Symmetric Key Algorithms

Question 1

What function does this stand for ^?

Answer 1

The AND operation where both inputs have to be true for a true output value. Only an X and Y of 1 produce and output value of 1.

Question 2

What function does this symbol stand for? v

Answer 2

The OR operation. Only one value needs to be TRUE in order to produce a TRUE value.

e.g. 1 +0 = 1 but 0 = 0 = 0

Question 3

What function does this symbol represent? ~

Answer 3

The NOT operation. The NOT operation is the opposite of the function so a 1 with the NOT operation applied is 0 and vice versa.

Question 4

What function does this symbol represent? ⊕

Answer 4

The exclusive OR operation. If one value OR the other is TRUE then the result is TRUE. 1 + 1= 0 but 1 +0=1

Question 5

What is a NONCE?

Answer 5

A random number that acts as a placeholder variable in mathematical functions.

Question 6

Give an example of a NONCE.

Answer 6

An IV or initialization vector which is a random bit string that is the same length as the block size and is XORed with the message. They are used to create unique ciphertext everytime the the same message is encrypted using the SAME KEY.

Question 7

What is SPLIT KNOWLEDGE?

Answer 7

When information or privelige is split among different users so no one perosn has the ability to compromise the security of an environment.

Question 8

What is a TRANSPOSITION CIPHER?

Answer 8

Rearrangement of letters

Question 9

What is a SUBSTITUTION CIPHER?

Answer 9

Uses an encryption algorithm to replace the letters of a message

Question 10

What other name is a ONE TIME PAD known as?

Answer 10

Vernam Cipher

Question 11

What are the requirements or rules for keeping a ONE TIME PAD secure?

Answer 11

1. Must be randomly generated.
2. Must be physically protected against disclosure
3. Can be used only ONCE
4. Key must be at least as long as the message

Question 12

What other name is a RUNNING KEY CIPHER known as?

Answer 12

A BOOK CIPHER​

Question 13

A Transpostion CI{HER is also known as a ________________ Cipher.

Answer 13

BLOCK

Question 14

A STREAM CIPHER works on a _____ at a time

Answer 14

BIT

Question 15

What causes CONFUSION in Cryptography?

Answer 15

When the relationship between the plaintext and the key is so complicated that moving the text around is not enough to decipher it

Question 16

What causes DIFFUSION in Cryptography?

Answer 16

When a change in the plain text causes multiple changes in throughout the ciphertext.

Question 17

What are some of the issues with SYMMETRIC KEY Cryptography?

Answer 17

1. Key Distribution is problematic- must have a secure method to EXCHANGE keys
2. Does not provide non-repudiation
3. Not SCALABLE
4. Keys have to be regenerated often- if a person leaves every key know (exchnaged) must be regenerated

Question 18

How is SYMMETRIC KEY ENCRYPTION accomplished? (How many keys)

Answer 18

Each participant has ONE secret key that must be known to both parties. Two keys used.

Question 19

How is ASYMMETRIC KEY encryption accomplished?

Answer 19

Using a PUBLIC Key (known to all) and a PRIVATE KEY (Known only to one side).

Person encrypting uses the recipient’s PUBLIC KEY which is decrypted by the PRIVATE KEY of the recipinent.

Question 20

What is the formula to determine the number of SYMMETRIC KEYS required?

Answer 20

Number of Keys= n(n-1)/2

Question 21

What are the advantages of ASYMMETRIC KEY encryption?

Answer 21

1. Addition of new users requies generation of only one public-private key pair
2. Key revocation of one key is easy to accomplish
3. Provides Repudiation, Authentication and nonrepudiation
4. Key distribution simple- public key can be made available to anyone and public key cannot derive the private key
5. No pre-existing communications need to exist (such as sharing a secret key as in symmetric key cryptography).

