Cryptography

Question 1

Hashing

Answer 1

Number derived from performing a calculation on data.

Provides integrity assurances that data has not been modified.

Question 2

Encryption

Answer 2

Scrambles, or ciphers, data to make it unreadable if intercepted. Encryption normally includes an algorithm and a key.

Encryption protects the
confidentiality of data.

Question 3

Digital signatures

Answer 3

A digital signature is an encrypted hash

of a message, encrypted with the sender’s private key. Provide authentication, non-repudiation, and integrity

Question 4

Message Digest 5 (MD5)

Answer 4

Hashing algorithm that produces a 128-bit hash

Question 5

Secure Hash Algorithm (SHA)

Answer 5

Hashing algorithm.
SHA-0, 
SHA-1:  160-bit
SHA-2: 224, 256, 348, 512 bit
SHA-3: 224, 256, 348, 512 bit

Question 6

Hash-based Message Authentication Code

HMAC

Answer 6

Hashing algorithm.

Uses a shared secret key to add some randomness to the result and only the sender and receiver know the secret key.

Question 7

Symmetric encryption

Answer 7

Uses the same key to encrypt and decrypt data.

• AES
• DES
• 3DES
• RC4
• Blowfish/Twofish
• One-Time Pad

Question 8

Asymmetric encryption

Answer 8

Two keys in a matched pair to encrypt and decrypt data—a public key and a private key

• RSA
• Diffie-Hellman
• ECC

Question 9

block cipher

Answer 9

Encrypts data in specific-sized blocks

Question 10

stream ciphers

Answer 10

Encrypt data as a stream of bits

Question 11

Advanced Encryption Standard (AES)

Answer 11

Symmetric block cipher encrypts data
in 128-bit blocks.
key sizes of 128 bits, 192 bits, or 256 bits

Question 12

Data Encryption Standard (DES)

Answer 12

Encrypts data in 64-bit blocks.

56-bit key

Question 13

3DES (pronounced as “Triple DES”)

Answer 13

Symmetric block cipher. encrypts data in 64-bit blocks.

key sizes of 56 bits, 112 bits, or 168 bits

Question 14

RC4 (Rivest Cipher)

Answer 14

Symmetric stream cipher

Question 15

Blowfish and Twofish

Answer 15

Strong symmetric block cipher

Question 16

public key encrypts

Answer 16

Matching private key can decrypt

Question 17

private key encrypts

Answer 17

Public key can decrypt

Question 18

RSA

Answer 18

Asymmetric encryption method using both a public key and a private key in a
matched pair

Question 19

Static Versus Ephemeral Keys

Answer 19

Static keys are semipermanent and stay the same over a long period of time. In contrast, ephemeral keys have
very short lifetimes and are recreated for each session.

Question 20

Elliptic curve cryptography (ECC)

Answer 20

Asymmetric encryption method used with small wireless devices. graphs points on the curve to create keys

Question 21

Diffie-Hellman

Answer 21

Asymmetric encryption method.
Key exchange algorithm used to privately share a symmetric key between two parties.
Diffie-Hellman Ephemeral (DHE) generating different keys for each session.

Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)ephemeral keys generated
using ECC

Question 22

Steganography

Answer 22

Hides data inside other data.

Question 23

Email digital signatures

Answer 23

The sender’s private key encrypts (or signs).

The sender’s public key decrypts.

Question 24

Email encryption

Answer 24

The recipient’s public key encrypts.

The recipient’s private key decrypts.

Question 25

Web site encryption

Answer 25

The web site’s public key encrypts (a symmetric key).
The web site’s private key decrypts (a symmetric key).
The symmetric key encrypts data in the web site session.

Question 26

Signing Email with Digital Signatures

Answer 26

Lisa creates her message in an email program, such as Microsoft Outlook. Once Microsoft
Outlook is configured, all she has to do is click a button to digitally sign the message. Here is what
happens when she clicks the button:
1. The application hashes the message.
2. The application retrieves Lisa’s private key and encrypts the hash using this private key.
3. The application sends both the encrypted hash and the unencrypted message to Bart.
When Bart’s system receives the message, it verifies the digital signature using the following
steps:
1. Bart’s system retrieves Lisa’s public key, which is in Lisa’s public certificate. In some
situations, Lisa may have sent Bart a copy of her certificate with her public key. In domain
environments, Bart’s system can automatically retrieve Lisa’s certificate from a network
location.
2. The email application on Bart’s system decrypts the encrypted hash with Lisa’s public key.
3. The application calculates the hash on the received message.
4. The application compares the decrypted hash with the calculated hash.

