Cryptography

Question 1

QUESTION NO: 720 Which of the following elements is not included in a Public Key Infrastructure (PKI)? A. Timestamping B. Lightweight Directory Access Protocol (LDAP) C. Certificate revocation D. Internet Key Exchange (IKE)

Answer 1

Answer: D

Question 2

QUESTION NO: 721 In a Public Key Infrastructure (PKI) context, which of the following is a primary concern with LDAP servers? A. Availability B. Accountability C. Confidentiality D. Flexibility

Answer 2

Answer: A

Question 3

QUESTION NO: 722 What is NOT true with pre shared key authentication within IKE/IPsec protocol: A. pre shared key authentication is normally based on simple passwords B. needs a PKI to work C. Only one preshared key for all VPN connections is needed D. Costly key management on large user groups

Answer 3

Answer: B

Question 4

QUESTION NO: 723 What is the role of IKE within the IPsec protocol: A. peer authentication and key exchange B. data encryption C. data signature D. enforcing quality of service

Answer 4

Answer: A Explanation: “In order to set up and manage Sas on the Internet, a standard format called the Internet Security Association and Key Management Protocol (ISAKMP) was established. ISAKMP provides for secure key exchange and data authentication. However, ISAKMP is independent of the authentication protocols, security protocols, and encryption algorithms. Strictly speaking, a combination of three protocols is used to define key management for IPSEC. These protocols are ISAKMP, Secure Key Exchange Mechanism (SKEME) and Oakley. When combined and applied to IPSEC, these protocols are called the Internet Key Exchange (IKE) protocol.”

Question 5

QUESTION NO: 724 In a Public Key Infrastructure, how are public keys published? A. They are sent via e-mail B. Through digital certificates C. They are sent by owners D. They are not published

Answer 5

Answer: B

Question 6

QUESTION NO: 725 Which of the following is defined as a key establishment protocol based on the Diffie-Hellman algorithm proposed for IPsec but superseded by IKE? A. Diffie-Hellman Key Exchange Protocol B. Internet Security Association and Key Management Protocol (ISAKMP) C. Simple Key-management for Internet Protocols (SKIP) D. OAKLEY

Answer 6

Answer: D

Question 7

QUESTION NO: 726 Which of the following defines the key exchange for Internet Protocol Security (IPSEC)? A. Internet Security Association Key Management Protocol (ISAKMP) B. Internet Key Exchange (IKE) C. Security Key Exchange (SKE) D. Internet Communication Messaging Protocol (ICMP)

Answer 7

Answer: A Explanation: Because Ipsec is a framework, it does not dictate what hashing and encryption algorithms are to be used or how keys are to be exchanged between devices. Key management can be handled through manual process or automated a key management protocol. The Internet Security Association and Key management Protocol (ISAKMP) is an authentication and key exchange architecture that is independent of the type of keying mechanisms used.

Question 8

QUESTION NO: 727 A network of five nodes is using symmetrical keys to securely transmit data. How many new keys are required to re-establish secure communications to all nodes in the event there is a key compromise? A. 5 B. 10 C. 20 D. 25

Answer 8

Answer: B xplanation: Per Sybex CISSP Study Guide 3rd Edition (page #314) total # of symmetrical keys needed is expressed as: [number of participants * (number of participants-1)]/2 s/b B. 10 not A. 5

Question 9

QUESTION NO: 728 What is the effective key size of DES? A. 56 bits B. 64 bits C. 128 bits D. 1024 bits

Answer 9

Answer: A

Question 10

QUESTION NO: 729 Matches between which of the following are important because they represent references from one relation to another and establish the connection among these relations? A. foreign key to primary key B. foreign key to candidate key C. candidate key to primary key D. primary key to secondary key

Answer 10

Answer: A

Question 11

QUESTION NO: 730 Which of the following can best be defined as a key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets? A. Internet Security Association and Key Management Protocol (ISKAMP) B. Simple Key-Management for Internet Protocols (SKIP) C. Diffie-Hellman Key Distribution Protocol D. IPsec Key Exchange (IKE)

Answer 11

Answer: B

Question 12

QUESTION NO: 731 What is the PRIMARY advantage of secret key encryption systems as compared with public key systems? A. Faster speed encryption B. Longer key lengths C. Easier key management D. Can be implemented in software

Answer 12

Answer: A Explanation: “The major strength of symmetric key cryptography is the great speed at which it can operate. By the nature of the mathematics involved, symmetric key cryptography also naturally lends itself to hardware implementations, creating the opportunity for even higher-speed operations.”

Question 13

QUESTION NO: 732 In a cryptographic key distribution system, the master key is used to exchange? A. Session keys B. Public keys C. Secret keys D. Private keys

Answer 13

Answer: A Explanation: “The Key Distribution Center (KDC) is the most import component within a Kerberos environment. The KDC holds all users’ and services’ cryptographic keys. It provides authentication services, as well as key distribution functionality. The clients and services trust the integrity of the KDC, and this trust is the foundation of Kerberos security.” Pg. 148 Shon Harris CISSP All-In-One Certification Exam Guide ‘The basic principles of Kerberos operation are as follows: 1.)The KDC knows the secret keys of all clients and servers on the network. 2.)The KDC initially exchanges information with the client and server by using these secret keys. 3.)Kerberos authenticates a client to a requested service on a server through TGS, and by using temporary symmetric session keys for communications between the client and KDC, the server and the KDC, and the client and server. 4.)Communication then takes place between the client and the server using those temporary session keys.”

Question 14

QUESTION NO: 733 Which Application Layer security protocol requires two pair of asymmetric keys and two digital certificates? A. PEM B. S/HTTP C. SET D. SSL

Answer 14

Answer: C Explanation: SET – Secure Electronic Transaction

Question 15

QUESTION NO: 734 Which of the following can be defined as an attribute in one relation that has values matching the primary key in another relation? A. foreign key B. candidate key C. Primary key D. Secondary key

Answer 15

Answer: A

Question 16

QUESTION NO: 735 What key size is used by the Clipper Chip? A. 40 bits B. 56 bits C. 64 bits D. 80 bits

Answer 16

Answer: D Explanation: “Each Clipper Chip has a unique serial number and an 80-bit unique unit or secret key. The unit key is divided into tow parts and is stored at two separate organizations with the serial number that uniquely identifies that particular Clipper Chip.”

