Crypto

Question 1

Block Cipher

Answer 1

takes n bits as input and produces n bits. Based on iteration.

Question 2

3DES

Answer 2

n or block size is 64 bits. Key size is 168 bits. FiestelNetwork. Half of bits are unchanged.

Question 3

AES

Answer 3

n or block size is 128 bits. Key size is 156, 512, 1025. Permutation Substitution network.

Question 4

Modes of operation

Answer 4

use the same key to encrypt multiple times

Question 5

CBC Mode

Answer 5

Cipher block chaining with random IV

Question 6

Carter Wagman MAC

Answer 6

Use the fast hash function on the larger input and use slower encryption algorithm on hashed output.

Question 7

SHA256

Answer 7

Markel dagmard function, davies mayer compressionl

Question 8

Authenticated Encryption

Answer 8

Provides ciphertext integrity, cannot protect against replay attacks.

Question 9

SSL

Answer 9

mac then encrypt E(Ke, m||tag)

Question 10

SSH

Answer 10

enc then mac E(ke,m) and calculate tag on the message.

Question 11

IPSEC

Answer 11

enc then mac E(ke,m) and calculate tag on the cipher text. IPSec is the best option.

Question 12

Authenticated encryption modes

Answer 12

combining encryption and MAC

Question 13

GalolisCounterMode

Answer 13

ctr mode encryption then cw-mac (cartel wagman)

Question 14

CCM

Answer 14

cbc mac then ctr mode encryption. Uses AES.

Question 15

TLS 1.2

Answer 15

( CBC AES-128, HMAC-SHA1). Mac then encypt.
Browser side enc (k b->s, data, ctr b->s) :
1. Tag – S(kmac, [++ctr b->s||header||data) value of ctr is included in tag. Ctr is acting as nonce and not send since both sides know what ctr has to be.
2. Pad [header||data||tag] to AES block.
3. CBC encypt with k and new random IV
4. prepend header.
Server side dec(kb->s, record, ctr b->s)
1.CBC decrpt record using kenc
2.Check pad format : send bad_record_mac if invalid
3.Check tag on [++ctr b->s||header||data]. Send bad_record_mac if invalid.

Replay attack prevented using ctr, since ctr won’t match.

Question 16

Password based KDF

Answer 16

uses salt and slow hash function. PKCS#5. H©(pwd||salt) – iterate hash function c times.

Question 17

Assymetric encryption

Answer 17

G generates public, private key pair
E (publickey, m)
D (privatekey, c)

Question 18

TLS 1.3

Answer 18

1. The TLS 1.3 handshake process involves only one round-trip as opposed to three in TLS 1.2. This results in reduced latency.
2. 0-RTT- 0-RTT Resumption. It means that if the client has connected to the server before, TLS 1.3 permits a zero-round trip handshake.
   Issues - lack of full forward secrecy. It means that if these session ticket keys are compromised, an attacker can decrypt the 0-RTT data sent by the client on the first flight
   TLS 1.3 0-RTT is that it doesn’t provide a guarantee of non-replay between connections.
3. algorithms all use Authenticated Encryption with Associated Data (AEAD) algorithms.
4. Static RSA and Diffie-Hellman cipher suites have been removed; all public-key based key exchange mechanisms now provide forward secrecy.
5. All handshake messages after the ServerHello are now encrypted.
6. Key derivation functions have been re-designed, with the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) being used as a primitive.
7. The handshake state machine has been restructured to be more consistent and remove superfluous messages.