Question 22

Name the modes of DES Symmetric encrption algorithm

Answer 22

1. Cipher Block Mode (CBC)
2. Cipher Feedback Mode (CFM)
3. Output Feedback Mode (OFM)
4. Counter Mode (CTR)

Question 23

1. How does ECB work

2. Name security flaw(s),

3. What algorith is it part of,?

4. What does ECB stand for?

Answer 23

1. Encrypts 64 bit blocks withthe same secret key
2. Subject to eavesdropping
3. DES
4. Electronic Codebook

Question 24

1. How does CBC work

2. Name security flaw(s),

3. What algorith is it part of,?

4. What does CBC stand for?

Answer 24

1. Each block of unencrypted text is XORed with the block of ciphertext immediatley preceding it before its encrypted with DES. CBC also implments a IV amd XORs the first block of the message prodcuing aunique output. IV must be sent to recipient in plaintext,
2. If one block is corrupted errors propogate makign decryption impossible
3. DES
4. Cipher Block Chaining Mode

Question 25

1. How does CFB work

2. Name security flaw(s),

3. What algorith is it part of,?

4. What does CFB stand for?

Answer 25

1. Streaming version of CBC. XORs and uses IV. Uses memory buffers the same block size instead of breaking the message into blocks. As buffer becomes full it gets encrypted. Uses real time data (done in the buffer) and uses IV and chaining.
2. Assume that errors propogate?
3. DES
4. Cipher Feedback Mode

Question 26

1. How does OFB work?

2. Name security flaw(s) or advantages,

3. What algorith is it part of,?

4. What does OFB stand for?

Answer 26

1. XORs plaintext with a seed value. For first block IV is used to create seed value and then running DES. Future seed values are derived by running DES on previous seed values.
2. No chaining function- errors do not propogate to affect decryption
3. DES
4. Output Feedback Mode

Question 27

1. How does CBTRwork

2. Name security flaw(s),

3. What algorith is it part of,?

4. What does CTR stand for?

Answer 27

1. Stream cipher similiar to CFB. Similar to CFB but does not use a seed value, uses a counter that increments for each operation.
2. Uses chaining so may propogate errors?
3. DES
4. Counter Mode

Question 28

Name the versions of TRIPLE DES (3 DES), the number of encryption/decryption operations and keys and the key lengths of each.

Answer 28

1. DES-EEE3, 3 encryption operations, 3 Keys, 168 BIT KEYS
2. DES-EDE3, 2 encryption operations with decryption in the middle, 3 keys, 168 BIT KEYS
3. DES-EEE2, 3 Encryption operations, and 2 Keys, 112 BIT KEYS
4. DES-EDE2, Two encryption operations with a decryption operation in the middle, 112 BIT KEYS

Question 29

1. What is IDEA?,
2. How does it work?
3. What modes is it capable of operating in?
4. What secure e-mail package is based off of IDEA?

Answer 29

1. International Data Encryption Algorithm
2. Operates on 64 bit block of text, begins with a 128 bit key, broken into 52 16 bit subkeys which act on input text with XOR and Modulus operations to produce encrypted/decrypted versions of the input message
3. Same modes as DES: ECB, CBC, CFB, OFB,, CTR
4. PGP- Pretty Good Privacy

Question 30

1. What is BLOWFISH

2. How does it work?

3. How many bits does it use?

4. What are its advantages?

Answer 30

1. A symmetric cryptographic alogrithm
2. Works on 64 bit blocks of text
3. Allows variable key lengths from 32 to 448 bits
4. Faster thaIDEA and DES

Question 31

1. What is Skipjack?
2. How does it work?
3. What does it support that is unique?

Answer 31

1. A symmetric encryption algorithm
2. Works on 64 bit-blocks of text. Uses an 80 bit key and supports the four modes of operation of DES (CBC, OFB, ECB, CTR)
3. Supports escrow of encryption keys- NIST and Dept. of Treasury have the keys

Question 32

1. What is RC5?
2. How does i work?
3. What are the security implications of the algorithm?

Answer 32

1. Rivest Cipher 5, a symmetric algorithm
2. It is a variable block cipher 32, 64, or 128 bits and uses key sizes 0-2,040 bits
3. 64 bit key took 4 years to crack a single message

Question 33

1. ​What is AES?
2. Name the three key sizes and the round of encryption associated with each?

