Cryptography Flashcards

1
Q

What does CIA mean in relation to Cryptography?

A

Confidentiality, Integrity and Authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is non-repudiation?

A

An action that cannot be denied

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Non-repudiation can be used to provide what 3 things?

A

Identification, Authentication and Accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a mono-alphabetic substitution?

A

A system that uses only a single alphabet to encrypt and decrypt a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a practitioner of cryptography known as?

A

Cryptographer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What term is used to describe the science of deciphering cipher text without the cryptographic key?

A

Cryptanalysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Cryptology?

A

The science of cryptography and cryptanalysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a practitioner of Cryptology called?

A

Cryptologist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a plaintext message?

A

A message in its original readable format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a ciphertext message?

A

A plaintext message that’s been encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What other term can be used to describe decryption?

A

Deciphering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are two methods of encrypting traffic on a network?

A

End-to-End encryption

Link encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What type of encryption is used where a packets are encrypted at the original source and then decrypted once they reach the final destination?

A

End-to-End encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two advantages of end-to-end encryption?

A

Speed

Overall security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the downside to end-to-end encryption?

A

Only data in encrypted, not routing information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Link encryption?

A

requires that each node (ie router) has separate key pairs for its upstream and downstream neighbours. Packets are encrypted and decrypted at each node along the network path

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is the advantage of link encryption?

A

Entire packet including routing information is encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are the two disadvantages of link encryption?

A
  • Latency
  • Inherent vulnerability: If a node is compromised or a packets decrypted contents are cached on the router then the data can be compromised
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the hardware or software implementation that transfers plaintext into ciphertext known as?

A

A cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What 3 properties must an effective cryptosystem have?

A
  • efficient method of encrypting and decrypting keys on the system
  • cryptosystem is easy to use
  • strength of the cryptosystem depends on the secrecy of the keys
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is a keyspace in relation to a cryptosystem?

A

A range of all possible values for a key within a cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is a keyspace in relation to a cryptosystem?

A

A range of all possible values for a key within a cryptosystem

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is a restricted algorithm?

A

refers to an algorithm that must be kept secret in order to provide security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is the disadvantage of a restricted algorithm?

A

relies on secrecy of the keys rather than complexity of the algorithm used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the two basic elements of a cryptosystem?

A
  • Cryptographic algorithm

- Cryptovariable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is another term for a cryptographic algorithm?

A

Cipher

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is another term for a cryptovariable?

A

Key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is key clustering?

A

Clustering occurs when identical ciphertetx messages are generated form a plaintext message by using the same encryption algorithm but different encryption keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is a weakness of key clustering?

A

reduces the number of key combinations that must be attempted in a brute force attack due to a weakness in the cryptographic algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What are the two main classes of ciphers used in symmetric key algorithms?

A

block and stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What are the advantages of block ciphers over stream ciphers?

A
  • Re-usable keys: Key management is easier

- Interoperability: More widely supported

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are the advantages of block ciphers over stream ciphers?

A
  • Re-usable keys

- Interoperability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which type of cipher is normally implemented in software?

Block or stream?

A

Block

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is a stream cipher?

A

They operate in real time on a continuous stream of data, typically bit by bit. using a stream cipher, the same plaintext bit or byte will produce a different ciphertext bit or byte every time it is encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is a stream cipher?

A

They operate in real time on a continuous stream of data, typically bit by bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are the advantages of a stream cipher?

A

faster than block ciphers

require less code to implement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What are the disadvantages of a stream cipher?

A

Key management as keys in a stream cipher are generally only used once.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

A one time pad uses which type of cipher? Stream or Block?

A

Stream

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What is the disadvantage of a one time pad?

A

Impractical for longer messages as it contains a pad the same length as the message that it is applied to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What are the two basic types of ciphers?

A

substitution and transposition

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the method that most common cryptosystems use to achieve encryption?

A

Substitution and permutation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is a substitution cipher?

A

Replaces bits, characters or character blocks in plaintext with alternate bits, characters or character blocks to produce ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

A substitution cipher may be monoalphabetic or Polyalphabetic. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is monoalphabetic?

A

A single alphabet used to encrypt a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is polyalphabetic?

A

different alphabet used to encrypt each bit, character or character block

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What is a modern example of a substitution cipher?

A

S-boxes (Substitution boxes) employed in DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Which type of substitution does DES use?

Linear or non-linear?

A

non-Linear

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is a transposition cipher?

A

rearranges bits characters or character blocks in a plaintext message to produce ciphertext

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is a coded cipher?

A

Words and phrases to communicate a secret message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is a Running (or book) cipher?

A

the key is page 13 of a book and text on that page is added modulo 26 to perform the encryption/decryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is Modulo 26?

A
Example
plaintext = EMI
numeric value = 5 13 9
substitution value + 3
modulo 26 result = 8 16 12
ciphertext = HPL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What is a vernam cipher?

A

A one time pad

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What is a concealment cipher?

