Cryptographic Solutions

Question 1

Cryptography

Answer 1

Practice and study of writing and solving codes to hide the tru meaning of information

Question 2

Encryption

Answer 2

Process of converting ordinary information (plaintext) into an unintelligible form (cyphertext)

Question 3

Data States

Answer 3

• Data at rest
• Data in transit
• Data in use

Question 4

Algorithm (Cipher)

Answer 4

Performs encryption and decryption

Question 5

Cryptographic key

Answer 5

Essential piece of information that makes the algorithm secure

Question 6

Symmetric vs Asymmetric Algorithms

Answer 6

• Symmetric algorithms use the same key for both encryption and decryption. Sometimes called Private Key
• Asymmetric algorithms use a pair of different keys for encryption and decryption. Sometimes called Public Key

Question 7

Hashing

Answer 7

One way cryptographic function that produces a unique message digest from an input

No way to recreate the original input, allowing the hash digest to act as a digital fingerprint

Question 8

PKI

Answer 8

Public Key Infrastructure is a framework for managing digital keys and certificates

Question 9

Steganography

Answer 9

Hiding secret data within ordinary, non secret, files or messages, to avoid detection

Question 10

Stream vs Block Cypher

Answer 10

• Stream Cypher encrypts data bit by bit. Utilizes a key stream generator which is XOR’d with the data to create the ciphertext. Tend to be symmetric and are good for encrypting real time data
• Block Cyphers break the data into fixed length blocks and encrypts each one. Will pad data as needed to reach the required block size

Question 11

DES

Answer 11

Data Encryption Standard

Symmetric block cipher

Key: 64 bit (functionally 56 bit, due to parity)

Heavily used from the 70’s to 2000’s

Question 12

3DES

Answer 12

Triple DES

Symmetric block cipher

Key: three different 56 bit keys (Encrypt, Decrypt, Encrypt). Functionally a 112 bit key

Question 13

IDEA

Answer 13

International Data Encryption Algorithm

Symmetric block cipher (64 bit blocks)

Key: 128 bit

Not ever commonly used

Question 14

AES

Answer 14

Advanced Encryption Standard

Symmetric block cipher (128, 192 or 256 bit blocks)

Key: 128, 192 or 256 bits (matches block size)

Chose to replace DES/3DES through a contest held by the US government. Current main standard of the US government. Most commonly used cipher and considered to be the strongest

Question 15

Blowfish

Answer 15

Symmetric block cipher (64 bit blocks)

Key: 32-448 bits

Developed as a replacement for DES, though not widely used. Opensource

Question 16

Twofish

Answer 16

Symmetric block cipher (128 bit blocks)

Key: 128, 192, 256 bit

Opensource

Question 17

RC4

Answer 17

Rivest Cipher 4

Symmetric stream cipher

Key: 40-2048 bits

Used in SSL and WEP

Question 18

RC5

Answer 18

Rivest Cipher 5

Symmetric block cipher

Key: up to 2048 bits

Question 19

RC6

Answer 19

Rivest Cipher 6

Symmetric block cipher

Based on RC5 and entered into the contest to replace DES. Lost to AES

Question 20

How does asymmetric encryption handle the need for Confidentiality?

Answer 20

By encrypting with the recipient’s public key, only they can decrypt, with their private key

Question 21

How does asymmetric encryption handle the need for non-repudiation?

Answer 21

By encrypting with the sender’s private key, anyone can decrypt it with their public key, validating the sender

Question 22

How does asymmetric encryption handle the need for Integrity?

Answer 22

By creating a hash digest of the message which is then encrypted with the sender’s private key (this is a digital signature).

Then you encrypt the message with the receiver’s public key.

This ensures Confidentiality, Integrity and Non0-repudiation

Question 23

DH

Answer 23

Diffie-Hellman

Key Exchange Algorithm

Often used for sharing private (symmetric) keys, such as for VPN tunnels for IPSec

Question 24

RSA

Answer 24

Rivest, Shamair & Adleman

Asymmetric encryption algorithm

Supports key sizes from 1024 to 4096 bits

Relies on the difficulty of factoring large prime numbers

Often used for MFA fobs

Question 25

ECC

Answer 25

Elliptic Curve Cryptography

Asymmetric encryption algorithm

Roughly six times more efficient than RSA

Heavily used in mobile and low power devices

Question 26

ECDH

Answer 26

Elliptic Curve Diffie Hellman

Asymmetric encryption algorithm

ECC version of Diffie Hellman

Question 27

ECDHE

Answer 27

Elliptic Curve Diffie-Hellman Ephemeral

Asymmetric encryption algorithm

ECC version of Diffie-Hellman that uses a different key for each portion of the key establishment process

Question 28

ECDSA

Answer 28

Elliptic Curve Digital Signatures Algorithm

Good for Digital Signatures and used by the US government for that

Question 29

MD5

Answer 29

Message Digest Algorithm 5

Hashing algorithm

128 bit digest

Very popular, but has issues with collisions due to small digest size

Question 30

SHA

Answer 30

Secure hash Algorithm

Family of hashing algorithms, SHA-1, SHA-2 and SHA-3

• SHA-1 has a 160 bit digest
• SHA-2 has multiple digest sizes (SHA-224, SHA-256, SHA-348, SHA-512)
• SHA-3 uses 224 to 512 bit digests, and is more secure than previous versions