Answer 33

1. Advanced Encryption Standard/Rijndael (Symmetric Encyption)
2. 128 bit key=10 rounds of encryption

192 bit key= 12 rounds of encryption

256 bit key= 14 rounds of encryption

Question 34

1. What is TWOFISH?
2. How does it work
3. What two special techniques does it apply to its encryption??

Answer 34

1. It’s a block AES cipher
2. It operates on 128 bit blocks of data and uses keys up to 256 bits
3. Does PREWHITENING- XORing the plaintext witha subkey before first round of encryption, THEN does POSTWHITENING which a similar operationn but done aftet the 16 th round of encryption

Question 35

In regards to SYMMETRIC KEY management, what are three methods to accomplish?

Answer 35

1. Offline distribution- Has to be physically provided

2. Public Key Encryption- Used to set up the initial communication link- then the parties switch to Private Key encryption which is faster.

3. Diffie-Hellman- use when there is no offline or public key encryption is avilable- random large integers slected and calculatiosn performed- each party uses theri integers to produce a result and exchange to verify they got the same results

Question 36

What are the key lengths of:

RSA

DSA

Elliptic Curve

Answer 36

RSA= 1,024

DSA=1,024

Elliptic Curve=160 bits

Question 37

In Publick Key Cryptography, Bob wants to se nd a message to Sue, what does

he use to encrypt the message and how does Sue Decrypt the message?

Answer 37

Bob uses Sue’s Public Key to encrypt the message. Sue uses her

Private Key to decrypt the message.

Question 38

1. What type of encryption algorithm is RSA?
2. What does the system depend on for the strength of its security?
3. What will be the largest value?

Answer 38

1. RSA is a Public Key cryptosystem
2. It depends upon the difficulty of factoring large prime numbers
3. n will always be the largest value if the choice is between p and q

Question 39

1. What type of algorih is Merkele-Hellman
2. What theory did it rely on for its security?
3. Is the algorithm considered secure today?

Answer 39

1. It is an Asmmetric Public Key algorithm
2. Super-increasing sets rtaher than factoring large prime numbers
3. It is no longer considered secure

Question 40

How long are the key lengths for:

1. RSA

2. DSA

3. Elliptic curve

Answer 40

1. RSA= 1,024 bits
2. DSA= 1024 bits
3. Elliptic curve =160 bits

Question 41

1. What type of algorithm is El Gamal
2. What is a major problem with E lGamal?
3. What is unique and considered an advantage with El Gamal?

Answer 41

1. El Gammal is an Assymetric key exchange algorithm like Diffie Hellman
2. It doubles the lenghth of any message it encrypts which creates issue with transmission over narrow bandwitdh communication circuits
3. It was released to the public domain, it was free to use by anyone

Question 42

1. What is Elliptic Curve?

2. What is the Eliiptic Curve equation?

3. How many keys in Elliptic Curve are equal to 1024 RSA?

Answer 42

1. Elliptic Curve is an assymetric public key algotrithm encryption algorithm
2. . y=x3 + ax + b and Q =xp
3. 1024 bit RSA keys are equivalent to 160 bit- Elliptic Curve key.

Question 43

What is a HASH FUNCTION and what is it used for?

Answer 43

1. Hash functions take a message and create a unique output value called a message digest. Message digest by the recipient must match.
2. Hash functions are used for digital signatures for repudiation

Question 44

1. How long is a HASH functions message digest (normally)?
2. What are the FIVE basic requirements for a cryptographic hash?

Answer 44

1. Most are 128 bits or larger, but can also be derived froma single bit

2. Five basic requirments of a crypto hash:

1. The input can be of any length
2. The output has a FIXED length
3. The hash function is ONE WAY
4. Hash function is relatively easy to compute for any input
5. The hash function is collison free

Question 45

1. What is MD4 and how does it work?

2. Is it still secure?

Answer 45

1. MD4 is a message digest algorithm that makes the message 64 bits smaller than 512 bits. It processes 512 bit blocks with a final output of a 128 bit message digest.
2. It is no longer considered secure- it had a collision problem.

