Cryptography

Question 1

RIPEMD

Answer 1

Hashing algorithm that is based on MD4, collisions were found so it now exists in versions of 160-bits, 256-bits, and 320-bits.

Question 2

SHA1

Answer 2

SHA (Secure Hash Algorithm): Hashing algorithm, one-way 160-bit hash value with encryption protocol. Standard hash algorithm today, went from SHA-1 (160-bit digest, deprecated) to SHA-2

Question 3

NTLM

Answer 3

creates a 128-bit fixed output

Question 4

MD-5

Answer 4

MD5 (Message-Digest Algorithm v5): Hashing algorithm, 128-bit hash with strong security, collision was found in 1996 so it is not used as much nowadays.

Question 5

AES

Answer 5

AES (Advanced Encryption Standard): Symmetric, block cipher with 128-bit blocks, key sizes of 128-bit, 192-bit and 256-bit.

Question 6

DES

Answer 6

DES (Data Encryption Standard): Symmetric, was common until replaced by AES, the block cipher is 64-bit and the key is 56-bit (very small), this means it can easily be brute forced.

Question 7

RC4

Answer 7

Symmetric, part of the original WEP standard with key sizes of 40-bit to 2048-bit. Deprecated from biased output.(predictable IV)

Question 8

RSA

Answer 8

RSA (Rivest, Shamir, Adleman): First practical use of public key cryptography, uses large prime numbers as the basis for encryption. Can generate key pairs used. In email encryption

Question 9

DSA

Answer 9

DSA (Digital Signature Algorithm): Standard for digital signatures

Question 10

Twofish

Answer 10

Twofish: Symmetric, uses a very complex key structure up to 256-bits but still similar to predecessor, works using 128-bit blocks. Again, not limited by patents.

Question 11

Blowfish

Answer 11

Blowfish: Symmetric, fast and has variable key-lengths from 1-bit to 448-bits, uses 64-bit block cipher. Not limited by patents.

Question 12

DHE

Answer 12

Diffie-Hellman: An asymmetric standard for exchanging keys. Primarily used to send private keys over public (unsecured) networks.

Question 13

TPM

Answer 13

A Trusted Platform Module (TPM) is a hardware chip on a motherboard and provides a local secure boot process. A TPM includes an encryption key burned into the CPU, which provides a hardware root of trust. stores cryptographic keys used for encryption.
A TPM supports secure boot and attestation processes.

Question 14

HSM

Answer 14

Hardware security module. A removable or external device that can generate, store, and manage RSA keys used in asymmetric encryption.

Question 15

Decryptor

Answer 15

Devices used to create separate SSL (or TLS) sessions. They allow other security devices to examine encrypted traffic sent to and from the Internet.

Question 16

SSL/TLS accelerator

Answer 16

Devices used to handle TLS traffic. Servers can off-load TLS traffic to improve performance.

Question 17

3DES

Answer 17

DES: Symmetric, very secure and upgrade over DES with three separate keys and three passes over data. Not used in modern day either.

Question 18

ECC

Answer 18

Elliptic curve cryptography (ECC): Asymmetric, uses smaller key sizes and curve algorithms to secure data, useful in portable devices because it uses less CPU power.

Question 19

PGP

Answer 19

Pretty Good Privacy (PGP) is a method used to secure email communication.communication. It can encrypt, decrypt, and digitally sign email.Just like S/MIME, PGP uses both asymmetric and symmetric encryption.

Question 20

GPG

Answer 20

GPG (GNU Privacy Guard): A free, open-source version of OpenPGP that provides equivalent encryption and authentication services.

Question 21

remote attestation

Answer 21

A remote attestation process works like the secure boot process. However, instead of checking the boot files against the report stored in the TPM, it uses a separate system. when the TPM is configured, it captures the signatures of key files, but sends this report to a remote system.

Question 22

S/MIME

Answer 22

Secure/Multipurpose Internet Mail Extensions(S/MIME) is one of the most popular standards used to digitally sign and encrypt email. Most email applications that support encryption and digital signatures use S/MIME standards.S/MIME uses RSA for asymmetric encryption and AES for symmetric encryption.

Question 23

ECB

Answer 23

The Electronic Codebook (ECB) mode of operation is the simplest cipher mode mentioned in this section. Algorithms that use ECB divide the plaintext into blocks and then encrypt each block using the same key.The Electronic Codebook (ECB) mode of operation is deprecated and should not be used.

Question 24

(CBC)

Answer 24

Counter Block Chain mode is used by some symmetric block ciphers. It uses an IV for randomization when encrypting the first block. It then combines each subsequent block with the previous block using an XOR operation. (less efficient than some other modes)

Question 25

(CTM/CTR/CM)

Answer 25

Counter mode effectively converts a block cipher into a stream cipher. It combines an IV with a counter and uses the result to encrypt eachplaintext block. Each block uses the same IV, but CTM combines it with the counter value, resulting in a different encryption key for each block.

Question 26

GCM

Answer 26

Galois/Counter Mode (GCM) is a mode of operation used by many block ciphers. It combines the Counter mode of operation with the Galois mode of authentication. Note thatit doesn’t authenticate users or systems, but instead provides data authenticity (integrity) and confidentiality.

Question 27

PGP/GPG

Answer 27

Pretty Good Privacy (PGP) is a method used to secure email communication. It can encrypt, decrypt, and digitally sign email.GNU Privacy Guard (GPG) is free software that is based on the OpenPGP standard.Each of the PGP versions uses the RSA algorithm and public and private keys for encryption and decryption. Just like S/MIME, PGP uses both asymmetric and symmetric encryption.

Question 28

SHA 2

Answer 28

SHA-2 improved SHA-1 to overcome potential weaknesses. It includes four versions. SHA-256 creates 256-bit hashes and SHA-512 creates 512-bit hashes. SHA-224 (224-bit hashes) and SHA-384 (384-bit hashes) create truncated versions of SHA-256 and SHA- 512, respectively.

Question 29

MD4

Answer 29

It implements a cryptographic hash function for use in message integrity checks. The digest length is 128 bits.