A

Steganography

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What is steganography?

A

The art of hiding a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What can be used to verify the authenticity of an image or data?

A

Watermark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is symmetric key cryptography?

A

Uses a single key to both and encrypt and decrypt information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are the 3 disadvantages of a symmetric key system?

A
  • Distribution: Secure distribution of keys is required
  • Scalability: Different key required for each pair of communicating parties
  • Limited functionality: can’t provide authentication or non-repudiation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What are the 3 advantages of a symmetric key system?

A
  • Speed: Faster than asymmetric systems
  • Strength: Strength is gained when used with a large key (128 bit, 256 bit or larger)
  • Availability: There are many algorithms available for organisations to use.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Name 5 types of symmetric key algorithms

A
  • Data Encryption Standard (DES)
  • Triple DES (3DES)
  • Advanced Encryption Standards (AES)
  • International Data Encryption Algorithm (IDEA)
  • Rivest Cipher 5 (RC5)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Which types of encryption is a block cipher and uses a 56 bit key?

A

DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What is the DES algorithm consist of?

A

64 bit block cipher based on a 56 bit symmetric key (56 key bits plus 8 parity bits or 8 bytes with each byte containing 7 key bits and 1 parity bit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What are the steps in DES encryption?

A
  1. Original message is divided into 64 bit blocks
  2. Operating on a single block at a time, each 64-bit plain-text block is split into 2 32-bit blocks.
  3. Under control of the 56-bit symmetric key, 16 rounds of transpositions and substitutions are performed on each individual character to produce the resulting ciphertext output
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What is a parity bit used for?

A

To detect errors in a bit pattern

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

A transformation (substitutions and permutations) that an encryption algorithm performs on a block of plain text to convert into ciphertext is known as what?

A

A round

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What are the 4 distinct modes of operation in DES?

A
  • Electronic Code Book
  • Cipher Block Chaining
  • Cipher Feedback
  • Output Feedback
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Which two operational modes of DES are used the most?

A

Electronic Code Book and Cipher Block Chaining

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What are 4 characteristics of Electronic Code Book (ECB) in DES?

A
  • Native operational mode in DES
  • Normally produces the highest throughput?
  • Best used for encrypting keys or small amounts of data
  • Operates on 64-bit blocks of plaintext independently to produce 64-bit blocks of ciphertext
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What is a disadvantage of using ECB in DES?

A

The same plaintext, encrypted with the same key always produces the same ciphertext. Susceptible to Chosen Text attacks (CTA) as certain patterns may be revealed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What are 4 characteristics of Cipher Block Chaining (CBC) in DES?

A
  • Most common mode of DES operation
  • Operates on 64-bit blocks of plaintext to produce 64 bit blocks of ciphertext
  • Each block is XORed with the ciphertext of the preceeding block to create a dependency, or chain, therefore producing a more random ciphertext result.
  • first block is encrypted with a random block known as an Initialisation Vector (IV)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What is a disadvantage of CBC in DES?

A

Errors propagate, however problem is only limited to block in which the problem occurs and the block that immediately follows after which the encryption re-synchronises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

What is the Exclusive Or (XOR) function?

A

a binary option applied to two input bits, ie:

  • if two bits are equal result is 0
  • if two bits are odd result is 1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which are 4 characteristics of Cipher Feedback (CFB) in DES?

A
  • is a stream cipher
  • most often used to encrypt individual characters
  • previously generated ciphertext is used as feedback for key generation in the next keystream
  • resulting ciphertext is chained together
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What is a disadvantage of CFB in DES?

A

errors are multiplied throughout the encryption process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

Which are 4 characteristics of Output Feedback (OFB) in DES?

A
  • is a stream cipher
  • often used to encrypt satellite communications
  • previous plaintext is used as feedback for key generation in the next keystream
  • resulting ciphertext is not chained together
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What advantage does OFB have over CFB in DES?

A

Ciphertext isn’t chained together so errors don’t spread throughout the encryption process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

How does Triple DES differ from normal DES?

A

triple DES encrypts a message using 3 separate encryption keys. key 1, then key 2 then either the first key again or a new third key.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What are the 4 variations of Triple DES?

A

DES-EEE2 (Encrypt-Encrypt-Encrypt) 1st key, 2nd key, 1st key
DES-EDE2 (Encrypt-Decrypt-Encrypt) 1st key, 2nd key, 1st key
DES-EEE3 (Encrypt-Encrypt-Encrypt) 1st key, 2nd key, 3rd key
DES-EDE3 (Encrypt-Decrypt-Encrypt) 1st key, 2nd key, 3rd key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Which variation of DES was developed for backwards compatibility with single DES systems? EEE or EDE?

A

EDE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Which version of DES is susceptible to a “Meet in the Middle” attack?

A

Double DES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What are 2 problems with Triple DES?

A
  • performance cost so doesn’t work with many applications that require high speed throughput for high volumes of data
  • brute force attack can reduce the key size to 108 bits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Which encryption standard is approved for encrypting US Government Top Secret data?

