PKI Flashcards
What are the functions of RSA?
- Choose 2 large prime numbers… P & Q
- Multiply them… N=P*Q
- Select number (E) where E is less than N and is roughly prime
- Find number D where D=(ED-1) mod (P-1)(Q-1)=0
- Distribute E & N as public key and D as private key
What is Merkle-Hellman Knapsack?
Early asymmetric method similar to RSA but used super-increasing sets. Broken in 1984.
What is El Gamal?
Implementation of Diffie-Hellman algorithm. (I mod)… (You mod). Strength was that it was public domain. Weakness was that it doubled message length.
What is Elliptic Curve?
Logarithmic function that allowed much smaller key length (160bits) than RSA (1088 bits).
What must a hash function perform?
- Input is any length.
- Output is fixed.
- Hash function is easy to perform.
- Has function is one way (ie cannot be reverse engineered)
- Collision free (no dupes)
What is the digest and block size for SHA-1?
160 bit digest and 512bit block.
What is the digest and block for the 4 modes of SHA-2?
- .. 256 digest, 512 block
- .. 224 digest, 512 block
- .. 512 digest, 1024 block
- .. 384 digest, 1024 block
Is SHA-2 considered secure?
Yes
What is the digest and block size for MD4?
128 bit digest and 512bit block with 3 rounds of processing.
What is the difference between MD4 & MD5?
MD5 uses 4 rounds of processing.
What are the distinct goals of digital signatures?
- Non repudiation.
2. Messages are not altered during transit.
What 2 functions do digital signatures implement?
- Public key crypto
2. Hashing functions
What is HMAC?
Hashed Message Authentication Code… Does not implement non-repudiation.
What is the golden rule on which key to use?
When I am doing functions on myself (decrypt, sign) use my private key
When I want to deal with others (send, verify) use the other parties public key
What must a digital cert contain?
- Cert version
- Serial number from CA
- CA signature algorithm ID
- CA info
- Subjects name
- public key
What are some well known CA?
VeriSign Godaddy Geotrust Entrust Digicert
What is an RA?
Registration Authority will work with CA to verify subject.
What steps should you perform when presented with a digital cert?
- Determine if CA is trusted.
2. Verify cert is not on Certificate Revocation List (CRL)
Outline the technologies and implementations of PGP…
Commercial - IDEA (encryption) MD5 (digest)
Freeware - CAST (encrypt), SHA-1 (digest)
Who uses S/MIME?
Outlook/ Exchange
Mozilla
Max OSx
How does SSL go about its connection process?
- Initial connection utilizes the digital cert on webserver to determine identity.
- Browser creates a random symmetric key that is encrypted with server’s public key
- Server uses symmetric key for all future communication.
What is Steganography and when is it best used?
Hiding a message inside a large objects (bmp). Also used in watermarking. Does not impact the quality of the image.
What is Link encryption?
Low level encryption method. lower level of OSI… End to end
What is end-to-end encryption and how is it different than link encryption?
Operates at a higher level of OSI stack.
What makes WPA better than WEP?
WPA implement TKIP (temporal keys).
WPA2 implements AES encryption.
In RSA encryption, which value will always be the largest? A. e B. n C. p D. q
B. n = P * Q
If Richard wants to send an encrypted message to Sue using a public key systems, which key does he use? A. Richards public key B. Richards private key C. Sue's public key D. Sue's private key
C. Sue’s public key
ACME Widgets uses a 1024 RSA encryption standard and plans to convert to Elliptic Curve. What key length needs to be chosen to maintain strength? A. 160 B. 512 C. 1024 D. 2048
A. 160
John wants to produce a message that is 2048 bytes to Mary using SHA-1. What size will the digest be? A. 160bits B. 512bits C. 1024 bits D. 2048 bits
A. 160 bits
What crypto system provide the encryption service for PGP's commercial version? A. ROT13 B. IDEA C.ECC D. El Gamal
B. IDEA
