Cryptography and Hashing

Question 1

What is data at rest?

Answer 1

Inactive data that is archived such as data on a hard drive

Question 2

What is data in transit?

Answer 2

Data crossing the network or data that resides in memory

Question 3

What is data in use?

Answer 3

Data that is undergoing constant change

Question 4

What is symmetric encryption?

Answer 4

Encryption in which both the sender and receiver must know the same secret using a private key

Question 5

AES - Symmetric or Asymmetric?

Answer 5

Symmetric

Question 6

DES - Symmetric or Asymmetric?

Answer 6

Symmetric

Question 7

3DES - Symmetric or Asymmetric?

Answer 7

Symmetric

Question 8

IDEA - Symmetric or Asymmetric?

Answer 8

Symmetric

Question 9

Blowfish - Symmetric or Asymmetric?

Answer 9

Symmetric

Question 10

RC4, RC5, RC6 - Symmetric or Asymmetric?

Answer 10

Symmetric

Question 11

What is a drawback of symmetric encryption?

Answer 11

Key distribution - the more people you share the encrypted info with, the greater distribution of the secret key

Question 12

What is Asymmetric encryption?

Answer 12

Encryption where different keys are used encrypt and decrypt data - a private key and a public key

Question 13

What is an advantage symmetric encryption has over asymmetric?

Answer 13

It is faster since it only uses one shared secret key

Question 14

What is hybrid implementation?

Answer 14

Combining symmetric and asymmetric encryption. Uses asymmetric to encrypt a private key and uses symmetric to secure the bulk of the data transfer

Question 15

What is stream cipher?

Answer 15

Utilizes a keystream generator to encrypt data bit by bit

Question 16

What is block cipher?

Answer 16

Cipher method that breaks the input into blocks of data and performs the encryption on each block. Easier to implement and more secure

Question 17

Diffe-Hellman - symmetric or asymmetric ?

Answer 17

Asymmetric

Question 18

RSA - symmetric or asymmetric ?

Answer 18

Asymmetric

Question 19

ECC - symmetric or asymmetric ?

Answer 19

Asymmetric

Question 20

What is a digital signature?

Answer 20

Provides integrity by hashing a message and encrypting it with sender’s private key

Question 21

What is PGP

Answer 21

Pretty good privacy - encryption program primarily for emails using IDEA algorithm

Question 22

What is GPG

Answer 22

GNU privacy guard - updated version of PGP that uses AES algorithm for encryption

Question 23

What is the Diffe-Hellman algorithm used for ?

Answer 23

• Key exhchange/distribution over an insecure network
• Establish VPN tunnel using IPsec protocol

Question 24

Most secure symmetric algorithm?

Answer 24

AES

Question 25

What is key management?

Answer 25

How an organization will generate, exchange, store and use encryption keys

Question 26

What is a good way to protect encryption keys?

Answer 26

Periodically change them like passwords

Question 27

What is a one time pad?

Answer 27

A stream cipher that encrypts plain text with a secret random key (key stream) that is the same length as the plaintext input. No pattern or mathematical formula

Question 28

What is the draw back of a one time pad?

Answer 28

There is no such thing as a truly random number in computers. Everything is dictated by algorithm or mathematical formula

Question 29

What is PRNG?

Answer 29

Pseudo Random Number Generator - simulated random number stream generated by a computer that is used in cryptography, video games etc

Question 30

What is Hashing?

Answer 30

One way cryptographic function that takes an input and produces a unique value which is used to confirm the integrity of a file. Can be viewed as the digital finger print of a file

Question 31

What is MD5?

Answer 31

Message Digest 5 - a hashing algorithm that creates a 128 bit hash value

Question 32

What is the limiting factor of MD5?

Answer 32

Since the resulting hash value is only 128 bits, it can only create a limited number of unique values.

Question 33

What is hash collision?

Answer 33

Condition that occurs when two different files create the same hash digest

Question 34

What is SHA 1?

Answer 34

Secure Hash Algorithm - creates fixed length 160 bit hash value

Question 35

What is SHA 2?

Answer 35

Successor to SHA 1 - family of algorithms that include SHA 224,256,348 and 512

Question 36

What is SHA 3?

Answer 36

Newest family of SHA that creates hashes between 224 and 512 bits

Question 37

What is RIPEMD

Answer 37

Race Integrity Primitive Evaluation Message Digest - open source hash algorithm that creates unique 160,256 or 320 bit message digest for each file

REMEMBER 160bit

Question 38

What is HMAC

Answer 38

Hash Based Message Authentication Code - uses hash algorithm to create a level of assurance as to the integrity and authenticity of a given message or file

Question 39

What are passwords in Windows stored as?

Answer 39

Hash values

Question 40

What is LANMAN or LM Hash?

Answer 40

Original version of password hashing in windows that uses DES, limited to 14 characters and is now considered obsolete

Question 41

What is NTLM Hash?

