I think easier desk

Question 1

Invented by the Hebrew. Single substitution monoalphabetic cipher that substitutes each letter with it’s reverse (a and z, b and y, etc).

Answer 1

Atbash Cipher

Question 2

Monoalphabetic cipher where letters are shifted one or more letters in either direction.

Answer 2

Caesar Cipher

Question 3

Monoalphabetic cipher that shifts characters 13 characters. A would become N, B would become O, etc.

Answer 3

ROT 13. Stands for Rotate 13.

Question 4

Was a staff with papyrus or letter wrapped around it so edges would line up. There would be a stream of characters which would show you your message. When unwound it would be a random string of characters. Would need an identical size staff on other end for other individuals to decode message.

Answer 4

Scytale Cipher

Question 5

Doing something like +1, -2, +3 and shifting each character a different amount to the left or right. For example, doing +1, -2, +3 with dog would results in emj.

Answer 5

Multi-Alphabet Substitution Cipher

Question 6

A disk you rotated to encrypt/decrypt. Similar technologies were used in the Enigma machine.

Answer 6

Cipher Disks

Question 7

Created by Leon Alberti. Considered the forefather of modern encryption.

Answer 7

Cipher Disks

Question 8

Invented by Giovan Battista Bellaso in middle 1553.

Answer 8

Vigenere Cipher. Vigenere created a stronger version of the cipher.

Question 9

Combining/Weaving Caesar cipher. Not cracked until late 1800s. It is a cipher square with A to Z across all the columns and rows. You then use a keyword to encrypt the message. For example, if the message is cat, and the keyword is horse, you would look up where c and h intersect on the table (which is j), then where a and o intersect (o) and t and r (k). Cat would then be encrypted as jok.

Answer 9

Vigenere Cipher

Question 10

Uses a 5x5 table and a key word. Rest of the alphabet is placed on table in alphabetic order, skipping letters used in the keyword. You break up the message into two character chunks and return a single character value. If the letters appear on the same row of your table, replace them with the letters to the right. If it is on the same column, replace them with the letters below.

Answer 10

Playfair Cipher

Question 11

Invented by Charles Wheatstone in mid 1800s.

Answer 11

Playfair Cipher. Lord Playfair pushed use of it.

Question 12

Invented by Colonel Fritz Nebel in 1918.

Answer 12

ADFGVX Cipher

Question 13

It is a 6x6 grid with ______ at the top of each column and beginning of each row. The 26 letters and numbers 0-10 are placed randomly on the table. You then replace each character of your message with two characters which are represented by the column followed by the row each character is present in.

Answer 13

ADFGVX Cipher

Question 14

Invented between World Wars, used by Germans and Japanese.

Answer 14

Enigma Machine

Question 15

Data could be transmitted both via radio or printed on paper. Designed so that when a key was pressed, the cipher text for that plain text was different each time. Was a multi-alphabet cipher with 26 possible alphabets.

Answer 15

Enigma Machine

Question 16

We can expose everything but the private key and the data can still be secure.

Answer 16

Kerckhoff’s Principle

Question 17

Issue with Symmetric Encryption

Answer 17

There’s only one key, and it’s difficult to only have both parties who need the key to have it.

Question 18

Base 2 system instead of base 10 system.

Answer 18

Binary Math

Question 19

If both numbers have a one in the same place, then the resultant number is a one. If not then it is a zero

1st number - 1100
2nd number - 0100
————————–
Result - 0100

Answer 19

Binary AND

Question 20

Checks to see if there is a one in either or both numbers in the same place. If so, the resultant number is one, if not, it is zero.

1st number - 1100
2nd number - 0100
————————–
Result - 1100

Answer 20

Binary OR

Question 21

Checks to see if there is a one in either number in the same place. If so, the resultant number is one, if not, it is zero.

1st number - 1100
2nd number - 0100
————————–
Result - 1000

Answer 21

Binary XOR (Exclusive OR) ⊕

Question 22

XORing the plain text with the key.

Answer 22

Substitution

Question 23

Swapping blocks of text.

Answer 23

Transposition

Question 24

Making the relationship between a key and the ciphertext as complex as possible.

Answer 24

Confusion

Question 25

Each binary digit (bit) of the ciphertext should depend on several parts of the key, obscuring the connections between the two.

Answer 25

Diffusion

Question 26

The concept that if one bit of data changes, the cipher text will all completely change as well.

Answer 26

Avalanche

Question 27

An algorithm for the key that calculates the subkeys for each round that the encryption goes through.

