Domain 3 - Security Architecture and Engineering (Cryptography)

Question 1

What is the Purple Machine?

Answer 1

It’s the Japanese version of the Enigma which they used during WW2

Question 2

What is the Scytale Cipher?

Answer 2

Used by the Spartans, it would be a message written on paper that needs to be wrapped around a specific width of a rod to make sense.

Question 3

What is the Vigenere Cipher?

Answer 3

Uses a grid. Key must be as long as the message. Match row of plaintext with column of key to encrypt.

Question 4

What are the four goals of Cryptography?

Answer 4

Confidentiality, Integrity, Authentication and Nonrepudiation.

Question 5

What are Symmetric Cryptosystems?

Answer 5

Use a shared secret key available to all users of the cryptosystem.

Question 6

What are Asymmetric Cryptosystems?

Answer 6

Use individual combinations of public and private keys for each user.

Question 7

Which Cryptosystem does not provide nonrepudiation?

Answer 7

Symmetric.

Question 8

What is the Key Space of an Algorithm?

Answer 8

How many unique keys are possible (determined by it’s Bit Space).

Question 9

What is a Bit Space of an Algorithm?

Answer 9

The number of bits within a key (128-bit etc). A bit referring to a single binary number.

Question 10

What is the Kerchoff Principle?

Answer 10

Cryptographic systems should be secure, even if everything about how the system works is know.

Question 11

What are Cryptovariables?

Answer 11

Another word for Cryptographic Keys.

Question 12

Explain the AND operation

Answer 12

The AND operation checks to see whether two values are both true. 1 ^ 1 = 1

Question 13

What is the symbol for the AND operation?

Question 14

What operation does this symbol represent (^)?

Answer 14

AND

Question 15

Explain the OR operation

Answer 15

The OR operation checks to see whether at least one of the input values are true.

Question 16

Explain the NOT operation

Answer 16

The NOT operation reverses the value of an input variable.

Question 17

What is the symbol for the NOT operation?

Answer 17

~ or !

Question 18

What does the Modulo Function do?

Answer 18

Wraps around like with a ceaser cipher

Question 19

What is a Nonce?

Answer 19

A nonce is a random number that acts as a placeholder variable (an IV is an example)

Question 20

What does Zero-Knowledge proof mean?

Answer 20

Prove your knowledge of a fact to a third party without revealing the fact itself.

Question 21

What does Split Knowledge mean?

Answer 21

The separation of duties and two-person control contained in a single solution is called Split Knowledge.

Question 22

What is a Work Function?

Answer 22

You can measure the strength of a cryptographic system by measuring the effort in terms of computing power to crack a cipher.

Question 23

What is the difference between a Code and a Cipher?

Answer 23

Code can be public knowledge like 10-4

Question 24

What is a Transposition Cipher?

Answer 24

Transposition Ciphers use an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message.

Question 25

What is Columnar Transposition?

Answer 25

FIND DEFINITION

Question 26

What are Polyalphabetic substitution ciphers?

Answer 26

Polyalphabetic substitution ciphers use multiple alphabets in the same message to hinder decryption efforts

Question 27

What does Polyalphabetic Substitution ciphers protect against?

Answer 27

Frequency Analysis

Question 28

What is a Vernam Cipher?

Answer 28

A one-time pad.

Question 29

What are One Time Pads also called?

Answer 29

Vernam Ciphers.

Question 30

What is a Running Key cipher?

Answer 30

It’s using a commonly available book for one time pad messages

Question 31

What are Running Key Ciphers also known as?

Answer 31

Book Ciphers

Question 32

What are Book Ciphers also known as?

Answer 32

Running Key Ciphers.

Question 33

What is a Block Cipher?

Answer 33

Block Ciphers operate on chunks of a message and apply the encryption algorithm to an entire message block at the same time

Question 34

What is a Stream Cipher?

Answer 34

Stream Ciphers operate on one character or bit of a message (or data stream) at a time. The Ceasar Cipher is an example of this.

Question 35

What is Confusion within the context of Cryptography?

Answer 35

Confusion occurs when the relationship between the plaintext and the key is so complicated (what)

Question 36

What is Diffusion within the context of Cryptography?

Answer 36

Diffusion occurs when a chan in the plaintext results in multiple changes spread throughout the ciphertext.

Question 37

Which type of Cryptography does not implement nonrepudiation?

Answer 37

Symmetric key cryptography

Question 38

Asymmetric key algorithms are also known as?

Answer 38

Public Key Algorithms

Question 39

Public Key Algorithms are also known as?

Answer 39

Asymmetric key algorithms

Question 40

Which cryptosystem provides a key revocation mechanism?

