Symmetric Cryptography and Hashes

Question 1

Symmetric Key Cryptography

Answer 1

The same key is used to encrypt and decrypt the message, faster than asymmetric but has an issue with key exchange.

Question 2

Information Theory

Answer 2

Modern cryptography began in 1949 when Claude Shannon published a paper about the Mathematical Theory of Communication. This idea improved cryptography.

Question 3

Diffusion

Answer 3

Changes to one character in the plain text affect multiple characters in the ciphertext, unlike in historical algorithms where each plain text character only affects one ciphertext character.

Question 4

Confusion

Answer 4

Occurs by using a complex substitution algorithm. Attempts to make the relationship between the statistical frequencies of the ciphertext and the key as complex as possible.

Question 5

Avalanche

Answer 5

A desirable effect where a change to one bit leads to a large change in output. This is Fiestel’s take on Claude Shannon’s concept of diffusion. Feistel’s ideas are important when discussing block ciphers.

Question 6

Kerckhoff’s Principle

Answer 6

A Cryptosystem should be secure, even if everything about the system is publicly known.

Question 7

How is symmetric algorithm encryption is expressed mathematically

Answer 7

C=E(k,p)

Cipher Text (C) is equal to the encryption function (E) with the key (k) and plain text (p) being passed as parameters to that function.

Question 8

How is symmetric algorithm decryption is expressed mathematically

Answer 8

P=D(k,c)

The plain text (P) is equal to the encryption function (E) with the key (k) and the ciphertext (c) being passed as parameters to that function.

Question 9

Substitution

Answer 9

Changing some parts of the plain text for some matching part of the ciphertext. Historical algorithms typically use this.

Question 10

Two things all modern block cipher algorithms use

Answer 10

Substitution and Transposition

Question 11

Two types of symmetric algorithms

Answer 11

Block Ciphers and Stream Ciphers

Question 12

This is how the substitution portion of symmetric key cryptography is accomplished

Answer 12

XORing the plain text message with the key

Question 13

This is how transposition is done symmetric key cryptography

Answer 13

Swapping blocks of text

Question 14

What single-key encryption means

Answer 14

The same key is used to both encrypt and decrypt a message

Question 15

List of popular symmetric block cipher algorithms

Answer 15

The Feistel Network, DES, 3DES, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA, CAST, TEA, SHARK

Question 16

Facts about the Feistel Function

Answer 16

Larger Block sizes increase security
A larger Key size increases security
If the round function is secure then more rounds increase security

Question 17

Cipher

Answer 17

The algorithms needed to encrypt and decrypt a message

Question 18

Key

Answer 18

Random bits used to encrypt a message

Question 19

Algorithm

Answer 19

The mathematical process used to alter a message and make it unintelligible to any but the intended party

Question 20

The Feistel Function

Answer 20

Named after a German Physicist named Horst.

Forms a basis for most block ciphers. Splits a block of plain text data into two parts (L0 and R0). The round function is applied to one-half. The output of each round function is XORed with the other half.

Question 21

Unbalanced Feistel Cipher

Answer 21

Uses a modified structure where L0 and R0 are not equal lengths. This variation is used with the Skipjack algorithm.

Question 22

Data Encryption Standard (DES)

Answer 22

Was the premier block cipher for many years but is now considered outdated. Was selected at the Federal Information Processing Standard (FIPS) for the U.S. in 1976. This is a Feistel Cipher with 16 rounds with a 48 bit key for each round. To generate round keys a 56-bit key is split into two 28 bit halves. This Feistel Cipher uses 8 s-boxes.

Question 23

3DES

Answer 23

An interim replacement for DES. Performs DES three times with three different 56bit keys.

Question 24

DESx

Answer 24

Variation of DES that uses a technique called Key Whitening. XORs a key with text before or after the round function or both.

Question 25

Advanced Encryption Standard (AES)

Answer 25

Also known as Rijndael block cipher. Chosen as a replacement for DES in 2001. Designated as FIPS197. Can have three different key sizes; 128, 192, and 256. All three operate on a block size of 128 bits. Not based on a Feistel network. Operates on a 4x4 column-major order matrix of bytes called the state.

