Cryptography

Question 1

Salting

Answer 1

A process where a computer adds a small amount of data to the end of a password before hashing.

Question 2

Key Stretching

Answer 2

A technique used to slow the process of hashing.

Question 3

HSM

Answer 3

Hardware Security Modules - a device which stores, encrypts, and decrypts passwords. It is often plugged into a USB port, and keys cannot be exported in a usable format.

Question 4

Key (Cryptography)

Answer 4

A binary value which determines the value of the ciphertext. For a key length of n, there are 2^n possible keys.

Question 5

Key Chain

Answer 5

A file which contains cryptographic keys.

Question 6

Session Key

Answer 6

A key generated at each exchange of data. They are deleted after a session.

Question 7

Symmetric Encryption

Answer 7

A form of encryption which uses the same key to decrypt data, such as ROT13.

Question 8

DES

Answer 8

Data Encryption Standard - a program which splits plaintext into 64 bit blocks, each of which is then divided in half. One half is scrambled using an algorithm (F-function), before the halves are recombined, swapped, and the process repeated 16 times. Regular DES is no longer practically used due to increasing computing performance making decryption too easy.

Question 9

3DES

Answer 9

Triple Data Encryption Standard - a standard for encryption which repeats DES three times. It uses a key-bundle with 2 to 3 DES keys, giving it a key size of 112 or 168 bits.

Question 10

AES

Answer 10

Advanced Encryption Standard - a symmetric cipher with a key length of 128,192, or 256. It is used for purposes such as protecting hard disk data, voice call data, and password manager contents.

Question 11

Private Key

Answer 11

A key used in asymmetric cryptography which is never seen by anyone other than the sender.

Question 12

Public Key

Answer 12

A key used in asymmetric cryptography which can be seen by anyone.

Question 13

Asymmetric Encryption

Answer 13

A form of encryption where each user has a public and private key. The private key can decrypt files encrypted with the paired public key and vice versa. Anyone sending data to Alice will use a copy of her public key, and only she can decrypt it using her private key.

Question 14

Key Pair

Answer 14

The term for the combination of the public and private keys. Keys are typically quite large, at around 1024, 2048, or 4096 bits long.

Question 15

Key Revocation

Answer 15

The act of a user marking a private key as no longer trusted, perhaps after forgetting it or losing it. This service is offered by public-key encryption software, and should involve users being updated as to the correct new public key.

Question 16

Digital Signature

Answer 16

A small hash (based on the created email) encrypted using a senders private key. It is attached to the sent email so that the recipient can decrypt it using the senders public key. The received email can be used to generate a hash which should match this decrypted digital signature. Digital signatures can be faked along with a phony public key in a database.

Question 17

Digital Certificate

Answer 17

An item held by a trusted third party that authenticates public keys and digital signatures. Digital certificates typically contain a version number, unique serial number, data information, subject information, acceptable uses, and a hash of the certificate’s contents known as a thumbprint (or fingerprint).

Question 18

Thumbprint (Cryptography)

Answer 18

A piece of data held in a digital certificate that represents a hash of the certificate’s contents. If any of the contents are changed, the hash will no longer be correct, meaning problems can be checked for.

Question 19

Certificate Authority

Answer 19

A company that authenticates public key holders. This can be done using online records or a notary.

Question 20

SSL

Answer 20

Secure Socket Layer - a method of creating a secure web connection. It first involves engaging in a ‘handshake’, where a ‘hello’ message, the time, and a few bytes of random data are sent to the intended recipient - whilst the browser sends a list of supported cryptography. The server responds with the same data as well as an asymmetric cipher, symmetric cipher, hashing algorithm, and digital certificate. The certificate allows the browser to verify the server - if the hash of the certificate matches the thumbprint obtained, the server is trustworthy. The browser then calculates the pre-master secret, encrypts it with the servers public key, and sends it to the server. A master secret is then created by both nodes at the same time, which is then used in turn to form a symmetric sessions key.

Question 21

Pre-master Secret

Answer 21

A value created by combining the time values and random data obtained in SSL communication.

Question 22

TLS

Answer 22

Transport Layer Security - a more secure web connection facility created to replace SSL, which functions in a similar way.