A

AES (192 or 256 bit)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

The Rijndael Block Cipher is used for which encryptions standard?

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What are the 3 key lengths of AES?

A

128, 192, 256

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

How many “rounds” can be used in AES?

A

10 to 14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

What is the only successful attack that has been used against AES?

A

Side Channel Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

Which type of side channel attack is the most common against AES?

A

cache timing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Do side channel attacks attack the encryption algorithm or the system in which the encryption algorithm is implemented?

A

System in which it is implemented

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

What are the 4 common RSA ciphers?

A

RC2, 4, 5, 6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Which RSA cipher uses a block mode cipher that encrypts 64-bit blocks of data by using a variable length key? RC2, 4, 5, 6?

A

RC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Which RSA cipher uses a stream cipher (data encrypted in real time) that uses a variable length key? (128 bit is standard) RC2, 4, 5, 6?

A

RC4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Which RSA cipher uses a block mode cipher that encrypts 64-bit blocks of data by using a variable length key (0 to 2048 bits), variable block size (32, 64, 128 bits) and variable number of processing rounds (0 to 255)? RC2, 4, 5, 6?

A

RC5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Which RSA cipher is derived from RC5 and is a finalist in the AES selection process? Uses 128 bit block size and variable length keys of 128, 192 or 256 bits? RC2, 4, 5, 6?

A

RC6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

What is the difference between the Blowfish and Twofish algorithms?

A
  • Blowfish operates on 64 bit blocks, employs 16 rounds and uses variable key lengths of up to 448 bits.
  • Twofish, a finalist in the AES selection process is a symmetric block cipher that operates on 128-bit blocks, employing 16 rounds with variable key lengths up to 256 bits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Which two encryption algorithms are openly available in the public domain?

A

Blowfish and Twofish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Which are 4 characteristics of International Data Encryption Algorithm (IDEA)?

A
  • is a block cipher
  • operates on 64-bit plaintext blocks by using a 128 bit key
  • performs 8 rounds on 16 bit sub blocks and can operate in 4 distinct modes similar to DES.
  • Uses stronger encryption than RC4 and Triple DES.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

Why is IDEA not widely used?

A

Because it is patented although is used by PGP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

name 3 encryption algorithms that have had no formal successful attacks?

A

IDEA
Blowfish
Twofish

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

What is asymmetric cryptography?

A

Uses a private and public key pair. one key to encrypt and one key to decrypt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

What is the 3 step process is asymmetric cryptography?

A
  1. The sender (Thomas) encrypts the plaintext message with the intended recipient’s (Richard) public key.
  2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard)
  3. The recipient (Richard) then decrypts the message with his private key, known only to him.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

What term is used to describe an asymmetric key system?

A

secure message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

What is the 3 step process in signing a message to guarantee authenticity?

A
  1. The sender (thomas) encrypts the plaintext message with his own private key.
  2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard)
  3. To verify that the message is from the purported sender (Thomas), the recipient (Richard) applies the senders (Thomas) public key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

Purely signing a message is otherwise known as what?

A

Open message format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

Does signing a message only provide confidentiality?

A

No

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

Which message format should be used to provide both confidentiality and authenticity?

A

the secure and signed message format

105
Q

What are the 3 steps in guaranteeing confidentiality and authenticity of a message?

A
  1. the sender (thomas) encrypts the message first with the intended recipients (Richard) public key and then with his own private key.
  2. This produces a cipher-text message that can then be transmitted to the intended recipient (Richard).
  3. the recipient (Richard) uses the senders (thomas) public key to verify the authenticity of the message and then uses his own private key to decrypt the message
106
Q

theoretically can a private key be derived form a public key?

A

No

107
Q

What is a one way function?

A

A problem that you can easily compute in one direction but not the reverse.

108
Q

In asymmetric key systems what is used to reverse the one way function?

A

A trapdoor (private key)

109
Q

What are asymmetric keys commonly used for?

A

key management and digital signatures

110
Q

What is a hybrid system in relation to symmetric and asymmetric key encryption?

A

asymmetric system used to securely distribute the secret keys of a symmetric key system that’s used to encrypt the data.

111
Q

What is the main disadvantage of an asymmetric key system?

A

Lower speed. Because of the types of algorithms that are used to create the one way hash function, large keys are required

112
Q

What are the two main advantages of asymmetric key systems?

A
  • Extended functionality: can provide confidentiality and authenticity whereas symmetric can only provide confidentiality.
  • Scalability: do not require secret key exchanges with all communicating parties like symmetric does. resolves key management issues.
113
Q

Name 5 types of asymmetric key algorithms?

A
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve
114
Q

how can RSA be used to securely transport symmetric keys? 2 step process

A
  1. Thomas creates a symmetric key, encrypts it with Richards public key and then transmits it to Richard.
  2. Richard decrypts the symmetric key by using his own private key.
115
Q

What is the RSA algorithm based on?

