Cryptography Flashcards

Question

SHA-2/SHA-384/512

Answer 1

Secure Hashing Algorithm Hash Function Digest Size: 512 bits

Answer 2

Hash Function | Digest Sizes: 128, 160, 256, 320 bits

Answer 3

Hash Function | Digest Sizes: 128, 160, 192, 224, 256 bits

Answer 4

Hash Function | Digest Size: 512

Answer 5

Applying every possible combination of characters that could be the key. Time may be a factor/not fast enough

Answer 6

Uses dictionary of common words (to include proper nouns)

Answer 7

Uses a lookup table comprised of pre-calculated hash from common words.

Answer 8

Probability that someone has the same hash that attacker has already figured out.

Answer 9

Randomly generated value that is calculated into the hashing process eg. Table Salt

Answer 10

Message Authentication Code Verifies integrity and origin Symmetric Key

Answer 11

Hashed Message Authentication Code Hash function added to MAC Adds symmetric key to data to be hashed. Used in IPSec, SSL/TLS, SSH

Answer 12

* Uses one key to encrypt/decrypt info * Both parties share same key * Best for bulk encryption; faster (smaller key) than asymmetric * AKA: secret key, private key, shared key, same key, single key, session key

Answer 13

Symmetric Encryption Method * Bit by bit * Keystream * Hardware * No memory * On-the-fly * Very fast

Answer 14

Symmetric Encryption Method * Software * Fixed-length blocks * Block-by-block * Uses substitution/transposition ciphers * Stronger than stream-based * Slow/resource intensive

Answer 15

Stream Cipher and Block Cipher Pros: * Less computationally intensive * Produces smaller file size * Faster transmissions Cons: * Key distribution security * Needs to be trust between parties * Key management (n(n-1)/2=# keys needed * No "non-repudiation"

