Cryptography

Question 1

Plaintext

Answer 1

An unencrypted message

Question 2

Ciphertexxt

Answer 2

An encrypted message

Question 3

Symmetric Encryption

Answer 3

Uses one key to encrypt and decrypt

Question 4

Asymmetric Encryption

Answer 4

Uses separate keys to encrypt/decrypt

Question 5

Hash Function

Answer 5

One-way encryption using an algorithm and has no key

Question 6

Permutation

Answer 6

Also called transposition, provides diffusion by rearranging the characters of the plaintext anagram-style.

Question 7

Substitution

Answer 7

Replacing one character for another - provides “confusion”

Question 8

Work Factor

Answer 8

How long it will take to break a cryptosystem.

Question 9

Monoalphabetic and Polyalphabetic Ciphers

Answer 9

Monoalphabetic ciphers use one alphabet. The same substitution is used for each replacement. Polyalphabetic uses multiple alphabets so the same replacement is not repeated each time. Monoalphabetic ciphers are susceptible to frequency analysis.

Question 10

Vigenere Square Encryption

Answer 10

A polyalphabetic technique

Question 11

One-time Pad

Answer 11

Substitution cipher uses identical paired pads of random characters - user modular adidition

Question 12

Stream and Block Ciphers

Answer 12

Used for symmetric encryption. Stream mode encrypts bit by bit. Block mode ciphers encrypt blocks of data each round. e.g. DES uses 56 bits at a time.

Question 13

Initialization Vectors

Answer 13

Used in soe symmetric ciphers to ensure the first encrypted block of data is random. Ensures that identical plaintexts encrypt to different ciphertexts.

Question 14

Chaining

Answer 14

Also called, “feedback”. Seeds the previous encrypted block into the next block to be encrypted. Used to avoid patterns in results ciphertexts.

Question 15

DES

Answer 15

Data Encryption Standard, describes the “Data Encryption Algorithm (DEA)”. U.S Federal standard for symmetric cipher in 1976.

Question 16

DES Modes (5)

Answer 16

1. Electronic Code Book (ECB)
2. Cipher Block Chaining (CBC)
3. Output Feedback (CFB)
4. Output Feedback (OFB)
5. Counter Mode (CTR)

Question 17

ECB

Answer 17

DES Electronic Codebook - weakest mode. Does not use initialization vector or chaining. May leave patterned ciphertext.

Question 18

CBC

Answer 18

Cipher Block Chaining (DES). Uses block mode that XORs the previous ciphertext block to the next block of plaintext to be encrypted. Uses initialization vector. Weakness is possible block error propagation.

Question 19

CFB

Answer 19

Cipher Feedback (CFB). Similar to CBC but uses stream mode and chaining to destroy patterns. Uses initialization vector.

Question 20

OFB

Answer 20

Output Feedback (OFB). Variation of CFB.

Question 21

Trible DES

Answer 21

Became recommended standard in 1999. Applies DES encryption three times per block. “Encrypt Decrypt Encrypt”

Question 22

IDEA

Answer 22

International Data Encryption Algorithm. symmetric block cipher designed to replace DES. User 128-bit key and 64-bit block size.

Question 23

AES

Answer 23

Advanced Encryption Standard. Current U.S. standard for symmetric block cipher. Uses 128, 192 or 256 keys.

Question 24

Diffie-Hellman

Answer 24

Asymmetric Encryption. Developed RSA (Rivest, Shamir and Adleman) algorithm in 1977.

Question 25

ECC

Answer 25

Elliptic Curve Cryptography. Asymmetric uses one-way function using elliptic curves.

Question 26

Hash Functions

Answer 26

Provides encryption using an algorithm with no key. One-way hash functions because there is no way to reverse the encryption. A variable length plaintext is hashed into a fixed length ciphertext. referred to as a Message Digest or simply a “hash”.

Question 27

MD5

Answer 27

Hashing algorithm (Rivest). Creates a 128-bit hash (16 bytes).

Question 28

Collisions

Answer 28

Hashes are NOT unique. The number of possible plaintexts significantly outnumber the possible 128-bit ciphertexts. So, mathematically, collisions are possible.

Question 29

SHA

Answer 29

Secure Hash Algorithm.

1. SHA-1 (1993): uses 160-bit hash value
2. SHA-2: uses 335, 256, 384 and 512 bit digests.

Question 30

Brute Force

Answer 30

Tries every possible variation of plaintext. Given enough time, will always be successful.

Question 31

Meet in the Middle Attack

Answer 31

2DES uses Encrypt-Encrypt order. Attacker has both plaintext and ciphertext. Uses to recover the encryption key.

Question 32

Differential Cryptanalysis

Answer 32

Known Plaintext attack. Uses statistical analysis to search for signs of non-randomness in the ciphertexts.

Question 33

Linear Cryptanalysis

Answer 33

Known Plaintext attack. Analyst finds large amounts of plaintext/ciphertext pairs created with the same key.

Question 34

Side Channel Attacks

Answer 34

Uses physical data to break a cryptosystem. For example, by monitoring CPU cycles or power consumption used while encrypting or decrypting.

Question 35

Implementation Attacks

Answer 35

Exploiting a mistake made while implementing an application, service or system. For example, not destroyed plaintext temp files.

Question 36

Birthday Attack

Answer 36

Uses the “birthday problem” in probability theory

Question 37

PKI

Answer 37

Public Key Infrastructure. Uses all three forms of encryption to provide and namange digital certificates. A digital certificate is a public key signed with a digital signature.

Question 38

X.509

Answer 38

Standard digital certificate format.

1. Certificate Authorities (CA) issue and revoke certificates
2. Organizational Registration Authorities (ORA( vouch for the binding between public keys and certificate holder identities and other attributes
3. Certificate holders that are issues certificates and can sign digital documents
4. Clients that validate digital signatures and their certification paths from a know public key of a trusted CA
5. Repositories that store and make available certificates and certificate revocation lists (CRLs)

Question 39

SSL

Answer 39

Secure Sockets Layer - authenticates and provides confidentiality to web traffic.

Question 40

GLS

Answer 40

Transport Layer Security. Successor to SSL.

Question 41

IPSec

Answer 41

Internet Protocol Security - a suite of protocols used with IPv4 and IPv6. Used from VPNs.

Uses two primary protocols:

1. Authentications Header (AH)
2. Encapsulating Security Payload (ESP)

Question 42

S/MIME

Answer 42

Used to encrypt and authenticate email messages.