Answer 40

Asymmetric

Question 41

Which cryptosystem is faster, Symmetric or Asymmetric?

Answer 41

Symmetric

Question 42

What is the key length of DES?

Answer 42

56-bit (with an additional 8 parity bits)

Question 43

How many parity bits does DES use?

Answer 43

8

Question 44

How does Cipher Block Chaining (CBC) work?

Answer 44

Each block of unencrypted text is XORed with the encrypted block before it.

Question 45

How does Cipher Feedback Mode (CFB) work?

Answer 45

Cipher Feedback Mode (CFB) is the streaming cipher version of Cipher Block Chaining (CBC).

Question 46

How does Output Feedback Mode (OFM) work?

Answer 46

Instead of XORing with previous block, it’s uses a seed value. The seed is then put through DES to provide a seed for the next block.

Question 47

What is Counter Mode (CTR)?

Answer 47

Instead of using a seed, it uses a counter which increments with each block.

Question 48

What do the E’s in Triple (DES-EEE3/EDE3) mean?

Answer 48

The E’s indicate where there are encryption operations.

Question 49

What was IDEA developed to address?

Answer 49

IDEA uses a longer key than DES

Question 50

Where is IDEA used?

Answer 50

IDEA is used in PGP

Question 51

What are the unique improvements of Blowfish compared to DES and IDEA?

Answer 51

It has variable length keys and is much faster

Question 52

What is the unique feature of Skipjack?

Answer 52

Is supports the escrow of encryption keys.

Question 53

What is Twofish and what makes it unique?

Answer 53

It was a AES finalist which supports Prewhitening and Postwhitening

Question 54

What is Prewhitening?

Answer 54

Prewitening involves XORing the plaintext with a separate subkey before the first round of encryption by Twofish.

Question 55

What is Postwhitening?

Answer 55

Postwhitening is XORing the ciphertext after the 16th round of encryption by Twofish.

Question 56

Where is Blowfish commonly used?

Answer 56

SSH

Question 57

What is Offline Distribution?

Answer 57

The physical exchange of a key

Question 58

What are Fair Cryptosystems Escrow approach?

Answer 58

The secret keys are used are divided into two or more pieces and all given to third parties.

Question 59

What is the Escrowed Encryption System?

Answer 59

This escrow approach provides the government with the meant to decrypt ciphertext

Question 60

What is the problem with Merkle-Hellman Knapsack?

Answer 60

It was broken in 1984

Question 61

What is the Key Length of RSA?

Answer 61

1024 bits

Question 62

What is the key length of DSA?

Answer 62

1024 bits

Question 63

What is the key length of Elliptic Curve?

Answer 63

160 bits

Question 64

What is the major disadvantage of El Gamal?

Answer 64

The algorithm doubles the length of the message it encrypts

Question 65

What is a unique feature/advantage of Elliptic Curve?

Answer 65

A 160 bit Elliptic Curve cipher is as strong as 1024 bit RSA

Question 66

Which Hashing functions are no longer suitable?

Answer 66

MD2, MD4 and MD5

Question 67

What two components make up a Digital Signature?

Answer 67

Digital Signature = Message Hash + Ciphertext

Question 68

With PKI, which key do you use if you want to encrypt a message?

Answer 68

The recipients public key

Question 69

With PKI, which key do you use if you want to decrypt a message sent to you?

Answer 69

Your private key

Question 70

With PKI, which key do you use if you want to digitally sign a message you are sending to someone else?

Answer 70

Your private key

Question 71

With PKI, which key do you use if you want to verify the signature on a message that was sent to you?

Answer 71

The senders public key

Question 72

What does HMAC not provide?

Answer 72

It does not provide nonrepudiation because it is a form of symmetric hashing.

Question 73

What is a Certificate Authority (CA)?

Answer 73

They issue certificates (such as godaddy and verisign)

Question 74

What is a Registration Authority (RA)?

Answer 74

RA’s assist CA’s with verifying users’ identities prior to issuing digital certificates.

Question 75

What is a Certificate Revocation List (CRL)?

Answer 75

A list maintained by the CA containing the serial numbers of certs which have been revoked.

Question 76

What is an Online Certificate Status Protocol (OSCP)?

Answer 76

Cuts down on the latency of a Certificate Revocation List being distributed by providing an online real-time check.

Question 77

When should you encrypt an email?

Answer 77

When you need confidentiality

Question 78

When should you hash an email?

Answer 78

When you want integrity

Question 79

When should you digitally sign an email?

Answer 79

When you need confidentiality, integrity, authentication and nonrepudiation.