Answer 16

``` C - CAST 3 - 3DES 2 - Twofish B - Blowfish R - RC4, 5, 6 A - AES I - IDEA D - DES S - SAFER (+, ++) ```

Answer 17

Data Encryption Standard/Symmetric Based on IBM's Lucifer algorithm 64-bit Block (56-bit key + 8 bits for parity) Algorithm: DEA (Data Encryption Algorithm) Easily Broken

Answer 18

Triple DES/Symmetric Upgrade of DES (still in use) Applies DES three times 168-bit key (+24 bits for parity)

Answer 19

Advanced Encryption Standard/Symmetric Current standard replaced DES 128 bit block Algorithm: Rijndael Key Sizes: 128, 192, 256 bits

Answer 20

Symmetric Fastest of the symmetric 64 bit block cipher Variable-length keys (32-448 bits)

Answer 21

Symmetric 128 bit block cipher Variable length keys (128, 192, 256 bits) Finalist for AES

Answer 22

Carlisle Adams and Stafford Tavares/Symmetric Used by PGP CAST-128: * 64 bit block size * Variable key lengths (40-128 bits) CAST-256: * 128 bit block size * Variable key lengths (128, 160, 192, 224, 256 bits)

Answer 23

Rivest Cipher/Symmetric RC4 (stream): Variable key length (0-2048 bits) RC5 (block): Variable block (32, 64, 128 bits) * Variable key length (0-2048) RC6 (block): Variable block (128) * Variable key length (0-2048)

Answer 24

International Data Encryption Algorithm/Symmetric 64 bit block 128 bit key length Developed by the Swiss Used in PGP and other encryption software

Answer 25

Symmetric Block cipher NSA Clipper chip

Answer 26

Secure And Fast Encryption Routine/Symmetric Used in Bluetooth For key derivation NOT for encryption SAFER+: * 128 bit block cipher SAFER++: * 64, 128 bit block cipher

Answer 27

Public Key Encryption Each user has two keys: Private/Public Keys are mathematically related Pros: * Key Management (n*2) * Public key can be freely distributed * Offers: digital signatures, integrity, key exchange, non-repudiation Cons: * Slower than symmetric * Larger encryption file

Answer 28

D- Diffie-Hellman E- ElGamal E- ECC R- RSA

Answer 29

Asymmetric Based on difficulty of computing discrete logarithms Key exchange Variable key length: 512, 1024-2048 (secure) Same strength as 3072 bit RSA key

Answer 30

Asymmetric Encryption, Digital Signatures, Key Exchange Based on Diffie Hellman Slow Open standard/Legacy

Answer 31

Rivest, Shamir, Adleman/Asymmetric Encryption, Digital Signatures, Key Exchange De facto standard Based on difficulty of factoring N (prod of 2 large prime #) Variable block and key length * 512 bit to arbitrarily long * 1024-2048 considered secure Used in PGP

Answer 32

Elliptic Curve Cryptography/Asymmetric Encryption, Digital Signatures, Key Exchange Based on using points on a curve to define public/private key Key of 160 bis is equal to 1024 RSA key Hardware such as wireless devices and smart cards

Answer 33

* Email message * Hashing Algorithm * Sender's Private Key

Answer 34

Sender: * Creates email message * Creates message hash * Uses private key to encrypt hash * Hash becomes digital signature and is sent with message Receiver: * Hashes received message * Uses sender's public key to decrypt * If hashes match message is valid and sender is verified

Answer 35

Digital Signature Algorithm Used only for digital signatures Does not provide confidentiality Public key algorithm with var key size from 512-4096 bits Follows NIST/FIPS DSS and goes up to 1024 bits Uses SHA-1 for integrity Faster than RSA at verifying signatures

Answer 36

Provide authentication and integrity

Answer 37

Symmetric for data encapsulation Asymmetric for key encapsulation Cryptographic hash can be used to provide data integrity Eg. PGP, S/MIME, TLS, SSH, IPSec

Answer 38

Secure Socket Layer Secure connection between two TCP-based machines Uses X.509v3 TCP Port 443

Answer 39

Small key size Expired digital certificates Compromised keys

Answer 40

* Confidentiality: AES, IDEA, 3DES, DES, RC4, RC2 * Message Integrity: SSLv3 MAC w/ shared key (similar to HMAC) with MD5 or SHA1 * Key Exchange: RSA, Diffie Hellman Ability to implement Mutual Authentication

Answer 41

Telnet, NNTP, FTP, HTTP, SMTP, IMAP

Answer 42

Transport Layer Security Secure connection between two TCP-based machines Operates like SSSL More secure hashing than SSL TCP Port 443

Answer 43

Confidentiality: AES, IDEA, 3DES, DES, RC4, RC2 Message Integrity: HMAC Key Exchange: RSA and Diffie-Hellman More alert codes that SSL

Answer 44

HTTPS: * HTTP over SSL * TCP Port 443 * Encrypts communication channel S-HTTP: * Dev by Netscape * Provides security over standard page requests * TCP Port 80 * Encrypts INDIVIDUAL MESSAGES * Does not require client-side public key certs (symmetric key only)

Answer 45

Secure Shell ``` Secures remote terminal communications Secure replacement for Telnet and FTP TCP Port 22 Encrypts data w/ symmetric algorithm Est connection and authentication using public key crypto ``` Eg. PuTTY and OpenSSH

Answer 46

Transmits mail from e-mail clients to e-mail servers and between e-mail servers TCP port 25

Answer 47

Downloads e-mail from an inbox on an e-mail server to an e-mail client TCP port 110

Answer 48

Downloads e-mail from an inbox on an e-mail server to an e-mail client TCP port 143

Answer 49

Multipurpose Internet Mail Extensions Defines how e-mail clients handle non-plaintext content.

Answer 50

Secure Multipurpose Internet Mail Extensions Uses X.509 Standard Protection for email and attachments Provides: Authentication, Integrity, Confidentiality, non-repudiation Uses: AES, 3DES, DES, RC2 Key Exchange: Diffie-Hellman with DSS or RSA SHA-1 and MD5

Answer 51

ITU standard for defining digital certificates Defines the formats and fields for public keys Defines procedures for distributing public keys

Answer 52

Pretty Good Privacy E-mail encryption system Web of Trust NOT X.509 GPG = open source version Asymmetric: RSA, DSS, Diffie-Hellman Symmetric: AES, IDEA, CAST-128, IDEA, Twofish, 3DES Hash Coding: SHA-2, SHA-1, MD5 RIPEMD-160

Answer 53

