Cryptography Flashcards
This is a simple substitution cipher that shifts the alphabet by three positions.
A. Scytale cipher
B. Concealment cipher
C. Vigenere
D. Caesar cipher
Caesar cipher
This encryption method involves wrapping a message around a rod.
A. Scytale cipher
B. Vernam
C. Vigenere
D. Caesar cipher
Scytale cipher
This is the first polyalphabetic cipher. To encrypt, the first letter of the key is matched with the first letter of the message on a polyalphabetic table.
A. Scytale cipher
B. Vernam
C. Vigenere
D. Caesar cipher
Vigenere
This cryptography method involved using a specially made device with 3 or 4 rotors. The devices on each end of transmission would need to put the rotors in the same configuration.
Enigma machine
This is the only mathematically unbreakable form of cryptography. Often referred to as a one-time pad, it requires:
- The key be used only once
- The pad must be at least as long as the message
- The key pad must be statistically unpredictable
- The key must be delivered and stored securely
Vernam cipher
The science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and reverse engineering algorithms and keys.
Cryptanalysis
A cyptovariable which has a value that comprises a large sequence of random bits
Key
The RANGE of values that can be used to construct a key.
Keyspace
PGP is an example of a cryptosystem. Cryptosystems must be made of at least the following four things:
Software
Protocols
Algorithms
Keys
This principal asserts that algorithms should be publicly known in order to reduce the chance of more vulnerabilities.
Kerckhoff’s Principle
What unit of measure is used for attacks on cryptosystems?
The number of instructions a million-instruction-per-second (MIPS) system can execute in a year.
Name five services that cryptosystems can provide:
1 Confidentiality 2 Integrity 3 Authentication 4 Authorization (Upon proving identity, the individual is provided with a key or password that will allow access to some other resource.) 5 Nonrepudiation
XOR the following into a ciphertext stream:
Message Stream: 100101
Keystream: 010111
Ciphertext: 110010
Bob uses a 32-bit one-time pad to encrypt a 64 bit message. Sally was able to crack the code. How is this possible?
Bob used a pad that was shorter than the message. This can cause patterns to appear in the ciphertext.
This cipher uses objects in the physical world, like a book, to act as a key.
A. Scytale cipher
B. Concealment cipher
C. Running key cipher
D. Caesar cipher
Running key cipher
This cipher hides a message within a message and is a type of stenography.
A. Scytale cipher
B. Concealment cipher
C. Running key cipher
D. Caesar cipher
Concealment cipher
The method of embedding a message into some types of media (stenography) is to use the LSB. What does LSB stand for?
Least-significant bit
Symmetric encryption algorithms use two basic types of ciphers: substitution and transposition (permutation). What form of attack are simple versions of these ciphers susceptible to?
Frequency Analysis
___________ are used to generate subkeys that are made up of random values.
Key Derivation Functions (KDFs)
Which of the following is a strength of symmetric key systems:
A. Much faster than asymmetric systems
B. Hard to break if using a large key size
C. Provides confidentiality but not authenticity and non-repudiation.
D. Both A and B.
D
Which of the following is a strength of asymmetric key systems:
A. Works more slowly than symmetric systems.
B. Can provide authentication and non-repudiation.
C. Much faster than symmetric key systems.
D. Doesn’t scale as fast as symmetric key systems.
B
For asymmetric systems, what is the equation used to determine the number of keys to manage given a certain number of people (N)?
A. N(N-1)/2 = Number of Keys
B. N(N-2)/2 = Number of Keys
C. N(N-1) = Number of Keys
D. 2N
2N
For symmetric systems, what is the equation used to determine the number of keys to manage given a certain number of people (N)?
A. N(N-1)/2 = Number of Keys
B. N(N-2)/2 = Number of Keys
C. N(N-1) = Number of Keys
D. 2N
A N(N-1)/2 = Number of Keys
Which of the following are examples of asymmetric algorithms? (You can choose more than one.)
A. DES
B. RC4
C. ECC
D. Diffie-Hellman
C and D
Which of the following are examples of symmetric algorithms? (You can choose more than one.)
A. El Gamal
B. RC4
C. SHA
D. DSA
B
Which of the following are examples of asymmetric algorithms? (You can choose more than one.)
