ChatGPT Chapter 2 - Cryptography

Question 1

What is cryptography used for?

Answer 1

Ensures
1. Confidentiality: only authorized people can read information
2. Authentication: Verifies sender’s identity
3. Integrity: Protect data from unauthorized modification
4. Anonymity: Hides user identities during communication

Question 2

What are the two basic operations in cryptography?

Answer 2

1. Encryption: Convert plaintext into ciphertext
2. Decryption: Convert ciphertext back to plaintext

Question 3

What is cipher?

Answer 3

Algorithm used to encrypt and decrypt data.

Question 4

What is a key in cryptography?

Answer 4

A piece of information that works with the cipher to encrypt and decrypt messages

Question 5

What is the Caesar Cipher?

Answer 5

Substitution cipher where each letter is shifted by a fixed number of positions

Ex: A becomes D (shift of 3)

Question 6

How can the Caesar Cipher be attacked?

Answer 6

1. Brute Force: Trying all possible keys
2. Cryptoanalysis: Using letter frequency analysis

Question 7

What is symmetric key encryption?

Answer 7

Encryption where the same key is used for both encrypting and decrypting data

Question 8

What is the key distribution problem?

Answer 8

If both sender and reciever use the same key then how do you share the key without someone intercepting it?

Question 9

What are the requirements for secure symmetric encryption?

Answer 9

1. A strong encryption algorithm
2. Secure key exchange and storage

Question 10

What are common attacks on symmetric encryption?

Answer 10

Brute Force and Cryptoanalysis (exploit algorithm weaknesses)

Question 11

Examples of symmetric encryption algorithms

Answer 11

1. DES: Weak and outdated (56-bit key)
2. 3DES: Encrypt 3 times with DES (stronger but slower)
3. AES: Fast and secure (128, 192 or 256 bit keys)

Question 12

What is the difference between block and stream ciphers?

Answer 12

Block: Encrypt data in fixed-size blocks (AES)
Stream: Encrypt byte by byte, faster and lightweight

Question 13

What is a Message Authentication Code (MAC)?

Answer 13

Short piece of data that verifies the authenticity (who) and integrity (unchanged) of a message

Uses a key and a MAC algorithm

Don’t confuse with MAC address used to locate device on network

Question 14

HMAC

Answer 14

Hash-based Message Authentication Code, verify that a message hasn’t been tampered with, if the hash value of the received message matches the expected value, it is intact

Question 15

Example of MAC use

Answer 15

When you make a payment online, the bank can use HMAC to verify that the payment details weren’t altered during transmission.

Question 16

Why are hash values efficient?

Answer 16

Instead of comparing large amounts of data for verification, systems compare smaller hash values

Question 17

What are the 6 properties of secure hash functions?

Answer 17

1. Any size input
2. Fixed-size output
3. Easy to compute
4. One-way (preimage resistant) Starting with hash, can’t find it’s input
5. Second preimage resistant Starting with known input and hash, can’t find another input with the same hash
6. Collision resistant can’t find two inputs with same hash

second preimage like collision with headstart-at u least know one input

Question 18

What is public-key encryption?

Answer 18

Encryption method using two keys:
1. Public Key: Available to everyone
2. Private Key: Kept secret
Encryption with one key can only be decrypted with the other

Question 19

Why is public-key available to everyone?

Answer 19

So anyone can send an encrypted message for the key owner. (secure communication for parties who have never met)

Let others know how to encrypt a message for YOU specifically… the public key is the customization of an already used algorithm (RSA, ECC)

I understand this, but why is it the KEY that is public and not the algorithm or the cipher? — **Answer: ** The cipher is the algorithm, and the key is the specific variable used to customize it. (Should be random). We can know how a combination lock works, but we will keep the numbers secret. We can understand the concept of shifting letters, but not tell how many to shift by. It allows the public to determine how robust the algorithm is and think hmmm maybe I won’t use this… Also why WINDOWS SUCKS they keep shit private we don’t know if it’s good!!!

Question 20

What are digital signatures used for?

Answer 20

To authenticate the sender and ensure data integrity

Question 21

What is a public-key certificate?

Answer 21

Verifies ownership of public key, issued by a trusted Certificate Authority (CA).

Question 22

What is a digital envelope?

Answer 22

A hybrid method combining symmetric encryption for data and public-key encryption for the symmetric key

Question 23

Why are random numbers important in cryptography?

Answer 23

Used for generating keys, session keys, and preventing replay attacks.

Question 24

Replay Attack

Answer 24

Attacker intercepts a legitimate message and resends it to trick the recipient into believing it’s valid.

Question 25

What is the difference between true random and pseudo-random numbers?

Answer 25

True Random: Generated from unpredictable natural processes
Pseudo-random: Deterministic but passes statistical randomness tests