Cryptography Additional Study

The hash value in bits for MD5 is ____.

128

____ (DSA). _____ (___), for digital signatures, based on the mathematical concept of modular exponentiation and the discrete logarithm problem. (symmetric/asymmetric?)

Digital Signature Algorithm. Federal Information Processing Standard (FIPS 186). Asymmetric.

ECC is (symmetric/asymmetric)?

Asymmetric

WPA2 IV size is ___ bits

48

WPA cipher type?

Symmetric stream

WPA2 cipher type?

Symmetric Block

WEP cipher type?

Symmetric Stream

The A5/3 encryption system – AKA _____ – the Japanese word for “_____”

KASUMI, mist

With WPA Enterprise, no _____ key is used, and it also includes a _____. Which mainly guards against the bit flipping attacks identified within WEP.

pre-shared key, MIC (Message Integrity Check)

Time Resetting

Used to crack ciphers. Some encryption schemes use the time of the computer to create the key. Resetting this time or determining the time that the message was created can give some useful information to the intruder.

Active Attack

Used to crack ciphers. Where the intruder inserts or modifies messages.

In Transport Mode with Encapsulating Security Payload (ESP) the _____ is added for routing.

Original IP Header

In Tunnel Mode with Encapsulating Security Payload (ESP) the ______ is added for routing.

New IP Header

With _____, the user authenticates themselves to the end service, and with _____, only part of the conversation between the entities is authenticated.

end-to-end authentication, intermediate authentication

4 steps for obtaining a digital certificate signed by a Certificate Authority (CA):

▪ Step 1: Requester generates a key-pair (one public, one private). Public key is provided to the CA.

▪ Step 2: Requester creates and submits a Certificate Signing Request (CSR), along with requester’s public key to the CA.

▪ Step 3: CA generates the digital certificate for the requester.

▪ Step 4: CA signs the requester’s digital certificate with the CA’s own private key, and issues certificate to requester.

PKCS #8

Private Key Format. Sealing private keys.

PKCS #3

Key exchange. Sending a secret letter.

PKCS #1

RSA keys. Your master key.

PKCS #10

A standard format used for requesting digital certificates from certificate authorities.

PKCS #12

Used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust. .p12 files

DHE_EXPORT Downgrade attack

Effects Diffie-Hellman, involves forcing the key negotiation process to default to 512-bit prime numbers. The precomputation of 512-bit keys with g values of 2 and 5 are within a reasonable time limit.

Combat: Disabling Export Cipher Suites, Using (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE), Use a strong group.

Ephemeral Keys

A different key is used for each connection. The leakage of any long-term key would not cause all the associated session keys to be breached.

Message sending using public key cryptography w/ Hashing

The main advantages of Elliptic Curve methods vs RSA are:

Much smaller keys. Much smaller than in RSA. This considerably speeds up the encryption process.

Creation of the curves are more difficult than generating prime numbers, which makes it more difficult to crack than RSA.

They can be used to factorize values, such as finding the prime number factors within RSA.

Hashing involves taking a _____ length input and producing a _____ length output (message digest).

variable; fixed

The hash value in bits for SHA-1 is ____.

160

The hash value in bits for MD4 is ____.

128

IPSec ______ mode involves \end-to-end\ encryption; i.e. data remains encrypted from the time it leaves a sender's device to the time it arrives at the receiver's device.

Transport

IPSec ______ mode involves encryption from gateway to gateway, i.e. just through the public network space.

Tunnel

A security analyst on a local network using monitoring tools is likely to only be able to read contents of traffic encrypted using IPSec ______ mode.

Tunnel

Remember, with tunnel mode, encryption does not happen until just before it leaves the local network. Traffic likely remains unencrypted between the end user device and the local network boundary.

_____ is a lightweight cryptography method for signing messages (MAC). It boasts a relatively undemanding hardware implementation (only ~3,333 gates required at 1MHz clock rate) making it suitable for IoT implementation.

Chaskey

Chaskey has a key size of _____ bits.

128

A weakness of one-way hashing is that the same piece of plaintext will result in the same ciphertext unless _____ is applied.

salt

The minimum recommended key size to use with RC4 is _____ bits.

40

RC4 is a symmetric stream cipher with a variable key size up to a max of _____ bits.

2048

_____ has a block size of 64 bits, key size of 56 bits, and 16 rounds of substitution & transposition.

Data Encryption Standard (DES)

A(n) _____ is a collection of precomputed hash values of actual plaintext passwords used for password cracking.

rainbow table

_____ is a common x.509 certificate file type that is used with both PEM and DER formats.

.cer

_____ has a block size of 64 bits, key size of 112 bits, and 48 rounds of substitution & transposition.

Triple Data Encryption Standard (3DES)

Key sizes used with the Advanced Encryption Standard (AES) include _____. _____, or _____.

128, 192, 256

The Advanced Encryption Standard (AES) operates using _____ bit blocks.

128

Skipjack is a symmetric block cipher that uses a ______ bit key.

80

Enocoro operates with a key size of ______ bits and an initialization vector (IV) of _____ bits.

128-bit key size; 64-bit IV

Skipjack has a block size of _____bits.

64

PHOTON, SPONGENT, Lesamnta-LW, and Quark are examples of light-weight _____.

