Cryptography

Question 1

MD5

Answer 1

MD5

• Hashing algorithm
• 128-bit hash
• Cracked
• Used to verify integrity of files

Question 2

SHA

-Types

Answer 2

SHA
Secure Hash Algorithm
-Integrity
-SHA-1: 160-bit hash
-SHA-2: 256 bit most popular, up to 512-bit hash
-SHA-3: same sizes as SHA-2 (up to 512-bit hash). Non-NSA

Question 3

HMAC

• What is it
• What does it provide
• What uses it

Answer 3

HMAC
Hash-Based Message Authentication Code
-Integrity and authenticity
-Combine hash plus secret key (ic, HMAC-MD5,HMAC-SHA1)
-Integrity and authenticity
-IPSec and TLS use

Question 4

RIPEMD

Answer 4

RIPEMP

• Family of hashing functions
• For integrity
• RIPEMPD-128 (not secure)
• RIPEMD-160: 160-bit hash
• RIPEMD-256
• RIPEMD-320

Question 5

Key Stretching

• What is it
• What can it prevent
• Specific techniques

Answer 5

Key Stretching

• Make a weak key stronger
• Add salt with additional random bits
• Repeatedly hashing
• Can thwart brute force and rainbow table attacks
• bcrypt and PBKDF2 are key-stretching techniques

Question 6

bcrypt

• What is it
• What does it do
• What does it result in
• Where is it used

Answer 6

bcrypt

• Key-stretching technique for passwords
• Salts, then encrypts with Blowfish
• Can repeat multiple times
• Result is 60 character string
• Used in linux

Question 7

PBKDF2

• What is it
• What does it do
• What does it result in
• Where is it used

Answer 7

PDKDF2
Password Based Key Derivation Function 2
-Key-stretching technique for passwords
-Salts of at least 64 bits
-Hash with HMAC
-May repeat a million times
-Results in 128, 256, 512 bit hash
-Used in WPA2, iOS, Cisco
-May be weaker than bcrypt

Question 8

ECB

Answer 8

ECB
Electronic Code Book
-A cypher mode
-Simplest encryption mode
-Each block encrypted with same key (same plaintext block creates same ciphertext)
-Deprecated

Question 9

CBC

Answer 9

CBC
Cipher Block Chaining
-A cypher mode
-Each plaintext block XOR'ed with previous ciphertext block
-Initialization vector for first block
-Adds randomization

Question 10

CTR

Answer 10

CTR

• Counter Mode
• A cypher mode
• Converts block cypher into stream cypher
• Combines IV with counter so every block gets different encryption key
• Encrypts successive values of counter
• Widely used and respected

Question 11

GCM

-What uses it?

Answer 11

GCM
Galois/Counter Mode
-A cypher mode
-Encryption with authentication
-Counter mode plus Galois authentication
-Commonly used with in packetized data (wireless, IPSec, SSH, TLS)

Question 12

Elliptic Curve Cryptography (ECC)

• What is it
• What is it used for

Answer 12

Elliptic Curve Cryptography (ECC)

• Asymmetric encryption algorithm
• Encryption, digital signatures, pseudo-random generators
• Less processing power, good for wireless devices
• Deprecated

Question 13

Stream Cipher

Answer 13

Stream Cipher

• Used with symmetric encryption (not asymmetric)
• One bit or byte at a time
• High speed, low hardware complexity
• Starting state should never be the same - combine key with IV

Question 14

Block Cipher

Answer 14

Block Cipher

• Symmetric encryption
• Encrypt fixed-length groups

Question 15

Digital Signature

• What does it provide
• Which keys are used by sender and receiver
• Steps to send/receive digital signature

Answer 15

Digital Signature

• Integrity
• Authentication
• Non-repudiation
• Sender uses sender’s private key
• Recipient uses sender’s public key

Steps

• Sender creates hash of message
• Sender encrypts hash with sender’s private key
• Sender sends encrypted has and plaintext
• Recipient decrypts hash with sender’s public key
• Recipient hashes plaintext and compares to decrypted hash