Question 17

QUESTION NO: 736 What uses a key of the same length as the message? A. Running key cipher B. One-time pad C. Steganography D. Cipher block chaining

Answer 17

Answer: B Reference: “A one-time pad is an extremely powerful type of substitution cipher. One-time pads use a different alphabet for each letter of the plaintext message. Normally, one-time pads are written as a very long series of numbers to be plugged into the function. The great advantage to one-time pads is that, when used properly, they are an unbreakable encryption scheme. There is no repeating pattern of alphabetic substitution, redering cryptanalytic efforts useless. However, several requirements must be met to ensure the integrity of the algorithm: The encryption key must be randomly generated. Using a phrase or a passage from a book would introduce the possibility of cryptanalysts breaking the code. The one-time pad must be physically secured against disclosure. If the enemy has a copy of the pad, they can easily decrypt the enciphered messages. Each one-time pad must be used only once. If pads are reused, cryptanalysts can compare similarities in multiple messages encrypted with the same pad and possibly determine the key values used. The key must be at least as long as the message to be encrypted. This is because each key element is used to encode only one character of the message.

Question 18

QUESTION NO: 737 Which of the following statements related to a private key cryptosystem is FALSE? A. The encryption key should be secure B. Data Encryption Standard (DES) is a typical private key cryptosystem C. The key used for decryption is known to the sender D. Two different keys are used for the encryption and decryption

Answer 18

Answer: D Explanation: “In symmetric key cryptography, a single secret key is used between entities, wheareas in public key systems, each entity has different keys, or asymmetric keys.”

Question 19

QUESTION NO: 738 Simple Key Management for Internet Protocols (SKIP) is similar to Secure Sockets Layer (SSL), except that it requires no prior communication in order to establish or exchange keys on a: A. Secure Private keyring basis B. response-by-session basis C. Remote Server basis D. session-by-session basis

Answer 19

Answer: D

Question 20

QUESTION NO: 739 A weak key of an encryption algorithm has which of the following properties? A. It is too short, and thus easily crackable B. It facilitates attacks against the algorithm C. It has much more zeroes than ones D. It can only be used as a public key

Answer 20

Answer: B

Question 21

QUESTION NO: 740 Security measures that protect message traffic independently on each communication path are called: A. Link oriented B. Procedure oriented C. Pass-through oriented D. End-to-end oriented

Answer 21

Answer: A Explanation: Link encryption encrypts all the data along a specific communication path like a satellite link, T3 line, or telephone circuit. Not only is the user information encrypted, but the header, trailers, addresses, and routing data hat are part of the packets are also encrypted. This provides extra protection against packet sniffers and eavesdroppers.

Question 22

QUESTION NO: 741 Who is responsible for the security and privacy of data during a transmission on a public communications link? A. The carrier B. The sending party C. The receiving party D. The local service provider

Answer 22

Answer: B Explanation: The sender of an email is responsible for encryption if security is desired. A bank that sends data across web is responsible to utilize a secure protocol.

Question 23

QUESTION NO: 742 Which of the following best provides e-mail message authenticity and confidentiality? A. Signing the message using the sender’s public key and encrypting the message using the receiver’s private key B. Signing the message using the sender’s private key and encrypting the message using the receiver’s public key C. Signing the message using the receiver’s private key and encrypting the message using the sender’s public key D. Signing the message using the receiver’s public key and encrypting the message with the sender’s private key

Answer 23

Answer: B

Question 24

QUESTION NO: 743 Cryptography does not help in: A. Detecting fraudulent insertion B. Detecting fraudulent deletion C. Detecting fraudulent modifications D. Detecting fraudulent disclosure

Answer 24

Answer: D

Question 25

QUESTION NO: 744 Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length B. It is computationally infeasible to construct two different messages with the same digest C. It converts a message of arbitrary length into a message digest of a fixed length D. Given a digest value, it is computationally infeasible to find the corresponding message

Answer 25

Answer: A

Question 26

QUESTION NO: 745 How much more secure is 56 bit encryption opposed to 40 bit encryption? A. 16 times B. 256 times C. 32768 times D. 65,536 times

Answer 26

Answer: D Explanation: 2 to the (56-40)th power – 2 to the 16th power = 65536 Note: 2 to the power of 40 = 1099511627776 2 to the power of 56 = 72057594037927936 72057594037927936 / 1099511627776 = 65,536

Question 27

QUESTION NO: 746 Which of the following statements is true about data encryption as a method of protecting data? A. It should sometimes be used for password files B. It is usually easily administered C. It makes few demands on system resources D. It requires careful key Management

Answer 27

Answer: D Explanation: “Cryptography can be used as a security mechanism to provide confidentiality, integrity, and authentication, but not if the keys are compromised in any way. The keys can be captured, modified, corrupted, or disclosed to unauthorized individuals. Cryptography is based on a trust mode. Individuals trust each other to protect their own keys, they trust the administrator who is maintaining the keys, and they trust a server that holds, maintains and distributes the keys. Many administrators know that key management causes one of the biggest headaches in cryptographic implementation. There is more to key maintenance than using them to encrypt messages. The keys have to be distributed securely to the right entities and updated continuously. The keys need to be protected as they are being transmitted and while they are being stored on each workstation and server. The keys need to be generated, destroyed, and recovered properly, Key management can be handled through manual or automatic processes. Unfortunately, many companies use cryptographic keys, but rarely if ever change them. This is because of the hassle of key management and because the network administrator is already overtaxed with other tasks or does not realize the task actually needs to take place. The frequency of use of a cryptographic key can have a direct correlation to often the key should be changed. The more a key is used, the more likely it is to be captured and compromised. If a key is used infrequently, then this risk drops dramatically. The necessary level of security and the frequency of use can dictate the frequency of the key updates. Key management is the most challenging part of cryptography and also the most crucial. It is one thing to develop a very complicated and complex algorithm and key method, but if the keys are not securely stored and transmitted, it does not really matter how strong the algorithm is. Keeping keys secret is a challenging task.”

