Domain 5 - Cryptography Flashcards

Question

Cryptology

Answer 1

Science that deals with hidden, disguised, or encrypted communications.

Answer 2

Occurs when a hash function generates the same output for different inputs.

Answer 3

Represents the total number of possible values of keys in a cryptographic algorithm or other security measure. such as a password.

Answer 4

Time and effort required to break a protective measure.

Answer 5

Initialization Vector Non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.

Answer 6

Action of changing a message into another format through the use of a code. Often done by taking a plaintext message and converting it into a format that can be transmitted via radio or some other medium, and is used for message integrity.

Answer 7

Reverse process of encoding - converting the encoded message back into its plaintext format.

Answer 8

AKA Permutation Process of reordering the plaintext to hide the message.

Answer 9

Process of exchanging one letter or byte for another.

Answer 10

Process described by Claude Shannon and used in most block ciphers to increase strength. Most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process.

Answer 11

Provided my mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.

Answer 12

Mixing up the location of the plaintext throughout the ciphertext. Using transposition, the location of the 1st character of the plaintext may change several times during the encryption process.

Answer 13

Important Consideration All Cryptography used to design algorithms where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext. Feature of strong-hashing algorithms.

Answer 14

Stream & Block Stream is bit-by-bit encryption, most common with streaming applications. WEP uses this. Block - encrypts in blocks. Used in newer cryptography implements such as AES

Answer 15

Exclusive OR Very fast mathematical operation used in stream ciphers.

Answer 16

Stream is bit-by-bit encryption, most common with streaming applications. WEP uses this Relies primary on substitution More commonly implemented in hardware.

Answer 17

Operates on blocks or chunks of text. As plaintext is fed through cryptosystem, it's divided into blocks of a preset size..usually 64b, 128b, 192b, etc Uses combination of substitution and transposition More computationally intensive and usually more expensive to implement compared to Stream Based. More commonly implemented in software.