Answer 27

Key Schedule

Question 28

Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.

Answer 28

Hybrid Encryption

Question 29

Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.

Answer 29

Hybrid Encryption

Question 30

Data is encrypted with a symmetric encryption algorithm, the symmetric private key is sent to the other party with asymmetric encryption.

Answer 30

Hybrid Encryption

Question 31

Symmetric Algorithms

Answer 31

DES, 3DES, DESX, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA

Question 32

A technique used to increase the security of block ciphers. It consists of steps that combine the data with portions of the key (most commonly using a simple XOR) before the first round and after the last round of encryption.

Answer 32

Whitening

Question 33

Data fills up a block (typically 64 or 128 bits) and that block is encrypted as a whole.

Answer 33

Block Cipher

Question 34

Which is faster- block or stream ciphers?

Answer 34

stream ciphers

Question 35

Chunk data into evenly sized blocks. The two chunks are typically called L0 and R0 (left 0 and right 0)

Answer 35

Feistel Network

Question 36

Symmetric algorithm. One of the most widely deployed algorithms in the world, even though it is no longer recommended or considered secure.

Answer 36

DES

Question 37

DES

Answer 37

64 bit key (56 bits + 8 bits party), 64 bit block sizes.

Question 38

3DES- type and how

Answer 38

Symmetric algorithm. Does DES 3 times, doing one of the following: 1st key encrypts, 2nd key decrypts, 3rd key encrypts, or one key encrypts/decrypts/encrypts, or 1st key encrypts, 2nd key decrypts, and 1st key encrypts again.

Question 39

DESX- type and how

Answer 39

Symmetric algorithm. 64 bit key is appended to data, XOR it, and then apply the DES algorithm.

Question 40

Symmetric algorithm. FIPS 197 was used to announce. Uses a substitution/permutation matrix instead of a Feistel cipher.

Answer 40

AES

Question 41

AES- key size, rounds, and block size

Answer 41

Key size is either 128, 192 and 256 bits. 10 rounds for 128 bits, 12 for 192 bits, 14 for 256 bit keys. Block size is 128 bit for each key size.

Question 42

Blowfish
Type-
Designed by-
Rounds-
Key Size-
Block Size-

Answer 42

Symmetric algorithm. Designed in 1993 by Bruce Schneier. 16 round Feistel cipher working with 64 bit blocks. Key size ranges from 32 to 448 bits.

Question 43

Designed as a replacement for DES.

Answer 43

Blowfish

Question 44

Serpent
Type-
Designed by-
Rounds-
Key Size-
Block Size-

Answer 44

Symmetric algorithm. Designed by Ross Anderson, Eli Biham, and Lars Knudsen. Has a block size of 128 bits. Key size is 128, 192, or 256 bits. Uses a substitution-permutation network instead of Feistel cipher. Uses 32 rounds working with a block of four 32-bit words. Each round applies one of eight 4-bit to 4-bit S-boxes 32 times in parallel. Designed so all operations can be done in parallel.

Question 45

Twofish
Type-
Designed by-
Key Size-
Block Size-

Answer 45

Symmetric algorithm. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. Uses a block size of 128 bits and key sizes of 128, 192, or 256 bits. It is a Feistel cipher.

Question 46

Skipjack
Type-
Designed by-
Key Size-
Rounds-

Answer 46

Symmetric algorithm. Designed by NSA for the clipper chip - a chip with built in encryption. The decryption key was kept in key escrow in case law enforcement needed to decrypt data without the owner’s cooperation, making it highly controversial. Uses an 80 bit key to encrypt/decrypt 64 bit data blocks. It is an unbalanced Feistel network with 32 rounds.

Question 47

IDEA
Type-
Designed by-
Key Size-
Rounds-

Answer 47

Symmetric algorithm. Designed by James Massey and Xuejia Lai. Operates on 64 bit blocks and has a 128 bit key. Consists of 8 identical transformations each round and an output transformation.

Question 48

CAST-128
Type-
Designed by-
Key Size-
Rounds-

Answer 48

Symmetric algorithm. Created in 1996 by Carlisle Adams and Stafford Tavares. Operates on 64 bit blocks and has a key size of 40-128 bits. Typically used in GPG and PGP. Encryption is either 12 or 16 rounds.

Question 49

CAST-256
Type-
Designed by-
Key Size-
Rounds-

Answer 49

Designed by Carlisle Adams, Stafford Tavares, Howard Heys, and Michael Wiener. Operates on 128 bit blocks and has a key size of 128, 160, 192, 224 or 256 bits. Encryption has 48 rounds.

