Cryptography

Question 1

1. What is the goal of cryptanalysis?

a. To determine the strength of an algorithm
b. To increase the substitution functions in a cryptographic algorithm
c. To decrease the transposition functions in a cryptographic algorithm
d. To determine the permutations used

Answer 1

1. The answer is A. Cryptanalysis is the process of trying to reverse-engineer a cryptosystem with the goal of uncovering the key that was used. Once this key is uncovered all other messages encrypted with this key can be accessed. Cryptanalysis is carried out by the white hats to test the strength of the algorithm.

Question 2

2. The brute force attacks have increased because ___________.

a. The increased use of permutations and transpositions in algorithms.
b. As algorithms get stronger, they get less complex, and thus more susceptible to attacks.
c. The increase in processor speed and power.
d. The reduction in key length over time.

Answer 2

2. The answer is C. A brute-force attack is very resource intensive. It is guessing different values over and over again until the correct one is obtained. As computers have more powerful processors added to them attackers can carry out more powerful brute-force attacks.

Question 3

3. Which of the following is not a property or characteristic of a one-way hash function?

a. It converts a message of arbitrary length into a value of fixed length.
b. Given the digest value, it should be computationally infeasible to find the corresponding message.
c. It should be computationally infeasible to derive the same digest from two different messages.
d. It converts a message of fixed length to an arbitrary length value

Answer 3

3. The answer is D. A hashing algorithm will take a string of variable length, the
   message can be of any size, and compute a fixed length value. The fixed length value
   is the message digest. The MD family creates the fixed length value of 128 bits and
   SHA creates one of 160 bits.

Question 4

4. What would indicate that a message had been modified?

a. The public key has been altered.
b. The private key has been altered.
c. The message digest has been altered.
d. The message has been encrypted properly.

Answer 4

4. The answer is C. Hashing algorithms generate message digests to detect if
   modification has taken place. The sender and receiver independently generate their
   own digests and the receiver compares these values. If they are different, the receiver
   knows the message had been alter in some way.

Question 5

5. Which of the following is an algorithm used in a U.S. Standard for creating secure message digests?

a. Data Encryption Standard
b. Digital Signature Standard
c. Secure Hash Algorithm
d. Data Signature Standard

Answer 5

5. The answer is C. SHA was created to generate secure message digests. Digital Signature Standard (DSS) is the standard to create digital signatures, which dictates that SHA must be used. DSS also outlines the following digital signature algorithms can be used with SHA; RSA, DSA, ECDSA.

Question 6

6. If an attacker stole a password file that contained one-way encrypted passwords, what type of attack would she perform to find the encrypted passwords?

a. Man-in-the-middle attack (transmission)
b. Birthday attack
c. Denial of service attack (Attack on Availability)
d. Dictionary attack

Answer 6

6. The answer is D. A dictionary attack is carried out by comparing a captured password against a list of commonly used words. The list is usually fed into a dictionary attacking tool.

Question 7

7. What is an advantage of RSA over the DSA?

a. It can provide digital signature and encryption functionality.
b. It uses fewer resources and encrypts quicker because it uses symmetric keys.
c. It is a block cipher versus a stream cipher.
d. It employs a one-time encryption pad. (IPSec or SSL)

Answer 7

7. The answer is A. RSA can be used for data encryption, key exchange, and digital signatures. DSA can only be used for digital signatures.

Question 8

8. Many countries restrict the use or exportation of cryptographic systems. What is the reason given when these types of restrictions are put into place?

a. Without standards, there would be many interoperability issues when trying to employ different algorithms into different programs.
b. It can be used by some countries against their local people.
c. Criminals could use encryption to avoid detection and prosecution.
d. Laws are way behind, so adding different types of encryption would confuse the laws more.

Answer 8

8. The answer is C. The U.S. has greatly reduced their restrictions on cryptography exportation, but there are still some restrictions in place. Products that use encryption cannot be sold to any country the U.S. has declared as terrorist. The fear is that the enemies of the country will use encryption to hide their communication and the government would not be able to properly break this encryption and spy on their data transfers.

Question 9

9. What is used to create a digital signature?

a. The receiver’s private key
b. The sender’s public key
c. The sender’s private key
d. The receiver’s public key

Answer 9

9. The answer is C. A digital signature is a message digest that has been encrypted with the sender’s private key. A sender, or anyone else, should never have access to the receiver’s private key.

