Lesson 5 - Summarizing Basic Cryptographic Concepts

Question 1

The science and practice of altering data to make it unintelligible to unauthorized parties.

Answer 1

Cryptography

Question 2

Unencrypted data that is meant to be encrypted before it is transmitted, or the result of decryption of encrypted data.

Answer 2

Plaintext

Question 3

Data that has been enciphered and cannot be read without the cipher key.

Answer 3

Ciphertext

Question 4

Data that has been enciphered and cannot be read without the cipher key.

Answer 4

Cipher

Question 5

The science, art, and practice of breaking codes and ciphers.

Answer 5

Cryptoanalysis

Question 6

There are three main types of cryptographic algorithm with different roles to play in the assurance of the security properties.

Answer 6

confidentiality, integrity, availability, and non-repudiation

Question 7

These types are hashing algorithms and two types of encryption ciphers.

Answer 7

symmetric and asymmetric

Question 8

A function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

Answer 8

Hashing

Question 9

The output of a hash function.

Answer 9

Checksum

Question 10

A form of hashing algorithm used to prove integrity.

Answer 10

Hashing algorithm

Question 11

A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2. The most popular variant is SHA-256, which produces a 256-bit digest.

Answer 11

Secure Hash Algorithm

Question 12

A cryptographic hash function producing a 128-bit output.

Answer 12

Message Digest Algorithm

Question 13

FCIV

Answer 13

File Check Integrity Version

Question 14

In cryptography, a specific piece of information that is used in conjunction with an algorithm to perform encryption and decryption.

Answer 14

digest

Question 15

Involves replacing units (a letter or blocks of letters) in the plaintext with different ciphertext.

Answer 15

Substitution ciphers

Question 16

A two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Answer 16

Symmetric encryption
Symmetric encryption is also referred to as single key or private key or shared secret.
Symmetric encryption is very fast.
It is used for bulk encryption of large amounts of data.
Symmetric encryption is used for confidentiality and cannot be used for authentication or integrity.
Example: AES

Question 17

Two types of symmetric encryption.

Answer 17

stream cipher and block cipher

Question 18

A type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key.

Answer 18

Stream cipher
Counter (CTR) and Galois/Counter Mode (GCM) modes allow block ciphers to behave like stream ciphers.
https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Question 19

A type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers.

Answer 19

Block cipher

Question 20

A symmetric 128-, 192-, or 256-bit block cipher based on the Rijndael algorithm developed by Belgian cryptographers Joan Daemen and Vincent Rijmen and adopted by the U.S. government as its encryption standard to replace DES.

Answer 20

Advanced Encryption Standard (AES)

Question 21

The range of key values available to use with a particular cipher.

Answer 21

Keyspace
“Key Length” - Using a longer key (256 bits rather than 128 bits, for instance) makes the encryption scheme stronger.

Question 22

In which encryption cipher is operations performed by two different but related public and private keys in a key pair.
A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) algorithms, but the private key is not derivable from the public one.

Answer 22

Asymmetric encryption.
An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.
Each key is capable of reversing the operation of its pair.
Referred to as public key cryptography.

Question 23

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Answer 23

private key

Question 24

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Answer 24

public key
The public key cannot be used to decrypt the ciphertext, even though it was used to encrypt it.

Question 25

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

Answer 25

RSA Algorithm
RSA key pair security depends on the difficulty of finding the prime factors of very large integers (modular exponentiation).

Question 26

Mathematical ciphers that use an operation which is simple to perform one way when all of the values are known, but is difficult to reverse.

Answer 26

trapdoor function

Question 27

An asymmetric encryption algorithm that leverages the algebraic structures of elliptic curves over finite fields to derive public/private key pairs.

Answer 27

Elliptic curve cryptography

Question 28

A message digest encrypted using the sender’s private key that is appended to a message to authenticate the sender and prove message integrity.

Answer 28

digital signature
a digital signature is a hash that is then encrypted using a private key.
digital signatures do not provide any message confidentiality.

Question 29

public key encryption standard used for digital signatures that provides authentication and integrity verification for messages.

Answer 29

Digital Signature Algorithm (DSA)
DSA uses elliptic curve cryptography (ECC) rather than the RSA cipher.

Question 30

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Answer 30

key exchange
it is the recipient’s public key that is used to perform encryption and the recipient’s private key that is used for decryption.
The validity of the whole digital envelope can be proved using a message authentication code.

Question 31

Validate the owner of the public key by issuing the subject with a certificate.

Answer 31

certificate authority (CA)
The certificate is signed by the CA

Question 32

The process of issuing and verifying certificates.

Answer 32

public key infrastructure (PKI)

Question 33

A characteristic of transport encryption that ensures if a key is compromised the compromise will only affect a single session and not facilitate recovery of plaintext data from other sessions.

Answer 33

Perfect Forward Secrecy (PFS)
PFS uses Diffie-Hellman (D-H) key agreement to create ephemeral session keys without using the server’s private key.
The authenticity of the values sent by the server is proved by using a digital signature.
PFS can be implemented using either the Diffie-Hellman Ephemeral mode (DHE or EDH) or Elliptic Curve Diffie-Hellman Ephemeral mode (ECDHE) algorithms.
To use PFS, the server and client must negotiate use of a mutually supported cipher suite.

Question 34

A cryptographic technique that provides secure key exchange.

Answer 34

Diffie-Hellman (D-H)

Question 35

In cryptography, a key that is used within the context of a single session only.

