Cryptographic Solutions

Question 1

Practice and study of writing and solving codes

Encryption to hide information’s true meaning

Answer 1

Cryptography

Question 2

Converts plaintext to ciphertext

Provides data protection at rest, in transit, and in use

Answer 2

Encryption

Question 3

Data States

Answer 3

Data At Rest
Data in Transit
Data in Use

Question 4

Performs encryption or decryption

Answer 4

Algorithm (Cipher)

Question 5

Essential for determining cipher output

Answer 5

Key

Question 6

Uses a single key for both encryption and decryption
■ Often referred to as private key encryption
■ Requires both sender and receiver to share the same secret key
■ Offers confidentiality but lacks non-repudiation
■ Challenges with key distribution in large-scale usage
● More people means more sharing of the keys

Answer 6

Symmetric Encryption

Question 7

Uses two separate keys
● Public key for encryption
● Private key for decryption
■ Often called “Public Key Cryptography”
■ No need for shared secret keys
■ Commonly used algorithms include Diffie-Hellman, RSA, and Elliptic Curve Cryptography (ECC)
■ Slower compared to symmetric encryption but solves key distribution challenges

Answer 7

Asymmetric Encryption

Question 8

Combines both symmetric and asymmetric encryption for optimal benefits
■ Asymmetric encryption used to encrypt and share a secret key
■ Symmetric encryption used for bulk data transfer, leveraging the shared secret key
■ Offers security and efficiency

Answer 8

Hybrid Approach

Question 9

Encrypts data bit-by-bit or byte-by-byte in a continuous stream
■ Uses a keystream generator and exclusive XOR function for encryption
■ Suitable for real-time communication data streams like audio and video
■ Often used in symmetric algorithm

Answer 9

Stream Cipher

Question 10

Breaks input data into fixed-size blocks before encryption
● Usually 64, 128, or 256 bits at a time
■ Padding added to smaller data blocks to fit the fixed block size
■ Advantages include ease of implementation and security
■ Can be implemented in software, whereas stream ciphers are often used in hardware solutions

Answer 10

Block Cipher

Question 11

Uses a 64-bit key (56 effective bits due to parity)
■ Encrypts data in 64-bit blocks through 16 rounds of transposition and substitution
■ Widely used from the 1970s to the early 2000s

Answer 11

DES (Data Encryption Standard)

(Symmetric Algorithm)

Question 12

Utilizes three 56-bit keys
■ Encrypts data with the first key, decrypts with the second key, and encrypts again with the third key
■ Provides 112-bit key strength but is slower than DES

Answer 12

Triple DES (3DES)

(Symmetric Algorithm)

Question 13

A symmetric block cipher with a 64-bit block size
■ Uses a 128-bit key, faster and more secure than DES
■ Not as widely used as AES

Answer 13

IDEA (International Data Encryption Algorithm)

(Symmetric Algorithm)

Question 14

Uses symmetric encryption algorithm that encrypts and decrypts data using a single secret key
■ Supports 128-bit, 192-bit, or 256-bit keys and matching block sizes
■ Widely adopted and considered the encryption standard for sensitive unclassified information
■ Uses single key for both encryption and decryption process
■ Replaced DES and 3DES as the US government encryption standard

Answer 14

AES (Advanced Encryption Standard)

(Symmetric Algorithm)

Question 15

A block cipher with key sizes ranging from 32 to 448 bits
■ Developed as a DES replacement but not widely adopted

Answer 15

Blowfish

(Symmetric Algorithm)

Question 16

A block cipher supporting 128-bit block size and key sizes of 128, 192, or 256 bits
■ Open source and available for use

Answer 16

Twofish

(Symmetric Algorithm)

Question 17

RC Cipher Suite (RC4, RC5, RC6)

Answer 17

Created by cryptographer, Ron Rivest
■ RC4 is a stream cipher with variable key sizes from 40 to 2048 bits, used in SSL and WEP
■ RC5 is a block cipher with key sizes up to 2048 bits
■ RC6, based on RC5, was considered as a DES replacement

Question 18

Used for cryptographic key exchange and secure key distribution over public channels
● Vulnerable to man-in-the-middle attacks, requires authentication
● Commonly used in VPN tunnel establishment (IPSec)

