Cryptography

Question 1

Cryptanalysis

Answer 1

Study and methods used to crack encrypted communications

Question 2

Cryptography

Answer 2

The science or study of protecting information whether in transit or at rest by using techniques to render the information unusable to anyone who does not possess the means to decrypt it.

Question 3

Plain text

Answer 3

Something you can read

Question 4

Cipher text

Answer 4

Plain text turned into something that cannot be read unless you have the proper key

Question 5

Linear Crypt-analysis

Answer 5

Linear - take blocks of encrypted text and compare them to blocks of the unencrypted text line by line. Works best on block ciphers

Question 6

Differential Crypt-analysis

Answer 6

Applicable to symmetric keys, compares differences in inputs to how each one affects the outcome

Question 7

Integral Crypt-analysis

Answer 7

Input vs output comparison running multiple computations of the same block size input

Question 8

Nonrepudiation

Answer 8

The means by which a recipient can ensure the identity of the sender and neither party can deny having sent or received the message.

Question 9

Algortithm

Answer 9

Step by step method of solving a problem. Encryption algorithms are mathematical formulas used to encrypt and decrypt data. Encryption algorithms are also known as ciphers.

Question 10

Encryption of bits methods

Answer 10

Substitution - bits are replaced by other bits

Transposition - changes the order of the bits

Question 11

Stream cipher

Answer 11

Bits are encrypted as a continuous stream, one at a time, normally using an XOR function. These work at a very high rate of speed.

Question 12

Block cipher

Answer 12

Data bits are split into blocks (commonly 64 bits at a time) and each block is encrypted with the key. Normally uses substitution and transposition in the algorithm. Slower than stream ciphers.

Question 13

XOR (Exclusive OR)

Answer 13

0 XOR 0 = 0
0 XOR 1 = 1
1 XOR 0 = 1
1 XOR 1 = 0

If the two bits match, the result is a 0 and if they don’t match the result is a 1.

Question 14

Key length

Answer 14

If the key chosen is smaller than the data, the cipher will be vulnerable to frequency attack because the key will be used repeatedly in the process.

Question 15

Symmetric Encryption

Answer 15

Also known as single key which both encrypts and decrypts. Good for bulk encryption because it is fast but key distribution is an issue. Encryption only, does not provide for integrity (nonrepudiation)
DES - block cipher uses a 56 bit key - not considered secure
3DES - block cipher uses a 168 bit key with up to 3 keys, Slower than DES but more secure
AES - block cipher that uses a key length of 128, 192 or 256 bits. Faster than DES and 3DES
IDEA - block cipher that uses a 128 bit key. Used in PGP and Europe
Twofish - block cipher that uses a key size up to 256 bits
Blowfish - block cipher uses a 64 bit block size and a key from 32 to 448 bits. Considered public domain
RC series: RC2 to RC6 - block ciphers that uses variable key length up to 2040 bits
RC4 - is a stream cipher
RC5 - variable block sizes (32, 54,128) and 2-bit working registers
RC6 - uses 128 bit blocks and 4-bit working registers

Question 16

N(N-1)/2

Answer 16

To calculate the number of keys you need to communicate with N devices.

Question 17

Asymmetric Encryption

Answer 17

Key pairs - public and private - what one key encrypts, the other key decrypts. Can also be used for integrity via hashing algorithm, What one key signs, the other key can verify the signature as valid. Slower than symmetric and is suitable for small amounts of data.
Diffie-Hellman - a key exchange protocol used in SSL and IPSEC. Vulnerable to man in the middle attacks
Elliptic Curve Cryptosystem (ECC) - uses points on an elliptical curve in conjunction with logarithms for encryption and signatures. Uses less processing power so good for mobile devices
El Gamal - Solving of discreet logarithm problems
RSA - Uses primer numbers with key sizes up to 4096 bits.

Question 18

Hash Algorithm

Answer 18

One-way mathematical function takes a variable length input and generates a fixed length message digest that acts as a signature for that data.
MD5 - 128 bits - considered insecure
SHA-1 - 160 bits - replaced by SHA-2 due to security concerns
SHA-2 - can product 224, 256, 384 and 512 bit hashes. Not widely used
SHA-3 - uses sponge construction
RIPEMD-# where the # indicates the bit length -works through 80 stages

Question 19

Hashing Attacks

Answer 19

Collision attack - when two or more different inputs result in the same identical message digest (hash)

Question 20

Don’t Use Hard Coded Keys (DUHK) attack

Answer 20

A vulnerability that allows attackers access to keys in certain VPNs. Affects devices using the ANSI X9.31 random number generator in conjunction with a hard coded seed key

Question 21

Rainbow table

Answer 21

Pre-computed list of hashes that can speed up the cracking of hashed data (signature, password, etc)

Question 22

Salt

Answer 22

Collection of random bits added to an encryption algorithm making a collision attack difficult (and rainbow tables).

Question 23

Key Escrow

Answer 23

Copies of keys stored for later use by a third party

Question 24

Steganoagraphy

Answer 24

Concealing a message inside of another medium

Question 25

How to tell if a file has been steggoed?