Question 50

Data that is hidden inside of a common carrier.

Answer 50

Steganography

Question 51

What is chosen to hide data as they are typically padding or other parts that do not affect what the data is hidden in.

Answer 51

Least Significant Bit

Question 52

The data to be covertly communicated.

Answer 52

Payload

Question 53

The signal/stream/file itself that we’re hiding the payload inside of.

Answer 53

Carrier

Question 54

Statistical analysis on number of unique colors and color number pairs in the picture and you look for least significant bits and manipulation of data in those bits, typically inside of whitespace.

Answer 54

RQP (Raw Quick Pair)

Question 55

Doing a calculation/comparison and looking at the number of overall bits and the info in those bits and then calculate the theoretical amount of information in the file and compare it to the actual information in the file The delta between the two is then used to compare the file bits to attempt to find the hidden information.

Answer 55

Chi Square

Question 56

Confidential, not published, used for secret and top secret government communications. We have no knowledge of them other than what’s on this list is used by the government to securely communicate.

Answer 56

Suite A Algorithms

Question 57

Commercially available and used in all modern software in one way or another that are recommended by the NSA.

Answer 57

Suite B Algorithms

Question 58

Type 1

Answer 58

Suite B Algorithms - Juniper, Mayfly, Fast hash, Walburn, Pegasus, AES (depending on implementation)

Question 59

Type 2

Answer 59

Suite B Algorithms - Skipjack, KEA

Question 60

Type 3

Answer 60

Suite B Algorithms - DES, 3DES, SHA1, AES (depending on implementation)

Question 61

Type 4

Answer 61

Suite B Algorithms - Not certified by government, but there may be public or private sector algorithms that exist on this level.

Question 62

Encrypts data bit by bit. Processed in a sequential/linear progression.

Answer 62

Stream Cipher

Question 63

Each block is encrypted independently, identical plaintext blocks are encrypted into identical ciphertext blocks. Each block is encrypted independently and only one round of encryption is done. Cannot diffuse/confuse or inject an initialization vector with this.

Answer 63

Electronic Code Book (ECB)

Question 64

Each block of plaintext is XORed with the previous ciphertext block before being encrypted. The initial plaintext block has an IV added prior to encryption to produce a unique ciphertext value.

Answer 64

Cipher Block Chaining (CBC)

Question 65

It’s basically CBC with the prior cipher text included as well. You take the previous plaintext and ciphertext, XOR them, and then XOR them with the next block’s plaintext.

Answer 65

Propagating Cipher Block Chaining (PCBC)

Question 66

You start with an IV, encrypt it with your key, then XOR it with the plaintext to get cipher text. This value is then used as the starting point for the next round to encrypt with the key again before XORing it with the next block of plaintext.

Answer 66

Cipher Feedback (CFB)

Question 67

Very similar to CFB, the only difference is that the output after the encryption is used as the IV for the next round prior to XORing it with plaintext, while CFB does the XOR prior to becoming the IV for the next round. It acts like a stream cipher since each bit is encrypted with the key individually and is then sent to act as the IV, one bit at a time for the next round.

Answer 67

Output Feedback (OFB)

Question 68

Essentially this is ECB, but instead of plaintext encrypted with the key a nonce (a random challenge) and an incrementing counter is used. This is then XORed with the plaintext to get the cipher text. Nothing is carried over to the next round like some of the prior methods. This is a stream cipher as well.

Answer 68

Counter (CTR)

Question 69

Digital Certificate standard template been around since 1988 and it’s the most commonly used format today.

Answer 69

X509 V3

Question 70

Used to identify the holder when conducting electronic transactions.

Answer 70

Digital Certificate

Question 71

When modified, they typically become invalidated. The can expire as well or be revoked for a number of reasons (private key compromised, etc).

Answer 71

Digital Certificate

Question 72

This is one of the most common methods to distribute public keys.

Answer 72

Digital Certificate

Question 73

4 Common Digital Certificate Fields

Answer 73

Certificate Information Statement, Issued to, Issued by, Valid from

Question 74

11 Digital Certificate Details Fields

Answer 74

Version,Serial Number, Signature Algorithm, Hash Algorithm, Issuer, Valid From, Valid To, Subject, Public Key, Key Usage Statement, Friendly Name

Question 75

Path for certification for Root CAs,

Answer 75

since they are self-signed, the only part of the path is themselves since it’s issued to itself

Question 76

Path for certification for Intermediary CAs

Answer 76

it will show the Root CA who issued the certificate as the step above the certificate

Question 77

A company that is an issuing authority that sells certificates.