A

Factoring prime numbers

116
Q
Which algorithm is an asymmetric key algorithm based on discrete logarithms?
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve
A

Diffie-Hellman

117
Q

Diffie-Hellman can be used to exchange symmetric keys. How this is achieved? 2 steps

A
  1. Thomas and Richard obtain each other’s public keys.
  2. Thomas and Richard then combine their own private keys with the public key of the other person, producing a symmetric key that only the two users involved in the exchange know.
118
Q
Which asymmetric key algorithm is susceptible to man in the middle attacks?
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve
A

Diffie-Hellman

119
Q

How is a man in the middle attack performed with Diffie Hellman?

A

harold (attacker) intercepts the public keys during the initial exchange and substitutes his own private key to create a session key that can decrypt the session

120
Q
Which asymmetric algorithm extends the functinality of Diffie-Hellman to include encryption and digital signatures? 
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve
A

El Gamal

121
Q
Which asymmetric algorithm is based on the problem of determining what items, in a set of items tha have fixed weights, can be combined in order to obtain a total given weight?
RSA
Diffie-Hellman
El Gamal
Merkle-Hellman (Trapdoor) Knapsack
Elliptic Curve
A

Merkle-Hellman (Trapdoor) Knapsack

122
Q

Merkle-Hellman (Trapdoor) Knapsack has been broken already. true or False?

A

True

123
Q

What is the benefit of the Eliptic Curve Algorithm?

A

More efficient than other asymmetric key systems and many symmetric key systems as it uses smaller keys.

124
Q

Eliptic Curve can typically be implemented in which type of hardware?

A

Wireless devices and Smart cards

125
Q

Which method of the CIA triad does authenticity provide?

A

Integrity

126
Q

What 4 things can message authentication provide?

A
  • The message hasn’t been altered.
  • The message isn’t a replay of a previous message
  • The message was sent from the origin stated
  • the message is sent to the intended recipient
127
Q

Checksums, CRC values and parity checks are all basic types of what?

A

Message authentication

128
Q

Digital Signatures and Message digests are all advances types of what?

A

Message authentication

129
Q

What does FIPS stand for?

A

Federal Information Processing Standard

130
Q

What are the 2 acceptable algorithms for digital signatures as published by the national Institute of Standards and Technology (NIST) and specified by FIPS 186-1?

A
  • RSA Digital Signature Algorithm

- Digital Signature Algorithm (DSA) - based on El Gamal

131
Q

Both RSA Digital Signature Algorithm and the Digital Signature Algorithm use which Secure Hash Algorithm?

A

SHA-1

132
Q

What is the 2 step process with regards encryption for digital signatures?

A
  1. Sender encrypts message with his private key.

2. The sender’s public key then decrypts the message, authenticating the originator of the message.

133
Q

What term is used to describe the use of digital signatures?

A

open message format in asymmetric key systems

134
Q

What is the 4 step process in a message digest?

A
  1. Message is encrypted with the recipient’s public key.
  2. A representation of the encrypted message is then encrypted with the sender private key to produce a digital signature.
  3. The recipient decrypts this representation using the sender’s public key and then independently calculates the expected results of the decrypted representation by using the same, known, one-way hashing algorithm.
  4. If the results are the same, the integrity of the original message is assured.
135
Q

To reduce or condense something is called what?

A

A digest

136
Q

What are the 4 properties of a message digest?

A
  • The original message can’t be re-created by the message digest
  • Finding a message that produces a particular digest shouldn’t be computationally feasible.
  • No two messages should produce the same message digest
  • The message digest should be calculated by using the entire contents of the original message
137
Q

What term is used when two messages produce the same message digest or when a message produces the same digest of a different message?

A

A Collision

138
Q

How are message digests produced?

A

Using a one-way hash function

139
Q

A one-way hashing algorithm is otherwise known as what?

A

A digest algorithm

140
Q

What are 3 common types of one-way hashing algorithms?

A

MD5
SHA-1
HMAC

141
Q

What assurance does a one-way function provide?

A

that the same key can’t encrypt and decrypt a message in an asymmetric key system

142
Q

Which element of the CIA triad does the one way function address?

A

Confidentiality

143
Q

What word describes the reversal of a one way function?

A

A trapdoor

144
Q

A one way hashing algorithm produces a hashing value (message digest) that cannot be reversed? ie cannot be decrypted. True or False?

A

True

145
Q

The purpose of a one-way hashing algorithm is to ensure what?

A

integrity and authentication

146
Q

MD (Message Digest) is a family of what?

A

one way hashing algorithms

147
Q

What are the 4 common versions of the MD one way hashing algorithm?

A

MD2
MD4
MD5
MD6

148
Q

Which of the MD family takes a variable size input (message) and produces a fixed size output (128-bit message digest)

A

MD2

149
Q

What are two disadvantages of MD2?