Question 10

10. Which of the following best describes a digital signature?

a. A method of transferring a handwritten signature to an electronic document
b. A method to encrypt confidential information (Confidentiality Algorithms anyone?)
c. A method to provide an electronic signature and encryption
d. A method to let the receiver of the message prove the source and integrity of a message

Answer 10

10. The answer is D. A digital signature provides authentication (knowing who really sent the message), integrity (because a hashing algorithm is involved), and non-repudiation (sender cannot deny sending the message).

Question 11

11. How many bits make up the effective DES key?

a. 56
b. 64
c. 32
d. 16

Answer 11

11. The answer is A. DES has a key size of 64-bits, but 8 bits are used for parity, so the true key size is 56 bits. Remember that DEA is the algorithm used for the DES standard so DEA has a true key size of 56 bits also because we are actually talking about the same algorithm here. DES is really the standard and DEA is the algorithm, we just call it DES in the industry because it is easier.

Question 12

12. When would a certificate authority revoke a certificate?

a. If the user’s public key has become compromised
b. If the user changed over to using the PEM model that uses a web of trust
c. If the user’s private key has become compromised
d. If the user moved to a new location

Answer 12

12. The answer is C. The reason that a certificate is revoked is to warn others who use that person’s public key that they should no longer trust the public key. For some reason that public key is no longer bound to that particular individual’s identity. This could be because an employee left the company, a person changed their name and needed a new certificate, but most likely it is because the person’s private key was compromised.

Question 13

13. What does DES stand for?

a. Data Encryption System
b. Data Encryption Standard
c. Data Encoding Standard
d. Data Encryption Signature

Answer 13

13. The answer is B. Data Encryption Standard was developed by NIST and NSA to be used to encrypt sensitive but unclassified government data.

Question 14

14. Which of the following best describes a certificate authority?

a. An organization that issues private keys and the corresponding algorithms
b. An organization that validates encryption processes
c. An organization that verifies encryption keys
d. An organization that issues certificates

Answer 14

14. The answer is D. A registration authority (RA) will accept a person’s request for a certificate and verify that person’s identity. Then the RA sends this request to a certificate authority (CA), which generates and maintains the certificate. There are companies in business solely for this purpose; Entrust and VeriSign are just two examples.

Question 15

15. What does the acronym DEA stand for?

a. Data Encoding Standard
b. Data Encoding Application
c. Data Encryption Algorithm
d. Digital Encryption Algorithm

Answer 15

15. The answer is C. DEA is the algorithm that fulfilled the DES standard. So DEA has all of the attributes of DES; block symmetric cipher that uses 64-bit blocks, 16 rounds, and a 56-bit key.

Question 16

16. Who was involved in developing the first public key encryption system?

a. Adi Shamir
b. Ross Anderson
c. Bruce Schneier
d. Martin Hellman

Answer 16

16. The answer is D. The first released public key cryptography algorithm was developed by Whitfield Diffie and Martin Helman.

Question 17

17. What process takes place after creating a DES session key?

a. Key signing
b. Key escrow
c. Key clustering
d. Key exchange

Answer 17

17. The answer is D. After a session key has been created it has to be exchanged securely. In most cryptosystems an asymmetric key (the receiver’s public key) is used to encrypt this session key and it is sent to the receiver.

Question 18

18. DES performs how many rounds of permutation and substitution?

a. 16
b. 32
c. 64
d. 56

Answer 18

18. The answer is A. DES carries out 16 rounds of mathematically computation on each 64-bit block of data it is responsible for encrypting. A round is a set of mathematical formulas that is used for encryption and decryption processes.

Question 19

19. Which of the following is a true statement pertaining to data encryption when it is used to protect data?

a. It verifies the integrity and accuracy of the data.
b. It requires careful key management.
c. It does not require much system overhead in resources.
d. It requires keys to be escrowed.

Answer 19

19. The answer is B. Data encryption always requires careful key management. Most algorithms are so strong today that it is much easier to go after key management instead of a brute force attack. Hashing algorithms are used for data integrity, encryption does require a good amount of resources, and keys do not have to be escrowed for encryption.

Question 20

20. If different keys generate the same ciphertext for the same message, what is this called?

a. Collision
b. Secure hashing
c. MAC
d. Key clustering

Answer 20

20. The answer is D. Message A was encrypted with key A and the result is ciphertext Y. If that same Message A was encrypted with key B the result should not be ciphertext Y. The ciphertext should be different since a different key was used. But if this does take place it is referred to as key clustering.