Question 46

1. What is MD5 and how does it work?

2. Is it still secure?

Answer 46

1. Is is a hash algorithm which produces 512-bit block messages- but it uses four rounds to compute the message length of 128 bits.
2. It is not loger considered secure.

Question 47

What are the HASH value lengths for HAVAL (MD5 variant) and what does it stand for?

Answer 47

1. Hash of Variable Length
2. 128, 160, 192, 224 and 256 buts

Question 48

1. What is HMAC, what does it stand for and what is its hash value length?

Answer 48

1. Hash Message Authenticating Code (HMAC).
2. Its key length is variable

Question 49

What are the key lengths of:

MD2

MD4

MD%

Answer 49

Each has a key length of 128 bits.

Question 50

What is the key length for SHA-1?

Answer 50

160 bits

Question 51

What does HASHING to messages provide and how can Privacy be

implemented with hashing?

Answer 51

1. Provides Authentication, integrity and non-repudiation.

For privacy the entire message can be encrypted with the public key.

Question 52

What is HMAC and what is it used for?

Answer 52

1. Stands for Hashed Message Authentication Code.
2. It guarantess integrity but does not provide non-repudiation and cna be combined with SHA-3 using a shared secret key (therefore does not provide non-repudiation).

Question 53

What are the algorithms that are part of the DSS (Digital Signature Standard)?

Answer 53

1. DSA (Digital Signature algorithm) in FIPS 186-4
2. RSA (Rivest-Shamir- Adelman) ANSI x9.31
3. ECDSA (Elliptic Curve DSA- ANSI x9.62

Question 54

‘What are Schorr and Nyberg-Rueppel?

Answer 54

Dignature signature algorithms.

Question 55

What are these terms associated with certificate authorities (CAs)?

Answer 55

CPV= Certificate path validation

Enrollment= you supply your public key and CA issues a digitally signed certificate

Verification= Using the CAs piblic key to verify a certificate is authenticate

CRL= Certificate revocation list or OCSP= Online Certificate Status Protocol

Question 56

1. What are the specific disk encryption technologies for Windows?

2. What about Mac OS?

3. What does OS Vera Crypt support?

Answer 56

1. BitLocker amd EFS (Encrypting File System)
2. FileVault encryption
3. Linux, Windows, and Mac

Question 57

What should you do if your require confidentiality

with an e-mail?

Answer 57

You should encrypt the message.

Question 58

If you need to ensure integrity of an

e-mail message what should you do?

Answer 58

You should digitally sign the message

Question 59

What should you apply to an e-mail if you need authentication, integrity and/or non-repudiation?

Answer 59

You should digitally sign the message.

Question 60

What should you apply to an e-mail if your message requires authentication, integrity, non-repudiation and confidentiality?

Answer 60

You should encrypt and digitally sign your message.

Question 61

What is PGP and what are some of the commercial versions used for?

Answer 61

PGP is Pretty Goof Privacy and is an e-mail encryption algorithm. The commercial version provides the following:

1. RSA for KeyExchange
2. IDEA for encryptio/decryptio
3. MD5 for message digest

Question 62

What types of encryption does the Freeware version of PGP use for encryption and for key management?

Answer 62

1. Cast for encryption/decryption
2. Diffie-Hellman for key exchange

Question 63

What does S/MIME stand for and what encryption

algorithm does S/MIME use?

Answer 63

1. Secure Muliti-Purpose Mail Extension
2. RSA

Question 64

What is Link Encryption?

Answer 64

It is encryption that encrypts traffic entering the tunnel on one end and decrypts it on the other end. This ensures communications are secure between to distinct points.

Question 65

What is end to end encryption?

Answer 65

Protect communicatiosn between two parties (e.g. user and server). This portects from monitoring on an encrypted side or traffic sent over an unencrypted link.

