Cryptography

Question 1

What is meant by asymmetric encryption?

Answer 1

Public key used to encrypt data, private used to decrypt, very CPU intensive

Question 2

What is used to digitally sign a packet?

Answer 2

Senders private key

Question 3

What is used to verify a digitally signed packet?

Answer 3

Senders public key

Question 4

What is used to verify a senders public key?

Answer 4

Senders public key (digital) certificate

Question 5

What is used to verify senders public key certificate?

Answer 5

Trusted C.A (Certificate Authority)

Question 6

What is a digital certificate?

Answer 6

Electronic document certifying public key of an entity (contains digital signature)

Question 7

What is a digital signature?

Answer 7

Code derived using private key of an entity

Verified using public key of signing entity to decrypt a hash and compare with CA

Question 8

How would a recipient receive the public key?

Answer 8

Receiving senders digital certificate, via in band or out band key exchange

Question 9

When sending encrypted data what key is used to encrypt?

Answer 9

Recipients public key, recipient decrypts with private key

Question 10

When receiving encrypted data what key is used to decrypt

Answer 10

Recipients private key

Question 11

What is IKE v1?

Answer 11

Establishes VPN IPSec phase 1 (initial control channel) and phase 2 tunnels
Isolated tunnels

Question 12

What is IKE v2?

Answer 12

?

Question 13

What is in band key exchange

Answer 13

Using in session mechanism

Question 14

What is out of band key exchange

Answer 14

Distributing public key manually i.e copying it to computer

Question 15

What algorithm does session key use?

Answer 15

Symmetric encryption algorithm

Question 16

What algorithm does public key use?

Answer 16

Asymmetric encryption algorithm

Question 17

What is DH Group?

Answer 17

Diffie Hellman group
Used to establish shared symmetric session keys
However Diffie Hellman exchange is asymmetrical

Question 18

What steps are carried out in IKE phase 1 tunnel?

Answer 18

Negotiates protocols:
H ash (algorithm)
A uthentication
G DH Group
L ifetime
E ncryption (algorithm)

Question 19

What steps are carries out in IKE phase 2 tunnel?

Answer 19

Optional: PFS (Perfect Forward Secrecy) runs Diffie Hellman again

Question 20

What is a block cipher?

Answer 20

Encryption performed on blocks of data

Question 21

What is a stream cipher?

Answer 21

Encryption performed bit by bit

Question 22

What is HMAC?

Answer 22

Hashed Message Authentication Code
Uses session key as part of hash formula
Prevents hacker changing data in transit regenerating hash as they don’t have session key

Question 23

What is key escrow?

Answer 23

Trusted entity with copy of keys needed for decryption which can be delegated to authorised third parties

Question 24

What is symmetric encryption?

Answer 24

Both keys can encrypt and decrypt, used for most use cases as lower CPU overhead

Question 25

What is ECC?

Answer 25

Elliptical Curve Cryptography

uses shorter key for lower overhead and good encryption

Question 26

What is ephemeral key?

Answer 26

Key used for short period of time, i.e offset of key is used for each packet

Question 27

What is NTLM and NTLMv2?

Answer 27

Old prior to kerberos authentication

Question 28

What is PGP/GPG?

Answer 28

Pretty Good Privacy

GNU Privacy Guard compliant version of PGP by IETF committee

Question 29

What is DHE and ECDHE?

Answer 29

Diffie Hellman Ephemeral

Eliptical Curve Diffie Hellman Ephemeral

Question 30

What is PBKDF2

Answer 30

Password Based Key Deviation Function 2

Applies pseudo random functions: hashing, salting, HMAC, encryption to create derived key

Question 31

What is PRNG?

Answer 31

Pseudo Random Number Generator