Week2 Flashcards
Which is a useful source of randomness?
The sum of the first n numbers in a Fibonacci sequence, where n is chosen randomly.
The time taken by the software to perform a certain action on different machines.
The outcome of rolling two 6-sided dice.
The patterns made by floating material in lava lamps.
The patterns made by floating material in lava lamps.
Which can be a good source for the seed of a random number generator?
The time taken by any program to execute a task on the same machine again and again.
The millisecond values from CPU time
The atmospheric noise generated by a radio that is not tuned to any station.
The outcome of rolling two 6-sided dice.
The atmospheric noise generated by a radio that is not tuned to any station.
Which characteristic improves the quality of a random number generator?
A low probability of generating a particular number.
Some numbers are generated only after fixed intervals.
Only a few numbers are generated more frequently than others.
Predictability when generating numbers.
A low probability of generating a particular number.
Which bit string passes the frequency test?
11111111111111100000
0000000001111111111111111111
0123446789012345567890
09182736455463728190
09182736455463728190
Which bit string passes the frequency test?
11111111110000000000
0000000001111111111111111111
11111111111111100000
0123446789012345567890
11111111110000000000
Which test ignores frequency as a factor for randomness?
Gap Test
Serial Test
Poker Test
Frequency Test
Gap Test
For a CSPRNG, given a large number of previously generated outputs, which situation is ideal?
An attacker should not be able to predict the previous number generated.
An attacker should be able to predict the seed that starts the generation.
An attacker should be able to predict the state of the generator.
An attacker should not be able to predict the next number generated.
An attacker should not be able to predict the next number generated.
For a CSPRNG, given a large number of previously generated outputs, which situation is ideal?
An attacker should be able to predict the state of the generator.
An attacker should not be able to predict the nth number generated in the sequence from now.
An attacker should be able to predict the seed that starts the generation.
An attacker should not be able to predict the previous number generated.
An attacker should not be able to predict the nth number generated in the sequence from now.
What do random numbers and crypto secure random numbers have in common?
Both are equally random and unpredictable.
Both have an equal number of digits.
Both must pass next bit test.
Both require Non-Deterministic generators.
Both require Non-Deterministic generators.
Correct! Non-deterministic algorithms ensure the unpredictability required to generate this numbers.
What does a state compromise test use a current state to do?
To compromise the numbers generated in the past.
To compromise the generation of future numbers.
To compromise the seed used by an algorithm.
To compromise the current random number.
To compromise the numbers generated in the past.
Correct! To prevent security issues, it is very important that past numbers cannot be generated back from the stolen state.
Why notuse natural randomness to generate crypto secure random numbers?
It is difficult to generate random numbers frequently when using natural sources.
Natural randomness is not so common.
Changing the analog noise to digital numbers is difficult.
It is difficult to get a hold of sources of randomness.
It is difficult to generate random numbers frequently when using natural sources.
Correct! The natural patterns can stay constant or blank for a significant amount of time. That is why they are used to generate seeds for CSPRNGs.
What is the reason why Blum Blum Shub cannot be typically used?
It is slower because huge prime numbers are multiplied to generate one bit.
It is slower as huge prime numbers are generated bit by bit.
It fails the next bit test.
It fails state compromise test.
It is slower because huge prime numbers are multiplied to generate one bit.
Correct! Two, 1000 bit long numbers are multiplied and only 1 bit from the product is used, making the algorithm very slow.
Which is the best-proposed way to generate CSPRNs?
Using HMAC
Using hashing
Using encryption
Using natural source
Using HMAC
Correct! It is better than just hashing in the sense that HMACs use padding and encryption along with hashing that introduces more randomness to the output.
When in counter mode encryption-based CSPRNG, what is the variable that does not change its value?
Seed
X_nXn
Input plaintext
Output parity bit
Seed
Correct! Although a workaround can be implemented to prevent state compromise, the counter mode CSPRNG discussed in lecture uses same seed every time.
Which definition is the best for a hash function map?
Input data of an arbitrary size onto output data of a fixed size.
Input data of an arbitrary size onto output data of an arbitrary size.
Input data of a fixed size onto output data of a fixed size.
Input data of a fixed size onto output data of an arbitrary size.
Input data of an arbitrary size onto output data of a fixed size.
Correct! This is why hashes are also known as digests.
Which property is inapplicable to cryptographic hash functions?
It should not drastically change if a small change is made in the input.