Answer 77

Commercial CA

Question 78

Certificate Extension Types

Answer 78

.pem, .cer/.crt/.der, .p7b, .p7c, .pk12. .pfx

Question 79

Private enhanced mail - uses base 64 encoding with distinguished encoding rules enclosed between the open and close statements of begin certificate and end certificate.

Answer 79

.pem

Question 80

Different extensions for distinguished encoding rules. Typically binary encoded.

Answer 80

.cer/.crt/.der

Question 81

Signed data structures, typically a CRL (certificate revocation list).

Answer 81

PKCS#7 or PKCS standard 7 (.p7b, .p7c)

Question 82

These have our actual certificate certificates. Typically the public & private keys we are dealing with. They are password protected as well.

Answer 82

.pk12/PKCS#12

Question 83

Predecessor to .pk12

Answer 83

.pfx

Question 84

Symmetric encryption formula

Answer 84

C = E(k,p)

Question 85

Symmetric decryption formula

Answer 85

P = E(k,c)

Question 86

Created the theory of the avalanche effect. Considered the founder of information theory with his paper published in 1948, A Mathematical Theory of Communication. He also wrote Communication Theory of Secrecy systems in 1949 which was on the mathematical theory of cryptography.

Answer 86

Claude Shannon

Question 87

Different encryption keys generated the same ciphertext from the same plaintext message.

Answer 87

Key Clustering

Question 88

Encryption or decryption is performed immediately - typically used with stream ciphers.

Answer 88

Synchronous

Question 89

Encryption or decryption requests are processed in queues - typically used with block ciphers.

Answer 89

Asynchronous

Question 90

A one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value.

Answer 90

Hash function

Question 91

Random bits of data intermixed with the message that is to be hashed.

Answer 91

Salt

Question 92

MD4
Created by
Output size
Block size
Word Size
Rounds

Answer 92

Hash. Created by Ronald Rivest. 128 bit output size, 512 bit block size, 32 bit word size, 3 rounds. Considered very insecure.

Question 93

MD5
Created by
Output size
Block size
Word Size
Rounds

Answer 93

Hash. Created by Ronald Rivest. Replaced MD4. 128 bit output size, 512 bit block size, 32 bit word size, 64 rounds.

Question 94

Infamously compromised by Flame malware in 2012.

Answer 94

MD5

Question 95

SHA-1
Created by
Output size
Block size
Word Size
Rounds

Answer 95

Secure Hashing Algorithm. Designed by NSA. 160 bit output size, 512 bit block size, 40 bit word size, 80 rounds.

Question 96

SHA-1
Created by
Output size
Block size
Word Size
Rounds

Answer 96

Secure Hashing Algorithm. Designed by NSA. 160 bit output size, 512 bit block size, 40 bit word size, 80 rounds.

Question 97

SHA-224/SHA-256
Created by
Output size
Block size
Word Size
Rounds

Answer 97

Secure Hashing Algorithm. Designed by NSA. 224/256 bit output size, 512 bit block size, 56 bit word size, 64 rounds.

Question 98

SHA-384, SHA-512, SHA-512/224, SHA-512/256
Created by
Output size
Block size
Word Size
Rounds

Answer 98

Secure Hashing Algorithm. Designed by NSA. 384/512/224/256 bit output size, 1024 bit block size, 64 bit word size, 80 rounds.

Question 99

SHA-3
Created by
Output size
Block size
Word Size
Rounds

Answer 99

Secure Hashing Algorithm. Designed by NSA. 224/256/384/512 bit output size, up to 1600 bit block size, 64 bit word size, 24 rounds.

Question 100

TIGER
Created by
Output size
Block size
Word Size
Rounds

Answer 100

Hash. Created by Ross Anderson and Eli Baham. 192/160/128 bit output size, 512 bit block size, 53 bit word size, 24 rounds.

Question 101

RIPEMD
Created by
Output size
Block size
Word Size
Rounds

Answer 101

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128 bit output size, 512 bit block size, 32 bit word size, 48 rounds.

Question 102

In 2004, a collision was discovered.

Answer 102

RIPEMD

Question 103

RIPEMD-128/256
Created by
Output size
Block size
Word Size
Rounds

Answer 103

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 128/256 bit output size, 512 bit block size, 32 bit word size, 64 rounds.

Question 104

Created by RIPEMD-160
Output size
Block size
Word Size
Rounds

Answer 104

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 160 bit output size, 512 bit block size, 32 bit word size, 80 rounds.