A
  • Slow

- highly susceptible to collisions

150
Q

Which of the MD family produces a 128-bit digest and is used to compute NT password hashes for various Microsoft Windows Operating systems inlcuding NT, XP and Vista? It is also typically represented as a 3 digit hexadecimal number?

A

MD4

151
Q

What is a weakness of MD4?

A

Susceptible to collision attacks

152
Q

Which of the MD family is commonly used to store passwords and check the integrity of files? It also has the following characteristics:

  • produces a 128-bit digest
  • messages are process in 512-bit blocks and use 4 rounds of transformation
  • resulting hash is typically represented as a 32-bit hexadecimal number
A

MD5

153
Q

What are two weaknesses of MD5?

A
  • susceptible to collisions

- considered “cryptographically” broken by the US Department of Homeland Security

154
Q

Which of the MD family uses very large input message blocks (up to 512 bytes) and produces variable length digests (up to 512-bits)?

A

MD6

155
Q

What are the 3 versions of the SHA (Secure Hash Algorithm) are there?

A

SHA-1
SHA-2
SHA-3

156
Q

Which family of one way hash functions was designed by the NSA?

A

SHA

157
Q

Which version of SHA takes a variable size input (message) and produces a fixed size output (160-bit message digest vs MD’s 128-bit message digest). It also produces messages in 512-bit blocks and adds padding to a message length, if necessary to produce a total message length that’s a multiple of 512?

A

SHA-1

158
Q

Which version of SHA has the following characteristics?

  • consists of 4 hash functions which are: SHA-224, SHA-256, SHA-384, SHA-512
  • has digest lengths of 224, 256, 384 and 512 bits respectively
  • processes messages in 512-bit blocks and adds padding to a message length if necessary, to produce a total message length that is a multiple of 512?
A

SHA-2

159
Q

SHA-3 is scheduled to be published in 2012

A

Note

160
Q

What does HMAC stand for?

A

Hashed Message Authentication Code (or checksum)

161
Q

What is the purposed of HMAC?

A

Extends the security of the MD5 and SHA-1 algorithms through a concept of key digest by incorporating a previously shared secret key and original message into a single message digest.

162
Q

What is the main advantage of HMAC?

A

If an attacker intercepts a message, modifies its contents and calculates a new message digest, the result won’t match the receivers hash calculation because the modified messages hash doesn’t contain the secret key.

163
Q

What is PKI (Public Key Infrastructure)?

A

a central authority that stores encryption keys or certificates associated with users and systems

164
Q

What is a certificate in relation to cryptography?

A

An electronic document that uses the public key of an organisation or individual to establish identity and a digital signature to establish authenticity.

165
Q

What 5 things does PKI provide?

A
  • confidentiality
  • integrity
  • authentication
  • non-repudiation
  • access control
166
Q

What are the 4 basic components of a PKI?

A

certificate authority
registration authority
repository
archive

167
Q

What is a Certificate Authority in relation to PKI?

A
  • comprises hardware, software and personnel administering the PKI
  • issues certificates
  • maintains and publishes status information and Certificate Revocation Lists (CRL’s)
  • Maintains Archives
168
Q

What is a Registration Authority in relation to PKI?

A
  • registration authority also comprises of hardware, software and personnel administering the PKI.
  • responsible for verifying certificate contents for the CA
169
Q

What is a Repository in relation to PKI?

A

A system that accepts certificates and CRL’s from a CA and distributes them to authorised parties.

170
Q

What is an archive in relation to PKI?

A

offers long term storage of archived information from the CA

171
Q

What are the 7 main functions in key management?

A
  • Key generation
  • Key distribution
  • Key installation
  • Key storage
  • Key change
  • Key control
  • Key disposal
172
Q

What is the purpose of a key management system?

A

To safeguard keys

173
Q

What are the 3 main requirements for key generation?

A
  • keys must be generate randomly on a secure system
  • generation sequence shouldn’t provide potential clues regarding the contents of the keyspace
  • generated keys shouldn’t be displayed in the clear
174
Q

What is the main requirement for key distribution?

A

must be distributed securely, ie using something like an asymmetric system to securely distribute the keys

175
Q

What is the main requirement for key installation?

A

manual process that should ensure the key isn’t compromised during installation, incorrectly entered or too difficult to be used readily.

176
Q

What are the two ways of maintaining secure key storage?

A
  • stored on encrypted media

- stored on an application with safeguards that prevent keys from being extracted.

177
Q

Why does key change need to occur regularly?

A

Keys used frequently are more likely to be compromised through interception and statistical analysis.

178
Q

What is the main purpose of key control?

A

Addresses the proper use of keys. different keys have different functions and may only be approved for certain levels of classification.

179
Q

What is the purpose of key disposal?

A

To ensure keys are securely disposed, erased, etc.

180
Q

What is the purpose of the Escrowed Encryption Standard (EES)?

A

the purpose is to divide a key into two parts and place those two parts into escrow with two separate trusted organisations

181
Q

With EES, how can the divided keys be recovered?