It should not be possible to get a message from its hash value, except by brute-force.
It should not be possible to find two different messages with the same hash value.
It should be deterministic.
It should not drastically change if a small change is made in the input.
Correct! A good cryptographic hash function should make it hard to correlate any two outputs.
What does “brute-forcing a hash” mean?
Trying every output as the input to revert it to the original message.
Trying every key that reverts the output to its original message.
Trying every message until it generates an identical output.
Trying every message until it generates the key.
Trying every message until it generates an identical output.
Which property is generally true of the time taken by a hash function to compute the output value?
It should be independent of how long it takes to compute a hash.
It should take a long time to compute the hash value for any given message.
It should depend on the size of the message.
It should be quick to compute the hash value for any given message.
It should be quick to compute the hash value for any given message.
Correct! Typical applications of hashes (except for cryptocurrencies) require the outputs to be computed quickly.
Which property is ideal for any hash function?
It should change the hash value with a small deviation from an old value for a small change to a message.
It should be independent of the input message.
It should generate the same hash value for all messages.
It should change the hash value drastically for a small change to a message.
It should change the hash value drastically for a small change to a message.
Correct! A good cryptographic hash function should make it hard to correlate any two outputs.
Which implementation is inapplicable to the general-purpose hash?
Detecting duplicates of data.
Indexing the data in hash tables.
Hiding messages before sending them over the network.
Detecting any changes that were made to a message when a previous hash is known.
Hiding messages before sending them over the network.
Correct! This is done using encryption because data need to be retrieved at the receiver’s end.
Which statement is true for a function that generates an n bit hash and has a last block of length n/2+m.
If m = n/2, the number of blocks will be (bit length of data) ÷ 3/2*n.
If m = n/2, the length of the padding is 0.
If m = 0, the number of blocks will be (bit length of data) ÷ n.
If m = 0, the length of the padding is also 0.
If m = n/2, the length of the padding is 0.
Correct! Because the length matches the key length, no rounding is required.
To which case can the Merkle–Damgård construction padding be applied?
Only to the first block of data.
Every block of data to ensure that no bits are lost during transmission over a network.
Every block except the first and the last.
Only to the last block of data.
Only to the last block of data.
Correct! The data may not be exactly divisible by the hash length, so padding bits are used to make up for it.
Excluding the first round, which input is not used in all rounds of the Merkle–Damgård hash function?
An S-box and P-box diffusion-confusion function
Hash from the previous round
An initialization vector (IV)
Blocks of data from the input
An S-box and P-box diffusion-confusion function
Correct! This is a function, and it is not given as input.
How many bytes long is the MD5 hash?
16
64
128
4
16
1 byte = 8 bits. Therefore, 128/8 = 16
Which definition describes a “document” in the context of hashing?
A multimedia file given as input.
A binary file given as input.
A text document given as input.
Any data given as input.
Any data given as input.
What is the best method for attacking MD5?
Find two identical documents that would have identical MD5 hash values.
Find two identical documents that would have different MD5 hash values.
Find two different documents that would have identical MD5 hash values.
Find a single document that would have two different MD5 hashes.
Find two different documents that would have identical MD5 hash values.
What is the primary reason that the use of MD5 has stopped?
It was possible to reverse MD5 hashes and get exact inputs.
It was possible to find collisions for different documents.
It was possible to find a candidate input when given the output.
It was possible to get two different outputs for the same input.
It was possible to find a candidate input when given the output.
Correct! Given a hash, it should be computationally impossible to construct an input document that produces the same output.
Given a 1920-bit long input, into how many blocks will MD5 divide the data for processing?
15
8
60
4
4
Correct! MD5 creates chunks of 512 bits from the input data
The padding for MD5 works like this: First a single bit, 1, is appended to the end of a message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. Given this information, select a value that would be an appropriate pad for a block falling 94 bits short of the 512-bit block length.
100000000000000
- 0E24
- 0E19
- 0E29
1.0E29
Correct! This padding makes the input 64 bits short of 512, which is a multiple of 512.
What is the correct SHA-1 output length?
20 bytes
64 bytes
128 bits
164 bits
20 bytes
Correct! 160 bits is the length of the hash generated using SHA-1
Which length is valid for a SHA-2 digest?
384 bits
1028 bits
164 bits
128 bits
384 bits
Correct! SHA-2 digest length is set at 384 bits, considering the security of the algorithm.
