Cryptographics Flashcards

Question

T/F: Symmetric encryption algorithms require large amounts of processing power for both encryption and decryption of data which makes them much slower in comparison to asymmetric encryption ciphers.

Answer 1

**False**. Symmetric encryption algorithms typically require less processing power for both encryption and decryption compared to asymmetric encryption algorithms. This is because **symmetric encryption uses the same key for both encryption and decryption, resulting in simpler and more efficient mathematical operations**. As a result, symmetric encryption algorithms are generally faster and more computationally efficient than asymmetric encryption algorithms.

Answer 2

True. In **asymmetric encryption, any message encrypted with a public key can only be decrypted by applying the corresponding private key, and vice versa**. This property ensures that messages encrypted with a public key can only be decrypted by the corresponding private key holder, providing confidentiality and secure communication between parties.

Answer 3

RC4, or Rivest Cipher 4, is a **symmetric stream cipher algorithm** designed by Ron Rivest in 1987. It is widely used in various cryptographic protocols and applications due to its simplicity and efficiency. RC4 operates by **generating a pseudorandom stream of bytes based on a secret key, which is then XORed with the plaintext to produce ciphertex**t. The key scheduling algorithm (KSA) initializes the internal state of the cipher based on the secret key, while the pseudorandom generation algorithm (PRGA) generates the keystream used for encryption and decryption. Despite its widespread use, RC4 has been **found to have several vulnerabilities over the years, including biases in the initial bytes of the keystream and weaknesses in the key scheduling algorithm**. As a result, its usage has been deprecated in many cryptographic protocols and standards, and it is generally considered insecure for use in new systems.

Answer 4

**DES (Data Encryption Standard), 3DES (Triple Data Encryption Standard), and AES (Advanced Encryption Standard) are all symmetric block cipher algorithms used for encrypting data.** Here's a brief overview of each: **DES (Data Encryption Standard):** DES is a **symmetric key algorithm** that was developed in the 1970s and became a widely used encryption standard. It operates on **64-bit blocks of plaintext and uses a 56-bit key for encryption and decryption**. Despite its widespread adoption, DES has become **vulnerable to brute-force attacks due to its relatively short key length**. **3DES (Triple Data Encryption Standard):** **3DES is a variant of DES that applies the DES algorithm three times to each block of data**. It provides increased security compared to DES by **using multiple keys and encrypting each block three times in different modes (e.g., EDE or ECB)**. However, 3DES is **slower and less efficient than DES due to its triple encryption process**, and it has largely been replaced by more modern encryption algorithms. **AES (Advanced Encryption Standard):** AES is a **symmetric block cipher algorithm** that was established as a federal government standard by the U.S. National Institute of Standards and Technology (NIST) in 2001. It operates on **128-bit blocks of plaintext and supports key lengths of 128, 192, or 256 bits. AES is widely considered to be secure, efficient, and suitable for a wide range of applications.** It has become the **de facto standard for symmetric encryption** and is used in various cryptographic protocols and systems worldwide. In summary, DES is an older encryption standard that has largely been replaced by more secure algorithms like 3DES and AES. 3DES provides increased security through multiple encryption rounds but is slower and less efficient. AES is the current industry-standard symmetric encryption algorithm, offering high security and performance for encrypting sensitive data.

Answer 5

Blowfish and Twofish are both **symmetric block cipher algorithms designed by Bruce Schneier**. While **Blowfish** offers customizable key lengths and **was once popular for its simplicity and security**, it has been **largely replaced by newer algorithms like AES.** **Twofish, on the other hand, is a more modern algorithm that offers strong security and is still used in various cryptographic applications.**