Answer 18

Diffie-Hellman

(Asymmetric Algorithm)

Question 19

Used for key exchange, encryption, and digital signatures
● Relies on the mathematical difficulty of factoring large prime numbers
● Supports key sizes from 1024 to 4096 bits
● Widely used in organizations and multi-factor authentication

Answer 19

RSA (Ron Rivest, Adi Shamir, Leonard Adleman)

(Asymmetric Algorithm)

Question 20

Efficient and secure, uses algebraic structure of elliptical curves
● Commonly used in mobile devices and low-power computing
● Six times more efficient than RSA for equivalent security

Answer 20

Elliptic Curve Cryptography (ECC)

Variants include:
○ ECDH (Elliptic Curve Diffie-Hellman)
○ ECDHE (Elliptic Curve Diffie-Hellman Ephemeral)
○ ECDSA (Elliptic Curve Digital Signature Algorithm)

(Asymmetric Algorithm)

Question 21

One-way cryptographic function that produces a unique message digest from an input

Answer 21

Hashing

Question 22

Like a digital fingerprint for the original data

■ Always of the same length regardless of the input’s length

Answer 22

Hash Digest

Question 23

Creates a 128-bit hash value
● Limited unique values, leading to collisions
● Not recommended for security-critical applications due to vulnerabilities

Answer 23

MD5 (Message Digest Algorithm 5)

(Hashing Algorithms)

Question 24

○ Produces a 160-bit hash digest, less prone to collisions than MD5
○ Offers longer hash digests (SHA-224, SHA-256, SHA-348, SHA-512)
○ Uses 224-bit to 512-bit hash digests, more secure, 120 rounds of
computations
○ SHAE-256 is widely regarded as one of the most secure hashing algorithms due to its strong resistance to collision attacks and its large output size

Answer 24

SHA (Secure Hash Algorithm) Family

SHA-1 - 160-bit
SHA-2 - offers longer hash digests
SHA-3 - uses 2240-bit to 512-bit

(Hashing Algorithms)

Question 25

Open-source competitor to SHA but less popular

Versions available:
○ 160-bit (Most common)
○ 256-bit
○ 320-bit

Answer 25

RIPEMD (RACE Integrity Primitive Evaluation Message Digest)

(Hashing Algorithms)

Question 26

Checks message integrity and authenticity

● Utilizes other hashing algorithms (e.g., HMAC-MD5, HMAC-SHA1,
HMAC-SHA256)

Answer 26

HMAC (Hash-based Message Authentication Code)

(Hashing Algorithms)

Question 27

Uses a hash digest encrypted with a private key

■ Sender hashes the message and encrypts the hash with their private key
■ Recipient decrypts the digital signature using the sender’s public key
■ Verifies integrity of the message and ensures non-repudiation

Answer 27

Digital Signatures

Question 28

Utilized for digital signatures

Uses a 160-bit message digest created by DSS (Digital Security Standard)

Answer 28

DSA (Digital Security Algorithm)

(Digital Signature Algorithm)

Question 29

Supports digital signatures, encryption, and key distribution

● Widely used in various applications, including code signing

Answer 29

RSA (Rivest-Shamir-Adleman)

(Digital Signature Algorithm)

Question 30

A hacking technique that allows the attacker to authenticate to a remote server or service by using the underlying hash of a user’s password instead of requiring the associated plaintext password

Answer 30

Pass the Hash Attack

(Hashing Attack)

Question 31

Occurs when two different messages result in the same hash digest
(collision)

Collisions in hashes can be exploited by attackers to bypass
authentication systems

Answer 31

Birthday Attack

(Hashing Attack)

Question 32

Technique that is used to mitigate a weaker key by creating longer, more secure keys (at least 128 bits)

○ increases the time needed to crack the key
● Used in systems like Wi-Fi Protected Access, Wi-Fi Protected Access
version 2, and Pretty Good Privac

Answer 32

Key Stretching

(Hash Security)

Question 33

Adds random data (salt) to passwords before hashing

● Ensures distinct hash outputs for the same password due to different salts
● Thwarts dictionary attacks, brute-force attacks, and rainbow tables

Answer 33

Salting

(Hash Security)

Question 34

Adds unique, often random numbers to password-based authentication processes
● Prevents attackers from reusing stolen authentication data
● Adds an extra layer of security against replay attacks

