Week2

Question 1

Which is a useful source of randomness?

The sum of the first n numbers in a Fibonacci sequence, where n is chosen randomly.

The time taken by the software to perform a certain action on different machines.

The outcome of rolling two 6-sided dice.

The patterns made by floating material in lava lamps.

Answer 1

The patterns made by floating material in lava lamps.

Question 2

Which can be a good source for the seed of a random number generator?

The time taken by any program to execute a task on the same machine again and again.

The millisecond values from CPU time

The atmospheric noise generated by a radio that is not tuned to any station.

The outcome of rolling two 6-sided dice.

Answer 2

The atmospheric noise generated by a radio that is not tuned to any station.

Question 3

Which characteristic improves the quality of a random number generator?

A low probability of generating a particular number.

Some numbers are generated only after fixed intervals.

Only a few numbers are generated more frequently than others.

Predictability when generating numbers.

Answer 3

A low probability of generating a particular number.

Question 4

Which bit string passes the frequency test?

11111111111111100000

0000000001111111111111111111

0123446789012345567890

09182736455463728190

Answer 4

09182736455463728190

Question 5

Which bit string passes the frequency test?

11111111110000000000

0000000001111111111111111111

11111111111111100000

0123446789012345567890

Answer 5

11111111110000000000

Question 6

Which test ignores frequency as a factor for randomness?

Gap Test

Serial Test

Poker Test

Frequency Test

Answer 6

Gap Test

Question 7

For a CSPRNG, given a large number of previously generated outputs, which situation is ideal?

An attacker should not be able to predict the previous number generated.

An attacker should be able to predict the seed that starts the generation.

An attacker should be able to predict the state of the generator.

An attacker should not be able to predict the next number generated.

Answer 7

An attacker should not be able to predict the next number generated.

Question 8

For a CSPRNG, given a large number of previously generated outputs, which situation is ideal?

An attacker should be able to predict the state of the generator.

An attacker should not be able to predict the nth number generated in the sequence from now.

An attacker should be able to predict the seed that starts the generation.

An attacker should not be able to predict the previous number generated.

Answer 8

An attacker should not be able to predict the nth number generated in the sequence from now.

Question 9

What do random numbers and crypto secure random numbers have in common?

Both are equally random and unpredictable.

Both have an equal number of digits.

Both must pass next bit test.

Both require Non-Deterministic generators.

Answer 9

Both require Non-Deterministic generators.

Correct! Non-deterministic algorithms ensure the unpredictability required to generate this numbers.

Question 10

What does a state compromise test use a current state to do?

To compromise the numbers generated in the past.

To compromise the generation of future numbers.

To compromise the seed used by an algorithm.

To compromise the current random number.

Answer 10

To compromise the numbers generated in the past.

Correct! To prevent security issues, it is very important that past numbers cannot be generated back from the stolen state.

Question 11

Why notuse natural randomness to generate crypto secure random numbers?

It is difficult to generate random numbers frequently when using natural sources.

Natural randomness is not so common.

Changing the analog noise to digital numbers is difficult.

It is difficult to get a hold of sources of randomness.

Answer 11

It is difficult to generate random numbers frequently when using natural sources.

Correct! The natural patterns can stay constant or blank for a significant amount of time. That is why they are used to generate seeds for CSPRNGs.

Question 12

What is the reason why Blum Blum Shub cannot be typically used?

It is slower because huge prime numbers are multiplied to generate one bit.

It is slower as huge prime numbers are generated bit by bit.

It fails the next bit test.

It fails state compromise test.

Answer 12

It is slower because huge prime numbers are multiplied to generate one bit.

Correct! Two, 1000 bit long numbers are multiplied and only 1 bit from the product is used, making the algorithm very slow.

Question 13

Which is the best-proposed way to generate CSPRNs?

Using HMAC

Using hashing

Using encryption

Using natural source

Answer 13

Using HMAC

Correct! It is better than just hashing in the sense that HMACs use padding and encryption along with hashing that introduces more randomness to the output.

Question 14

When in counter mode encryption-based CSPRNG, what is the variable that does not change its value?

Seed

X_nXn​

Input plaintext

Output parity bit

Answer 14

Seed

Correct! Although a workaround can be implemented to prevent state compromise, the counter mode CSPRNG discussed in lecture uses same seed every time.

Question 15

Which definition is the best for a hash function map?

Input data of an arbitrary size onto output data of a fixed size.

Input data of an arbitrary size onto output data of an arbitrary size.

Input data of a fixed size onto output data of a fixed size.

Input data of a fixed size onto output data of an arbitrary size.

Answer 15

Input data of an arbitrary size onto output data of a fixed size.

Correct! This is why hashes are also known as digests.

Question 16

Which property is inapplicable to cryptographic hash functions?

It should not drastically change if a small change is made in the input.

