Cryptography and Hashing Flashcards

1
Q

What is data at rest?

A

Inactive data that is archived such as data on a hard drive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is data in transit?

A

Data crossing the network or data that resides in memory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is data in use?

A

Data that is undergoing constant change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is symmetric encryption?

A

Encryption in which both the sender and receiver must know the same secret using a private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AES - Symmetric or Asymmetric?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DES - Symmetric or Asymmetric?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

3DES - Symmetric or Asymmetric?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IDEA - Symmetric or Asymmetric?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Blowfish - Symmetric or Asymmetric?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

RC4, RC5, RC6 - Symmetric or Asymmetric?

A

Symmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a drawback of symmetric encryption?

A

Key distribution - the more people you share the encrypted info with, the greater distribution of the secret key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Asymmetric encryption?

A

Encryption where different keys are used encrypt and decrypt data - a private key and a public key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an advantage symmetric encryption has over asymmetric?

A

It is faster since it only uses one shared secret key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is hybrid implementation?

A

Combining symmetric and asymmetric encryption. Uses asymmetric to encrypt a private key and uses symmetric to secure the bulk of the data transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is stream cipher?

A

Utilizes a keystream generator to encrypt data bit by bit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is block cipher?

A

Cipher method that breaks the input into blocks of data and performs the encryption on each block. Easier to implement and more secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Diffe-Hellman - symmetric or asymmetric ?

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

RSA - symmetric or asymmetric ?

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

ECC - symmetric or asymmetric ?

A

Asymmetric

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a digital signature?

A

Provides integrity by hashing a message and encrypting it with sender’s private key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is PGP

A

Pretty good privacy - encryption program primarily for emails using IDEA algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is GPG

A

GNU privacy guard - updated version of PGP that uses AES algorithm for encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the Diffe-Hellman algorithm used for ?

A
  • Key exhchange/distribution over an insecure network
  • Establish VPN tunnel using IPsec protocol
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Most secure symmetric algorithm?

A

AES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is key management?

A

How an organization will generate, exchange, store and use encryption keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is a good way to protect encryption keys?

A

Periodically change them like passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is a one time pad?

A

A stream cipher that encrypts plain text with a secret random key (key stream) that is the same length as the plaintext input. No pattern or mathematical formula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the draw back of a one time pad?

A

There is no such thing as a truly random number in computers. Everything is dictated by algorithm or mathematical formula

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What is PRNG?

A

Pseudo Random Number Generator - simulated random number stream generated by a computer that is used in cryptography, video games etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is Hashing?

A

One way cryptographic function that takes an input and produces a unique value which is used to confirm the integrity of a file. Can be viewed as the digital finger print of a file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is MD5?

A

Message Digest 5 - a hashing algorithm that creates a 128 bit hash value

32
Q

What is the limiting factor of MD5?

A

Since the resulting hash value is only 128 bits, it can only create a limited number of unique values.

33
Q

What is hash collision?

A

Condition that occurs when two different files create the same hash digest

34
Q

What is SHA 1?

A

Secure Hash Algorithm - creates fixed length 160 bit hash value

35
Q

What is SHA 2?

A

Successor to SHA 1 - family of algorithms that include SHA 224,256,348 and 512

36
Q

What is SHA 3?

A

Newest family of SHA that creates hashes between 224 and 512 bits

37
Q

What is RIPEMD

A

Race Integrity Primitive Evaluation Message Digest - open source hash algorithm that creates unique 160,256 or 320 bit message digest for each file

REMEMBER 160bit

38
Q

What is HMAC

A

Hash Based Message Authentication Code - uses hash algorithm to create a level of assurance as to the integrity and authenticity of a given message or file

39
Q

What are passwords in Windows stored as?

A

Hash values

40
Q

What is LANMAN or LM Hash?

A

Original version of password hashing in windows that uses DES, limited to 14 characters and is now considered obsolete

41
Q

What is NTLM Hash?

A

NT LAN Manager Hash - replacement for LM hash using RC4, released in 1993 and is also obsolete

42
Q

What is NTLMv2 Hash?

