Quiz 8 - Hashes & Security Protocols (ch21, 23) Flashcards

1
Q
If the length of hash is 128 bits, then how many messages does an attacker need to search in order to find two that share the same hash?
A. 128
B. 2^127
C. 2^128
D. 2^64
A

D

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

It’s much harder to launch successful collision attacks on HMAC because of secret key.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Security depends on the cryptographic strength of the underlying hash function.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The one-way hash function is important not only in message authentication but also in digital signatures.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SHA processes the input one block at a time but each block goes through the same processing.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HMAC is secure provided that the embedded hash function has good cryptographic strengths such as one-way and collision resistant.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The challenge values used in an authentication protocol can be repeatedly used in multiple sessions.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The authentication messages can be captured and replayed by an adversary.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Authentication can be one-way, e.g., only authenticating Alice to Bob.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A reflection attack is a form of man-in-the-middle attack.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To defeat a reflection attack, we can use an odd number as challenge from the initiator and even number from the responder.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

We can use signing with public keys to achieve mutual authentication.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A session key should be a secret and unique to the session.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Authentication should be accomplished before key exchange.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A key benefit of using KDC is for scalability.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

In order for Bob to verify Alice’s public key, the certificate authority must be on-line.

A

False

17
Q

Signing the message exchanges in Diffie-Hellman eliminates the main-in-the-middle attack.

A

True

18
Q

Kerberos provides authentication and access control.

A

True

19
Q

Kerberos also distributes session keys.

A

True

20
Q

To avoid over-exposure of a user’s master key, Kerberos uses a per-day key and a ticket-granting-ticket.

A

True

21
Q

The authenticators used in requests to KDC and application servers can be omitted.

A

False

22
Q

Access to any network resource requires a ticket issued by the KDC.

A

True