It should not be possible to get a message from its hash value, except by brute-force.

It should not be possible to find two different messages with the same hash value.

It should be deterministic.

Answer 16

It should not drastically change if a small change is made in the input.

Correct! A good cryptographic hash function should make it hard to correlate any two outputs.

Question 17

What does “brute-forcing a hash” mean?

Trying every output as the input to revert it to the original message.

Trying every key that reverts the output to its original message.

Trying every message until it generates an identical output.

Trying every message until it generates the key.

Answer 17

Trying every message until it generates an identical output.

Question 18

Which property is generally true of the time taken by a hash function to compute the output value?

It should be independent of how long it takes to compute a hash.

It should take a long time to compute the hash value for any given message.

It should depend on the size of the message.

It should be quick to compute the hash value for any given message.

Answer 18

It should be quick to compute the hash value for any given message.

Correct! Typical applications of hashes (except for cryptocurrencies) require the outputs to be computed quickly.

Question 19

Which property is ideal for any hash function?

It should change the hash value with a small deviation from an old value for a small change to a message.

It should be independent of the input message.

It should generate the same hash value for all messages.

It should change the hash value drastically for a small change to a message.

Answer 19

It should change the hash value drastically for a small change to a message.

Correct! A good cryptographic hash function should make it hard to correlate any two outputs.

Question 20

Which implementation is inapplicable to the general-purpose hash?

Detecting duplicates of data.

Indexing the data in hash tables.

Hiding messages before sending them over the network.

Detecting any changes that were made to a message when a previous hash is known.

Answer 20

Hiding messages before sending them over the network.

Correct! This is done using encryption because data need to be retrieved at the receiver’s end.

Question 21

Which statement is true for a function that generates an n bit hash and has a last block of length n/2+m.

If m = n/2, the number of blocks will be (bit length of data) ÷ 3/2*n.

If m = n/2, the length of the padding is 0.

If m = 0, the number of blocks will be (bit length of data) ÷ n.

If m = 0, the length of the padding is also 0.

Answer 21

If m = n/2, the length of the padding is 0.

Correct! Because the length matches the key length, no rounding is required.

Question 22

To which case can the Merkle–Damgård construction padding be applied?

Only to the first block of data.

Every block of data to ensure that no bits are lost during transmission over a network.

Every block except the first and the last.

Only to the last block of data.

Answer 22

Only to the last block of data.

Correct! The data may not be exactly divisible by the hash length, so padding bits are used to make up for it.

Question 23

Excluding the first round, which input is not used in all rounds of the Merkle–Damgård hash function?

An S-box and P-box diffusion-confusion function

Hash from the previous round

An initialization vector (IV)

Blocks of data from the input

Answer 23

An S-box and P-box diffusion-confusion function

Correct! This is a function, and it is not given as input.

Question 24

How many bytes long is the MD5 hash?

16

64

128

4

Answer 24

16

1 byte = 8 bits. Therefore, 128/8 = 16

Question 25

Which definition describes a “document” in the context of hashing?

A multimedia file given as input.

A binary file given as input.

A text document given as input.

Any data given as input.

Answer 25

Any data given as input.

Question 26

What is the best method for attacking MD5?

Find two identical documents that would have identical MD5 hash values.

Find two identical documents that would have different MD5 hash values.

Find two different documents that would have identical MD5 hash values.

Find a single document that would have two different MD5 hashes.

Answer 26

Find two different documents that would have identical MD5 hash values.

Question 27

What is the primary reason that the use of MD5 has stopped?

It was possible to reverse MD5 hashes and get exact inputs.

It was possible to find collisions for different documents.

It was possible to find a candidate input when given the output.

It was possible to get two different outputs for the same input.

Answer 27

It was possible to find a candidate input when given the output.

Correct! Given a hash, it should be computationally impossible to construct an input document that produces the same output.

Question 28

Given a 1920-bit long input, into how many blocks will MD5 divide the data for processing?

15

8

60

4

Answer 28

4

Correct! MD5 creates chunks of 512 bits from the input data

Question 29

The padding for MD5 works like this: First a single bit, 1, is appended to the end of a message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. Given this information, select a value that would be an appropriate pad for a block falling 94 bits short of the 512-bit block length.

100000000000000

1. 0E24
2. 0E19
3. 0E29

Answer 29

1.0E29

Correct! This padding makes the input 64 bits short of 512, which is a multiple of 512.

Question 30

What is the correct SHA-1 output length?

20 bytes

64 bytes

128 bits

164 bits

Answer 30

20 bytes

Correct! 160 bits is the length of the hash generated using SHA-1

Question 31

Which length is valid for a SHA-2 digest?

384 bits

1028 bits

164 bits

128 bits

Answer 31

384 bits

Correct! SHA-2 digest length is set at 384 bits, considering the security of the algorithm.