Answer 6

RSA, GPG, DSA, DHE, ECDHE, and PGP are all cryptographic algorithms or protocols used for encryption, authentication, and secure communication. Here's a brief overview of each: **RSA (Rivest-Shamir-Adleman)**: RSA is a widely used asymmetric encryption algorithm named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman. It is commonly used for **secure key exchange, digital signatures, and encryption of sensitive data**. RSA relies on the **mathematical difficulty of factoring large prime numbers** to provide security. **GPG (GNU Privacy Guard):** GPG is an **open-source implementation of the OpenPGP (Pretty Good Privacy) standard** for encrypting and decrypting data, as well as for creating and verifying digital signatures. It uses **symmetric-key cryptography for data encryption and asymmetric-key cryptography for key management.** **DSA (Digital Signature Algorithm):** DSA is an **asymmetric encryption algorithm commonly used for digital signatures**. It was proposed by the U.S. National Institute of Standards and Technology (NIST) and is **based on the difficulty of solving the discrete logarithm problem.** **DHE (Diffie-Hellman Ephemeral):** DHE is a key **exchange protocol based on the Diffie-Hellman algorithm**. It allows **two parties to securely negotiate a shared secret key** over an insecure communication channel, which can then be used for symmetric encryption. **ECDHE (Elliptic Curve Diffie-Hellman Ephemeral):** ECDHE is a v**ariant of the Diffie-Hellman key exchange protocol that uses elliptic curve cryptography (ECC).** It offers the same functionality as DHE but with improved performance and security due to the use of elliptic curves. **PGP (Pretty Good Privacy):** PGP is a data encryption and decryption program that **provides cryptographic privacy and authentication for electronic communication. It uses a combination of symmetric and asymmetric encryption**, as well as digital signatures, to secure email messages and files.

Answer 7

The terms that illustrate the security through obscurity concept are: **Code obfuscation:** Code obfuscation involves **intentionally complicating code to make it harder to understand or reverse-engineer**. It relies on the assumption that attackers will be deterred by the complexity of the code rather than its inherent security. **Steganography:** Steganography is the practice of **concealing information within other non-secret data (such as images, audio files, or text) to hide its existence**. It relies on the secrecy of the method used to embed the information rather than the strength of encryption. **SSID broadcast suppression**: SSID broadcast suppression involves **disabling the broadcasting of the Service Set Identifier (SSID) of a wireless network to prevent unauthorized users from discovering its existence**. It relies on the assumption that **hiding the network name will enhance security, but it can still be discovered through other means.** **Encryption**, on the other hand, does not rely on obscurity for security. Instead, it **relies on the use of mathematical algorithms and keys to transform data into an unreadable format** that can only be decrypted by authorized parties with the appropriate key.

Answer 8

Diffusion is a concept in cryptography that refers to **spreading the influence of individual plaintext symbols over many ciphertext symbols in order to prevent patterns from being discerned in the encrypted data**. In other words, diffusion ensures that a small change in the plaintext results in significant changes throughout the ciphertext. This property is crucial for achieving strong encryption because it **makes it more difficult for attackers to identify regularities or predictability in the encrypted data, thereby enhancing securit**y. Encryption algorithms achieve diffusion through various techniques, such as permutation and substitution, which thoroughly mix and distribute the information across the ciphertext. Overall, diffusion is an essential aspect of cryptographic algorithms to ensure robustness against attacks and maintain the confidentiality of encrypted data.

Answer 9

**Homomorphic encryption** is a type of encryption scheme that **allows mathematical operations to be performed on encrypted data without decrypting it first**. This means that computations can be carried out on ciphertexts, and the results will be the same as if the operations had been performed on the plaintexts before encryption. This property enables **secure processing of sensitive data while maintaining confidentiality, as the data remains encrypted throughout the computation process.**

Answer 10

**Encryption:** Encryption is the **process of transforming plaintext data into ciphertext using an encryption algorithm and a secret key**. Encrypted data can only be decrypted back to its original form by someone with the corresponding decryption key, ensuring confidentiality. Why not hashing? Hashing is a cryptographic technique used to transform data into a fixed-size string of characters, called a hash value. While hashing ensures data integrity and can be used for verification, it does not provide confidentiality as hash values are not reversible.

Answer 11

Among the options provided, ECC (Elliptic Curve Cryptography) would be best suited for low-power devices. **ECC (Elliptic Curve Cryptography):** ECC is a type of **public-key cryptography that offers strong security with shorter key lengths compared to other encryption algorithms** like RSA. It is **well-suited for low-power devices due to its efficiency in terms of computational resources** and memory requirements. **EFS (Encrypting File System):** EFS is a **built-in encryption feature in Windows operating systems that allows individual files or directories to be encrypted**. While it provides encryption, it may not be optimized for low-power devices and may not offer the same level of efficiency as ECC. **SED (Self-Encrypting Drive)**: SED refers to a **hardware-based encryption solution where the drive itself encrypts and decrypts data on-the-fly without requiring the CPU to perform encryption operations**. While SEDs offer security, they may not necessarily be optimized for low-power devices as they still rely on hardware resources. **FDE (Full Disk Encryption):** FDE refers to **encrypting the entire storage device, such as a hard drive or SSD, rather than individual files or directories**. While FDE provides comprehensive encryption, it may not be the most efficient solution for low-power devices, especially if the encryption process requires significant computational resources. In summary, ECC is the best-suited cryptographic solution for low-power devices due to its efficiency and strong security properties.