Answer 34

Nonces (Number Used Once)

(Hash Security)

Question 35

Restricts the number of incorrect login attempts a user can make

● Increases security by deterring attackers attempting to guess passwords
● Typically, lock the account after three incorrect attempts

Answer 35

Limiting Failed Login Attempts

(Hash Security)

Question 36

An entire system involving hardware, software, policies, procedures, and people

■ Based on asymmetric encryption
■ Facilitates secure data transfer, authentication, and encrypted communications
■ Used in HTTPS connections on websites

Answer 36

PKI Components

Question 37

Refers to the encryption and decryption process using public and private keys. Only a part of the overall PKI architecture

Answer 37

Public Key Cryptography

Question 38

Encompasses the entire system for managing key pairs, policies, and trust

Involves generating, validating, and managing public and private key pairs that are used in the encryption and decryption process

Ensures the security and trustworthiness of keys

Answer 38

Public Key Infrastructure (PKI)

Question 39

Storage of cryptographic keys in a secure, third-party location

Enables key retrieval in cases of key loss or for legal investigations

Answer 39

Key Escrow

Question 40

Trusted third party that issues digital certificates and keeps the level of trust between all the certificate authorities around the world

Answer 40

Certificate Authority (CA)

Question 41

Digitally signed electronic document that binds a public key with a user’s identity

Answer 41

Digital Certificate

Question 42

Commonly used standard for digital certificates within PKI.
Contains owner’s/user’s information and certificate authority details

Answer 42

X.509 Standard

Question 43

Allows multiple subdomains to use the same certificate

● Easier management, cost-effective for subdomains
● Compromise affects all subdomains

Answer 43

Wildcard Certificate

Question 44

Certificate that specifies what additional domains and IP addresses are going to be supported. Used when domain names don’t have the same root domain

Answer 44

SAN (Subject Alternate Name) field

Question 45

Only Certificate requires the server to be validated

The other needs Both server and user to validate each other
and is used for higher security but requires more processing power

Answer 45

Single-sided and Dual-sided Certificates

Question 46

Digital certificate that is signed by the same entity whose identity it
certifies
● Provides encryption but lacks third-party trust
● Used in testing or closed systems

Answer 46

Self-Signed Certificates

Question 47

Digital certificate issued and signed by trusted certificate authorities (CAs)
● Trusted by browsers and systems
● Preferred for public-facing websites

Answer 47

Third-Party Certificates

Question 48

Highest level of trust in certificate validation
● Trusted third-party providers like Verisign, Google, etc.
● Forms a certification path for trust

Answer 48

Root of Trust

Question 49

Requests identifying information from the user and forwards certificate request up to the CA to create a digital certificate
● Collects user information for certificates
● Assists in the certificate issuance process

Answer 49

Registration Authority (RA)

Question 50

A block of encoded text with information about the entity requesting the certificate
● Includes the public key
● Submitted to CA for certificate issuance
● Private key remains secure with the requester

Answer 50

Certificate Signing Request (CSR)

Question 51

Maintained by CAs, List of all digital certificates that the certificate authority has already revoked
● Checked before validating a certificate

Answer 51

Certificate Revocation List (CRL)

Question 52

● Alternative to OCSP
● Allows the certificate holder to get the OCSP record from the server at regular intervals
● Includes OCSP record in the SSL/TLS handshake
● Speeds up the secure tunnel creation

Answer 52

OCSP Stapling

Question 52

Determines certificate revocation status or any digital certificate using the certificate’s serial number
● Faster but less secure than CRL

Answer 52

Online Certificate Status Protocol (OCSP)

Question 53

Allows an HTTPS website to resist impersonation attacks from users who are trying to present fraudulent certificates
● Presents trusted public keys to browsers
● Alerts users if a fraudulent certificate is detected

Answer 53

Public Key Pinning

Question 53

Securely store copies of private keys
● Ensures key recovery in case of loss
● Requires strong access controls

Answer 53

Key Escrow Agents

Question 54

Specialized type of software that allows the restoration of a lost or or
corrupted key to be performed
● Acts as a backup for certificate authority keys

Answer 54

Key Recovery Agents

Question 55

Shared immutable ledger for transactions and asset tracking
■ Builds trust and transparency
■ Widely associated with cryptocurrencies like Bitcoin
■ Is essentially a really long series of information with each block containing information in it

Answer 55

Blockchain

Question 56

Secure and anonymous record-keeping system
● Maintains participants’ identities
● Tracks cryptocurrency balances
● Records all genuine transactions in a network

Answer 56

Public Ledger

Question 57

Self-executing contracts with code-defined terms
● Execute actions automatically when conditions are met
● Transparent, tamper-proof, and trust-enhancing

Answer 57

Smart Contracts

(Blockchain Applications)

Question 58

Implications of Blockchain?