Question 26

Blowfish

Answer 26

A symmetric block cipher designed in 1993 by Bruce Schneier. Was intended as a replacement for DES. Like DES it is a 16 round Feistel working on 64bit blocks. Can have bit sizes of 32bits to 448bits.

Question 27

Some products Blowfish is used in:

Answer 27

BCrypt, CryptoDisk, DriveCrypt, Password Safe, Password Wallet, Backup for Workgroups, Crashplan

Question 28

Serpent

Answer 28

Symmetric key block cipher, created by Ross Anderson, Eli Biham, and Lars Knudsen. Block size of 128bits. Can have key sizes 128, 192, or 256bits. Uses 32 rounds working with a block of four 32bit words.

Question 29

Twofish

Answer 29

Finalist to replace DES. Block size of 128bits and key sizes up to 256bits, it’s a Feistel cipher. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagener, Chris Hall, and Niels Ferguson.

Question 30

SkipJack

Answer 30

Developed by the NSA and was designed for the clipper chip, a chip with built-in encryption. Decryption key was kept in escrow for law enforcement to decrypt the data without the owner’s cooperation, made this algorithm highly controversial. Uses an 80bit key to encrypt and decrypt 64bit data blocks. An unbalanced Feistel network with 32 rounds.

Question 31

International Data Encryption Algorithm (IDEA)

Answer 31

A block cipher designed as a replacement for DES. Designed by James Massey and Xuejia Lai in 1991. 64bit blocks and a 128bit key. Uses a series of eight identical transformations.

Question 32

CAST-128 and CAST-256

Answer 32

This block cipher was created by Carlisle Adams and Stafford Tavares. There are two popular versions. The 128 version can use 12 or 16 rounds working on a 64bit block with key sizes ranging from 40bits to 128bits in 8 bit increments. This version is also used in some versions of PGP.

Question 33

Tiny Encryption Algorithm (TEA)

Answer 33

A simple algorithm that is easy to implement in code, a Feistel Cipher that uses 64 rounds. Created by David Wheeler and Roger Needham in 1994.

Question 34

SHARK

Answer 34

Created by Vincent Rijmen, Joan Daemen, Bart Preneel, Antoon Bosselaers, and Erik De Win. Uses a 64bit block with a 128bit key in six rounds. Shares similarities with the Rijndael cipher such as the use of S-boxes.

Question 35

Electronic Codebook (ECB)

Answer 35

This is the most basic encryption mode. The message is divided into blocks and each block is encrypted separately. A weakness of this is that the same plain text always equals the same cipher text which gives the attacker a way to begin analyzing the cipher to derive the key.

Question 36

Cipher-Block Chaining (CBC)

Answer 36

Each block of plaintext is XORed with the previous cipher text block before being encrypted. This creates significantly more randomness in the final cipher text. More secure than electronic codebook mode.

Question 37

Propagating Cipher-Block Chaining (PCBC)

Answer 37

Designed to cause small changes in the cipher text to propagate indefinitely when decrypting, as well as encrypting, a variation of the CBC mode of operation, has not been published as a federal standard.

Question 38

Cipher Feedback (CFB)

Answer 38

In this mode the previous cipher text block is encrypted, the cipher text is XORed back with the plain text to produce the current cipher text block, essentially it loops back on itself increasing the randomness of the cipher text.

Question 39

Output Feedback (OFB)

Answer 39

Makes a block cipher into a synchronous stream cipher, generates keystream blocks, which are then XORed with the plain text blocks to get the cipher text.

Question 40

Counter (CTR)

Answer 40

Used to turn a block cipher into a stream cipher, much like OFB mode. Generates the next keystream block by encrypting successive values of a “counter”. The counter can be any simple function that does not repeat for a long time.

Question 41

Initialization Vector (IV)

Answer 41

Fixed size input to a cryptographic primitive that is random or pseudorandom. Called a ‘nonce’ if it is non-repeating and not truly random. Used along with a secret key for encryption.

Question 42

ECB Mode

Answer 42

Encryption of the same plain text with the same key results in the same cipher text. Use of an IV that is XORed with the first block of plain text solves this problem.