Answer 25

For text, character positions are key (look for text patterns, unusual blank spaces and language anomalies). Image files will be larger in size and may show weird color palette faults. Audio and video files require statistical analysis.

Question 26

Image Steganography

Answer 26

Least significant bit insertion
Masking and filtering - on gray scale images, modifying the luminescence of data parts
Algorithmic transformation - hide data in the mathematical functions used in image compression

Question 27

Steganography Tools

Answer 27

Omnihidepro, 
Masker - sticking messages into the video stream
Deepsound,
MP3stego - insert messages in audio files
Other tools: QuickStego, 
gifshuffle, 
SNOW, 
SteganographyStudio, 
OpenStego

Question 28

Registration Authority

Answer 28

Issue certificates. Usually a subordinate CA as root CAs are placed offline for security purposes.

Question 29

Trust model in PKI

Answer 29

Describes how entities within an enterprise deal with keys, signatures and certificates,
Web of Trust - entities sign certificates for one another
Single authority system - has a single CA at the top that acts as the sole registration authority
Hierarchical Trust System - has a Root CA and subordinates. The subordinates are the registration authority. Most secure of the three models.

Question 30

X.509 certificate

Answer 30

Version
Serial Number
Subject
Algorithm ID (signature algorithm)
Issuer - who created the certificate
Validity dates
Key usage
Subject's Public Key
Optional Fields

Question 31

Self-signed certificate

Answer 31

Signed by the same identity whose identity it certifies

Question 32

FIPS 186-2

Answer 32

Digital Signature Algorithms (DSA) - Federal Information Processing Standard

Question 33

Full disk encryption

Answer 33

Protect data on mobile devices or portable devices with a key needed to unlock the drive at boot
Microsoft Bitlocker, 
McCafee endpoint protection, 
Symantec Drive encryption, 
Gilisoft Full Disk Encryption

Question 34

Boot n Root attack

Answer 34

Booting from USB and a different OS to get access to a hard drive’s data

Question 35

File and folder encryption tools

Answer 35

Microsoft EFS
Veracrypt
AxCrypt
GNU Privacy Guard

Question 36

Encrypted Communication

Answer 36

Secure Shell (SSH) - a secured version of Telnet over port 22, relies on public key cryptography, can be used as a tunneling protocol,
SSH2 - more secure than SSH, includes SFTP a secure version of FTP
SSL - encrypts data at the transport layer. Uses RSA encryption and digital certificates. Being replaced by TLS - RSA algorithm of 1024 and 2048 bits, allows both the client and server to authenticate to each other
IPSEC - network layer tunnelling protocol. AH provides for integrity, ESP for encryption (transport mode the header is not encrypted, tunnel mode the entire packet is encrypted with a new header that adds the tunnel endpoints)
PGP - used for signing, compression and encrypting and decrypting emails, files, directories, and disk partitions. PGP is a hybrid cryptosystem

Question 37

SMIME

Answer 37

Standard for public key encryption and signing of MIME data (emails).

Question 38

SSL attacks

Answer 38

Heartbleed was a vulnerability in OPENSSL can be detected with NMAP
Poodle - vulnerability related to backward compatibility where sites revert back to SSL instead of using TLS. Disable use of SSLV3.0 to mitigate and implement TLS_FALLBACK_SCSV (a fake cipher suite). Also known as PoodleBleed
FREAK - man in the middle attack that forces a downgrade of an RSA key to a weaker length. Can lead top RC4 bias attacks
DROWN - HTTPS attack that allows attackers to break the encryption and read or steal sensitive communications include passwords, credit cards,trade secrets, and financial data. Disable use of SSLv2

Question 39

Cryptography Attack - Known Plain-Text Attack

Answer 39

The attacker has both plain-text and corresponding cipher-text messages - the more the better. The plain text copies are scanned for repeatable sequences.

Question 40

Cryptography Attack - Chosen Plain-Text Attack

Answer 40

The attacker encrypts multiple plain-text copies himself in order to gain the key.

Question 41

Cryptography Attack - Adaptive Chosen Plain-Text Attack

Answer 41

The attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions.

Question 42

Cryptography Attack - Cipher-text-only Attack

Answer 42

Using statistical analysis on messages encrypted using the same algorithm.

Question 43

Cryptography Attack - Replay Attack

Answer 43

Performed via man-in the-middle. Session tokens can be used to mitigate

Question 44

Cryptography Attack - Chosen Cipher Attack

Answer 44

Attempts to discern the key through comparative analysis. RSA is vulnerable to this.

Question 45

Cryptography Attack - Side Channel Attack

Answer 45

A physical attack that monitors environmental factors like power consumption, timing, and delay on the cryptographic system itself.

Question 46

Cryptography Attack - Inference Attack

Answer 46

Deriving information from the cipher text without actually decoding it.

Question 47

Cracking Tools

Answer 47

Carnivore
Magic Lantern
L0phtcrack
John the Ripper
PGPCrack
Cryptool
Cryptobench
Jipher