Cryptography and Encryption Algorithms: Concepts, Types, and Security Applications

What is an encryption algorithm?

A set of mathematical procedures for performing encryption on data.

Define cryptography.

A method of using advanced mathematical principles to store and transmit data so that only intended recipients can read it.

What is the process of encryption?

Encoding a message in a format that cannot be read or understood by an eavesdropper.

What is decryption?

The process of unlocking encrypted information using cryptographic techniques.

What is a key in cryptography?

A secret, like a password, used to encrypt and decrypt information.

What is steganography?

The science of hiding information so that snoopers cannot detect its presence.

What is encoding?

The process of converting data into a required format for information processing needs.

What does ASCII stand for?

American Standard Code for Information Interchange, the most commonly used encoding scheme for text files.

What is decoding?

The reverse process of encoding, extracting information from a converted format.

What is ciphertext?

The scrambled, unreadable output of an encryption process.

What does encryption not prevent?

Interception of the message; it only denies the content to the interceptor.

What is symmetric encryption?

An encryption method that uses one secret key for both encryption and decryption.

Name an example of symmetric encryption algorithms.

AES, Blowfish, RC4, DES, RC5, and RC6.

What is asymmetric encryption?

An encryption method that uses a pair of keys: a public key for encryption and a private key for decryption.

What is a major advantage of asymmetric encryption?

Secure key exchange and the ability to enable digital signatures.

What is a disadvantage of asymmetric encryption?

It is slower and computationally intensive compared to symmetric encryption.

What is AES?

Advanced Encryption Standard, a symmetric block cipher chosen by the U.S. government for classified data.

How many rounds does AES perform for a 128-bit key?

10 rounds.

What is DES?

Data Encryption Standard, a symmetric block cipher that encrypts data in 64-bit chunks with a 56-bit key.

What is the block size used in AES?

128 bits.

What are the modes of operation for block ciphers?

Electronic Code Book, Cipher Block Chaining, Cipher Feedback, Output Feedback, Counter Mode.

What is a major challenge of symmetric encryption?

Key distribution; if the key is intercepted, data is compromised.

What is a common use case for symmetric encryption?

Encrypting large datasets, databases, VPNs, and file storage.

What is a common use case for asymmetric encryption?

Secure key exchange (SSL/TLS), digital certificates, digital signatures, secure email (PGP).

What is the key size used in DES?

64 bits, with 56 bits as the true key and 8 bits for parity.

What is the purpose of encryption?

To protect personal data such as passwords and ensure confidentiality.

What does authentication in encryption ensure?

It verifies that the data, message, or user is genuine and comes from the expected source.

How does encryption provide privacy?

It ensures that sensitive data is only accessible to authorized individuals, making intercepted data unintelligible.

What is the purpose of integrity in encryption?

To guarantee that a document, file, or message has not been altered or tampered with.

What does accountability in encryption prevent?

It prevents the sender from denying they were the original creator or sender of a message.

What is end-to-end encryption (E2EE)?

A method that ensures only the sender and recipient can read messages, not even the service provider.

What is the goal of security testing?

To identify vulnerabilities, threats, and risks in a software system.

What are the key areas of focus in security testing?

Authentication and Authorization, Network and Infrastructure Security, Database Security, Application Security, Data Protection, Regulatory Compliance, Cloud Security.

What is Static Application Security Testing (SAST)?

A testing method that secures the source code through analysis to find security flaws early.

What is Dynamic Application Security Testing (DAST)?

A testing method that finds security vulnerabilities by simulating real-world attacks on running applications.

What does Interactive Application Security Testing (IAST) combine?

It combines SAST and DAST to provide deeper insights into application security.

What is Software Composition Analysis (SCA)?

A method that scans third-party libraries for vulnerabilities.

What is the purpose of penetration testing?

To recreate real-world attacks to assess how vulnerable a system is.

What is ethical hacking?

Authorized professionals attempting to break into a system to find vulnerabilities before actual hackers exploit them.

What are the advantages of security testing?

Identifies vulnerabilities early, improves system security, reduces cyberattack risks, ensures compliance, enhances user trust.

What are some disadvantages of security testing?

Requires skilled professionals, can be time-consuming and costly, may not detect all vulnerabilities, and can produce false positives.

What is the role of digital signatures in encryption?

They allow verification of the sender's identity and prevent denial of sending a message.

What is the significance of regulatory compliance in encryption?

Many industries are legally required to encrypt data to protect sensitive information.

What does the security testing cycle ensure?

That data, applications, and system resources are protected from unauthorized access and misuse.

What is the purpose of security auditing?

To ensure compliance with security standards and identify security gaps in system configuration.

What does social engineering testing evaluate?

Human-related security risks by recreating attacks like phishing and baiting.

What is the importance of training employees in security testing?

It helps improve awareness and preparedness against security threats.

What is the purpose of hash functions in integrity verification?

They create a unique digital fingerprint of data to detect any changes or tampering.

What is the impact of encryption on customer trust?

It builds confidence, making customers more likely to share sensitive information.

What is the role of RASP in security testing?

It embeds security controls within the application runtime to provide immediate threat signals.