A. ECC
B. RSA
C. Blowfish
D. Diffie-Hellman
A, B, and D
Which of the following are examples of symmetric algorithms? (You can choose more than one.)
A. DSA
B. SHA
C. AES
D. IDEA
C and D
Which of the following are examples of asymmetric algorithms? (You can choose more than one.)
A. DSA
B. Knapsack
C. El Gamal
D. Triple-DES
A, B, C
FYI - Knapsack has been shown to be insecure.
Buddy system for memorizing Asymmetric algorithms.
RSA and DSA
ECC and El Gamal
DH (Diffie Helman) and Knapsack
What type of cryptography does SSL/TLS use?
A. Symmetric
B. Asymmetric
C. Neither
D. Triple-DES
B
It actually uses both, but hybrid or “both” was not an option.
What type of cryptography does SSL/TLS use for data encryption?
A. Symmetric
B. Asymmetric
C. Neither
D. Diffie-Helman
A
Asymmetric is used to exchange keys. Symmetric is used to encrypt the data.
This algorithm uses factorization with prime numbers, (called the trapdoor function), and is currently the standard for digital signatures. It can also be used for Key distribution and encryption.
A. Diffie-Helman
B. RSA
C. DSA
D. El Gamal
RSA
DSA can only be used for digital signing.
This is the first asymmetric algorithm and can only be used for key distribution. (Not encryption, Digital signature, nor hashing.)
A. AES
B. ECC
C. El Gamal
D. Diffie-Helman
D
This asymmetric algorithm is very efficient but only works in very specific environments.
A. AES
B. ECC
C. El Gamal
D. Diffie-Helman
ECC
Stream Ciphers use ____________ which produce a stream of bits that is XORed with plaintext bits to create ciphertext.
A. S-Boxes
B. one-time pads
C. keystream generators
D. initialization vectors
keystream generators
Stream Ciphers must use ________ which are random values that are used with algorithms to ensure patterns are not created when being sent to the destination.
A. S-Boxes
B. one-time pads
C. keystream generators
D. initialization vectors
initialization vectors
Stream Ciphers must use ________ which are random values that are used with algorithms to ensure patterns are not created when being sent to the destination.
A. S-Boxes
B. one-time pads
C. keystream generators
D. initialization vectors
initialization vectors
This block cipher mode of operation is FAST but usable only for the encryption of very short messages b/c the encrypting identical plaintext with the same key will produce identical ciphertext.
A. Cipher Block Chaining (CBC) mode
B. Output Feedback (OFB) mode
C. Counter Mode (CTR)
D. Electronic Code Book (ECB) mode
Electronic Code Book (ECB) mode
This block cipher mode of operation does not reveal a pattern because each block of text, the key, and the value based on the previous block are processed in the algorithm and applied to the next block of text, resulting in more random ciphertext. The first block is encrypted with an initialization vector (IV).
A. Cipher Block Chaining (CBC) mode
B. Output Feedback (OFB) mode
C. Counter Mode (CTR)
D. Cipher Feedback (CFB) mode
Cipher Block Chaining (CBC) mode
This block cipher mode of operation emulates a stream cipher which is useful for encrypting small (think 8-bit key commands) over a remote connection to a server.
A. Cipher Block Chaining (CBC) mode
B. Cipher Feedback (CFB) mode
C. Counter Mode (CTR)
D. Electronic Code Book (ECB) mode
Cipher Feedback (CFB) mode
This block cipher mode of operation is like Cipher Feedback mode but ensures possible errors don’t affect encryption and decryption processes. Good for transmission sensitive to errors like digitized video or digitized voice.
A. Counter Mode (CTR)
B. Cipher Feedback (CFB) mode
C. Output Feedback (OFB) mode
D. Cipher Block Chaining (CBC) mode
Output Feedback (OFB) mode
This block cipher mode of operation uses and IV counter tha increments for each plaintext block that needs to be encrypted. There is no chaining involved and is used in encrypting ATM cells for virtual circuits, in IPSec, and in the wireless security standard IEEE 802.11i
A. Counter Mode (CTR)
B. Cipher Feedback (CFB) mode
C. Output Feedback (OFB) mode
D. Cipher Block Chaining (CBC) mode
Counter Mode (CTR)
This symmetric algorithm is the standard for encrypting sensitive but unclassified U.S. government information.
