when a change in the plain text results in multiple changes spread throughout the ciphertext.

Question 31

How do modern cryptosystems work?

Answer 31

they use computationally complex algorithms and long cryptanalytic keys.

Question 32

How should you select key length?

Answer 32

With consideration to the procesing power available to your adversaries now and in the future. If you want something to stay secret for 20 years, it has to be proof against the computing power that could be brought to bear agsint it over the next 20 years.

Question 33

What is a symmetric key algorithm?

Answer 33

One that relies on a shared secret encryption key that all members of the communication must have.

Question 34

What are the weaknesses of symmetric key algorithms?

Answer 34

Key distribution
No nonrepudiation
It’s not scalable unless each pair of users has their own shared key (and that’s ugly)
Keys have to be regenerated if any member of the group leaves

Question 35

What is an asymmetric key algorithm?

Answer 35

AKA public key. Everyone has a public key, which can be publicly known, and a private key.

Question 36

What are the strengths of asymmetric key algorithms?

Answer 36

Adding a user requires only generating one new public/private pair
It’s easy to remove a user (key revocation)
Key regeneration is only required if someone’s private key is compromised
Provides for integrity, authentication, and non-repudiation
Key distribution is easy
No need for preexisting communcation links.

Question 37

What is the major weakness of public key crypto?

Answer 37

It’s slow.

Question 38

How do you overcome the major weakness of public key crypto?

Answer 38

Use public key crypto to set up symmetric crypto, then do the heavy lifting with that.

Question 39

What is a hashing algorithm?

Answer 39

A one way function that provides a difficult to forge signature

Question 40

What are common hashing algorithms?

Answer 40

MD2, MD5, SHA-0, SHA-1, SHA-2, HMAC

Question 41

What is the block size of DES?

Answer 41

64 bits

Question 42

What is the key size of DES?

Answer 42

56 bits

Question 43

What are the five modes of operation of DES?

Answer 43

Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Cipher Feedback (CFB)
Output Feedback (OFB)
Counter (CTR)

Question 44

What is Electronic Code Book

Answer 44

Each block is simply encrypted with the key.

Question 45

What is Cipher Block Chaining?

Answer 45

Each block of unencrypted text is XORed with the block of ciphertext preceding it before encryption. This mode propagates errors.

Question 46

What is Cipher Feedback mode?

Answer 46

The streaming version of Cipher Block Chaining.

Question 47

What is Output Feedback mode?

Answer 47

Instead of XORing with the prior encrypted text, we XOR with a seed value. Each subsequent block is XORed with the encrypted value of the prior seed. As a result, errors do not propagate.

Question 48

What is Counter mode?

Answer 48

The seed value simply increments. Errors do not propagate.

Question 49

What is Triple-DES?

Answer 49

An adapted version of DES that uses the same algorithm to produce a more secure encryption.

Question 50

What is blowfish?

Answer 50

Developed by Bruce Schneier. 64-bit block cipher. Keys 32-448 bits. Faster than IDEA and DES. Free for public use.

Question 51

What is Skipjack?

Answer 51

Approved for US government use by FPS 185. 64-bit block cipher. 80-bit key. Supports key escrow. Used in the Clipper and Capstone chips.

Question 52

What is AES?

Answer 52

Advanced Encryption Standard. Rijndael. Key: 128, 192, or 256 bits. 128-bit key requires 10 rounds, 192-bit key requires 12, 256-bit requires 14.

Question 53

What is the block size for AES?

Answer 53

128.

Question 54

What are the four versions of 3DES?

Answer 54

DES-EEE3: simply encrypt the plaintext 3 times using three different keys
DES-EDE3: also uses three keys, but the second operation is a decrypt instead of encrypt
DES-EEE2: 3 encryption steps using 2 keys. The second and first encryption steps use the same key.
DES-EDE2: encrypt using K1, decrypt using K2, encrypt using K1.

Question 55

What is IDEA?

Answer 55

International Data Encryption Algorithm.

64-bit block cipher
128-bit key, which is broken up into 52 16-bit keys

Question 56

What is the key size for AES?

Answer 56

128, 192, or 256.

Question 57

What is the block size for Rijndael?

Answer 57

Variable

Question 58

What is the key size for Rijndael?

Answer 58

128, 192, or 256 (same as AES)

Question 59

What is the block size for blowfish?

Answer 59

Variable.

Question 60

What is the key size for blowfish?

Answer 60

1-448

Question 61

What is the block size for DES?

Answer 61

64

Question 62

What is the key size for DES?

Answer 62

56

Question 63

What is the block size for IDEA?

Answer 63

64

Question 64

What is the key size for IDEA?

Answer 64

128

Question 65

What is IDEA used in?

Answer 65

PGP

Question 66

What cipher is known for being used in PGP?

Answer 66

IDEA

Question 67

What is the block size of RC2?

Answer 67

64

Question 68

What is the key size for RC2?

Answer 68

128

Question 69

What is the block size for RC4?

Answer 69

None, it’s a stream cipher.

Question 70

What is the key size for RC4?

Answer 70

128

Question 71

What is the block size for RC5?

Answer 71

32, 64, 128

Question 72

What is the key size for RC5?

Answer 72

0-2,048

Question 73

What is the block size for Skipjack?

Answer 73

64

Question 74

What is the key size for Skipjack?

Answer 74

80

Question 75

What is the block size for Triple DES (3DES)?

Answer 75

64

Question 76

What is the key size for Triple DES (3DES)?

Answer 76

112 or 168

Question 77

What is the block size for Twofish?

Answer 77

128

Question 78

What is the key size for Twofish?

Answer 78

1-256

Question 79

Describe offline key distribution.

Answer 79

Most technically simple mechanisms. Risks: mail can be intercepted, phone calls can be tapped, papers containing keys can be thrown away or lost.

Question 80

Descfibe public key encryption key management

Answer 80

Use public key exchange to set up an encrypted session, than share a symmetric encryption key over that protected, but slower, link.

Question 81

What are the recommendations for storage and destruction of symmetric keys?

Answer 81

Never store a key on the same system where encrypted data resides
For sensitive keys, consider giving half the key to different individuals. (aka split knowledge)

Question 82

What are the major approaches to key escrow?

Answer 82

Fair cryptosystem: Secret keys are broken into n pieces and given to n independent third parties who provide the pieces when court-ordered to do so.

Escrowed encryption standard: Provides the government with a technical means to decrypt ciphertext.

Question 83

Describe the cryptographic life cycle.

Answer 83

1) Specify cryptographic algorithms acceptible for use in the oganization
2) Identify acceptable key lengths based on the sensitivity of the information
3) Enumerate secure transaction protocols that may be used