Question 31

RIPEMD

Answer 31

RACE Integrity Primitive Evaluation Message Digest

Hashing algorithm

Comes 160, 256 and 320 bit version

Opensource, created in competition to SHA

Question 32

HMAC

Answer 32

Hash-based Message Authentication Code

Hashing algorithm which is always paired with other hashing algorithms

Question 33

Digital Siganture

Answer 33

A hash digest encrypted with a private key, used for ensuring non-repudiation

1. The sender hashes the message and encrypts it with their private key
2. The receiver decrypts the the Digital Signature using the sender’s public key
3. Receiver hashes the message themselves and compares the two

Question 34

DSA

Answer 34

Digital Security Algorithm

Asymmetric Encryption Algorithm

Utilized for Digital Signatures, Endorsed by the Federal Government

Question 35

Pass the Hash

Answer 35

A hacking technique that allows the attacker to authenticate to a server or service by using the underlying hash of a user’s password instead of the associated plaintext password

Question 36

Birthday Attack

Answer 36

Occurs when two different messages result in the same Hash Digest (collision)

Question 37

Key Stretching

Answer 37

Defensive technique used to mitigate a weaker key by creating a longer, more secure one.

Used in WPA, WPA2 and PGP

Question 38

Salting

Answer 38

Defensive technique that involves adding random data (salt) to passwords before hashing.

Useful for defending against Dictionary attacks, brute force attacks and rainbow tables.

Question 39

Nonces

Answer 39

Number Used Once

Defensive technique that involves adding unique, often random, numbers to password based auth.

Question 40

Digital Certificate

Answer 40

Binds a public key with an entity’s identity. Commonly uses the X.509 standard, at least within PKI

Question 41

X.509

Answer 41

A common digital certificate standard

Question 42

Wildcard Certificate

Answer 42

A digital certificate which allows multiple subdomains to use the same certificate. Easier to manage, but extra work when compromised

Question 43

SAN

Answer 43

Subject Alternate Name field. Field within a digital certificate, specifying other domains which and addresses which can also use the same certificate

Question 44

Single/Dual sided certificate

Answer 44

• Single sided certificates only require the server to be validated
• Dual sided certificates require both the server and user to be validated. More secure, but requires more processing power

Question 45

Self Signed Certificate

Answer 45

Any certificate which is signed by the same entity which issued it

Question 46

Third party certificate

Answer 46

Digital certificate issued and signed by a trusted Certificate Authority 9CA)

Question 47

Root of Trust

Answer 47

Highest level of trust in a certification validation

Question 48

CA

Answer 48

Certificate Authority. Trusted third party that issues digital certificates

Question 49

RA

Answer 49

Registration authority. Requests identifying information from users and forwards requests to CAs for certificate issuance

Question 50

CSR

Answer 50

Certificate Signing Request. Block of encoded text with information about an entity requesting a certificate. Submitted to CA in order to get a Certificate

Question 51

CRL

Answer 51

Certificate Revocation List. List of all Certificates which have ever been revoked, maintained by CAs

Question 52

OCSP

Answer 52

Online Certificate Status Protocol.

Determines certificate revocation status of any certificate. Faster, but less secure than CRL

Question 53

OCSP stapling

Answer 53

Online Certificate Status Protocol Stapling

Alternative to OCSP. Allows the certificate holder to get the OCSP record from the server at regular intervals and attaches it to the SSL/TLS handshake

Question 54

TPM

Answer 54

Trusted Platform Module

● Dedicated microcontroller for hardware-level security
● Protects digital secrets through integrated cryptographic keys
● Used in BitLocker drive encryption for Windows devices
● Adds an extra layer of security against software attacks

Question 55

HSM

Answer 55

Hardware Security Module

● Physical device for safeguarding and managing digital keys
● Ideal for mission-critical scenarios like financial transactions
● Performs encryption operations in a tamper-proof environment
● Ensures key security and regulatory compliance

Question 56

KMS

Answer 56

Key Management System

● Manages, stores, distributes, and retires cryptographic keys
● Centralized mechanism for key lifecycle management
● Crucial for securing data and preventing unauthorized access
● Automates key management tasks in complex environments

Question 57

Secure Enclave

Answer 57

● Coprocessor integrated into the main processor of some devices
● Isolated from the main processor for secure data processing and storage
● Safeguards sensitive data like biometric information
● Enhances device security by preventing unauthorized access

Question 58

Steganography

Answer 58

● Conceals a message within another to hide its very existence
● Involves altering image or data elements to embed hidden information
● Primary goal is to prevent the suspicion that there’s any hidden data at all
● Used alongside encryption for added security
● Detection is challenging due to hiding data in plain sight

Question 59

Tokenization

Answer 59

● Substitutes sensitive data with non-sensitive tokens
● Original data securely stored elsewhere
● Tokens have no intrinsic value
● Reduces exposure of sensitive data during transactions
● Commonly used for payment systems to comply with security standards

Question 60

Data Masking

Answer 60

● Disguises original data to protect sensitive information
● Maintains data authenticity and usability
● Used in testing environments, especially for software development
● Reduces the risk of data breaches in non-production settings
● Common in industries handling personal data
● Masks portions of sensitive data for privacy, e.g., credit card digits, social
security numbers

Question 61

Rainbow Table

Answer 61

Method of reverse engineering Hash Digest back to their source data. Basically sets of precompiled Has/data tables

Question 62

DER

Answer 62

Distinguished Encoding Rules

Binary Digital Certificate format, very common

Question 63

PEM

Answer 63

Privacy Enhanced Mail

Text Digital Certificate Format. ASCII version of DER

Question 64

PFX

Answer 64

Personal Information Exchange

Binary Digital Certificate format, used primarily by WIndows

Question 65

P7B

Answer 65

Text Digital Certificate Format used by Windows