Understanding Cryptography Flashcards
What will always create a fixed-size string of bits regardless of the size of the original data? (Choose all that apply.) A. MD5 B. SHA C. One-time pad D. CRL
A, B. Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) are both hashing algorithm that create hashes of a fixed length. MD5 creates a 128-bit hash and SHA-256 creates a 256-bit hash. One-time pads are hardcopy printouts of keys in a pad of paper. A certificate revocation list (CRL) is a list of revoked certificates.
Of the following choices, what can ensure the integrity of e-mail messages?
A. MD5
B. AES
C. TwoFish
D. RSA
A. Message Digest 5 (MD5) is a hashing algorithm that can ensure the integrity of data, including e-mail messages. Advanced Encryption Standard (AES) and TwoFish are symmetric encryption algorithms, not hashing algorithms. RSA is an asymmetric encryption algorithm based on prime numbers.
What are two basic components of encryption?
A. Algorithms and keys
B. CAs and CRLs
C. Certificates and private keys
D. Public keys and session keys
A. Two basic components of encryption are algorithms and keys. Certificate authorities (CAs), certificates, and certificate revocation lists (CRLs) only apply to asymmetric encryption, not other types of encryption. Keys are only one element of encryption and can’t encrypt data without an algorithm.
A system encrypts data prior to transmitting it over a network, and the system on the other end of the transmission media decrypts it. If the systems are using a symmetric encryption algorithm for encryption and decryption, which of the following statements is true?
A. A symmetric encryption algorithm uses the same key to encrypt and decrypt data at both ends of the transmission media
B. A symmetric encryption algorithm uses different keys to encrypt and decrypt data at both ends of the transmission media
C. A symmetric encryption algorithm does not use keys to encrypt and decrypt data at both ends of the transmission media
D. A symmetric encryption algorithm is an insecure method used to encrypt data transmitted over transmission media
A. Symmetric encryption uses the same key to encrypt and decrypt data at both ends of a transmission medium. Asymmetric encryption uses two keys for encryption and decryption. Both symmetric and asymmetric encryption use keys. Symmetric encryption is commonly used to transmit data over transmission media.
Which of the following is an encryption algorithm that uses 128-bit keys?
A. DES
B. AES
C. 3DES
D. MD5
B. Advanced Encryption Standard (AES) uses 128-, 192-, or 256-bit keys. Data Encryption Standard (DES) uses 56-bit keys. 3DES uses 56-, 112-, or 168-bit keys. MD5 is a hashing algorithm used to enforce integrity.
Which of the following uses 56-bit keys for encryption?
E. AES
F. DES
G. MD5
H. SHA
B. Data Encryption Standard (DES) uses 56-bit keys and is a weak encryption protocol. Advanced Encryption Standard (AES) uses 128-, 192-, or 256-bit keys. MD5 and SHA are hashing algorithms, but the question is asking about encryption.
Which of the following is an encryption algorithm that uses multiple keys and encrypts data multiple times?
A. DES
B. AES
C. 3DES
D. MD5
C. Triple Data Encryption Standard (3DES) is an improvement over DES and encrypts data using multiple keys and multiple passes of the DES algorithm. Data Encryption Standard (DES) uses a single 56-bit key and encrypts the data one time. Advanced Encryption Standard (AES) use a single 128-bit, 192-bit, or 256-bit key, and is preferable over 3DES, but if hardware doesn’t support AES, 3DES may be used. MD5 is a hashing algorithm used to enforce integrity.
Which of the following statements accurately describes the relationship between keys in a PKI?
A. Data encrypted with a public key can only be decrypted with the matching private key
B. Data encrypted with a public key can only be decrypted with the matching public key
C. Data encrypted with a private key can only be decrypted with the matching private key
D. The public key always encrypts and the private key always decrypts
A. Data encrypted with a public key can only be decrypted with the matching private key, and data encrypted with the private key can only be encrypted with the matching public key. The same asymmetric key used to encrypt data cannot decrypt the same data. Depending on the usage, either the public key or the private key can encrypt or decrypt.