Question 28

QUESTION NO: 747 The primary purpose for using one-way encryption of user passwords within a system is which of the following? A. It prevents an unauthorized person from trying multiple passwords in one logon attempt B. It prevents an unauthorized person from reading or modifying the password list C. It minimizes the amount of storage required for user passwords D. It minimizes the amount of processing time used for encrypting password

Answer 28

Answer: B

Question 29

QUESTION NO: 748 Which of the following is not a known type of Message Authentication Code (MAC)? A. Hash function-based MAC B. Block cipher-based MAC C. Signature-based MAC D. Stream cipher-based MAC

Answer 29

Answer: C

Question 30

QUESTION NO: 749 Which of the following was developed in order to protect against fraud in electronic fund transfers (EFT)? A. Secure Electronic Transaction (SET) B. Message Authentication Code (MAC) C. Cyclic Redundency Check (CRC) D. Secure Hash Standard (SHS)

Answer 30

Answer: B

Question 31

QUESTION NO: 750 Where parties do not have a shared secret and large quantities of sensitive information must be passed, the most efficient means of transferring information is to use a hybrid encryption technique. What does this mean? A. Use of public key encryption to secure a secret key, and message encryption using the secret key B. Use of the recipient’s public key for encryption and decryption based on the recipient’s private key C. Use of software encryption assisted by a hardware encryption accelerator D. Use of elliptic curve encryption

Answer 31

Answer: A

Question 32

QUESTION NO: 751 One-way hash provides: A. Confidentiality B. Availability C. Integrity D. Authentication

Answer 32

Answer: C Explanation: “Hash Functions ….how cryptosystems implement digital signatures to provide proof that a message originated from a particular user of a cryptosystem and to ensure that the message was not modified while in transit between the two parties.” Pg. 292 Tittel: CISSP Study Guide Second Edition “integrity A state characterized by the assurance that modifications are not made by unauthorized users and authorized users do not make unauthorized modifications.”

Question 33

QUESTION NO: 752 What size is an MD5 message digest (hash)? A. 128 bits B. 160 bits C. 256 bits D. 128 bytes

Answer 33

Answer: A Explanation: “MD4 MD4 is a one-way hash function designed by Ron Rivest. It produces 128-bit hash, or message digest, values. It is used for high-speed computation in software implementations and is optimized for microprocessors. MD5 MD5 is the newer version of MD4. It still produces a 128-bit hash, but the algorithm is more complex, which makes it harder to break. MD5 added a fourth round of operations to be performed during the hashing functions and makes several of it mathematical operations carry out more steps or more complexity to provide a higher level of security. MD2 MD2 is also a 128-bit one-way hash designed by Ron Rivest. It is not necessarily any weaker than the previously mentioned hash functions, but is much slower. SHA SHA was designed by NIST and NSA to be used with DSS. The SHA was designed to be used with digital signatures and was developed when a more secure hashing algorithm was required for federal application. SHA produces a 160-bit hash value, or message digest. This is then inputted into the DSA, which computes the signature for a message. The message digest is signed instead of the whole message because it is a much quicker process. The sender computes a 160-bit hash value, encrypts it with his private key (signs it), appends it to the message, and sends it. The receiver decrypts the value with the sender’s public key, runs the same hashing function, and compares the two values. If the values are the same, the receiver can be sure that the message has not been tampered with in transit. SHA is similar to MD4. It has some extra mathematical functions and produces a 160-bit hash instead of 128-bit, which makes it more resistant to brute force attacks, including birthday attacks. HAVAL HAVAL is a variable-length one-way hash function and is the modification of MD5. It processes message blocks twice the size of those used in MD5; thus it processes blocks of 1,024 bits.

Question 34

QUESTION NO: 753 Which of the following is NOT a property of a one-way hash function? A. It converts a message of a fixed length into a message digest of arbitrary length. B. It is computationally infeasible to construct two different messages with the same digest C. It converts a message of arbitrary length into a message digest of a fixed length D. Given a digest value, it is computationally infeasible to find the corresponding message

Answer 34

Answer: A

Question 35

QUESTION NO: 754 Which of the following would best describe a Concealment cipher? A. Permutation is used, meaning that letters are scrambled B. Every X number of words within a text, is a part of the real message C. Replaces bits, characters, or blocks of characters with different bits, characters, or blocks. D. Hiding data in another message so that the very existence of the data is concealed.

Answer 35

Answer: B

Question 36

QUESTION NO: 755 Which of the following ciphers is a subset of the Vignere polyalphabetic cipher? A. Caesar B. Jefferson C. Alberti D. SIGABA

Answer 36

Answer: A Explanation: “The Caesar Cipher,…., is a simple substitution cipher that involves shifting the alphabet three positions to the right. The Caesar Cipher is a subset of the Vigenere polyalphabetic cipher. In the Caesar cipher, the message’s characters and repetitions of the key are added together, modulo 26. In modulo 26, the letters A to Z of the alphabet are given a value of 0 to 25, respectively.”

Question 37

QUESTION NO: 756 Which of the following is not a property of the Rijndael block cipher algorithm? A. Resistance against all known attacks B. Design simplicity C. 512 bits maximum key size D. Code compactness on a wide variety of platforms

Answer 37

Answer: C

Question 38

QUESTION NO: 757 What are two types of ciphers? A. Transposition and Permutation B. Transposition and Shift C. Transposition and Substitution D. Substitution and Replacement

Answer 38

Answer: C Explanation: “Classical Ciphers: Substitution Transposition (Permutation) Vernam (One-Time Pad) Book or Running Key Codes Steganography”

Question 39

QUESTION NO: 758 Which one of the following, if embedded within the ciphertext, will decrease the likelihood of a message being replayed? A. Stop bit B. Checksum C. Timestamp D. Digital signature

Answer 39

Answer: C Explanation: CBC is the CBC mode of some block cipher, HMAC is a keyed message digest, MD is a plain message digest, and timestamp is to protect against replay attacks.

Question 40

QUESTION NO: 759 Which of the following statements pertaining to block ciphers is incorrect? A. it operates on fixed-size blocks of plaintext B. it is more suitable for software than hardware implementation C. Plain text is encrypted with a public key and decrypted with a private key D. Block ciphers can be operated as a stream

Answer 40

Answer: C Explanation: “Strong and efficient block cryptosystems use random key values so an attacker cannot find a pattern as to which S-boxes are chosen and used.” Pg. 481 Shon Harris CISSP Certification All-in-One Exam Guide Not A: “When a block cipher algorithm is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through substitution, transposition, and other mathematical functions, on block at a time.” Pg. 480 Shon Harris CISSP Certification All-in-One Exam Guide Not B: “Block ciphers are easier to implement in software because they work with blocks of data that the software is used to work with.” Pg 483 Shon Harris CISSP Certification All-in-One Exam Guide Not D: “This encryption continues until the plaintext is exhausted.” Pg. 196 Krutz The CISSP Prep Guide. Not A or D: “When a block a block cipher algorithm is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through substitution, transposition, and other mathematical functions, one block at a time.”

