final exam Flashcards
what is a hash function
it is a mathematical function that converts a numerical input of arbitrary length into a compressed numerical output of constant size (called message digest or hash value)
what are the applications of hash functions
password storage
integrity checks
(TF) a has function is a psuedo random function
TRUE
what are the three security properties in a hash function
1- pre-image resistance: given a has value, it should be hard to find a message to produce that hash value
2- second pre-image resistance: given a message, it should be hard to find another message to produce the same hash value
3- collision resistance: it should be hard to find any two messages that produce the same message value
what is the birthday paradox, and how can it be leveraged?
how can it be avoided? (5)
the birthday paradox states that in a room of 23 individuals, the probability of 2 having the same birthday is almost 50%. this can be leveraged to find collisions in a hash function
to avoid the birthday attack:
- use larger output size
- use a different cryptographic technique
- use a salt
- use a keyed hash function
- use multiple hash functions
what does sha stand for
Secure hash algorithm
what are the 3 security goals
data privacy: adversary should not be able to read message M
data integrity: adversary should not be able to modify message M
data authenticity: message M should really be from Alice
how does bit flipping affect CTR and CBC modes
CTR: flips a bit in plaintext
CBC: disrupts all the plaintext
what is a MAC, and how does it differ from a basic hash function
Message authentication codes is a function that accepts arbitrary length message and a key and provides an output that act as fixed length code/tag
the receiver accepts or rejects a message based on these codes
we must MAC a message then encrypt
what are the limitations of MAC, how can they be overcome
establishment of shared secret
inability to provide non-repudiation: since a third party cannot compute the MAC, we cannot tell if it was sent by A or forged by B
they can be overcome by public key based digital signatures
what is authenticated encryption
an explicit block cipher mode that combines encryption and MAC operations
it takes plaintext, encryption key and MAC key and produces ciphertext and authentication tag
it outputs an error if the tag is invalid in decryption
what is a reduced set of residues, and what is the name of the number of elements in the reduced set
is a set of numbers that are relatively prime to n (only prime factors)
Euler Totient function
why was public key cryptography developed? (2)
key distribution: how to have secure conversations in general without having to trust your KDC with your key
digital signatures: how to verify that a message comes intact from the original sender
what are some applications of public key cryptography (3)
encryption/decryption
key agreement/exchange
digital signature
what methods can be used to distribute public keys (4) briefly describing each
- public announcement
user broadcasts the key to a community. major weakness is forgery where anyone can claim to be the person they want while broadcasting - publicly available directory
users register to a secure online directory
contains {name, public key} entries
can replace key at any time - public-key authority
improve security by tightening over control of distribution of keys directory - public-key certificates
certificates allow key exchange without real time access to key authority. it binds identity to a public key with all contents signed by a trusted public key or certificate authority (CA)
what is a public key infrastructure (PKI)
the set of hardware, software, people, policies and procedures needed to create, manage, store, distribute and revoke digital certificates based on asymmetric cryptography
what is a digital certificate
a claim made by a CA
says what the server’s public key is
signed by the signing key of the certificate’s authority
what are the certificate fields (7)
serial number
subject identity
public key
signing algorithm
issuer identity
validity period
signature
what are the reasons for certificates revocation? (4)
company gets hacked (and there private key is compromised)
CA gets hacked
new business/affiliation name
company goes out of business
what purposes does a digital signature serve
authentication
non-repuditation
integrity
what is entropy
refers to the measure of randomness and unpredictability of a system
what is the reason for using uniform random numbers in key generations
1- Brute force attacks on keys are very hard
2- if both ends of an RSA chose the same prime number, it would lead to a vulnerability
How does a CSPRNG work. mention the security properties
a cryptographically secure pseudorandom number generator works by starting from an initial state s. the f function generates a new state iteratively and every state is then passed to a one way h function that acts as the output r
h is one way and shouldnt be able to guess s from r
f is one way and shouldn’t be able to guess si from si+1
how to make brute force attacks even more difficult
discrete log based key/signature (q≥2b) (group size q => number of elements in a finite group)
finding x in g^x=hmodp where g, h and p are given
Elliptic curve key/signature (q>2b)
RSA key/signature
grows much faster than the others (128 -> 256 grows 15x)
hash (q>2b due to collisions q>b if we dont care about collisions)