Question 105

Created by RIPEMD-320
Output size
Block size
Word Size
Rounds

Answer 105

Hash. Created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. 320 bit output size, 512 bit block size, 32 bit word size, 80 rounds.

Question 106

A single key is used to encrypt and decrypt.

Answer 106

Symmetric Encryption

Question 107

Two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. Has both a public key to be shared and a private key that is held onto by the owner that should remain private. If the public key encrypts, only the private key can decrypt and vice versa.

Answer 107

Asymmetric Encryption

Question 108

Provide authentication of a sender and integrity of a sender’s message. A message is input into a hash function. Then that hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature. Created by signing with the sender’s private key. Typically used in e-mail.

Answer 108

Digital Signature

Question 109

An entity trusted by one or more users as an authority in a network that issues revokes, and manages digital certificates.

Answer 109

Certificate Authority (CA)

Question 110

Typically only issues certificates to subordinate CA’s - typically kept offline so they do not get compromised.

Answer 110

Root CA

Question 111

Issues certificates to users & computers on behalf of the root CA.

Answer 111

Subordinate CA

Question 112

Used to proxy the certificate requests on behalf of the user and validate whether or not they are legitimate instead of having the user go directly to the CA.

Answer 112

Registration Authority

Question 113

Tied to an LDAP provider. It is a CA that has a domain controller

Answer 113

Enterprise CA

Question 114

A CA installed outside of the directory (LDAP) service. It is on a server not connected to an LDAP provider.

Answer 114

Standalone CA

Question 115

The input provided to the cryptosystem. The information we want to provide confidentiality protections for. The unencrypted version of the data we want to protect

Answer 115

Plaintext or cleartext

Question 116

The output of the cryptography process or cryptosystem. The encrypted version of the plaintext.

Answer 116

Cipher text or cryptogram

Question 117

This represents the entire cryptographic operation. This includes the algorithm, key, and key management functions.

Answer 117

Cryptosystem

Question 118

The process of taking plaintext, running it through the cryptosystem, and producing cipher text on the backend.

Answer 118

Encryption

Question 119

The process of taking cipher text, running it through the cryptosystem, and producing plaintext on the backend.

Answer 119

Decryption

Question 120

The input that controls the operation of the cryptographic algorithm. The variable that we never want to show the bad actor.

Answer 120

Key or Cryptovariable

Question 121

Not being able to deny that you did something. You have authoritative proof someone did something.

Answer 121

Nonrepudiation

Question 122

The mathematical formulas or process that is used in encryption.

Answer 122

Algorithm

Question 123

Study of techniques for attempting to defeat cryptographic techniques and information security services.

Answer 123

Cryptanalysis

Question 124

The science that deals with hidden, disguised, or encrypted communications.

Answer 124

Cryptology

Question 125

Occurs when a hash function generates the same output for different inputs.

Answer 125

Collision

Question 126

Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.

Answer 126

Key space

Question 127

The time and effort required to break a security measure.

Answer 127

Work factor

Question 128

A non-secret binary vector used as the first input algorithm for encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance.

Answer 128

Initialization Vector

Question 129

The action of changing a message into another format through the use of code.

Answer 129

Encoding

Question 130

The reverse process from encoding - converting the encoded message back into its plaintext format.

Answer 130

Decoding

Question 131

Swapping/shifting of blocks of text.

Answer 131

Transposition/permutation

Question 132

Changing some part of the plaintext to a different value.

Answer 132

Substitution

Question 133

Substitution and permutation, most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process.

Answer 133

SP network

Question 134

Where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext.

Question 135

Where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext.

Answer 135

Avalanche effect

Question 136

Use asymmetric key pairs and combines software, encryption and services to provide a means of protecting security of business communication and transactions.

Answer 136

PKI

Question 137

Are in place by the RSA to ensure uniform certificate management throughout the internet.

Answer 137

PKCS

Question 138

A trusted organization that identifies you as a relevant entity.

Answer 138

Trusted Third Party

Question 139

An entity trusted by one or more users to manage certificates.

Answer 139

Certificate Authority

Question 140

List of certificates issued by the CA that are no longer valid. Distributed either by pull or push model.

Answer 140

CRL

Question 141

The measure of uncertainty associated with a random variable.

Answer 141

Shannon’s Entropy

Question 142

It is impossible to compress the data that we’re thinking about. It’s impossible to compress the data such that the code rate is less than the entropy of the source without information being lost.