Question 41

QUESTION NO: 760 The repeated use of the algorithm to encipher a message consisting of many blocks is called A. Cipher feedback B. Elliptical curve C. Cipher block chaining D. Triple DES

Answer 41

Answer: C Explanation: “There are two main types of symmetric algorithms: stream and block ciphers. Like their names sound, block ciphers work on blocks of plaintext and ciphertext, whereas stream ciphers work on streams of plaintext and ciphertext, on bit or byte at a time. Pg 521. Shon Harris CISSP All-In-One Certification Exam Guide Cipher Block Chaining (CBC) operates with plaintext blocks of 64 bits. ….Note that in this mode, errors propogate.”

Question 42

QUESTION NO: 761 When block chaining cryptography is used, what type of code is calculated and appended to the data to ensure authenticity? A. Message authentication code. B. Ciphertext authentication code C. Cyclic redundancy check D. Electronic digital signature

Answer 42

Answer: A Explanation: The original Answer was B. This is incorrect as cipthertext is the result not an authentication code. “If meaningful plaintext is not automatically recognizable, a message authentication code (MAC) can be computed and appended to the message. The computation is a function of the entire message and a secret key; it is practically impossible to find another message with the same authenticator. The receiver checks the authenticity of the message by computing the MAC using the same secret key and then verifying that the computed value is the same as the one transmitted with the message. A MAC can be used to provide authenticity for unencrypted messages as well as for encrypted ones. The National Institute of Standards and Technology (NIST) has adopted a standard for computing a MAC. (It is found in Computer Data Authentication, Federal Information Processing Standards Publication (FIPS PUB) 113.)”

Question 43

QUESTION NO: 762 Which of the following statements pertaining to block ciphers is incorrect? A. It operates on fixed-size blocks of plaintext B. It is more suitable for software than hardware implementations C. Plain text is encrypted with a public key and decrypted with a private key D. Block ciphers can be operated as a stream

Answer 43

Answer: C Explanation: “Strong and efficient block cryptosystems use random key values so an attacker cannot find a pattern as to which S-boxes are chosen and used.” Pg. 481 Shon Harris CISSP Certification All-in-One Exam Guide Not A: “When a block cipher algorithm is used for encryption and decryption purposes, the message is divided into blocks of bits. These blocks are then put through substitution, transposition, and other mathematical functions, on block at a time.” Pg. 480 Shon Harris CISSP Certification All-in-One Exam Guide Not B: “Block ciphers are easier to implement in software because they work with blocks of data that the software is used to work with.” Pg 483 Shon Harris CISSP Certification All-in-One Exam Guide Not D: “This encryption continues until the plaintext is exhausted.”

Question 44

QUESTION NO: 763 Which of the following is a symmetric encryption algorithm? A. RSA B. Elliptic Curve C. RC5 D. El Gamal

Answer 44

Answer: C

Question 45

QUESTION NO: 764 How many bits is the effective length of the key of the Data Encryption Standard Algorithm? A. 16 B. 32 C. 56 D. 64

Answer 45

Answer: C

Question 46

QUESTION NO: 765 Compared to RSA, which of the following is true of elliptic curve cryptography? A. It has been mathematically proved to be the more secure B. It has been mathematically proved to be less secure C. It is believed to require longer keys for equivalent security D. It is believed to require shorter keys for equivalent security

Answer 46

Answer: D Explanation: CISSP All-In-One - page 491: “In most cases, the longer the key length, the more protection provided, but ECC can provide the same level of protection with a key size that is smaller than what RSA requires.” CISSP Prep Guide (not Gold edition) - page 158: “… smaller key sizes in the elliptic curve implementation can yield higher levels of security. For example, an elliptic curve key of 160 bits is equivalent to 1024-bit RSA key.”

Question 47

QUESTION NO: 766 Which of the following is not a one-way algorithm? A. MD2 B. RC2 C. SHA-1 D. DSA

Answer 47

Answer: B Explanation: Not: A, C or D. “Hash Functions SHA MD2 MD4 MD5” Pg. 337- 340 Tittel: CISSP Study Guide DSA, Digital Signature Algorithm, is a approved standard for Digital Signatures that utilizes SHA-1 hashing function.

Question 48

QUESTION NO: 767 A public key algorithm that does both encryption and digital signature is which of the following? A. RSA B. DES C. IDEA D. DSS

Answer 48

Answer: A Explanation: “RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide de facto standard and can be used for digital signatures, key exchange, and encryption.”

Question 49

QUESTION NO: 768 Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve

Answer 49

Answer: C

Question 50

QUESTION NO: 769 The RSA algorithm is an example of what type of cryptography? A. Asymmetric key B. Symmetric key C. Secret Key D. Private Key

Answer 50

Answer: A

Question 51

QUESTION NO: 770 How many rounds are used by DES? A. 16 B. 32 C. 64 D. 48

Answer 51

Answer: A Explanation: “When the DES algorithm is applied to data, it divides the message into blocks and operates on them one at a time. A block is made of 64 bits and is divided in half and each character is encrypted one at a time. The characters are put through 16 rounds of transposition and substitution functions. The order and type of transposition and substitution function depend on the value of the key that is inputted into the algorithm. The result is the 64-bit block of ciphertext.”

Question 52

QUESTION NO: 771 Which of the following is the most secure form of triple-DES encryption? A. DES-EDE3 B. DES-EDE1 C. DES-EEE4 D. DES-EDE2

Answer 52

Answer: A Explanation: The reason is that it uses three keys. Four keys cannot be used. The other alternatives do not use as many keys so less secure. We do not believe there is such a thing as DES-EDE1, but it would still be less secure if it would exist.

