Chp 3 Cryptographics

Question 1

Algorithm

Answer 1

is the process used to encrypt and decrypt a message.

Question 2

Cryptanalysis

Answer 2

The science, art, and practice of breaking codes and ciphers.

Question 3

AES-256

Answer 3

Advanced Encryption Standard-
AES is a symmetric encryption algorithm, meaning the same key is used for both encryption and decryption.

Question 4

Hashing

Answer 4

Hashing is a process used to transform data into a fixed-size string of characters, which is typically a hash value. It’s widely used in computer science and cryptography for ensuring data integrity.
Example:
Original password: MySecurePassword123

SHA-256 Hashed Password: 6e9c2461176ac19694f59d16e4300fce0d2a39b154e42cbfa9d682b8f3082ef4

Question 5

SHA

Answer 5

Secure Hash Algorithm-
current version is SHA-2. hash functions designed to ensure data integrity.
SHA algorithms take an input (or ‘message’) and return a fixed-size string of bytes. The output is typically called the hash value or digest. The process is deterministic, meaning the same input will always produce the same output.

Question 6

MD5

Answer 6

Message Digest Algorithm #5-
It’s poopoo. MD5 is not considered to be quite as safe for use as SHA256, but it might be required for compatibility between security products.

Question 7

Digital Signature

Answer 7

A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

Question 8

PKI

Answer 8

Public Key Infrastructure-
PKI enables secure, encrypted communication and authentication over networks such as the internet. It uses a pair of cryptographic keys: a public key and a private key.

Question 9

CA

Answer 9

A Certificate Authority (CA) is a trusted entity that issues and manages digital certificates. These certificates are used to verify the identity of entities (like websites, individuals, and organizations) and to facilitate secure communication over networks

Question 10

Digital Certificate

Answer 10

is essentially a wrapper for a subject’s public key. The certificate is digitally signed to prove that it was issued to the subject by a particular CA.

Question 11

Root Certificate

Answer 11

A root certificate is a self-signed digital certificate issued by a Certificate Authority (CA).
It acts as the ultimate trust anchor in a PKI system.

Question 12

CSR

Answer 12

Certificate Signing Request (CSR) A CSR is a block of encoded text submitted to a Certificate Authority (CA) when applying for a digital certificate.
It contains the public key and identifying information about the entity requesting the certificate.

Question 13

CRL

Answer 13

Certificate Revocation List (CRL)
A CRL is a publicly available list maintained by a Certificate Authority.
It contains serial numbers of certificates that have been revoked and are no longer valid.

Question 14

OCSP

Answer 14

Online Certificate Status Protocol (OCSP)
It allows clients (such as web browsers) to query a Certificate Authority’s (CA) server to determine if a certificate is still valid or has been revoked.

Question 15

entropy

Answer 15

A measure of disorder. Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Question 16

PRNG

Answer 16

Pseudo-Random Number Generator (PRNG)
A PRNG is an algorithm that produces a sequence of numbers that appears to be random but is actually deterministic.

Question 17

TRNG

Answer 17

True Random Number Generator (TRNG)
is a device or system that generates random numbers by utilizing a physical process, rather than an algorithm. Unlike Pseudo-Random Number Generators (PRNGs), which produce numbers that appear random but are actually deterministic, TRNGs produce genuinely random numbers.

Question 17

TPM

Answer 17

Trusted Platform Module (TPM)
It provides secure generation and storage of cryptographic keys, helping ensure platform integrity. Can be a chip or integrated into the CPU
example:
Imagine you have a laptop with a TPM chip. This TPM helps ensure that when you turn on your laptop, only trusted software loads, and it also helps encrypt the data on your hard drive. The security benefits are specific to that laptop.

Question 18

HSM

Answer 18

Hardware Security Module (HSM)
An HSM is a dedicated hardware device designed to protect and manage digital keys, perform encryption and decryption.
Where a TPM is designed to validate the security of a discrete computing platform such as a desktop computer or laptop, an HSM provides either centralized key storage
example:
Now, think of a bank that uses an HSM. The HSM securely stores and manages encryption keys used by various bank applications and servers to encrypt transactions and customer data. It can serve multiple systems, providing centralized security, and can even be moved to different locations if needed.