Answer 35

ephemeral
ephemeral session keys.

Question 36

A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys.

Answer 36

Diffie-Hellman Ephemeral mode (DHE or EDH) algorithm

Question 37

A cryptographic protocol that is based on Diffie-Hellman and that provides for secure key exchange by using ephemeral keys and elliptic curve cryptography.

Answer 37

Elliptic Curve Diffie-Hellman Ephemeral mode (ECDHE) algorithm

Question 38

In what protocol does the requirements to both authenticate the identity of the server and to encrypt communications between the server and client need to be fulfilled by separate cryptographic products and cipher implementations.

Answer 38

Transport Layer Security (TLS)

Question 39

Lists of cryptographic algorithms that a server and client can use to negotiate a secure connection.

Answer 39

cipher suite

Question 40

What is used to assert the identity of the server’s public key and facilitate authentication.

Answer 40

A signature algorithm

Question 41

What is used by the client and server to derive the same bulk encryption symmetric key.

Answer 41

A key exchange/agreement algorithm

Question 42

Implementation of a block symmetric cipher, with some modes allowing secure encryption of a stream of data, with or without authentication for each block.

Answer 42

mode of operation

Question 43

Applies an initialization vector (IV) to the first plaintext block to ensure that the key produces a unique ciphertext from any given plaintext and the output of the first ciphertext block is then combined with the next plaintext block using an XOR operation.

Answer 43

Cipher Block Chaining (CBC) Mode
CBC needs to use padding to ensure that the data to encrypt is an exact multiple of the block size.

Question 44

An operation that outputs to true only if one input is true and the other input is false.

Answer 44

XOR
XOR is a logical operation that outputs 1 only when the inputs are 1 and 0.

Question 45

An encryption mode of operation where a numerical counter value is used to create a constantly changing IV. Also referred to as CTM (counter mode) and CM (counter mode).

Answer 45

Counter mode (CTM)
Counter mode (CTM) makes the AES algorithm work as a stream cipher.
Counter modes do not need to use padding. Any unused space in the last block is simply discarded.

Question 46

The basic CBC and counter modes of operation are unauthenticated. While a man-in-the-middle cannot decrypt them directly without the secret key, the ciphertexts are vulnerable to arbitrary data being inserted or modified to break the encryption scheme.

Answer 46

chosen ciphertext attack

Question 47

Proving the integrity and authenticity of a message by combining its hash with a shared secret.

Answer 47

message authentication code (MAC)

Question 48

The associated data allows the receiver to use the message header to ensure the payload has not been replayed from a different communication stream.

Answer 48

Authenticated Encryption with Additional Data (AEAD).
Example: AES-GCM or AES-CCM.
The ChaCha20-Poly1305 stream cipher has been developed as an alternative to AES.

Question 49

A single hash function, symmetric cipher, or asymmetric cipher.

Answer 49

a cryptographic primitive

Question 50

A technique that essentially “hides” or “camouflages” code or other information so that it is harder to read by unauthorized users

Answer 50

Obfuscation i

Question 51

Attempts to protect an embedded key while preserving the functionality of the code.

Answer 51

white box cryptography

Question 52

A measure of disorder.

Answer 52

Entropy.
Cryptographic systems should exhibit high entropy to better resist brute force attacks.

Question 53

A symmetric stream cipher generally considered obsolete, as it does not support large key sizes and is vulnerable to several attacks.

Answer 53

RC4.
DES and RC4 are examples of algorithms known to have weak keys. RC4 and DES/3DES are already deprecated.
MD5 and SHA-1 have known weaknesses, but are not necessarily unsecure if compatibility is an overriding concern.

Question 54

A method of generating random values by sampling physical phenomena that has a high rate of entropy.

Answer 54

true random number generator (TRNG)

Question 55

The process by which an algorithm produces numbers that approximate randomness without being truly random.

Answer 55

pseudo random number generator RNG (PRNG)

Question 56

A cryptographic attack where the attacker exploits the need for backward compatibility to force a computer system to abandon the use of encrypted messages in favor of plaintext messages.

Answer 56

downgrade attack

Question 57

A technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against bruteforce attacks.

Answer 57

Key Stretching

Question 58

Implementation of key stretching to make potentially weak input used to derive a cryptographic key, such as short passwords, less susceptible to brute force attacks.

Answer 58

Password-Based Key Derivation Function 2 (PBKDF2)

Question 59

A type of password attack that exploits weaknesses in the mathematical algorithms used to encrypt passwords, in order to take advantage of the probability of different password inputs producing the same encrypted output.

Answer 59

A birthday attack

Question 60

In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output.

Answer 60

A collision

Question 61

Computers that use properties of quantum mechanics to significantly out-perform classical computers at certain tasks.

Answer 61

Quantum.
Quantum Computer.
A quantum computer performs processing on units called qubits (quantum bits).
A qubit can be set to 0 or 1 or an indeterminate state called a superposition, where there is a probability of it being either 1 or 0.

Question 62

Anticipating challenges to current cryptographic implementations and general security issues in a world where threat actors have accesss to significant quantum processing capability.

Answer 62

Post-Quantum

Question 63

Method that allows computation of certain fields in a dataset without decrypting it.

Answer 63

Homomorphic encryption.
Principally used to share privacy-sensitive data sets.

Question 64

A concept in which an expanding list of transactional records listed in a public ledger is secured using cryptography.

Answer 64

Blockchain