Question 53

QUESTION NO: 772 Which of the following algorithms does *NOT* provide hashing? A. SHA-1 B. MD2 C. RC4 D. MD5

Answer 53

Answer: C Explanation: Hashed Algorithms SHA-1 HMAC-SHA-1 MD5 HMAC-MD5 Pg 426 Hansche: Official (ISC)2 Guide to the CISSP Exam Note: MD2 is also a one-way hash, like MD5, but slower

Question 54

QUESTION NO: 773 Which of the following is unlike the other three? A. El Gamal B. Teardrop C. Buffer Overflow D. Smurf

Answer 54

Answer: A

Question 55

QUESTION NO: 774 Which of the following is not an encryption algorithm? A. Skipjack B. SHA-1 C. Twofish D. DEA

Answer 55

Answer: B Explanation: SHA-1 is a hash algorithm opposed to encryption algorithm.

Question 56

QUESTION NO: 775 Which one of the following is an asymmetric algorithm? A. Data Encryption Algorithm. B. Data Encryption Standard C. Enigma D. Knapsack

Answer 56

Answer: D Explanation: Merkle-Hellman Knapsack is a Public Key Algorithm Pg 206 Krutz: CISSP Prep Guide: Gold Edition. Not A: “DES describes the Data Encryption Algorithm (DEA) and is the name of the Federal Information Processing Standard (FIPS) 46-1 that was adopted in 1977…” pg 195 Krutz: CISSP Prep Guide: Gold Edition. Not B: “The best-known symmetric key system is probably the Data Encryption Standard (DES).” Not C: “The German military used a polyalphabetic substitution cipher machine called the Enigma as its principal encipherment system during World War II.”

Question 57

QUESTION NO: 776 Which of the following is *NOT* a symmetric key algorithm? A. Blowfish B. Digital Signature Standard (DSS) C. Triple DES (3DES) D. RC5

Answer 57

Answer: B

Question 58

QUESTION NO: 777 Which of the following layers is not used by the Rijndael algorithm? A. Non-linear layer B. Transposition layer C. Key addition layer D. The linear mixing layer

Answer 58

Answer: B

Question 59

QUESTION NO: 778 What is the basis for the Rivest-Shamir-Adelman (RSA) algorithm scheme? A. Permutations B. Work factor C. Factorability D. Reversivibility

Answer 59

Answer: C Explanation: This algorithm is based on the difficulty of factoring a number, N, which is the product of two large prime numbers.

Question 60

QUESTION NO: 779 Which of the following encryption algorithms does not deal with discrete logarithms? A. El Gamal B. Diffie-Hellman C. RSA D. Elliptic Curve

Answer 60

Answer: C

Question 61

QUESTION NO: 780 The RSA Algorithm uses which mathematical concept as the basis of its encryption? A. Geometry B. Irrational numbers C. PI (3.14159…) D. Large prime numbers

Answer 61

Answer: D

Question 62

QUESTION NO: 781 PGP provides which of the following?(Choose three) A. Confidentiality B. Accountability C. Accessibility D. Integrity E. Interest F. Non-repudiation G. Authenticity

Answer 62

Answer: A,D,G Explanation: PGP provides confidentiality, integrity, and authenticity.

Question 63

QUESTION NO: 782 PGP uses which of the following to encrypt data? A. An asymmetric scheme B. A symmetric scheme C. a symmetric key distribution system D. An asymmetric key distribution

Answer 63

Answer: B

Question 64

QUESTION NO: 783 Which of the following mail standards relies on a “Web of Trust”? A. Secure Multipurpose Internet Mail extensions (S/MIME) B. Pretty Good Privacy (PGP) C. MIME Object Security Services (MOSS) D. Privacy Enhanced Mail (PEM)

Answer 64

Answer: B Explanation: “PGP does not use a hierarchy of Cas, or any type of formal trust certificates, but relies on a “web of trust” in its key management approach. Each user generates and distributes his or her public key, and users sign each other’s public keys, which creates a community of users who trust each other. This is different than the CA approach where no one trusts each other, they only trust the CA.

Question 65

QUESTION NO: 784 Which of the following offers confidentiality to an e-mail message? A. The sender encrypting it with it’s private key B. The sender encrypting it with it’s public key C. The sender encrypting it with it’s receiver’s public key D. The sender encrypting it with the receiver’s private key

Answer 65

Answer: C

Question 66

QUESTION NO: 785 Which of the following items should not be retained in an E-mail directory? A. drafts of documents B. copies of documents C. permanent records D. temporary documents

Answer 66

Answer: C Explanation: This is another matter of common sense; the CISSP exam has many situations like this. It is not a good practice to have Permanent documents in your e-mail, this is because you don’t know if your e-mail is always backed up, and maybe the document must be available in a corporate repository. There is no problem to have Copies, draft or temporary documents in your email. The important ones for the company are the Permanent documents.

Question 67

QUESTION NO: 786 In a Secure Electronic Transaction (SET), how many certificates are required for a payment gateway to support multiple acquires? A. Two certificates for the gateway only. B. Two certificates for the gateway and two for the acquirers. C. Two certificates for each acquirer. D. Two certificates for the gateway and two for each acquirer.

Answer 67

Answer: B Explanation: I think it may be D two for each acquirer. Which unless I read it wrong it means each person must have 2 certificates exchanged with the gateway. “SET uses a des symmetric key system for encryption of the payment information and uses rsa for the symmetric key exchange and digital signatures. SET covers the end-to-end transaction from the cardholder to the financial institution”. -Ronald Krutz The CISSP PREP Guide (gold edition) pg 219-220 In the SET environment, there exists a hierarchy of Certificate Authorities. The SET protocol specifies a method of entity authentication referred to as trust chaining. This method entails the exchange of digital certificates and verification of the public keys by validating the digital signatures of the issuing CA. This trust chain method continues all the way up to the CA at the top of the hierarchy, which is referred to as the SET Root CA. The SET Root CA is owned and maintained by SET Secure Electronic Transaction LLC.