A. RC5
B. AES
C. MD5
D. 3DES
AES
This symmetric algorithm is uses 48 rounds in its computation, making it resistant to differential cryptanalysis, but it takes a heavy performance hit as a result.
A. Blowfish
B. AES
C. RC6
D. 3DES
3DES
This symmetric algorithm uses a 128 bit key and is faster than DES when implemented in hardware.
A. Blowfish
B. RC4
C. IDEA
D. 3DES
IDEA
All but one of the following can provide integrity and data origin authentication. Which one can not?
A. Hash
B. HMAC
C. CBC-MAC
D. CMAC
Hash
Which of the following can ensure that a message has not been changed intentionally?
A. One-Way hash
B. HMAC
C. Message Integrity
D. MD4
HMAC
A generic one-way hash protects against unintentional errors that change the message.
What length hash value does MD4 and MD5 create?
128-bit
What length hash value does SHA1 create?
160-bit
Which of the following algorithms is the only one considered secure for hashing? What type of attack are the others susceptible to?
A. MD5
B. 3DES
C. SHA-256
D. RSA
C
Birthday attack
A ________________ is a hash value that has been encrypted with the sender’s private key.
Digital Signature
What standard is for how a CA creates a certificate? It dictates what fields to use in the certificate and what can be valid values in those fields.
X.509
Version 3 is the most commonly used.
Which of the following do you request a certificate from?
A. CA
B. RA
C. Certificate Repository
D. Certificate Revocation System
RA
Registration Authority
Which of the following is not a rule for keys and key management?
A. Keys should use the full spectrum of the keyspace
B. The more the key is used, the shorter its lifetime should be.
C. Keys should never be destroyed.
D. Keys should be stored and transmitted by secure means.
C.
Keys should be properly destroyed when their lifetime comes to an end.
All of the following keys are found in TPM’s versatile (dynamic) memory modules except for:
A. Storage Keys - used to encrypt the storage media of the system.
B. Attestation Identity Key (AIK) - Used for attestation of the TPM chip itself to service providers. Ensures the integrity of the EK.
C. Platform Configuration Registers (PCR) - Used to store cryptographic hashes of data for TPM’s “sealing” function.
D. Endorsement Key - A public/private key pair that is installed in the TPM at the time of manufacture and cannot be modified.
D
Name the protocol that is responsible for checking the CRL during a certificate validation process.
Online Certificate Status Protocol (OCSP)
Note: Chrome does not use OCSP. It pushes CRL updates daily through it’s own update mechanism.
All other major browers appear to support OCSP.
Attacker has ciphertext and tries to figure out key.
A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack
Ciphertext-Only Attack
Attacker has ciphertext and a portion of plain text attack (like an automatic signature) and tries to figure out key.
A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack
Known-Plaintext Attack
Attacker can see the full text encrypted and decrypted. Usually the attacker has initiated the message.
A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack
Chosen Plaintext Attack
Attacker can chose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Usually attacker has compromised a workstation.
A. Chosen Plaintext Attack
B. Known-Plaintext Attack
C. Chosen-cipher Attack
D. Ciphertext-Only Attack
Chosen-cipher Attack
This attack works by encrypting from one end and decrypting from the other end. Targeted towards algorithms like 3DES where there are multiple keys.
Meet-in-the-middle attack
This attack gathers “outside” information with the goal of using it to uncover the encryption key.
Side-Channel Attack
Attacker captures some type of data and resubmits it in hopes of fooling the receiving device into thinking it is legitimate information.
Replay attack
The _____________ of a cryptosystem is the amount of time and resources it takes to break the cryptosystem or its encryption process.
Work Factor
This programming language is susceptible to buffer-overflow attacks b/c it allows for direct pointer manipulations to take place.
C programming language
What does HMAC stand for?
Hash Message Authentication Code
CBC-MAC is not as secure mathematically as CMAC. Both provide system authentication aka this ___________, not user authentication.
Data origin authentication