Answer 142

Shannon’s source coding theorem

Question 143

Looking about the numbers that are relatively prime to the number or co-prime to the number associated with that number. For example, for 7, there are 6 numbers that are coprime to 7 (6,5,4,3,2 and 1). For all prime numbers, it would be the prime number minus 1 that would get you the totient.

Answer 143

Euler’s totient

Question 144

The remainder from a division operation (5 mod 2 = 1, 5 % 2 = 1).

Answer 144

Modulus operator

Question 145

The next number is derived from adding together the prior two numbers (1, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89).

Answer 145

Fibonacci Sequence

Question 146

“How likely would it be for any two people in a room of 23 to share the same birthday?”

22+21+20+19+18+17+16+15+14+13+12+11+10+9+8+7+6+5+4+3+2+1 = 253, the total number of combinations with 23 people. This is approximately a 50% chance for a match(square root of 365 is approximately 23). The probability reaches 100% at 367 people (since there’s 366 days in leap years), but with just 70 people, you are at over a 99.9% chance for a match.

Answer 146

Birthday Problem

Question 147

A class of brute force attacks based on the birthday paradox. If you have an encryption algorithm with a key space of 32 bits (4,294,967,295 possible keys), you would only have to generate 65,535 keys to have a 50% probability of a match. A 100% match would need to produce all 4,294,967,295 keys. This essentially means that a small subset of numbers has a high probability of getting a match.

Answer 147

Birthday Attack

Question 148

Algorithms that can create long runs of numbers with good random properties, but eventually the sequence will repeat.

Answer 148

Pseudo Random Number Generators

Question 149

The German Office for Information Security (BSI) has established 4 criteria for the quality of random number generators:

Answer 149

K1: A sequence of random numbers with a low probability of containing identical numbers.

K2: A sequence of numbers which is indistinguishable from “true random” numbers according to statistical tests.

K3: It should be impossible for any attacker to calculate, or otherwise guess, from any given subsequence, any previous or future values in the sequence.

K4: It should be impossible for any attacker to calculate, or otherwise guess from the inner state of the generator, any previous values in the sequence or any previous inner generator states.

Question 150

To be suitable for cryptography, any PRNG should meet ______ standards.

Answer 150

K3 or K4

Question 151

The first publicly described asymmetric algorithm. A cryptographic protocol that allows two parties to establish a shared key over an insecure channel. Often used to allow parties to exchange a symmetric key through some unsecure medium, such as the Internet.

Answer 151

Diffie-Helmann

Question 152

RSA
Developed by-
Based on-
Key sizes-

Answer 152

Developed in 1977 by three mathematicians, Ron Rivest, Adi Shamir, and Len Adleman. Based on the practical difficulty of factoring the product of two large prime numbers. Key sizes are typically 1024 - 4096 bits.

Question 153

A protocol used for key agreement that is based on Diffie-Helmann. It is incorporated in the public key standard IEEE P1363.

Answer 153

Menezes-Qu-Vanstone

Question 154

Described in U.S. patent 5,231,668 filed July 26, 1991 and attributed to David W. Kravitz. Adopted by the U.S. Government in 1993 with FIPS 186.

Answer 154

Digital Signature Algorithm

Question 155

based on the fact that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is difficult to the point of being impractical to do so

Answer 155

Elliptic Curve Cryptography

Question 156

It is used in PGP implementations and GNU Privacy Guard software. The algorithm is comprised of 3 parts: the key generator, the encryption algorithm, and the decryption algorithm. This was made publicly available.

Answer 156

ElGamal

Question 157

CA provides certificates to both users and machines. There are security risks since that root CA could have its certificates compromised or exposed directly. Typically a self-signed certificate

Answer 157

1 Tier Hierarchy

Question 158

The subordinate CA issues tickets to computers & users on behalf of the Root CA to protect it from compromise/exposure. The RA does validation & authentication for certificate requests prior to issuance. The LDAP provider is used for authentication of the requestor who is requesting issuance of a certificate.

Answer 158

2 Tier Hierarchy

Question 159

The root CA is offline, so are the intermediate CA(s). The Issuing CA is a tertiary CA that issues tickets to computers and users on behalf of the subordinate CAs, which are in turn doing it on behalf of the root CA.

Answer 159

3 Tier Hierarchy

Question 160

Every server can talk to one another and extend trust to one another as well. If one of the paths were to be broken, there would be other paths available to reach the other server through the ________

Answer 160

Web of Trust

Question 161

Provides certificate validation in real time and will let you know if it is valid or has been revoked.