Question 68

QUESTION NO: 787 Which protocol makes use of an electronic wallet on a customer’s PC and sends encrypted credit card information to merchant’s Web server, which digitally signs it and sends it on to its processing bank? A. SSH B. S/MIME C. SET D. SSL

Answer 68

Answer: C

Question 69

QUESTION NO: 788 Which of the following best describes the Secure Electronic Transaction (SET) protocol? A. Originated by VISA and MasterCard as an Internet credit card protocol B. Originated by VISA and MasterCard as an Internet credit card protocol using digital signatures C. Originated by VISA and MasterCard as an Internet credit card protocol using the transport layer D. Originated by VISA and MasterCard as an Internet credit card protocol using SSL

Answer 69

Answer: B

Question 70

QUESTION NO: 789 Which of the following would best define the “Wap Gap” security issue? A. The processing capability gap between wireless devices and PC’s B. The fact that WTLS transmissions have to be decrypted at the carrier’s WAP gateway to be reencrypted with SSL for use over wired networks. C. The fact that Wireless communications are far easier to intercept than wired communications D. The inability of wireless devices to implement strong encryption

Answer 70

Answer: B

Question 71

QUESTION NO: 790 What encryption algorithm is best suited for communication with handheld wireless devices? A. ECC B. RSA C. SHA D. RC4

Answer 71

Answer: A Explanation: “Eliptic curves are rich mathematical structures that have shown usefulness in many different types of applications. An Elliptic Curve Cryptosystem (ECC) provides much of the same functionality that RSA provides: digital signatures, secure key distribution, and encryption. One differing factor is ECC’s efficiency. Some devices have limited processing capacity, storage, power supply, and bandwidth like wireless devices and cellular telephones. With these types of devices, efficiency of resource use is very important. ECC provides encryption functionality requiring a smaller percentage of resources required by RSA and other algorithms, so it is used in these types of devices. In most cases, the longer the key length, the protection provided, but ECC can provide the same level of protection with a key size that is smaller than what RSA requires. Because longer keys require more resources to perform mathematical tasks, the smaller keys used in ECC require fewer resources of the device.”

Question 72

QUESTION NO: 791 Which security measure BEST provides non-repudiation in electronic mail? A. Digital signature B. Double length Key Encrypting Key (KEK) C. Message authentication D. Triple Data Encryption Standard (DES)

Answer 72

Answer: A Explanation: A tool used to provide the authentication of the sender of a message. It can verify the origin of the message along with the identity of the sender. IT is unique for every transaction and created with a private key. - Shon Harris All-in-one CISSP Certification Guide pg 930 “Secure Multipurpose Internet Mail Extensions (S/MIME) offers authentication and privacy to email through secured attachments. Authentication is provided through X.509 digital certificates. Privacy is provided through the use of Public Key Cryptography Standard (PKCS) Enryption. Two types of messages can be formed using S/MIME: signed messages and enveloped messages. A signed message provides integrity and sender authentication. An enveloped message provides ntegrity, sender authentication, and confidentiality.”

Question 73

QUESTION NO: 792 Which of the following services is not provided by the digital signature standard (DSS)? A. Encryption B. Integrity C. Digital signature D. Authentication

Answer 73

Answer: A

Question 74

QUESTION NO: 793 Public key cryptography provides integrity verification through the use of public key signature and? A. Secure hashes B. Zero knowledge C. Private key signature D. Session key

Answer 74

Answer: A

Question 75

QUESTION NO: 794 Electronic signatures can prevent messages from being: A. Erased B. Disclosed C. Repudiated D. Forwarded

Answer 75

Answer: C

Question 76

QUESTION NO: 795 Why do vendors publish MD5 hash values when they provide software patches for their customers to download from the Internet? A. Recipients can verify the software’s integrity after downloading. B. Recipients can confirm the authenticity of the site from which they are downloading the patch. C. Recipients can request future updates to the software by using the assigned hash value. D. Recipients need the hash value to successfully activate the new software.

Answer 76

Answer: A Explanation: If the two values are different, Maureen knows that the message was altered, either intentionally or unintentionally, and she discards the message…As stated in an earlier section, the goal of using a one-way hash function is to provide a fingerprint of the message. MD5 is the newer version of MD4. IT still produces a 128-bit hash, but the algorithm is a bit more complex to make it harder to break than MD4. The MD5 added a fourth round of operations to be performed during the hash functions and makes several of its mathematical operations carry steps or more complexity to provide a higher level of security .

Question 77

QUESTION NO: 796 What attribute is included in a X.509-certificate? A. Distinguished name of subject B. Telephone number of the department C. secret key of the issuing CA D. the key pair of the certificate holder

Answer 77

Answer: A Explanation: The key word is ‘In create the certificate..” Certificates that conform to X.509 contain the following data: Version of X.509 to which the certificate conforms; Serial number (from the certificate creator); Signature algorithm identifier (specifies the technique used by the certificate authority to digitally sign the contents of the certificate); Issuer name (identification of the certificate authority that issues the certificate) Validity period (specifies the dates and times - a starting date and time and an ending date and time - during which the certificate is valid); Subject’s name (contains the distinguished name, or DN, of the entity that owns the public key contained in the certificate); Subject’s public key (the meat of the certificate - the actual public key of the certificate owner used to setup secure communications)

Question 78

QUESTION NO: 797 What is used to bind a document to it’s creation at a particular time? A. Network Time Protocol (NTP) B. Digital Signature C. Digital Timestamp D. Certification Authority (CA)

Answer 78

Answer: C

Question 79

QUESTION NO: 798 What attribute is included in a X-509-certificate? A. Distinguished name of the subject B. Telephone number of the department C. Secret key of the issuing CA D. The key pair of the certificate holder

Answer 79

Answer: A Explanation: “Certificates that conform to X.509 contain the following data: Version of X.509 to which the certificate conforms Serial number Signature algorithm identifier Issuer name Validity period Subject’s name (contains the distinguished name, or DN of the entity that owns the public key contained in the certificate) Subjects Public Key”

Question 80

QUESTION NO: 799 Which of the following standards concerns digital certificates? A. X.400 B. X.25 C. X.509 D. X.75

Answer 80

Answer: C

Question 81

QUESTION NO: 800 What level of assurance for a digital certificate only requires an e-mail address? A. Level 0 B. Level 1 C. Level 2 D. Level 3

Answer 81

Answer: B

Question 82

QUESTION NO: 801 The “revocation request grace period” is defined as: A. The period for to the user within he must make a revocation request upon a revocation reason B. Minimum response time for performing a revocation by the CA C. Maximum response time for performing a revocation by the CA D. Time period between the arrival of a revocation reason and the publication of the revocation information