Answer 18

``` ECB - Electronic Code Book CBC - Cipher Block Chaining CFB - Cipher Feedback OFB - Output Feedback CTR - Counter ```

Answer 19

Electronic Code Book (Block Cipher) Most Basic How? Each block is ciphered independently, Use? Any file with non-repeating blocks (less than 64b), such as DES

Answer 20

Cipher Block Chaining (Block Cipher) How? Result of a block of encrypting data is fed back into the process to encrypt the next block of data. Use? Data at rest

Answer 21

Cipher Feedback (Stream Cipher) How? Cipher is used as a keystream generator rather than for confidentiality. Each keystream comes from previous block. Use? N/A - Retired due to the delay imposed by encrypting each block of keystream before proceeding.

Answer 22

Output Feedback (Stream Cipher) How? Keystream is generated independently of the message. Use? N/A - Retired due to Avalanche problems. Was used in Pay-Per-Views apps.

Answer 23

Counter (Stream Cipher) How? Uses the formula Encrypt (Base+N) as a keystream generator where Base is a starting 64 bit number and N is a simple, incrementing function. Use? Where High Speed or Random Access Encryption is needed. Examples include WPA2 and the Content Scrambling System.

Answer 24

Initialization Vector Arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. 24-bit key used along with a WEP key of 40-bit, making the sum to be 64-bit USED ONLY ONCE

Answer 25

Arbitrary number used as the IV.

Answer 26

1. Symmetric - AKA Secret Key Encryption uses only 1 key 2. Asymmetric - AKA Public Key Encryption - uses two keys (public and private). Public is used for encryption and private is used for decryption.

Answer 27

Data Encryption Standard First Encryption Standard recommended by NIST. 64-bit key size 64-bit block size NOT Secure

Answer 28

Triple Data Encryption Standard 192-bit key size 64-bit block size Slower than other Block Cipher Methods.

Answer 29

Variable Key Size (8-128b) 64-bit Block Cipher Not Secure because of related-key attack

Answer 30

Variable Key Sizes (32 - 448b) Default is 128 64-bit block cipher Unpatented and Free

Answer 31

Advanced Encryption Standard (Block Cipher) Variable Key Length (128, 192, 256 bits) Default is 256 Encrypts 128-bit data blocks in 10, 12, 14 rounds depending on key size. Fast, Flexible

Answer 32

Block Cipher derived from RC5 128 -bit Block Size Key Sizes of 128, 192, 256 bits

Answer 33

Message Digest, or just Digest Hash Value Small representation of a larger message. Used to ensure authentication, integrity of information, not confidentiality.

Answer 34

1. Easy to Compute for any message 2. Infeasible to generate a hashed message 3. infeasible to modify message without modifying hash 4. Infeasible to find 2 different message with same hash.

Answer 35

Message Digest Hash Functions used to create message digests for digital signatures. MD2 - 128-bit message using 128-bit block, through 18 rounds of operation. Still used in certain PKI enviroments. MD4 - 128-bit message using 512-bit block, through 3 rounds of operations. Popular for File sharing and synchronization applications. MD5 - 512-bit block generating 128-bit MD as well, over 4 rounds of operation.

Answer 36

Secure Hash Algorithm, V 0, 1, and 2 Collection of hash functions created by US gov't. SHA-0 is retired SHA-1 uses a block size of 512b to create a message of 160b through 80 rounds of operation. Susceptible to Bday Attacks. SHA-2 MD are either 224, 256, 384, 512b in length. SHA-224 and SHA-256 uses block lengths of 512bits SHA-384 and SHA-512 uses block lengths of 1024bits

Answer 37

Highly Flexible and configurable Hash Function Hashes can be 128, 160, 192, 224, and 256 bits and use a fixed block size of 128 with 3, 4, or 5 rounds of operation. l

Answer 38

Hash Function Produces 160-bit MD using 512-bit block size. Not patented Created in Europe

Answer 39

Brute-Force | Cyptanalysis

Answer 40

Art and Science of defeating cryptographic systems and gaining access to encrypted message even when the keys are unknown. Responsible for creating Rainbow Tables.

Answer 41

Pre-computed tables or lists used in cracking password hashes. And Open Source version is called Cain and Abel.

Answer 42

Fights against Rainbow Tables Made of random bits and is an input to the one-way hash function with the target plaintext as the only other input. Salt is stored in the resulting hash.

Answer 43

To defend against dictionary attacks and against pre-computed rainbow tables.

Answer 44

Means using a different channel to transmit the keys. Used in Symmetric Cryptography.

Answer 45

Advantages include: Speed, Secure, Cheap Disadvantages: Key Management Issue, Limitation that algorithm doesn't provide benefits past confidentiality.

