Domain 3 - Security Architecture and Engineering (Cryptography) Flashcards
What is the Purple Machine?
It’s the Japanese version of the Enigma which they used during WW2
What is the Scytale Cipher?
Used by the Spartans, it would be a message written on paper that needs to be wrapped around a specific width of a rod to make sense.
What is the Vigenere Cipher?
Uses a grid. Key must be as long as the message. Match row of plaintext with column of key to encrypt.
What are the four goals of Cryptography?
Confidentiality, Integrity, Authentication and Nonrepudiation.
What are Symmetric Cryptosystems?
Use a shared secret key available to all users of the cryptosystem.
What are Asymmetric Cryptosystems?
Use individual combinations of public and private keys for each user.
Which Cryptosystem does not provide nonrepudiation?
Symmetric.
What is the Key Space of an Algorithm?
How many unique keys are possible (determined by it’s Bit Space).
What is a Bit Space of an Algorithm?
The number of bits within a key (128-bit etc). A bit referring to a single binary number.
What is the Kerchoff Principle?
Cryptographic systems should be secure, even if everything about how the system works is know.
What are Cryptovariables?
Another word for Cryptographic Keys.
Explain the AND operation
The AND operation checks to see whether two values are both true. 1 ^ 1 = 1
What is the symbol for the AND operation?
What operation does this symbol represent (^)?
AND
Explain the OR operation
The OR operation checks to see whether at least one of the input values are true.
Explain the NOT operation
The NOT operation reverses the value of an input variable.
What is the symbol for the NOT operation?
~ or !
What does the Modulo Function do?
Wraps around like with a ceaser cipher
What is a Nonce?
A nonce is a random number that acts as a placeholder variable (an IV is an example)
What does Zero-Knowledge proof mean?
Prove your knowledge of a fact to a third party without revealing the fact itself.
What does Split Knowledge mean?
The separation of duties and two-person control contained in a single solution is called Split Knowledge.
What is a Work Function?
You can measure the strength of a cryptographic system by measuring the effort in terms of computing power to crack a cipher.
What is the difference between a Code and a Cipher?
Code can be public knowledge like 10-4
What is a Transposition Cipher?
Transposition Ciphers use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.
What is Columnar Transposition?
FIND DEFINITION
What are Polyalphabetic substitution ciphers?
Polyalphabetic substitution ciphers use multiple alphabets in the same message to hinder decryption efforts
What does Polyalphabetic Substitution ciphers protect against?
Frequency Analysis
What is a Vernam Cipher?
A one-time pad.
What are One Time Pads also called?
Vernam Ciphers.
What is a Running Key cipher?
It’s using a commonly available book for one time pad messages
What are Running Key Ciphers also known as?
Book Ciphers
What are Book Ciphers also known as?
Running Key Ciphers.
What is a Block Cipher?
Block Ciphers operate on chunks of a message and apply the encryption algorithm to an entire message block at the same time
What is a Stream Cipher?
Stream Ciphers operate on one character or bit of a message (or data stream) at a time. The Ceasar Cipher is an example of this.
What is Confusion within the context of Cryptography?
Confusion occurs when the relationship between the plaintext and the key is so complicated (what)
What is Diffusion within the context of Cryptography?
Diffusion occurs when a chan in the plaintext results in multiple changes spread throughout the ciphertext.
Which type of Cryptography does not implement nonrepudiation?
Symmetric key cryptography
Asymmetric key algorithms are also known as?
Public Key Algorithms
Public Key Algorithms are also known as?
Asymmetric key algorithms
Which cryptosystem provides a key revocation mechanism?
Asymmetric
Which cryptosystem is faster, Symmetric or Asymmetric?
Symmetric
What is the key length of DES?
56-bit (with an additional 8 parity bits)
How many parity bits does DES use?
8
How does Cipher Block Chaining (CBC) work?
Each block of unencrypted text is XORed with the encrypted block before it.
How does Cipher Feedback Mode (CFB) work?
Cipher Feedback Mode (CFB) is the streaming cipher version of Cipher Block Chaining (CBC).
How does Output Feedback Mode (OFM) work?
Instead of XORing with previous block, it’s uses a seed value. The seed is then put through DES to provide a seed for the next block.
What is Counter Mode (CTR)?
Instead of using a seed, it uses a counter which increments with each block.
What do the E’s in Triple (DES-EEE3/EDE3) mean?
The E’s indicate where there are encryption operations.
What was IDEA developed to address?
IDEA uses a longer key than DES
Where is IDEA used?
IDEA is used in PGP
What are the unique improvements of Blowfish compared to DES and IDEA?
It has variable length keys and is much faster
What is the unique feature of Skipjack?
Is supports the escrow of encryption keys.
What is Twofish and what makes it unique?
It was a AES finalist which supports Prewhitening and Postwhitening
What is Prewhitening?
Prewitening involves XORing the plaintext with a separate subkey before the first round of encryption by Twofish.
What is Postwhitening?
Postwhitening is XORing the ciphertext after the 16th round of encryption by Twofish.
Where is Blowfish commonly used?
SSH
What is Offline Distribution?
The physical exchange of a key
What are Fair Cryptosystems Escrow approach?
The secret keys are used are divided into two or more pieces and all given to third parties.
What is the Escrowed Encryption System?
This escrow approach provides the government with the meant to decrypt ciphertext
What is the problem with Merkle-Hellman Knapsack?
It was broken in 1984
What is the Key Length of RSA?
1024 bits
What is the key length of DSA?
1024 bits
What is the key length of Elliptic Curve?
160 bits
What is the major disadvantage of El Gamal?
The algorithm doubles the length of the message it encrypts
What is a unique feature/advantage of Elliptic Curve?
A 160 bit Elliptic Curve cipher is as strong as 1024 bit RSA
Which Hashing functions are no longer suitable?
MD2, MD4 and MD5
What two components make up a Digital Signature?
Digital Signature = Message Hash + Ciphertext
With PKI, which key do you use if you want to encrypt a message?
The recipients public key
With PKI, which key do you use if you want to decrypt a message sent to you?
Your private key
With PKI, which key do you use if you want to digitally sign a message you are sending to someone else?
Your private key
With PKI, which key do you use if you want to verify the signature on a message that was sent to you?
The senders public key
What does HMAC not provide?
It does not provide nonrepudiation because it is a form of symmetric hashing.
What is a Certificate Authority (CA)?
They issue certificates (such as godaddy and verisign)
What is a Registration Authority (RA)?
RA’s assist CA’s with verifying users’ identities prior to issuing digital certificates.
What is a Certificate Revocation List (CRL)?
A list maintained by the CA containing the serial numbers of certs which have been revoked.
What is an Online Certificate Status Protocol (OSCP)?
Cuts down on the latency of a Certificate Revocation List being distributed by providing an online real-time check.
When should you encrypt an email?
When you need confidentiality
When should you hash an email?
When you want integrity
When should you digitally sign an email?
When you need confidentiality, integrity, authentication and nonrepudiation.