Question 66

What are the differences between Link Encryption and

End to End encryption?

Answer 66

Link encryption includes the data, the header, trailer, address and routing data, whihc means it must be decrypted and reencrypted from hop to hop.

End to end encryption only encrypts only the data, so it moves faster during transmissions.

Question 67

What are the two main components of IPSEC?

Answer 67

1. The AH (Authenication Header) which provides message integrity and non-repudiation, authentication, access control and prevents replay attacks.
2. ESP (Encapsulating Security Payload) provides confidentiality and integrity of packet contents only, provides encryption and limited authentication, prevents replay attacks.

Question 68

What are the two function modes of IPSEC?

Answer 68

1. Transport Mode- only packet and payload protected, used for peer to perr
2. Tunnel Mode- entire packet inlcuidng the header is encrypted. For gateway to gateway communications.

Question 69

What protocl is IPSEC often paired with?

Answer 69

L2TP- Layer 2 Tunneling Protocol

Question 70

1. What is used to set up an IPSEC session?
2. How many sessions do you need for bi-directional communication?
3. How many sessions do you need if you set up bi-directional with AH and ESP?

Answer 70

1. A Security Association (SA)
2. If you want to set up biderectional comm. you need two SAs.
3. If you want to set up bidirectionla using AH and ESP you need 4 SA’s.

Question 71

1. What is WEP?
2. How many bits is it?
3. What networkign standard is it described in?
4. Is it secure?

Answer 71

1. Wireless Encryption Protocol
2. 64 and 128 bits
3. IEEE 802.11
4. No it was replaced by WPA

Question 72

1. What is WPA2?
2. How was it improved over WEP?
3. What wireless security standard is it used in?

Answer 72

1. Wifi Protected Access
2. Temporal Key Integrity Protocol (TKIP) and AES encryption
3. 802.1X, must use a supplicant

Question 73

What is an analytic attack?

Answer 73

1. A cryptographic attack where algabraic manipulation is done to reduce the complexity of the algorithm (attack on logic)

Question 74

What is an implementation attack?

Answer 74

It’s an attack that exploits the weakness in the implementation of the cryptosystem, exploit of software code, focus on methodology of the code

Question 75

What is a statistical attack?

Answer 75

An attack on a crypto system that attempts to exploit statistical weakness such as floating-point errors and inability to produce truly random numbers, looks for vulnerability in the hardware and OS hosting the application.

Question 76

What is a Rainbow table?

Answer 76

1. A table of pre-computed values for cryptographic hashes

fpr passwords stored in hash form, Used for password cracking.

Question 77

1. What is a SALT?
2. What can it be combined with to make it more effective?
3. What are some hashing functions?

Answer 77

1. It is a random value added to the end of a password before the OS hashes the password
2. Key Stretching
3. PBKDF2, bcrypt and scrypt

Question 78

How do the following crypto attacks work:

1. Known plaintext
2. Chosen ciphetext
3. Chosen Plain text

Answer 78

1. Using an encrypted copy of the message and the plaintext
2. Having the ability to decrypt a portion of the cipher text message and use the decrypted portion to discover the key
3. Can encrypt chosen plaintext, then anlayze the output of the ciphertext

Question 79

How does the following crypto attack work:

Meet in the Middle

Answer 79

Used for TWO round encryption. Takes known plaintext, encrypt using every possible key (k1), equivalent ciphertext decrypted using all possible keys (k2). When a match is found k1 and k2 represent both portions of the double encryption.

Question 80

How does the Birthday attack work

and what is it also known as?

Answer 80

Seeks to find flaws in the one to one nature of hashing. Works by substitution of a digitally signed message with the same message digest thereby maintaining the validity of the original digital signature.

The birthday attack is also known as the collison attack and reverse hashing

Question 81

What is a replay attack?

Answer 81

Interecept encrypted messages between two parties (most likely request for authentication), then replays the captured session to open a new session. Can be defeated by time stamps or expiration periods.