A

Via a court order by law enforcement officials

182
Q

name 4 common Email Security Applications?

A

Secure Multi-purpose Internet Mail Extensions (S/MIME)
MIME Object Security Services (MOSS)
Privacy Enhanced Mail (PEM)
Pretty Good Privacy (PGP)

183
Q

What are the key characteristics of S/MIME?

A
  • secure method of sending email incorporated into browsers and email applications.
  • provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures and X.509 digital certificates
  • complies with the Public Key Cryptography Standard (PKCS) #7
  • has been proposed as a standard to the Internet Engineering Task Force (IETF)
184
Q

What are the key characteristics of MOSS (MIME Object Security Services)?

A
  • provides confidentiality, integrity, identification, authentication and non-repudiation by using MD2 or MD5, RSA asymmetric keys and DES
  • has never been widely implemented
185
Q

What are the key characteristics of PEM (Privacy Enhanced Mail)?

A
  • proposed as a PKCS-compliant standard by the IETF, but never widely implemented or used.
  • provides confidentiality and authentication by using 3DES for encryption, MD2, or MD5 message digests, X/509 certificates and the RSA asymmetric system for digital signatures and secure key distribution.
186
Q

What are the key characteristics of PGP (Pretty Good Privacy)?

A
  • Email encryption application
  • provides confidentiality and authentication using the IDEA cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution.
  • Instead of a CA it uses a Trust Model in which the communicating parties implicitly trust each other
  • ideally suited to smaller groups
187
Q

What 3 versions of PGP are available today?

A
  • Freeware version from PGP International (free for individuals, not organisations)
  • commercial version from symantec
  • Open source version called GPG
188
Q

What are the 6 common protocols used to secure Internet Communications and Transactions?

A
SSL/TLS
S-HTTP
SSH
IPSec
MPLS
WTLS
189
Q

What are the key characteristics of SSL/TLS?

A
  • provides session based encryption and authentication for secure communications between clients and servers on the internet.
  • operates at transport layer
  • Uses the RSA asymmetric key system
  • IDEA, DES and 3DES symmetric key systems
  • Uses the MD5 hash function
190
Q

What is SET (Secure Electronic Transaction)?

A
  • developed by Mastercard and VISA to provide secure e-commerce transactions
  • utilises dual signatures by allowing 2 pieces of data to be linked and sent to 2 different entities
  • not widely used
191
Q

What are the 5 main features of SET?

A
  • Confidentiality using DES
  • Integrity using digital signatures and the RSA asymmetric system
  • Cardholder authentication using digital signatures and X.509 digital certificates
  • Merchant authentication using digital signatures and X.509 digital certificates
  • Interoperability between different hardware and software manufacturers
192
Q

What are the key characteristics of the Secure Hypertext Transfer Protocol (S-HTTP)?

A
  • provides a method for secure communications with a web server
  • connectionless oriented protocol that encapsulates data after security properties for the session have been successfully negotiated
  • uses symmetric encryption for confidentiality
  • message digests for integrity
  • public key encryption for client-server authentication and non-repudiation
  • instead of encrypting an entire session as in SSL, S-HTTP can be applied to individual web documents
193
Q

What is IPSec?

A
  • An IETF open standard for secure communications over public IP networks such as the internet.
  • Ensures confidentiality, integrity and authentication by using Network layer encryption and authentication to provide an end to end solution
194
Q

What two modes does IPSec operate in?

A

Transport Mode: Only the data is encrypted

Tunnel Mode: Entire packet is encrypted

195
Q

What are the two made protocols used in IPSec?

A
  • Authentication Header (AH): Provides integrity, authentication and non-repudiation
  • Encapsulating Security Payload (ESP): provides confidentiality (encryption) and limited authentication
196
Q

What must each pair of communicating hosts establish in an IPSec session?

A

A security Association (SA)

197
Q

What is a Security Association?

A
  • A one-way connection between two communicating parties.
  • Two SAs are required for each pair of communicating hosts
  • Each SA can only support a single protocol (AH or ESP). If AH and ESP are used between a pair of communicating hosts, 4 SA’s are required.
198
Q

An SA has 3 parameters that uniquely identify it in an IPSec session. What are they?

A
  • Security Parameter Index (SPI): a 32-bit string used by the receiving station to differentiate between SA’s terminating on that station. SPI is located within the AH or ESP header.
  • Destination IP Address: end station, intermediate gateway, firewall, but must be a unicast address.
  • Security Protocol ID: Either an AH or ESP association
199
Q

how is key management provided in IPSec?

A

Internet Key Exchange (IKE)

200
Q

IKE is combination of 3 complimentary protocols. What are they?

A
  • The Internet Security Association and Key Management Protocol (ISAKMP)
  • The Secure Key Exchange Mechanism (SKEME)
  • The Oakley Key Determination Protocol
201
Q

What 3 modes does IKE operate in?

A
  • Main Mode
  • Aggressive Mode
  • Quick Mode
202
Q

What is Multi-Protocol Label Switching (MPLS)?