Question 43

Symmetric Stream Ciphers

Answer 43

Sometimes called a state cipher. Random key is XORed with stream of plain text.

Question 44

Synchronous Stream Cipher

Answer 44

A stream of pseudorandom digits is generated independently. That stream is then combined with the plain text (encrypt) or the cipher text (decrypt).

Question 45

Self-synchronizing Stream Cipher

Answer 45

Uses several of the previous N cipher text digits to compute the key stream.

Question 46

RC4

Answer 46

A Symmetric Stream Cipher created by Ron Rivest in 1987. Most widely used software stream cipher. Identically used for encryption and decryption, the data stream is simply XORed with the key. Uses a variable length key from 1 to 256 bytes.

Question 47

FISH

Answer 47

A symmetric Stream Cipher published by the German engineering firm Seimans in 1993. A software based stream cipher that uses a Lagged Fibonacci generator along with concepts borrowed from shrinking generator ciphers.

Question 48

Hash Function

Answer 48

Uses an H function that takes a variable size input (m) and returns a fixed size string. The value that is returned is called the ** value or the, or the h, or the digest. Can be expressed mathematically as h=H(m)
Has a variable length input with fixed length output, same sized output is produced regardless of what you put into the algorithm.
H(x) is one way. You can’t undo it. It is also collision resistant,

Question 49

Salt

Answer 49

Random bits that are used as one of the inputs to a hash. Complicates dictionary attacks.

Question 50

MD5

Answer 50

128bit hash specified by RFC1321. In 1996 a flaw was found in this hash function that was created by Ron Rivest in 1991 to replace an earlier, similarly named, hash function. This hash is also not collision resistant. Recommended to use SHA-1 instead.
Breaks down message into 512 byte chunks, padded with 0s if needed to reach 512.
Length of the message is appended as the last 64bits.
Operates on a 128bit state, divided into 4 32bit words.
Four nonlinear function (F) rounds.

Question 51

MD6

Answer 51

This hash uses a Merkle Tree like structure to allow for immense parallel computation of hashes for very long inputs. Was submitted to the NIST SHA-3 competition. In 2009 Rivest stated that this hash is not ready to be a candidate for SHA-3 because of speed issues and other concerns.

Question 52

Secure Hash Algorithm

Answer 52

Most widely used hash algorithm.

Question 53

SHA-1

Answer 53

A 160bit hash function that resembles earlier MD5 algorithm. Designed by the NSA to be part of the Digital Signature Algorithm.

Question 54

SHA-2

Answer 54

Two similar hash functions with different block sizes, known as SHA-256 and SHA-512. Uses 64 byte (512bit) words.

Question 55

SHA-3

Answer 55

A proposed hash function still in development. Will be given name in 2012 by NIST.

Question 56

FORK-256

Answer 56

This hash is in analysis phase and not in widespread use. Uses 512bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256bit block through four branches that divides each 512 block into sixteen 32bit words that are further encrypted and rearranged. Branches are used in parallel making it hard to analyze.

Question 57

RIPEMD-160

Answer 57

RACE Integrity Primitives Evaluation Message Digest is a 160bit hash algorithm created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. Also has 128, 256, and 320bit versions which replace the original version because of collision issues. Doesn’t follow any standard security policies or guidelines.

Question 58

GOST

Answer 58

Hash algortihm created by the Russians. Produces a fixed length output of 256bits. Input message is broken up into 256 bit blocks. If block is less than 256 bits then it is padded with 0s.

Question 59

Tiger

Answer 59

192bit hash function created by Ross Anderson and Eli Biham in 1995. Designed using the Merkle-Damgard construction (collision resistant hash functions). One way compression function operates on 64bit words, maintaining 3 words of state and processing 8 words of data. 24 rounds and 8 input words.

Question 60

MAC and HMAC (Message Authentication Mode) and (Hash Message Authentication Mode)

Answer 60

One uses a block cipher in in CBC mode to improve integrity. The other adds a key to a hash to improve integrity.

Question 61

CryptoBench

Answer 61

An app that allows you to see the output of a number of hashes. Enter the text you wish to encrypt, select an algorithm, then enter a key.