Answer 41

NT LAN Manager Hash - replacement for LM hash using RC4, released in 1993 and is also obsolete

Question 42

What is NTLMv2 Hash?

Answer 42

Replacement for NTLM Hash that uses HMAC-MD4 and is considered difficult to crack. Currently used for Windows password storing

Question 43

When should you use NTLMv2 Hash?

Answer 43

When you do not have a domain with Kerberos for authentication

Question 44

What is Pass the Hash?

Answer 44

A technique that allows an attacker to authenticate to a remote server or service by using the underlying NTLM or LM hash instead of requiring the associated plain text password

Question 45

What is a birthday attack?

Answer 45

Technique used by an attacker to find two different messages that have the same identical hash

Question 46

How would you mitigate a birthday attack?

Answer 46

Use long complex hashes such as SHA 256 SHA 512

Question 47

How would you mitigate pass the hash attack?

Answer 47

• Use trusted OS
• Patch/Update computers
• Use MFA
• Use least privilege

Question 48

What is key stretching?

Answer 48

Technique used to make a possibly weak key, typically a password or passphrase, more secure against a brute-force attack by increasing the resources it takes to test each possible key.

Question 49

What is salting?

Answer 49

Adding random data into a one way cryptographic hash to help protect against password cracking techniques

Question 50

What is a nonce?

Answer 50

Once-used number added to the password to help prevent an attacker from reusing your password

Question 51

What is ECC encryption primarily used for and why?

Answer 51

Mobile Devices - because mobile phones have less processing power and ECC has a smaller key size

Question 52

What is Transitive Trust?

Answer 52

Transitive trust occurs when X trusts Y, and Y trusts Z, therefore X trusts Z.

Question 53

What is non repudiation?

Answer 53

Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity, so neither can later deny having processed the information.

Question 54

What is PKI?

Answer 54

Public Key Infrastructure - Entire system of hardware software policies procedures and people that is based on asymmetric encryption

Question 55

What is S/MIME?

Answer 55

Secure Multipurpose Internet Mail Extensions - a standard that provides cryptographic security for email

Question 56

What is SSL?

Answer 56

Secure Socket Layer - original cryptographic protocol for securing the web. Outdated protocol

Question 57

What is a downgrade attack and how would you mitigate it?

Answer 57

A common way to attack TLS - when a protocol is tricked into using a lower quality version of itself instead of a higher quality version. You mitigate it by configuring your webservers to not support downgraded versions.

Question 58

What is SSH?

Answer 58

Secure Shell - a protocol for creating a secure channel between two computers/devices to enable one device to control the other

Question 59

What is PPTP? What is it’s port number?

Answer 59

Point to point tunneling protocol - VPN protocol that encapsulates PPP packets and ultimately sends data as encrypted traffic

Port 1723

Question 60

What is L2TP? What is it’s port number?

Answer 60

Layer 2 Tunneling Protocol - VPN protocol for connecting two or more computers that are not on the same network thus establishing a private network between the two

Not secure on it’s own

Port 1701

Question 61

How do you secure L2TP?

Answer 61

Pair it with IPSec

Question 62

What is IPSec?

Answer 62

Protocol that authenticates and encrypts IP packets and effectively securing communications between computers and devices with this protocol

Question 63

What is IKE?

Answer 63

Internet Key Exchange - IPSec method to create a secure tunnel by encrypting the connection between authenticated peers

Question 64

What is SA?

Answer 64

Security Association - establishment of secure connections using certificates or encrypted keys

“You trust me, I trust you. We have shared info and verified our identities”

Question 65

What is an authentication header?

Answer 65

Protocol used in IPSec that provides integrity and authentication

Question 66

What is ESP?

Answer 66

Encapsulating security protocol - encapsulates and encrypts entire packets

Question 67

What is Transport Mode in IPSec?

Answer 67

Encrypts only the payload of a packet but not the header

Question 68

What is Tunnel Mode in IPSec?

Answer 68

Creates a network tunnel and encrypts the entire packets. Use this when transmitting over the internet

Question 69

An asymmetric encryption key designed to be used only for a single session or transaction is known as:

Answer 69

Ephermeral Key

Question 70

What are the characteristics of a session key?

Answer 70

Symmetric, used in a single session

Question 71

What is the weakest block cipher?

Answer 71

ECB

Question 72

Name two key stretching algorithms

Answer 72

Bcrypt, PBKDF2

Question 73

Pseudo-random data added to a password before hashing is called:

Answer 73

salt

Question 74

Name two characteristics of a session key

Answer 74

Symmetric, used in a single session

Question 75

What is the weakest form of block cipher DES?

Answer 75

ECB

Question 76

What is Homomorphic Encryption?

Answer 76

conversion of data into ciphertext that can be analyzed and worked with as if it were still in its original form.

Question 77

What is Perfect Forward Secrecy?

Answer 77

situation in which security ensures that the compromising of one message will not lead to the compromising of another?