Answer 161

OCSP

Question 162

SCVP

Answer 162

Server Certificate Validation Protocol - RFC 5055

Question 163

Determining the path between a X.509 digital certificate and a trusted root.

Answer 163

Delegated Path Discovery

Question 164

The validation of the that path according to a particular validation policy.

Answer 164

Delegated Path Validation

Question 165

Classes of Certificates- general certificate meant for individuals, usually used for digitally signing/securing e-mail

Answer 165

Class 1

Question 166

Classes of Certificates- for organizations where you have to prove identities

Answer 166

Class 2

Question 167

Classes of Certificates- for server and software signing identification.

Answer 167

Class 3

Question 168

Classes of Certificates- Online business transactions between companies.

Answer 168

Class 4

Question 169

Classes of Certificates- Private organizations or governmental agencies. Used between governmental agencies.

Answer 169

Class 5

Question 170

Certificate Initialization -

Answer 170

Registration, Key Pair Generation, Certificate Generation, Certificate Dissemination

Question 171

Certificate Administration -

Answer 171

Key Storage, Certificate Retrieval and Validate, Backup and Escrow, Recovery

Question 172

Certificate Cancellation/History -

Answer 172

Expiration, Renewal, Revocation, Suspension, Destruction

Question 173

A part of the Certificate Life Cycle that is present throughout all 3 of the steps: Certificate Initialization, Certificate Administration, and Certificate Cancellation/History. Provides updates/patching to protect the root CAs/intermediary CAs/RAs

Answer 173

Updating/Patching Vulnerabilities

Question 174

Extending trust to an unknown third party. Allows binding of two unrelated companies together and allow them to share resources between each other.

Answer 174

Federation Trust

Question 175

If A trusts B, and B trusts C, A would trust C.

Answer 175

Transitive Trust

Question 176

Used to authenticate users, but is no longer used because the information was sent in cleartext.

Answer 176

PAP

Question 177

PAP with encryption for the usernames/passwords that are transmitted.

Answer 177

S-PAP

Question 178

Calculates a hash, shares the hash with the client system, the hash is periodically validated to ensure nothing has changed.

Answer 178

CHAP

Question 179

Kerberos- Does the authentication and creates the Ticket Granting Ticket that is used as proof to request a ST(service ticket or secondary ticket) when requesting access to individual resources. A new ST would need to be requested for each different session and service that access is requested to.

Answer 179

KDC

Question 180

Kerberos. Contains the identity of the client, the session key, the timestamp and the checksum. Encrypted with the server’s key.

Answer 180

Ticket

Question 181

Kerberos. Ticket that is granted during the authentication process.

Answer 181

Ticket Granting Ticket

Question 182

Kerberos. Temporary encryption key.

Answer 182

Session Key

Question 183

Created by Philip Zimmermann in the 1990s. Sold to Symantec. A piece of software to allow the average person to encrypt and decrypt easily. It uses certificates. Typically used to encrypt e-mail.

Answer 183

PGP

Question 184

Could have been better if the IV was a bigger size. RC4 is used which is a very strong algorithm. The problem is the 40 bit key and 24 bit IV are both very small which made it able to be cracked. Not considered secure and not recommended for use.

Answer 184

WEP

Question 185

Replaced RC4 with TKIP and 128 bit keys. New keys are generated with each packet. However it was not implemented correctly which led to it being cracked.

Answer 185

WPA

Question 186

Uses AES and CCMP for security. It is much stronger and the preferred non-enterprise method for wireless security.

Answer 186

WPA2

Question 187

Has all the features of WPA2 but allows for the use of RADIUS servers (AAA - Authentication, Access Control, Auditing)

Answer 187

WPA2 Enterprise

Question 188

A framework that allows for creation of different ways to provide authentication, such as smart cards.

Answer 188

EAP

Question 189

Used for secure transactions on the World Wide Web/Internet, created by Netscape in the mid-1990s

Answer 189

SSL

Question 190

SSL Four step process:

Answer 190

1) Web browser asks the server for validation.
2) The website responds with its SSL certificate.
3) The web browser checks the certificate against a CA to see if it is trustworthy/legitimate.
4) The server sends back a digitally signed acknowledgement and a session is started.

Question 191

Successor to SSL.