Answer 12

False. Entropy, in the context of cryptography and information theory, refers to the **measure of randomness or unpredictability in a system**. In simpler terms, it represents the amount of uncertainty or disorder in a set of data. The lack of entropy in the process of generating cryptographic keys actually decreases the security of cryptographic algorithms. **Entropy is essential for ensuring that cryptographic keys are sufficiently random and unpredictable**, which is crucial for resisting attacks such as brute-force and dictionary attacks. Without adequate entropy, cryptographic keys may become predictable or susceptible to cryptographic attacks, compromising the security of the encryption system. Therefore, a lack of entropy in key generation processes undermines the security of cryptographic algorithms rather than improving it.

Answer 13

**Bcrypt:** Bcrypt is a **key stretching algorithm commonly used for password hashing**. It applies a computationally intensive hashing function multiple times to slow down brute-force attacks on hashed passwords. **PBKDF2 (Password-Based Key Derivation Function 2):** PBKDF2 is another **key stretching algorithm commonly used for password hashing. It iteratively applies a cryptographic hash function to the input password along with a salt**, making it more resistant to brute-force attacks. ROT13 and DSA are not key stretching algorithms. **ROT13 is a simple substitution cipher that provides minimal security** and is not suitable for key stretching. **DSA (Digital Signature Algorithm) is a cryptographic algorithm used for digital signatures** and does not involve key stretching. **Twofish is a symmetric encryption algorithm** and is not typically used for key stretching purposes.

Answer 14

**Perfect Forward Secrecy (PFS) is a property of cryptographic systems where session keys are ephemeral and are not derived from the long-term keys used for authentication.** This means that even if the long-term keys are compromised in the future, past session keys remain secure because they are not derivable from the compromised keys. PFS enhances security by minimizing the potential impact of key compromise and ensuring that past communications remain confidential. It is commonly used in secure communication protocols such as Transport Layer Security (TLS) to protect the confidentiality of data exchanged during sessions. **ECB: Electronic Codebook mode is a basic encryption mode where each block of plaintext is encrypted independently**. It does not provide any additional security for session keys. **EFS: Encrypting File System is a feature in Windows operating systems that allows individual files or directories to be encrypted.** It is not specifically designed to strengthen the security of session keys. **PFX: Personal Information Exchange Format is a file format used for storing cryptographic keys and certificates.** While it may be used to manage cryptographic materials, it is not specifically designed to strengthen the security of session keys.

Answer 15

**Post-quantum cryptography refers to cryptographic algorithms that are believed to be secure against attacks by quantum computers.** With the development of quantum computing technologies, traditional cryptographic algorithms, especially those based on integer factorization and discrete logarithm problems (such as RSA and ECC), may become vulnerable to quantum attacks. **Post-quantum cryptographic algorithms aim to provide security even in the presence of quantum computers.** **Quantum cryptography is also a strong candidate** for future-proofing cryptographic solutions, as it leverages the principles of quantum mechanics to provide unconditional security for key distribution. **However, it is primarily used for key distribution rather than general-purpose encryption and authentication.** **Symmetric-key cryptography, asymmetric-key cryptography, and public-key cryptography are all essential components of modern cryptographic systems but may require updates or replacements in the face of quantum computing threats.** Therefore, post-quantum cryptography is considered the most future-proof option for ensuring long-term security in cryptographic systems.

Answer 16

**Hashing** is a cryptographic technique used to generate a fixed-size string of characters, called a hash value or digest, from input data of arbitrary size. It is **designed to be a one-way function, meaning that it is computationally infeasible to reverse the process and derive the original input data from the hash value**. Hash functions are used to **ensure data integrity by detecting any changes or modifications to the original data**. Even a **minor change to the input data will produce a significantly different hash value,** making it possible to detect tampering or corruption. Therefore, hashing is a critical component of ensuring data integrity in various applications, such as file verification, password storage, and digital signatures.