Question 27

Encrypting Email

Answer 27

Imagine that Lisa wants to send an encrypted message to Bart. The following steps provide a
simplified explanation of the process if only asymmetric encryption is used:
1. Lisa retrieves a copy of Bart’s certificate that contains his public key.
2. Lisa encrypts the email with Bart’s public key.
3. Lisa sends the encrypted email to Bart.
4. Bart decrypts the email with his private key.

Question 28

Encrypting Email with Asymmetric and Symmetric Encryption

Answer 28

the process of sending the encrypted message
and encrypted session key, and identifies how the recipient can decrypt the data:
1. Lisa identifies a symmetric key to encrypt her email. For this example, assume it’s a
simplistic symmetric key of 53, though a symmetric algorithm like AES would use 128-bit or
larger keys.
2. Lisa encrypts the email contents with the symmetric key of 53.
3. Lisa retrieves a copy of Bart’s certificate that contains his public key.
4. She uses Bart’s public key to encrypt the symmetric key of 53.
5. Lisa sends the encrypted email and the encrypted symmetric key to Bart.
6. Bart decrypts the symmetric key with his private key.
7. He then decrypts the email with the decrypted symmetric key.

Question 29

Encrypting HTTPS Traffic with SSL or TLS

Answer 29

Simplified handshake process used with HTTPS
1. The client begins the process by requesting an HTTPS session. This could be by entering an
HTTPS address in the URL or by clicking on an HTTPS link.
2. The server responds by sending the server’s certificate. The certificate includes the server’s
public key. The matching private key is on the server and only accessible by the server.
3. The client creates a symmetric key and encrypts it with the server’s public key.
As an example, imagine that the symmetric key is 53 (though in reality it would be much more
complex). The client encrypts the session key of 53 using the web server’s public key
creating ciphertext of UcaNP@$$.
This symmetric key will be used to encrypt data in the HTTPS session, so it is sometimes
called a session key.
4. The client sends the encrypted session key (UcaNP@$$) to the web server. Only the server’s
private key can decrypt this. If attackers intercept the encrypted key, they won’t be able to
decrypt it because they don’t have access to the server’s private key.
5. The server receives the encrypted session key and decrypts it with the server’s private key.
At this point, both the client and the server know the session key.
6. All of the session data is encrypted with this symmetric key using symmetric encryption.

Question 30

Key Stretching/Salting

Answer 30

Salt the passwords with additional random bits to make them even more complex. Bcrypt. PBKDF2.

Question 31

Public Key Infrastructure (PKI)

Answer 31

Group of technologies used to request, create, manage, store, distribute, and revoke digital certificates

Question 32

Certificate Authority

Answer 32

Issues, manages, validates, and revokes

certificates

Question 33

Certificate Trust Paths and Trust Models

Answer 33

A large trust chain works like this:

• The root CA issues certificates to intermediate CAs.
• Intermediate CAs issue certificates to child CAs.
• Child CAs issue certificates to devices or end users.

Question 34

Self-Signed Certificates

Answer 34

Possible to create a CA and use self-signed certificates.
Certificates issued by this CA will not be trusted by default. If a user connects to this
web server and establishes an HTTPS session, the web browser will show an error.

Question 35

Transport Encryption

Answer 35

Secure Shell (SSH)
HTTPS (SSL/TLS methods)

Question 36

IPsec

Answer 36

IPsec - Uses HMAC for authentication and integrity
use either AES or 3DES for encryption with Encapsulating Security Payload (ESP).
When IPsec uses ESP, it encrypts the entire packet, including the original IP header, and creates an additional IP header.

Question 37

Secure Sockets Layer (SSL)

Answer 37

encryption protocol used to encrypt Internet traffic.

Requires certificates issued by certificate authorities (CAs)!!

Question 38

Transport Layer Security (TLS)

Answer 38

encryption protocol used to encrypt Internet traffic.

Requires certificates issued by certificate authorities (CAs)!!