Lesson 5 - Basic Cryptography Concepts

Question 1

Plaintext (or cleartext)

Answer 1

an unencrypted message.

Question 2

Ciphertext

Answer 2

an encrypted message.

Question 3

Cipher

Answer 3

the process (or algorithm) used to encrypt and decrypt a message.

Question 4

Cryptanalysis

Answer 4

the art of cracking cryptographic systems.

Question 5

Hashing

Answer 5

A cryptographic hashing algorithm produces a fixed-length string from an input plaintext that can be of any length. The output can be referred to as a checksum, message digest, or hash,

Question 6

Secure Hash Algorithm (SHA)

Answer 6

considered the strongest algorithm. SHA-256, which produces a 256-bit digest.

Question 7

Message Digest Algorithm #5 (MD5)

Answer 7

produces a 128-bit digest. MD5 is not considered to be quite as safe for use as SHA-256, but it might be required for compatibility between security products.

Question 8

A symmetric cipher

Answer 8

is one in which encryption and decryption are both performed by the same secret key. Also used for confidentiality.

Question 9

Two types of symmetric encryption:

Answer 9

stream ciphers and block ciphers.

Question 10

Stream cipher

Answer 10

each byte or bit of data in the plaintext is encrypted one at a time.

Question 11

Block cipher

Answer 11

the plaintext is divided into equal-size blocks (usually 128-bit).

Question 12

Advanced Encryption Standard (AES)

Answer 12

is the default symmetric encryption cipher for most products. Basic AES has a key size of 128 bits, but the most widely used variant is AES256, with a 256-bit key.

Question 13

asymmetric cipher

Answer 13

operations are performed by two different but related public and private keys in a key pair.

asymmetric encryption is mostly used for authentication and non-repudiation and for key agreement and exchange.

Asymmetric encryption is often referred to as public key cryptography.

Question 14

Elliptic curve cryptography (ECC)

Answer 14

is another type of trapdoor function that can be used in public key cryptography ciphers.

The principal advantage of ECC over RSA’s algorithm is that there are no known “shortcuts” to cracking the cipher or the math that underpins it, regardless of key length.

Consequently, ECC used with a key size of 256 bits is very approximately comparable to RSA with a key size of 2048 bits.

Question 15

digital signature

Answer 15

is a hash that is then encrypted using a private key.

Question 16

public key infrastructure (PKI)

Answer 16

The process of issuing and verifying certificates

Question 17

This risk from RSA key exchange is mitigated by:

perfect forward secrecy (PFS).

Answer 17

PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server’s private key.

Question 18

Cipher Block Chaining (CBC) mode

Answer 18

applies an initialization vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext.

Question 19

Counter mode makes the AES algorithm work as a stream cipher.

Answer 19

Counter mode applies an IV plus an incrementing counter value to the key to generate a keystream. The keystream is then XOR’ed to the data in the plaintext blocks

Question 20

AEAD

Answer 20

Authenticated Encryption with Additional Data

In an AEAD scheme, the associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream.

Question 21

Cryptographic primitive

Answer 21

a single hash function, symmetric cipher or asymmetric cipher. It uses multiple cryptographic primitives such as within a cipher suite.

Question 22

basic hash function

Answer 22

A basic hash function can also be used with a shared secret to create a message authentication code (MAC), which prevents a man-in-the-middle tampering with the checksum.

Question 23

Entropy

Answer 23

is a measure of disorder. A plaintext will usually exhibit low entropy as it represents a message in a human language or programming language or data structure

Question 24

Nonce

Answer 24

the principal characteristic of a nonce is that it is never reused (“number used once”) within the same scope (that is, with the same key value).

Question 25

Initialization vector (IV)

Answer 25

the principal characteristic of an IV is that it be random (or pseudo-random).

Question 26

Salt

Answer 26

this is also a random or pseudo-random number or string. The term salt is used specifically in conjunction with hashing password values.

Salt means that an attacker cannot use pre-computed tables of hashes.

Question 27

longevity

Answer 27

is the consideration of how long data must be kept secure.

Question 28

A downgrade attack

Answer 28

can be used to facilitate a man-in-the-middle attack by requesting that the server use a lower specification protocol with weaker ciphers and key lengths.

Question 29

Key stretching

Answer 29

takes a key that’s generated from a user password and repeatedly converts it to a longer and more random key

Question 30

A birthday attack

Answer 30

is a type of brute force attack aimed at exploiting collisions in hash functions.

Question 31

collision

Answer 31

is where a function produces the same hash value for two different plaintexts. This type of attack can be used for the purpose of forging a digital signature.

Question 32

Quantum

Answer 32

refers to computers that use properties of quantum mechanics to significantly out-perform classical computers at certain tasks.

Question 33

cryptographic agility

Answer 33

refers to an organization’s ability to update the specific algorithms used across a range of security products without affecting the business workflows that those products support

Question 34

Homomorphic encryption

Answer 34

is principally used to share privacy-sensitive data sets.

Question 35

Blockchain

Answer 35

is a concept in which an expanding list of transactional records is secured using cryptography

Question 36

Steganography (literally meaning “hidden writing”)

Answer 36

is a technique for obscuring the presence of a message.