Which encryption algorithm uses prime numbers to generate keys?
A. RSA
B. SHA
C. S/ MIME
D. PGP 10.
A. RSA uses prime numbers to generate public and private keys. Secure Hash Algorithm (SHA) is a hashing algorithm that can ensure the integrity of data, and it doesn’t use a key. S/ MIME and PGP digitally sign and encrypt e-mail, and both use RSA, but they don’t generate keys with prime numbers.
Of the following choices, what is an encryption algorithm that is commonly used in small portable devices, such as mobile phones?
A. Steganography
B. 3DES
C. PGP
D. Elliptic curve
D. Elliptic curve cryptography is an encryption technology commonly used with small mobile devices, and it provides strong confidentiality using the least amount of computing resources. Steganography is the practice of hiding data within a file. Triple Data Encryption Standard (3DES) is an improvement over DES and is used when AES is not supported. Pretty Good Privacy (PGP) uses RSA and public key cryptography to secure e-mail.
A website includes graphic files. A security professional is comparing the hash of a graphic file captured last week with the hash of what appears to be the same graphic file today. What is the security professional looking for?
A. CRL
B. Steganography
C. Key
D. Digital signature
B. Steganography is the practice of hiding data within a file and comparing hashes between two apparently identical files can verify if data is hidden within a file. A certificate revocation list (CRL) is a list of revoked certificates. A key is used for encryption, but a hash can’t discover a key. A digital signature is an encrypted hash of a message, but it wouldn’t be in a graphic file.
Which of the following protocols requires a CA for authentication?
A. FTP
B. PEAP-TLS
C. AES
D. PKI
B. Protected Extensible Authentication Protocol Transport Layer Security (PEAP-TLS) uses TLS for the authentication process, and TLS requires a certificate provided by a certification authority (CA). File Transfer Protocol (FTP) is transferred in clear text and does not use certificates. Advanced Encryption Standard (AES) is a symmetric algorithm and doesn’t use a CA. A Public Key Infrastructure (PKI) issues and manages certificates used in asymmetric encryption and verifies a certificate’s authenticity.
An organization wants to verify the identity of anyone sending e-mails. The solution should also verify integrity of the e-mails. What can it use? A. AES B. Encryption C. CRL D. Digital signatures
D. Digital signatures provide authentication (verified identification) of the sender, integrity of the message, and non-repudiation. Advanced Encryption Standard (AES) is a symmetric encryption algorithm that uses 128-, 192-, or 256-bit keys, but encryption doesn’t verify identities or integrity. A certificate revocation list (CRL) is a list of revoked certificates.
Sally is sending an e-mail, and she encrypted a portion of the e-mail with her private key. What can this provide?
A. Confidentiality
B. Validation of her certificate
C. Non-repudiation
D. One-time pad
C. A digital signature provides non-repudiation (in addition to authentication and integrity) and is encrypted with the sender’s private key. Encryption provides confidentiality, but if the e-mail is encrypted with the sender’s private key, anyone with the publically available public key can decrypt it. A certification authority (CA) validates a certificate with a certificate revocation list (CRL), but the digital signature doesn’t validate the certificate. A one-time pad is a hardcopy printout of encryption keys on different pages of a pad of paper.
Sally is sending data to Joe. She uses asymmetric encryption to encrypt the data to ensure that only Joe can decrypt it. What key does Sally use to encrypt the data?
A. Sally’s public key
B. Sally’s private key
C. Joe’s public key
D. Joe’s private key
C. Sally uses Joe’s public key (the recipient’s public key) to encrypt the data, and because Joe is the only person with Joe’s private key, Joe is the only person that can decrypt the data. Sally would use her private key to create a digital signature, but would not use her keys for encryption. Sally would not have access to Joe’s private key.