Answer 82

Answer: C

Question 83

QUESTION NO: 802 What enables users to validate each other’s certificate when they are certified under different certification hierarchies? A. Cross-certification B. Multiple certificates C. Redundant certificate authorities D. Root certification authorities

Answer 83

Answer: A

Question 84

QUESTION NO: 803 Digital signature users register their public keys with a certification authority, which distributes a certificate containing the user’s public key and digital signature of the certification authority. In creating the certificate, the user’s public key and the validity period are combined with what other information before computing the digital signature? A. Certificate issuer and the Digital Signature Algorithm identifier B. User’s private key and the identifier of the master key code C. Name of secure channel and the identifier of the protocol type D. Key authorization and identifier of key distribution center

Answer 84

Answer: A Explanation: The key word is ‘In create the certificate..” Certificates Certificates that conform to X.509 contain the following data: Version of X.509 to which the certificate conforms; Serial number (from the certificate creator); Signature algorithm identifier (specifies the technique used by the certificate authority to digitally sign the contents of the certificate); Issuer name (identification of the certificate authority that issues the certificate) Validity period (specifies the dates and times - a starting date and time and an ending date and time - during which the certificate is validated); Subject’s name (contains the distinguished name, or DN, of the entity that owns the public key contained in teh certificate); Subject’s public key (the meat of the certificate - the actual public key of the certificate owner used to setup secure communications)

Question 85

QUESTION NO: 804 What level of assurance for digital certificate verifies a user’s name, address, social security number, and other information against a credit bureau database? A. Level 1 B. Level 2 C. Level 3 D. Level 4

Answer 85

Answer: B

Question 86

QUESTION NO: 805 Which one of the following security technologies provides safeguards for authentication before securely sending information to a web server? A. Secure/Multipurpose Internet Mail Extension (S/MIME) B. Common Gateway Interface (CGI) scripts C. Applets D. Certificates

Answer 86

Answer: D Explanation: Digital certificates provide communicating parties with the assurance that they are communicating with people who truly are who they claim to be.” Titel: CISSP Study Guide. pg 343. In this case, if the web server was a bank, you want to have a certificate confirming that they really are the bank before you authenticate with your username and password.

Question 87

QUESTION NO: 806 The primary role of cross certification is: A. Creating trust between different PKIs B. Build an overall PKI hierarchy C. set up direct trust to a second root CA D. Prevent the nullification of user certifications by CA certificate revocation

Answer 87

Answer: A

Question 88

QUESTION NO: 807 Windows 98 includes the ability to check the digitally signed hardware drivers. Which of the following are true? A. Drivers are the only files supplied with W98 that can checked for digital signatures and all drivers included with W98 have been digitally signed B. If a file on a windows W98 has been digitally signed it means that the file has passed quality testing by Microsoft. C. The level to which signature checking is implemented could only be changed by editing the registry D. All of the statements are true

Answer 88

Answer: B Explanation: Windows device drivers and operating system files have been digitally signed by Microsoft to ensure their quality. A Microsoft digital signature is your assurance that a particular file has met a certain level of testing, and that the file has not been altered or overwritten by another program’s installation process. Depending on how your administrator has configured your computer, Windows either ignores device drivers that are not digitally signed, displays a warning when it detects device drivers that are not digitally signed (the default behavior), or prevents you from installing device drivers without digital signatures. Windows includes the following features to ensure that your device drivers and system files remain in their original, digitally-signed state: •Windows File Protection •System File Checker •File Signature Verification Windows XP help. Not A: operating system files are included. Not C: the setting can be changed in the GUI.

Question 89

QUESTION NO: 808 What is the purpose of certification path validation? A. Checks the legitimacy of the certificates in the certification path. B. Checks that all certificates in the certification path refer to same certification practice statement. C. Checks that no revoked certificates exist outside the certification path. D. Checks that the names in the certification path are the same.

Answer 89

Answer: A Explanation: Not C. Revoked certificates are not checked outside the certification path. “A Transaction with Digital Certificates 1.)Subscribing entity sends Digital Certificate Application to Certificate Authority. 2.)Certificate Authority issues Signed Digital Certificate to Subscribing Entity. 3.)Certificate Authority sends Certificate Transaction to Repository. 4.)Subscribing Entity Signs and sends to Party Transacting with Subscriber. 5.)Party Transacting with Subscriber queries Repository to verify Subscribers Public Key. 6.)Repository responds to Party Transacting with Subscriber the verification request.” Pg. 214 Krutz: The CISSP Prep Guide: Gold Edition. “John needs to obtain a digital certificate for himself so that he can participate in a PKI, so he makes a request to the RA. The RA requests certain identification from John, like a copy of his driver’s licens, his phone number, address, and other identification information. Once the RA receives the required informoration from John and verifies it, the RA sends his certificate request to the CA. The CA creates a certificate with John’s public key and identify information embedded. (The private/public key pair is either generated by the CA or on John’s machine, which depends on the systems’ configurations. If it is created at the CA, his private key needs to be sent to him by secure means. In most cases the user generates this pair and sends in his public key during the registration process.) Now John is registered and can participate in PKI. John decides he wants to communicate with Diane, so he requests Diane’s public key from a public directory. The directory, sometimes called a repository, sends Diane’s public key, and John uses this to encrypt a session key that will be used to encrypt their messages. John sends the encrypted session key to Diane. Jon then sends his certificate, containing his public key, to Diane. When Diane receives John’s certificate, her browser looks to see if it trusts the CA that digitally signed this certificate. Diane’s browser trusts this CA, and she makes a reques to the CA to see if this certificate is still valid. The CA responds that the certificate is valid, so Diane decrypts the session key with her private key. Now they can both communicate using encryption.”

Question 90

QUESTION NO: 809 In what type of attack does an attacker try, from several encrypted messages, to figure out the key using the encryption process? A. Known-plaintext attack B. Ciphertext-only attack C. Chosen-Ciphertext attack D. Known Ciphertext attack

Answer 90

Answer: B Explanation: “Ciphertext-Only Attack In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the key that was used in the encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with the same key. A ciphertext-only attack is the most common because it is very easy to get ciphertext by sniffing someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has so little information about the encryption process.” Pg 531 Shon Harris CISSP All-In-One Exam Guide

Question 91

QUESTION NO: 810 When combined with unique session values, message authentication can protect against which of the following? A. Reverse engineering, frequency analysis, factoring attacks, and ciphertext-only attack. B. Masquerading, frequency analysis, sequence manipulation, and ciphertext-only attack. C. Reverse engineering, content modification, factoring attacks, and submission notification. D. Masquerading, content modification, sequence manipulation, and submission notification.