A

Replacement for NTLM Hash that uses HMAC-MD4 and is considered difficult to crack. Currently used for Windows password storing

43
Q

When should you use NTLMv2 Hash?

A

When you do not have a domain with Kerberos for authentication

44
Q

What is Pass the Hash?

A

A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plain text password

45
Q

What is a birthday attack?

A

Technique used by an attacker to find two different messages that have the same identical hash

46
Q

How would you mitigate a birthday attack?

A

Use long complex hashes such as SHA 256 SHA 512

47
Q

How would you mitigate pass the hash attack?

A
  • Use trusted OS
  • Patch/Update computers
  • Use MFA
  • Use least privilege
48
Q

What is key stretching?

A

Technique used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key.

49
Q

What is salting?

A

Adding random data into a one way cryptographic hash to help protect against password cracking techniques

50
Q

What is a nonce?

A

Once-used number added to the password to help prevent an attacker from reusing your password

51
Q

What is ECC encryption primarily used for and why?

A

Mobile Devices - because mobile phones have less processing power and ECC has a smaller key size

52
Q

What is Transitive Trust?

A

Transitive trust occurs when X trusts Y, and Y trusts Z, therefore X trusts Z.

53
Q

What is non repudiation?

A

Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.

54
Q

What is PKI?

A

Public Key Infrastructure - Entire system of hardware software policies procedures and people that is based on asymmetric encryption

55
Q

What is S/MIME?

A

Secure Multipurpose Internet Mail Extensions - a standard that provides cryptographic security for email

56
Q

What is SSL?

A

Secure Socket Layer - original cryptographic protocol for securing the web. Outdated protocol

57
Q

What is a downgrade attack and how would you mitigate it?

A

A common way to attack TLS - when a protocol is tricked into using a lower quality version of itself instead of a higher quality version. You mitigate it by configuring your webservers to not support downgraded versions.

58
Q

What is SSH?

A

Secure Shell - a protocol for creating a secure channel between two computers/devices to enable one device to control the other

59
Q

What is PPTP? What is it’s port number?

A

Point to point tunneling protocol - VPN protocol that encapsulates PPP packets and ultimately sends data as encrypted traffic

Port 1723

60
Q

What is L2TP? What is it’s port number?

A

Layer 2 Tunneling Protocol - VPN protocol for connecting two or more computers that are not on the same network thus establishing a private network between the two

Not secure on it’s own

Port 1701

61
Q

How do you secure L2TP?

A

Pair it with IPSec

62
Q

What is IPSec?

A

Protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices with this protocol

63
Q

What is IKE?

A

Internet Key Exchange - IPSec method to create a secure tunnel by encrypting the connection between authenticated peers

64
Q

What is SA?

A

Security Association - establishment of secure connections using certificates or encrypted keys

“You trust me, I trust you. We have shared info and verified our identities”

65
Q

What is an authentication header?

A

Protocol used in IPSec that provides integrity and authentication

66
Q

What is ESP?

A

Encapsulating security protocol - encapsulates and encrypts entire packets

67
Q

What is Transport Mode in IPSec?

A

Encrypts only the payload of a packet but not the header

68
Q

What is Tunnel Mode in IPSec?

A

Creates a network tunnel and encrypts the entire packets. Use this when transmitting over the internet

69
Q

An asymmetric encryption key designed to be used only for a single session or transaction is known as:

A

Ephermeral Key

70
Q

What are the characteristics of a session key?

A

Symmetric, used in a single session

71
Q

What is the weakest block cipher?

A

ECB

72
Q

Name two key stretching algorithms

A

Bcrypt, PBKDF2

73
Q

Pseudo-random data added to a password before hashing is called:

A

salt

74
Q

Name two characteristics of a session key

A

Symmetric, used in a single session

75
Q

What is the weakest form of block cipher DES?

A

ECB

76
Q

What is Homomorphic Encryption?

A

conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.

77
Q

What is Perfect Forward Secrecy?

A

situation in which security ensures that the compromising of one message will not lead to the compromising of another?