Answer 58

Versatility
Decentralization
Immutable Ledger
Digital Evolution

Question 59

Dedicated microcontroller for hardware-level security
● Protects digital secrets through integrated cryptographic keys
● Used in BitLocker drive encryption for Windows devices
● Adds an extra layer of security against software attacks

Answer 59

TPM (Trusted Platform Module)

Question 60

Physical device for safeguarding and managing digital keys
● Ideal for mission-critical scenarios like financial transactions
● Performs encryption operations in a tamper-proof environment
● Ensures key security and regulatory compliance

Answer 60

HSM (Hardware Security Module)

Question 61

Manages, stores, distributes, and retires cryptographic keys
● Centralized mechanism for key lifecycle management
● Crucial for securing data and preventing unauthorized access
● Automates key management tasks in complex environments

Answer 61

Key Management System

Question 62

Coprocessor integrated into the main processor of some devices
● Isolated from the main processor for secure data processing and storage
● Safeguards sensitive data like biometric information
● Enhances device security by preventing unauthorized access

Answer 62

Secure Enclaves

Question 63

Conceals a message within another to hide its very existence
● Involves altering image or data elements to embed hidden information
● Primary goal is to prevent the suspicion that there’s any hidden data at all
● Used alongside encryption for added security
● Detection is challenging due to hiding data in plain sight

Answer 63

Steganography

(Obfuscation Techniques in Data Security)

Question 64

Substitutes sensitive data with non-sensitive tokens
● Original data securely stored elsewhere
● Tokens have no intrinsic value
● Reduces exposure of sensitive data during transactions
● Commonly used for payment systems to comply with security standards

Answer 64

Tokenization

(Obfuscation Techniques in Data Security)

Question 65

Disguises original data to protect sensitive information
● Maintains data authenticity and usability
● Used in testing environments, especially for software development
● Reduces the risk of data breaches in non-production settings
● Common in industries handling personal data
● Masks portions of sensitive data for privacy, e.g., credit card digits, social security numbers

Answer 65

Data Masking (Data Obfuscation)

(Obfuscation Techniques in Data Security)

Question 66

Techniques and strategies that adversaries employ to exploit vulnerabilities in cryptographic systems with the intent to compromise the confidentiality, integrity, or authenticity of data

Answer 66

Cryptographic Attacks

Question 67

Force systems to use weaker or older cryptographic standards or protocols
■ Exploit known vulnerabilities or weaknesses in outdated versions
■ Example: POODLE attack on SSL 3.0
■ Countermeasures include phasing out support for insecure protocols and version-intolerant checks

Answer 67

Downgrade Attacks

Question 68

Find two different inputs producing the same hash output
■ Undermine data integrity verification relying on hash functions
■ Vulnerabilities in hashing algorithms, e.g., MD5, can lead to collisions
■ Birthday Paradox or Birthday Attack

Answer 68

Collision Attacks

Question 69

A computer that uses quantum mechanics to generate and manipulate quantum bits in order to access enormous processing powers.
● Uses quantum bits (qubits) instead of using ones and zeros

Answer 69

Quantum computing

Question 70

A communications network that relies on qubits made of photons (light) to send multiple combinations of ones and zeros simultaneously which results in tamper resistant and extremely fast communications

Answer 70

Quantum Communication

Question 71

A quantum bit composed of electrons or photons that can represent
numerous combinations of ones and zeros at the same time through
superposition
● Enable simultaneous processing of multiple combinations

Answer 71

Qubit

Question 72

A new kind of cryptographic algorithm that can be implemented using today’s classic computers but is also impervious to attacks from future quantum computers
● Aims to create algorithms resistant to quantum attacks

Answer 72

Post-quantum cryptography