``` Issuer's name Valid date / to date Owner (subject) Subject's public key Time stamp Certificate issuer's digital signature ```

Answer 54

Public Key Infrastructure * Framework for managing private keys and certificates * Follows X.509 standard * Standard for key generation, authentication, distribution and storage * Est who is responsible for authenticating the ID of the owners of the digital certificate

Answer 55

Certificate Authority Organization responsible for issuing, storing, revoking and distributing certificates Authenticates the certificates by signing them with their private key

Answer 56

Registration Authority * Middleman between CA and subscribers * Can distribute keys, accept registrations for CA and validate identities * Does not issue certs on their own

Answer 57

* Subject must prove ID to CA before cert is created * Give info physically appearing w/ and agent ID, credit report data, etc. * Once satisfied, cert is made containing ID info, public key, etc. * CA then digitally signs the cert with their private key

Answer 58

Certificate Practice Statement ``` How CA is structured How certs will be managed How subscriber's ID is validated How to request revocation Which standards and protocols are used ```

Answer 59

Online Certificate Status Protocol * Checks for revoked certs * Queries a CA or RA that maintains a list of expired certs * Server sends a response with status of valid, suspended or revoked

Answer 60

Certificate Revocation List IDs revoked certs Expired certs not on on the CRL

Answer 61

Certs can be suspended Ensures key is unusable for a period of time Suspend rather than expire to make them TEMPORARILY invalid

Answer 62

If a cert expires, a new cert must be issued | NOT added to the CRL

Answer 63

Unexpired certs can be renewed close to the end of the expiring cert's lifetime Allows same cert to be used past the original expiry time Not a good practice

Answer 64

Establish policies for destroying old keys When key/cert no longer useful, destroy and remove from system When destroyed, notify CA so CRL and OCSP can be updated Deregistration should occur when a key is destroyed

Answer 65

Single-Authority (AKA third-party trust) Hierarchical Trust Bridge Trust Web of Trust (AKA peer-to-peer)

Answer 66

Third party signs key/cert User trusts authority and all keys issued by them Trust verified by digital sig attached to public key

Answer 67

Root CA>Intermediate CA>Leaf CA

Answer 68

Trust between Root CAs

Answer 69

All parties involved trust each other | CA does not exist to certify owners

Answer 70

Central entity in charge or issuing keys | CA keeps a copy of the key

Answer 71

End user generates their own key | Does not provide key escrow (no key recovery)

Answer 72

Software-based: * Access violations/intrusions * Easily destroyed * Subject to security of access control system Hardware-based: * Most secure * More expensive * Relies on physical security * Smart cards/flash drives

Answer 73

Third party may gain access to key storage Allows for key recovery Key's must be secured on escrow network/systems

Answer 74

Someone with authority to remove keys from escrow

Answer 75

Requires two or more recovery agents Must but multiple key escrow recovery agents Minimum number of agents must work to recover key

Answer 76

Conducted when: * Keys compromised * Authentication process malfunction * People transferred/fired * Other security risks occur Keeps key from being misused

Answer 77

Temporary | Unusable for a period of time

Answer 78

Enable key for use after scheduled expiry Reissued for certain time Bad practice

Answer 79

Trusted Platform Module Hardware Stream Cipher Encryption Symmetric