Answer 46

COUNTER MODE WITH CIPHER BLOCK CHAINING MESSAGE AUTHENTICATION CODE Encryption Protocol based on AES using CTR with CBC-MAC. Uses 128-b key and 128-b block size

Answer 47

Message Integrity Code Provides data origin authentication and data integrity for the packet payload data.

Answer 48

International Data Encryption Algorithm

Answer 49

Feistel-Type Block Cipher

Answer 50

Secure and Fast Encryption Routine Patent-Free Variation of SAFER is used as a block cipher in Bluetooth

Answer 51

Symmetrical algorithm. Very Fast Key Sizes from 23- 448 S-boxes are stored for later use.

Answer 52

Upgrade of Blowfish

Answer 53

Fast and Secure

Answer 54

Stream-Based Cipher Most widely used stream cipher.

Answer 55

n(n-1) / 2

Answer 56

Used for secure data transmission. Slow. Uses Prime Numbers Commonly used to encrypt shared keys for symmetric key cryptography. 1. Brute Force - Trying all possible private keys 2. Mathematical Attacks - factoring the product of two prime numbers 3. Timing Attack - measuring the running time of decryption

Answer 57

Key Exchange Algorithm Does NOT provide confidentiality. Enables two users to exchange or negotiate a secret symmetric key that will be used for encryption.

Answer 58

Cryptographic algorithm based on Diffie-Hellmann, but includes confidential and digital signatures services.

Answer 59

Elliptic Curve Cryptography Used on smart cards, wireless, and other applications. Provides confidentiality, digital signatures, and message authentication.

Answer 60

MAC AKA cryptographic checksum Small block of data that is generated using a secret key and then appended to the message. Receiver can decrypt the data and ensure the data has not changed. Slow when based on DES

Answer 61

1. Much smaller than the message generating it. 2. Impractical to compute the message that generated it. 3. Impractical to find another message generating same MAC.

Answer 62

Provides cryptographic strength similar to hashing, except is has additional protection because of a secret key, but is fast.

Answer 63

One way hash of data and then uses private key to encrypt the hash. That has, along with other information is the digital signature. High quality non-repudiation

Answer 64

Service that ensures that the sender cannot deny a message was sent and the integrity of the message in intact.

Answer 65

Digital Signatures | PKI

Answer 66

When the receiver decrypts the digital signature with the sender's public key, it confirms integrity but not ownership of private key. A CA is used to provide association between private key and sender for non-repudiation.

Answer 67

Cryptanalytic Attack Attacker knows the algorithm used for encrypting, and may have access to machine used for encrypting.

Answer 68

Cryptanalytic Attack AKA Side Channel Attack Attacker measures the exact execution times and power required by the crypto device.

Answer 69

Cryptanalytic Attack Known plaintext attack, uses linear approximation to describe the behavior of the block cipher.

Answer 70

Cryptanalytic Attack Release on block ciphers exhibiting a high degree of mathematical structure.

Answer 71

1. Hash each plaintext until a matching hash is found. 2. Hash each plaintext but store each generated hash in a table that can be used as a lookup table so hashes do not need to be generated again.

Answer 72

Cryptanalytic Attack Loopup table of sorted hash outputs.

Answer 73

Cryptanalytic Attack One of the most difficult attacks as the attacker just has some unintelligible data that he suspects may be an important encrypted message.

Answer 74

States that available computing power doubles every 18 months.

Answer 75

Attacker has access to both the ciphertext and the plaintext versions of the same message. Goal of this type of attack is to find the link...the cryptographic key that was used to encrypt the message.

Answer 76

Attacker has access to the decryption device or software and is attempting to defeat the cryptographic protection by decrypting chosen pieces of ciphertext to discover the key.

Answer 77

Idea that it's easier to find two messages that has to the same message digest than to match a specific message and its specific message digest.

Answer 78

Use a hash algorithm with twice the MD length as the desired work factor.

Answer 79

Most commonly used against password files. Encrypts all words in the dictionary and then check whether the resulting hash matches an encrypted password stored in the SAM File.

Answer 80

Attack meant to disrupt and damage processing by the attacker sending repeated files to the host.

Answer 81

Aimed at RSA Algorithm, attempts to find the keys through solving the factoring of these numbers.