Answer 191

TLS

Question 192

TLS 7 Step Process

Answer 192

1) The client and server agree on parameters used to establish the connection’s security.
2) Client connects to a TLS-enabled server requesting a secure connection and presents a list of encryption and hash functions it can support.
3) The server picks the strongest encryption and hash function from this list that it also supports and notifies the client of the chosen algorithms.
4) The server sends back its identification in the form of a standard X.509 digital certificate.
5) The clients may contact the CA that issued the certificate to confirm validity before proceeding.
6) From the random number, both parties generate key material for encryption/decryption.
7) In order to generate the session keys used for the secure connection, the client encrypts a random number with the server’s public key and sends the result to the server. The server then decrypts the number with its private key.

Question 193

A way to communicate over a public network privately.

Answer 193

VPN

Question 194

Works at layer 2 (data link) layer of OSI model. Provides both authentication and encryption. EAP or CHAP is used to provide the authentication. Can only use over a traditional Ethernet network.

Answer 194

PPTP

Question 195

PPTP combined with L2F (Layer 2 Forwarding) (Cisco proprietary protocol) - Uses EAP, CHAP, MS-CHAP, PAP, or S-PAP for authentication. IPSec is used to provide encryption.

Answer 195

L2TP

Question 196

Encrypts not only the packet, but the header information as well. It also has protection against unauthorized retransmission of packets.

Answer 196

IPSec

Question 197

Can be used to establish VPN using a web browser.

Answer 197

TLS/SSL

Question 198

Allows you to encrypt files/folders on Windows based computers.

Answer 198

Encrypted File System

Question 199

Whole drive encryption, uses TPM to store credentials/keys/certificates for encryption. If you do not have a TPM, a USB drive can be used instead.

Answer 199

BitLocker

Question 200

Windows command line encryption utility. Displays or alters encryption of directories and files on NTFS partitions. Also used to backup the EFS key using cipher /r:file (where file is the name of the recovery key).

Answer 200

Cipher

Question 201

A type of frequency analysis used to attack polyalphabetic substitution ciphers. It’s used to try to discover patterns and use that information to decrypt the cipher.

Answer 201

Kasiski Method

Question 202

Allows manipulation of a cryptosystem by choosing a block of text, and getting the ciphertext as output to see how things are enciphered.

Answer 202

Chosen Plaintext Attack

Question 203

Analysis is done on the ciphertext to try to detect patterns that can be used to break the encryption. A lot more difficult than chosen plaintext attacks.

Answer 203

Ciphertext Only Attack

Question 204

Two chosen plaintext attacks run in parallel, but you are using two different but related keys. You would have two streams of text being encrypted into ciphertext by these two keys. Commonly used against wireless network encryption.

Answer 204

Related Key Attack

Question 205

A known plaintext attack (an attack that has access to the plaintext). Uses a linear approximation (similar to Minesweeper). You are learning where things are and how slight changes lead to deciphering the encryption. You are essentially changing one bit of the known plaintext and comparing the result against the known plaintext to be able to analyze the differences between the two ciphertexts. This will allow you to potentially recover the key, one bit at a time.

Answer 205

Linear Cryptanalysis

Question 206

Used in symmetric cryptography only. It is a specific targeted approach to try to break symmetric key cryptography. Examines the differences in input and how it affects the output. Essentially you are reviewing the avalanche effect and trying to reverse engineer it.

Answer 206

Differential Cryptanalysis

Question 207

Uses lots of sets of plaintext that are similar with slight modifications. These are encrypted and then the variations are analyzed to determine if there’s anything that can be zeroed in on.

Answer 207

Integral Cryptanalysis

Question 208

The private key for encryption has been uncovered.

Answer 208

Total Break

Question 209

The attacker discovers an equivalent algorithm for encryption and decryption, but we don’t get the key. Basically, we would figure out the encryption type but not get the key.

Answer 209

Global Deduction

Question 210

The attacker discovers additional plaintext/ciphertext that were not previously known. This can be used to deduce some of the supporting elements outside of the actual key, but you do not get the actual key itself.

Answer 210

Local (Instance) Deduction

Question 211

We gain information or an understanding about plaintext or ciphertext that was not previously known. Similar to Local Deduction but you have not uncovered additional plaintext or ciphertext, just information regarding them.

Answer 211

Information Deduction

Question 212

We can understand the cipher from some sort of random permutation based on information you find.

Answer 212

Distinguishing Algorithm

Question 213

Precalculated hashes of all available passwords within a certain character space. Typically used to crack hashes.

Answer 213

Rainbow Tables

Question 214

Time (amount of time needed to perform the number of calculations to crack encryption), Memory (the amount of storage required to perform the attack), and Data (the amount of plaintext/ciphertext required for the attack).

Answer 214

3 Cryptanalysis Resources