Answer 91

Answer: C Explanation: Unique session values: “IPSec: ….Each device will have one security association (SA) for each session that it uses. The SA is critical to the IPSec architecture and is a record of the configuration the device needs to support an IPSec connection. Pg 575 Shon Harris All-In-One CISSP Certification Exam Guide. Message authentication and content modification: “Hashed Message Authentication Code (HMAC): An HMAC is a hashed alogrithim that uses a key to generate a Message Authentication Code (MAC). A MAC is a type of check sum that is a function of the information in the message. The MAC is generated before the message is sent, appended to the message, and then both are transmitted. At the receiving end, a MAC is generated from the message alone using the same algorithm as used by the sender and this MAC is compared to the MAC sent with the message. If they are not identical, the message was modified en route. Hashing algorithms can be used to generate the MAC and hash algorithms using keys provide stronger protection than ordinary MAC generation. Frequency analysis: Message authentication and session values do not protect against Frequency Analysis so A and B are eliminated. “Simple substitution and transposition ciphers are vulnerable to attacks that perform frequency analysis. In every language, there are words and patters that are used more often than others. For instance, in the English language, the words “the.’ “and,” “that,” and “is” are very frequent patters of letters used in messages and conversation. The beginning of messages usually starts “Hello” or “Dear” and ends with “Sincerely” or “Goodbye.” These patterns help attackers figure out the transformation between plaintext to ciphertext, which enables them to figure out the key that was used to perform the transformation. It is important for cryptosystems to no reveal these patterns.” Pg. 507 Shon Harris All-In-One CISSP Certification Exam Guide Ciphertext-Only Attack: Message authentication and session values do not protect against Ciphertext so A and B are again eliminated. “Ciphertext-Only Attack: In this type of an attack, an attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the plaintext of the messages by figuring out the key used in the encryption process. Once the attacker figures out the key, she can now decrypt all other messages encrypted with the same key.” Pg 577 Shon Harris All-In-One CISSP Certification Exam Guide. Birthday attack: “….refer to an attack against the hash function known as the birthday attack.” Pg 162 Krutz: The CISSP Prep Guide. MAC utilizes a hashing function and is therefore susceptible to birthday attack. Masguerading Attacks: Session values (IPSec) does protect against session hijacking but not spoofing so C is eliminated. “Masguerading Attacks: ….we’ll look at two common masquerading attacks - IP Spoofing and session hijacking.” Pg 275 Tittel: CISSP Study Guide. Session hijacking: “If session hijacking is a concern on a network, the administrator can implement a protocol that requires mutual authentication between users like IPSec. Because the attacker will not have the necessary credentials to authenticate to a user, she cannot act as an imposter and hijack sessions.” Reverse engineering: Message authentication protects against reverse engineering. Reverse engineering: “The hash function is considered one-way because the original file cannot be created from the message digest.” Pg. 160 Krutz: The CISSP Prep Guide Content modification: Message authentication protects against content modification. Factoring attacks: Message authentication protects against factoring attacks.

Question 92

QUESTION NO: 811 The relative security of a commercial cryptographic system can be measured by the? A. Rating value assigned by the government agencies that use the system. B. Minimum number of cryptographic iterations required by the system. C. Size of the key space and the available computational power. D. Key change methodology used by the cryptographic system.

Answer 92

Answer: C Explanation: The strength of the encryption method comes from the algorithm, secrecy of the key, length of the key, initialization vectors, and how they all work together.

Question 93

QUESTION NO: 812 Which one of the following describes Kerchoff’s Assumption for cryptoanalytic attack? A. Key is secret; algorithm is known B. Key is known; algorithm is known C. Key is secret; algorithm is secret D. Key is known; algorithm is secret

Answer 93

Answer: A Explanation: Kerhkoff’s laws were intended to formalize the real situation of ciphers in the field. Basically, the more we use any particular cipher system, the more likely it is that it will “escape” into enemy hands. So we start out assuming that our opponents know “all the details” of the cipher system, except the key.

Question 94

QUESTION NO: 813 Which of the following actions can make a cryptographic key more resistant to an exhaustive attack? A. None of the choices. B. Increase the length of a key. C. Increase the age of a key. D. Increase the history of a key.

Answer 94

Answer: B Explanation: Defenses against exhaustive attacks involve increasing the cost of the attack by increasing the number of possibilities to be exhausted. For example, increasing the length of a password will increase the cost of an exhaustive attack. Increasing the effective length of a cryptographic key variable will make it more resistant to an exhaustive attack.

Question 95

QUESTION NO: 814 Which type of attack is based on the probability of two different messages using the same hash function producing a common message digest? A. Differential cryptanalysis B. Differential linear cryptanalysis C. Birthday attack D. Statistical attack

Answer 95

Answer: C Explanation: Attacks Against One-Way Hash Functions: A good hashing algorithm should not produce the same hash value for two different messages. If the algorithm does produce the same value for two distinctly different messages, this is referred to as a collision. If an attacker finds an instance of a collision, he has more information to use when trying to break the cryptographic methods used. A complex way of attacking a one-way hash function is called the birthday attack. Now hold on to your had while we go through this – it is a bit tricky. In standard statistics, a birthday paradox exists. It goes something like this: How many people must be in the same room for the chance to be greater than even that another person has the same birthday as you? Answer: 253 How many people must be in the same room for the chance to be greater than even that at least two people share the same birthday? Answer: 23 This seems a bit backwards, but the difference is that in the first instance, you are looking for someone with a specific birthday date, which matches yours. In the second instance, you are looking for any two people who share the same birthday. There is a higher probability of finding two people who share a birthday than you finding another person sharing your birthday – thus, the birthday paradox. This means that if an attacker has one hash value and wants to find a message that hashes to the same hash value, this process could take him years. However, if he just wants to find any two messages with the same hashing value, it could take him only a couple hours. …..The main point of this paradox and this section is to show how important longer hashing values truly are. A hashing algorithm that has a larger bit output is stronger and less vulnerable to brute force attacks like a birthday attack.