Answer 82

One of the most common. Act of reverse engineering something to find any vulnerabilities or gain crucial information about the operations of the algorithm.

Answer 83

Common and Popular because they are easy and reliable on system elements outside of the algorithm. 1. Side-Channel Analysis - Passive and rely on physical attribute 2. Fault Analysis - Attempts to force system into an error state. 3. Probing Attacks - Attempts to watch the circuity.

Answer 84

Set of 'Good Faith' Conditions that may temporarily or indefinitely protect the organization from the penalties of a new law or regulation.

Answer 85

FEDERAL INFORMATION SECURITY MANAGEMENT ACT Mandates use of specific actions, standards, and requirements for agencies to ensure sensitive information and vital mission services are not disrupted, distorted, or disclosed to improper individuals.

Answer 86

PUBLIC KEY INFRASTRUCTURE Set of system, software, and communication protocols required to use, manage, and control public key cryptography.

Answer 87

1. Publish Public Keys/Certificates 2. Certify that a key is tied to an individual or entity 3. Provide verification of the validity of a public key.

Answer 88

1. Setting up a trusted public directory of keys | 2. Use of Public Key Certificates

Answer 89

Size of Key | Secrecy of the Key

Answer 90

1. CRL (Certificate Revocation List | 2. OCSP (Online Certificate Status Protocol

Answer 91

Concept that a cryptographic system should be designed to be secure, even if all its details, except for the key, are publicly known

Answer 92

Extensible Markup Language Flexible data framework that allows applications to communicate on the internet. Preferred infrastructure of e-commerce.

Answer 93

XML Key Management Specifications Defines protocols for distributing and registering public keys

Answer 94

Simplicity

Answer 95

S/MIME | PGP

Answer 96

Randomness intrinsically generated by the computer.

Answer 97

Random Number Generators Special purpose built hardware and software to implement random numbers.

Answer 98

To making the cost of breaking the key worth more than the information being protected.

Answer 99

Key Encrypting Keys Solution to protect session key with a special purpose long-term use key. This encrypts a symmetric key.

Answer 100

Key wrapping.

Answer 101

KDC - Key Distribution Center 2 Types of keys, Master Key and Session Key

Answer 102

Process of ensuring a third party maintains a copy of a private key or key needed to decrypt information

Answer 103

Web of Trust Concept used in PGP, GnuP, and other OpenPGP compatible systems to establish the authenticity of the binding between a public key and its owner.

Answer 104

Suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encrypting. Mandatory in IPv6 2 Modes: Standard: Only authenticates hosts with one another. Non-standard: Forces users to authenticate.

Answer 105

Authentication Header Used to prove the identity of the sender and ensure that the transmitted data has not been tampered with.

Answer 106

Through the ESP (Encapsulating Security Protocol)

Answer 107

Security Associations Defines the mechanisms that an endpoint will use to communicate with it's partner. Speaks in one-way only.

Answer 108

Internet Key Exchange Allows communicating partners to prove their identity to each other and establish a secure communication channel.

Answer 109

HAIPE (High Assurance IP Encryptor)

Answer 110

SSL/TLS Uses both symmetric and asymmetric keys

Answer 111

S/MIME | Secure/Mutlipurpose Internet Mail Extensions

Answer 112

Secure/Multipurpose Internet Mail Extensions Allows you to encrypt emails and digitally sign them. Provides Authentication, Integrity, and non-repudiation.

Answer 113

Electronic Code Book Uses the same Cipher for each code of block

Answer 114

Cipher Block Chaining Modifying the previous block of ciphertext.

Answer 115

2 Different Keys should not generate the same ciphertext from the same plaintext, using the same algorithm.

Answer 116

Concerned primarily with the protection and secrecy of keys.

Answer 117

Adds secret key value to the input function along with the source message.

Answer 118

Side-Channel Analysis Fault Analysis Probing.

Answer 119

Protection of Words and Symbols

Answer 120

Protection of creative works

Answer 121

Protection of inventions

Answer 122

Require maintain secrecy but don't expire.

Answer 123

Randomly generated number added during the CTR Encryption

Answer 124

Galois/Counter Mode Adds authentication to the the CTR

Answer 125

NIST's 5 Phases 1. Initiation 2. Devleop/Acquire 3. Implement/Assess 4. Operations/Maintenance 5. Sunset

Answer 126

Shared Secret Key

Answer 127

Transposition

Answer 128