Question 16

PFS

Answer 16

PFS
Prefect Forward Secrecy
-Ephemeral keys (good for one session)
-Elliptic Curve or Diffie-Hellman ephemeral

Question 17

AES

• What is it
• What uses it
• Is it good

Answer 17

AES
Advanced Encryption Standard
-Symmetric encryption algorithm
-128-bit block cipher
-128, 192, 256-bit keys
-Used in WPA2
-Strong, fast, efficient

Question 18

DES

• What is it
• What uses it
• Is it good

Answer 18

DES
Data Encryption Standard
-Symmetric encryption algorithm
-64-bit block cypher
-56-bit key (small)
-Nothing today uses
-Not good. Easily brute forced

Question 19

3DES

• What is it
• What uses it
• Is it good

Answer 19

3DES
Triple DES
-Symmetric encryption algorithm
-DES encryption three times with three different keys
-Nothing today uses
-Not good anymore
-Superseded by AES

Question 20

RC4

• What is it
• What uses it
• Is it good

Answer 20

RC4
Rivest Cipher 4
-Symmetric encryption algorithm
-Symmetric stream cipher
-Was used in WEP and SSL
-Cracked; Not used anymore

Question 21

Blowfish

• What is it
• What uses it
• Is it good
• Block size
• Key size

Answer 21

Blowfish

• Symmetric encryption algorithm
• 64-bit block cipher
• Key up to 448 bits
• Open source: Not limited by patents
• No way to break 16 rounds of encryption
• Faster than AES due to smaller block size
• strong

Question 22

Twofish

• What is it
• What uses it
• Is it good
• Block size
• Key size

Answer 22

Twofish

• Symmetric block encryption algorithm
• Successor to Blowfish
• 128-bit block size
• Key up to 256 bits
• Open source: not limited by pattents

Question 23

Diffie-Hellman

Answer 23

Diffie-Hellman

• Key exchange method for asymmetric keys
• Does not encrypt or authenticate
• Privately share symmetric key
• RSA uses for static keys
• Used for Perfect Forward Secrecy (PFS)
• Ephemeral DH (EDH or DHE)
• Combine with Elliptical Curve (ECDHE)

Question 24

RSA

Answer 24

RSA

• Asymmetric encryption with public/private key
• Static keys
• Public domain
• Encrypt email: recipient’s public key encrypts symmetric key; recipient’s private key decrypts

Question 25

DSA

Answer 25

DSA
Digital Signature Algorithm
-Asymmetric encryption
-Modifies Diffie-Hellman
-Can combine with Elliptical Curve (ECDSA)
-Fast and efficient digital signatures

Question 26

S/MIME

-What does it use (two things)?

Answer 26

S/MIME
Secure Email
-RSA for asymmetric encryption
-AES for symmetric encryption

Question 27

CSR

Answer 27

CSR

Certificate Signing Request

Question 28

CRL

Answer 28

CRL

Certificate Revocation List

Question 29

Certificate Stapling

Answer 29

Certificate Stapling

• Haver certificate holder verify their own certificate’s status so client doesn’t have to ask
• Appends signed OCSP status to certificate

Question 30

Public Key Pinning

Answer 30

Public Key Pinning

-Web server sends list of public key hashes that clients can use to validate certificates

Question 31

PGP

Answer 31

PGP
Pretty Good Privacy
-Asymmetric encryption

Question 32

CER

Answer 32

CER
Canonical Encoding Rules
-Format for PKI certificates
-ASCII
-P7B is common format used to share public keys

Question 33

DER

Answer 33

DER
Distinguished Encoding Rules
-Format for PKI certificates
-Base64 binary encoded
-P12 is common format used to hold encrypted private keys

Question 34

OCSP

Answer 34

OCSP
Online Certificate Status Protocol
-Alternative to CRL
-Client queries CA for status in real-time
-stapling makes it so clients don’t have to keep querying CA

Question 35

ECDSA

Answer 35

ECDSA

Elliptical Curve Digital Signature Algorithm

Question 36

IDEA

Answer 36

IDEA
International Data Encryption Algorithm
-Broken
-symmetric-key block cipher