Question 21

21. What is the definition of an algorithm’s work factor?

a. Time it takes to encrypt and decrypt the same plaintext
b. Time it takes to break the encryption
c. Time it takes to implement 16 rounds of computation
d. Time it takes to apply substitution functions

Answer 21

21. The answer is B. The work factor of a cryptosystem is the amount of time and resources that are necessary to break the cryptosystem, or its encryption process. The goal is to make the work factor so high that an attacker could not be successful at this type of attack.

Question 22

22. What is the primary purpose of using one-way encryption on user passwords?

a. Minimizes the amount of primary and secondary storage needed to store passwords
b. Prevents anyone from reading passwords in plaintext
c. Avoids excessive processing required by an asymmetric algorithm
d. Prevents replay attacks

Answer 22

22. The answer is B. Passwords are usually run through a one-way hashing algorithm so that the actual password is not transmitted across the network or stored on the authentication server in plaintext. This greatly reduces the risk of an attacker being able to obtain the actual password.

Question 23

23. Which of the following is based on the fact that it is hard to factor large numbers into two original prime numbers?
    a. ECC
    b. RSA
    c. DES
    d. Diffie-Helman

Answer 23

23. The answer is B. The RSA algorithm’s security is based on the difficulty of factoring large numbers into their original prime numbers. This is a one-way function. It is easier to calculate the product than it is to identify the prime numbers that were used to generate that product.

Question 24

24. Which of the following describes the difference between the Data Encryption Standard and the Rivest-Sharmir-Adleman algorithm?

a. DES is symmetric while RSA is asymmetric
b. DES is asymmetric while RSA is symmetric
c. They are hashing algorithms, but RSA produces a 160-bit hashing value
d. DES creates public and private keys while RSA encrypts messages

Answer 24

24. The answer is A. DES is a symmetric algorithm and RSA is an asymmetric, or public key cryptography, algorithm. DES is used to encrypt data and RSA is used to create public/private key pairs.

Question 25

25. Which of the following uses a symmetric key and a hashing algorithm?

a. MAC
b. Triple DES
c. ISAKMP-Oakley
d. RSA

Answer 25

25. The answer is A. When a MAC function is used, a symmetric key is combined with the message and then that result is put though a hashing algorithm. The result is a MAC value. MAC provides data origin authentication and data integrity.

Question 26

26. Which of the following is not a characteristic of Digital Signature Algorithm (DSA)?

a. Can be used for key exchange
b. Developed by the NSA
c. Part of the DSS
d. Uses a secure hash algorithm to generate a fingerprint of the message before signing it

Answer 26

26. The answer is A. DSA is only used for digital signatures and cannot perform message encryption or key exchange. The DSS dictates that SHA-1 and DSA (or RSA or ECDSA) are to be used for digital signatures.

Question 27

27. One-way encrypted passwords are most vulnerable to which of the following attack types?

a. Plaintext attack
b. Fraggle attack
c. Dictionary attack
d. Smurf attack

Answer 27

27. The answer is C. If an attacker can gain control of the password file or an individual
    password; he can use a dictionary attack program that has thousands of commonly
    used dictionary words to uncover the password. Passwords should not be made up of
    words, but a sequence of letters, symbols, and numbers at least 7 characters in length.

Question 28

28. What size of message digest does SHA produce?

a. 128-bit
b. 160-bit
c. 64-bit
d. 120-bit

Answer 28

28. The answer is B. SHA is a hashing algorithm. It is specified to be used in the Digital
    Signature Standard to create the necessary message digest. This message digest will
    then be encrypted with a private key to create a digital signature. A hashing algorithm
    alone only provides data integrity.

Question 29

29. Which of the following is the science of studying and breaking the secrecy of cryptosystems and their necessary pieces?

a. Cryptosystem
b. Brute force
c. Kerchoff
d. Cryptanalysis

Answer 29

29. The answer is D. Cryptanalysis has occurred for many years as a way of discovering
    new and innovative methods of breaking algorithms, keys and cryptosystems. It can
    be done in a ‘black-hat’ approach, to gain unauthorized access to encrypted
    information. It can also be done in a ‘white-hat’ approach, which finds flaws or
    weaknesses in algorithms and cryptosystems so that they can be better developed and
    improved upon.

Question 30

30. Which algorithm did NIST choose to become the Advanced Encryption Standard (AES) replacing DES?

a. DEA
b. Rijndael
c. Twofish
d. IDEA
e. BLOWFISH

Answer 30

30. The answer is B. Rijndael is the algorithm in place today for protecting sensitive but unclassified U.S. Government information. DES was finally broken and needed to be replaced by a stronger algorithm that provided larger key sizes.