``` DES 3DES AES Blowfish Twofish RC4 Steganography ```

Answer 129

Symmetric Block - 64 bit Key - 56 bit Insecure

Answer 130

Symmetric Block - 64 bit Key - 112 bit Secure through 2030

Answer 131

``` Rijndael algorithm Symmetric Block - 128 bit Key - 128, 192, or 256 bit All 3 are considered Secure ```

Answer 132

``` Public Domain Algorithm Symmetric Block - 64 bit Key - Any key you want through 32 - 448 bit Not Secure ```

Answer 133

``` Public Domain Algorithm Symmetric Block - 128-bit Key - 128, 192, 256 bit Secure ```

Answer 134

Used on WEP and WPA Used on SSL and TSL Uses a pseudorandom keystream No longer secure Symmetric Stream Cipher Key between 40-2048 bit

Answer 135

Assymetric Keys between 1024 - 4096 b Considered Secure

Answer 136

Pretty Good Privacy Uses both Symmetric and Asymmetric Cryptography Open source is known as GnuPG

Answer 137

Elliptical Curve Cryptography | Doesn't sure Prime Facorization

Answer 138

My Public Key

Answer 139

Randomly generated key (remember psuedo random)

Answer 140

Algorithm using shared secret.

Answer 141

14 with 2048-bit

Answer 142

Clipper Chip

Answer 143

a value that was insecure, but has things added to it to add security. 2 Processes - Salting and Hashing

Answer 144

Adds a value to the encryption key to make it more complex.

Answer 145

Adds time to the verification process by requiring more math.

Answer 146

Key Stretching Technique Uses salting and hashing. Should be used 4k times

Answer 147

Key stretching with blowfish.

Answer 148

1. Personal Knowledge 2. WOT 3. PKI

Answer 149

Decentralized Approach makes it difficult to manager High Barrier to Entry Requires Technical knowledge

Answer 150

Public Key Infastructure Depends upon CAs

Answer 151

Certificate Authorities Trusted 3rd Party organizations who verify the identity of individuals and issues digital certificates

Answer 152

From the CA Contains both the ID information and a copy of the subject's public key.

Answer 153

They are able to encrypt a message using a public key, but can't do anything else as long as the private key remains private.

Answer 154

One way functions that transforms variable length input into a unique, fixed-length output.

Answer 155

Hash Function Produces 128 bit hash No longer Secure

Answer 156

Created by NIST as Government Standard SHA-1 (160b) Not secure SHA-2 (224, 256, 384, 512b) Not secure SHA -3 (variable hashes set by user)

Answer 157

128, 160, 256, 320b outputs 128 is insecure Rest are secure

Answer 158

Has-Based Message Authentication Code Combines Symmetric Cryptography & Hashing Provides Authentication & Integrity

Answer 159

Yes. | Used for digital signatures and digital certificates.

Answer 160

Use asymmetric cryptography Achieves Integrity, Authentication, & non-repudiation

Answer 161

Private key - because we want to be able to be verified by the public key.

Answer 162

Digital Certificate Standard

Answer 163

1. OCSF - Live, updated in real time. Used on most browers. | 2. CRL - Old school list of numbers.

Answer 164

Relieves burden on CA. Extension of OCSP, and reduces the CA's burden.

Answer 165

It places a significant burden on the servers operated by the CA.

Answer 166

TSL - Encrypts network Communications using cipher suites (other encryption/hashing functions) Can't be used to encrypt anything!

Answer 167

ESP - Provides Confidentiality and Integrity for payload packets. AH - Provides integrity protection for packet headers.

Answer 168

Both components of IPSec ESP - Provides Confidentiality & Integrity for packet payloads AH - Provides Integrity protection for packet headers and payloads.

Answer 169

HTTP - Port 80 HTTPS - Port 443 HTTPS adds TLS to web browsing.

Answer 170

FTP - Insecure FTPS - Adds TLS to FTP SFTP - Transfers files over SSH SCP - Provides secure command line transfer vs SSH

Answer 171

FTPS - Adds TLS to FTP | SFTP - Transfers over SSH

Answer 172

Secure Copy Protocol Provides secure command-line file transfer over SSH

Answer 173

Trivial File Transfer Protocol Rarely used and not secure.

Answer 174

DomainKeys Identified Mail Provides email authentication by allowing email serves to digitally sign outbound messages. Must have Public/Private Key Pairs

Answer 175

Known Cipher Text attack

Answer 176

Set of all possible encryption keys usable with an algorithm.

Answer 177

Detects patterns in the ciphertext

Answer 178

Attacker has access to an unencrypted message.

Answer 179

Attacker can create an encrypted message of his or her choice.