A
  • A fast method for forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in a packet.
  • Is protocol independent and highly scalable.
  • Provides Quality of Service (QOS) with multiple classes of Service (COS)
  • Provides Secure Layer 3 VPN tunneling
203
Q

What is Secure Shell (SSH-2)?

A
  • used for secure remote access as an alternative to Telnet
  • can be used to provide confidentiality, integrity and authentication
  • establishes an encrypted tunnel between the SSH client and SSH server and can also authenticate the client to the server
204
Q

What is Wireless Transport Layer Security (WTLS)?

A

-provides security services for the Wireless Application Protocol (WAP) commonly used for internet connectivity by mobile devices.

205
Q

What 3 classes of security does WTLS provide?

A

Class 1: Anonymous authentication
Class 2: Server Authentication Only
Class 3: Client-Server Authentication: Additional Security is provided in WAP using Service Set Identifiers (SSID) and Wired Equivalent Privacy Keys (WEP). A significant improvement in Wireless Security incorporates the Extensible Authentication Protocol (EAP) which uses RADIUS for authentication

206
Q

When should WEP be used?

A

Only when other security protocols are unavailable

207
Q

What are the 4 classes of attack methods used to crack a cryptosystem?

A
  • Analytic Attacks
  • Brute force Attacks
  • implementation Attacks
  • Statistical Attacks
208
Q

Which crypto attack uses algebraic manipulation in an attempt to reduce the complexity of the algorithm?

  • Analytic Attacks
  • Brute force Attacks
  • implementation Attacks
  • Statistical Attacks
A
  • Analytic Attacks
209
Q

Which crypto attack attempts every possible combination of key patterns, sometimes utilising rainbow tables, and specialised or scalable computer architectures?

  • Analytic Attacks
  • Brute force Attacks
  • implementation Attacks
  • Statistical Attacks
A
  • Brute force Attacks (is very time intensive!)
210
Q

Which crypto attack attempts to exploit some weakness in the cryptosystem such as a vulnerability in an algorithm or a protocol?

  • Analytic Attacks
  • Brute force Attacks
  • implementation Attacks
  • Statistical Attacks
A
  • implementation Attacks
211
Q

Which crypto attack attempts to exploit some statistical weakness in the cryptosystem such as a lack of randomness in key generation?

  • Analytic Attacks
  • Brute force Attacks
  • implementation Attacks
  • Statistical Attacks
A
  • Statistical Attacks
212
Q

What is a rainbow table?

A

A precomputed table used to reverse cryptographic hash functions in a specific algorithm

213
Q

What are two examples of password cracking programs that use rainbow tables?

A

Ophcrack

Rainbowcrack

214
Q

What is a Birthday Attack?

A
  • attempts to exploit the probability of two messages producing the same message digest by producing the same hash function.
  • is based on statistical probability (greater than 50%)
215
Q

What term describes the expenditure required, in terms of time, effort and resources - to break a cryptosystem?

A

Work Factor

216
Q

What is Moore’s Law?

A

based on an observation that processing power doubles every 18 months.

217
Q

What is a Ciphertext Only Attack? (COA)

A
  • Requires someone to obtain the ciphertext of several messages, all encrypted by using the same encryption algorithm. Attempt is then made to decrypt the data by searching for repeating patterns and using statistical analysis.
  • requires a large sample of ciphertext and is generally difficult
218
Q

What is a Chosen Text Attack? (CTA)

A

Someone obtains a sample of plaintext and the corresponding ciphertext.

219
Q

4 types of Chosen text Attacks exist. What are they?

A
  • Chosen Plaintext Attack (CPA): chooses plaintext to be encrypted and the corresponding ciphertext is obtained.
  • Adaptive Chosen Plaintext Attack (ACPA): choose plaintext to be encrypted, then based on the resulting ciphertext, chooses another example to be encrypted
  • Chosen Ciphertext Attack (CCA): chooses ciphertext t be decrypted and the corresponding plaintext is obtained
  • Adaptive Chosen Ciphertext Attack (ACCA): choose ciphertext to be decrypted then based on the ciphertext, chooses another sample to be decrypted.
220
Q

What is a known plaintext attack? (KPA)

A

Attacker obtains the ciphertext and corresponding plaintext of several past messages, which he or she uses to decipher new messages

221
Q

What is a man in the middle attack?

A

involves an attacker intercepting messages between two parties on a network and potentially modifying the original.

222
Q

What is a meet in the middle attack?

A
  • attacker encrypts known plaintext with each possible key on one end, decrypting the corresponding ciphertext with each possible key, and then comparing the results in the middle.
  • commonly considered a brute force attack but can be considered an analytical attack due to the differential analysis involved
223
Q

What is a replay attack?

A

occurs when a session key is intercepted and used against a later encrypted session between two parties

224
Q

How can a replay attack be countered?

A

incorporating a timestamp in the session key

225
Q

What are the characteristics of quantum cryptography (QKD)?