Question 19

Data at rest

Answer 19

is the state when the data is in some sort of persistent storage media.

Question 20

Data in transit

Answer 20

is the state when data is transmitted over a network.

Question 21

Data in use

Answer 21

is the state when data is present in volatile memory, such as system RAM or CPU registers and cache.

Question 22

DBMS

Answer 22

Database Management System (DBMS)
is software that provides a systematic way to create, retrieve, update, and manage data in databases. It serves as an interface between end users and the database

Question 23

TDE

Answer 23

Transparent Data Encryption (TDE)
is a technology used to encrypt databases to protect sensitive data at rest.

Question 24

Transport/communication encryption

Answer 24

protects data-in-motion.

Question 25

WPA

Answer 25

Wi-Fi Protected Access (WPA) —securing traffic sent over a wireless network.

Question 26

IPsec

Answer 26

Internet Protocol Security (IPsec) —securing traffic sent between two endpoints over a public or untrusted transport network. This is referred to as virtual private networking (VPN).

Question 27

TLS

Answer 27

Transport Layer Security (TLS) —securing application data, such as web or email data, sent over a public or untrusted network.

Question 28

HMAC

Answer 28

Hash-based Message Authentication Code (HMAC)
It ensures that the message has not been altered and verifies the sender’s authenticity

Question 29

PFS

Answer 29

Perfect Forward Secrecy (PFS)
A characteristic of transport encryption that ensures if a key is compromised, the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Question 30

ephemeral session keys

Answer 30

In cryptography, a key that is used within the context of a single session only.

Question 31

Salt

Answer 31

A salt is a random value added to data (typically passwords) before hashing.
User Registration:

User chooses a password: password123
System generates a random salt: 1a2b3c4d
Combined value: password1231a2b3c4d
Hash of combined value: h4shv4lu3
Stored in database: 1a2b3c4d (salt) and h4shv4lu3 (hash)
User Login:

User enters password: password123
System retrieves stored salt: 1a2b3c4d
Combined value: password1231a2b3c4d
Hash of combined value: h4shv4lu3
System compares this hash with the stored hash: h4shv4lu3
If they match, access is granted.

Question 32

Steganography

Answer 32

Steganography involves embedding a secret message within another medium, such as a text, image, audio file, or video, so that the presence of the message is hidden.

Question 33

Tokenization

Answer 33

Tokenization is a data security technique where sensitive data is replaced with a non-sensitive equivalent, known as a token.

“Data masking and tokenization are used for de-identification”

Credit Card Processing:
Sensitive Data: Credit card number 1234-5678-9012-3456.
Token Generation: The credit card number is replaced with a token like abcd-efgh-ijkl-mnop.
Storage: The token abcd-efgh-ijkl-mnop is stored in the production database. The original credit card number and the token are stored in the token vault.

Question 34

A small development company just set up a web server and must ensure a secure customer connection. Regarding digital certificates, what is a file containing the information that the subject wants to use in the certificate, including its public key?

A.CA
B.CSR
C.CRL
D.PKI

Answer 34

B
The Certificate Signing Request (CSR) is a file containing the information that the subject wants to use in the certificate, including its public key.

Question 35

What is the process used to encrypt and decrypt a message?

A.Cryptanalysis
B.Plaintext
C.Ciphertext
D.Algorithm

Answer 35

D
An algorithm refers to the operations that transform plaintext into ciphertext with cryptographic properties, also called a cipher. There are symmetric, asymmetric, and hash cipher types of algorithms.

Question 36

A coffee chain hired a marketing firm to set up a website that allows sign-ups. However, after running a test on the website, an error message in the browser stated that the connection was insecure. What framework should the marketing firm use to ensure this error message does not show up?

A.Public key infrastructure
B.Certificate authority
C.Cryptanalysis
D.Typosquatting

Answer 36

A
Public key infrastructure (PKI) refers to a framework of Certificate Authorities (CAs), digital certificates, software, services, and other cryptographic components deployed to validate subject identities.