A
  • using physics instead of maths
  • more concerned with secure key distribution
  • has two unique channels, one for transmission of quantum key material via single photon light pulses and another carries the message traffic inlcuding cryptographic protocols and encrypted user traffic.
  • laws of quantum physics define that once a photon has been observed, it’s state is changed meaning eavesdropping can easily be identified.
  • still theoretical
226
Q

Cryptographic system lifecycle phases are generally described using which 3 terms?

A

Strong, Weakened, Compromised

227
Q

NIST covers encryption lifecycle in which publication?

A

800-131A

228
Q

What are the 4 terms that NIST 800-131A uses to describe algorithms and key lengths?

A

Acceptable: safe to use, no security risk known
Deprecated: allowed, but user must accept some risk
Restricted: additional restrictions required
Legacy-Use: may only be used to process already protected information.

229
Q

Note regarding diffusion:

A

Similar to transposition and permutation

230
Q

What is the avalanche effect in relation to cryptography?

A

a minor change in the key or plaintext can have a significant change in the resulting ciphertext.

231
Q

What is a Null Cipher?

A
  • used in cases where the use of encryption is not necessary, but yet the fact that no encryption is needed must be configured in order for the system to work.
  • used during testing/debugging or when low security is required.
232
Q

What is a concealment cipher?

A

include plaintext without ciphertext

233
Q

What is a playfair cipher?

A
  • used during second world war
  • sender and receiver agree on keyword
  • table constructed were the word is hidden
234
Q

What is the “Rail Fence” transposition cipher?

A

message is written and read in two or more lines. simple version.

235
Q

What is a “Rectangular” Substitution table?

A

Keyword re-arrange within a rectangle

236
Q

What is a running key cipher?

A

the key is repeated for the same length as the plaintext input

237
Q

What is a Shift Row Transformation?

A

provides blockwide transposition of the input data by shifting rows of data.

238
Q

What is the MixColumn Transformation?

A

performed by multiplying and XORing each byte in a column together

239
Q

What is CAST 128?

A
  • can use keys between 40 and 128 bit length and will do between 12 and 16 rounds of operation.
  • is a feistal type block cipher with 64-bit blocks
240
Q

Is CAST a symmetric or asymmetric algorithm?

A

symmetric

241
Q

What is CAST-256?

A
  • submitted as an unsuccessful candidate for the new AES algorithm.
  • operates on 128 bit blocks with keys of 128, 192, 160, 224, 256 bits.
  • performs 48 rounds
242
Q

What is Secure and Fast Encryption Routine (SAFER)?

A
  • patent free
  • work on either 64bit or 128bit input blocks
  • used in Bluetooth
243
Q

What are the characteristics of the HAVAL encryption algorithm?

A
  • combines variable length output with a variable number of rounds of operation on 1024 input blocks.
  • output may be 128, 160, 192, 224 or 256 bits and number of rounds may vary from 3 to 5.
244
Q

What are the characteristics of the RIPEMD-160 encryption algorithm?

A

-developed in response to vulnerabilities found in MD4 and MD5

245
Q

What is the preferred key management system used in e-commerce and securing web transactions?

A

XML Key Management Specification 2.0 (XKMS)

246
Q

What are the two parts of the XML Key management Specification 2.0?

A
  • XML Key Information Service Specification (X-KISS): describes a syntax that allows a client to delegate part or all of the tasks required to process an XML signature
  • XML Key Registration Service Specification (X-KRSS): describes a protocol for registration of public key information
247
Q

XKMS service shields the client app from the complexities of the underlying PKI such as:

A
  • handling of complex syntax, e.g. X.509v3
  • retrieval of information from directory
  • Revocation status verification
  • Construction and processing of trust chains.
248
Q

What is X.509?

A

A digital certificate

249
Q

What is the ANSI X9.17 standard used for?

A

addresses the needs of financial organisations to transmit securities and funds securely using an electronic medium. describes the means ensure the secrecy of keys. relies on hierarchy of keys

250
Q

What is Dual Control in a key management system?

A

Requires two or more persons to come together and collude to complete a process.

251
Q

What is Split Knowledge in a key management system?

A

What two people must bring and join together when implementing dual control.

252
Q

What is ISO 18031?

A

An international standard for random number generation in key management systems.

253
Q

What is Differential Cryptanalysis?

A
  • a side channel attack
254
Q

What is Linear Cryptanalysis?

A
  • plain-text attack
255
Q

What is an algebraic attack?

A

rely on their success of block ciphers a high degree of mathematical structure.

256
Q

What is a Frequency Analysis attack?

A

useful when attacking a substitution cipher where the statistics of the plain-text language are known, ie allowing an attacker to assume an E might be an S

257
Q

What are 3 common types of implementation attacks? (all relate to the cryptographic system, not the algorithm.

A
  • Side channel analysis
  • Fault Analysis
  • Probing Attacks
258
Q

What is X500?

A

A directory service