Light-weight hashing algorithms

_____ has a block size of 64 bits, key size of 128 bits, and >17 rounds of substitution & transposition.

IDEA

_______ is an _____ partially ______ crypto system that leverages ____ number characteristics, operates with a 1024-4096 bit variable key size, and 1 round.

RSA, asymmetric, homomorphic, prime

Blowfish and Twofish are both _____ ciphers with common key sizes of 128, 192, or 256 bits.

Symmetric Block

RC5 is a (symmetric/asymmetric?) block cipher that uses block sizes of ___, ___, or ___ bits and boasts a variable key size up to ____ bits.

Symmetric, 32, 64, or 128 block sizes, 2048 bit key size

Quark produces a hash value of ____ or ____bits.

64 or 112

The block size used with XTEA is _____ bits.

64

The key size used with XTEA is _____ bits. ___ speed.

128, Fast.

Camelia is a _____.

Symmetric block cipher

RC6 can best be described as a _____.

Symmetric Block Cipher

RC2 has a block size of 64 bits and variable key size up to 128 bits. What is the minimum recommended key size to use when employing RC2?

40

The light-weight symmetric steam cipher Mickey v2 operates with a key size of ______ bits and an initialization vector (IV) variable up to _____ bits.

80; 80

RC4 is a(n) _____.

Symmetric stream cipher

An entity seeking to obtain a digital certificate must generate and submit a _____ request to a certificate authority to request the certificate.

certificate signing request (CSR)

ChaCha is a(n) _____.

Symmetric stream cipher

RSA and DSA are both_____.

Asymmetric algorithms

_____ provides a method for key exchange using a one-way function.

Diffie-Hellman

_____ is a Lightweight cryptography method for signing messages (MAC).

Chaskey

WEP uses encryption method ___ with a ___-bit key size.

RC4, 40

An entity seeking to obtain a digital certificate must first generate a _____ for themselves.

asymmetric key pair

WPA uses encryption method ____ + ____ with a _____-bit key size.

TKIP + RC4, 128

Wi-Fi Protected Access 2 (WPA2) uses encryption method ____ with a ____ -bit key size.

AES-CCMP, 128

_____ substitution is where a single mapping from our alphabet to a cipher alphabet is created.

Mono-alphabetic

What step will a certificate authority (CA) take after generating a digital certificate for a requester, but before issuing the certificate to that requester?

Sign the certificate with the CA's own private key

_______ refers to the mapping of our alphabet to a number of cipher alphabets.

Polyalphabetic

_____ is considered to be unbreakable since it only uses its cipher code once.

One-time pad

_____ encoding involves 8-bit values and supports up to 256 characters.

ASCII

A _____ occurs when two different input values produce the same hash signature.

collision

_____ is an encoding method with 16-bit values and supports up to 65,536 characters.

UTF-16

The light-weight symmetric stream cipher Trivium operates with a key size of ______ bits and an initialization vector (IV) of _____ bits.

80; 80

A _____ is a tamper-evident and intrusion-resistant physical device that safeguards and manages cryptographic keys and provides cryptographic processing.

hardware security module (HSM)

A _____ is a dedicated processor that handles hardware-level encryption; allows the use of full disk encryption on a hard drive in a manner that minimizes the impact on system performance.

trusted platform module (TPM)

_____ is a message authentication code (MAC) that can be used to verify the integrity and authentication of the message. It involves hashing the message with a secret key, and thus differs from standard hashing, which is purely a one-way function.

HMAC

_____ ciphers make use of a single secret key for both encryption and decryption.

Symmetric

Solve by applying the binary XOR function. 1 1 0 1 1 / 1 0 0 0 0

01011

Solve by applying the binary AND function. 11011 / 10000

10000

Solve by applying the binary OR function. 11011 / 10000

11011

15 mod 7 = _____

1

12 mod 7 = _____

5

The two types of symmetric ciphers are _____ and _____

Block, Stream

When encrypting data using asymmetric cryptography, which key should be shared or distributed to facilitate decryption?

Public key

_____ are used to manage how blocks of data are processed in symmetric encryption.

Block cipher modes

Which symmetric block cipher modes enable the block cipher to operate like a stream cipher?

CFB, OFB, CTR

Symmetric block ciphers make use of _____ to perform substitution as part the encryption process.

S-boxes

PRESENT is a light-weight symmetric block cipher with a key size of ___ or ___ bits, ___ rounds, and ___ bit block size.

80 or 128, 32 rounds, 64

______ cryptography makes use of a key pair (one public, one private) to perform encryption and decryption. If a given key in a key pair is used for encryption, only the opposite key in that key pair can perform the reverse decryption.

Asymmetric

When encrypting data using symmetric cryptography, which key may need to be exchanged to facilitate decryption?

Secret key

What is the block and key size in bits used by the light-weight symmetric block cipher CLEFIA?

128 bit blocks; 128, 192, or 256 bit keys

If Shawn employs public key cryptography to send Sue a digitally signed message, which key will Sue use to decrypt the message?

Sue's private key

_____ is a public key encryption method that is an extension of El Gamal but adds a one-way hashing method which protects against an adaptive chosen ciphertext attack.

Cramer-Shoup

With _____ encryption, we can perform mathematical operations on ciphered values i.e., before decryption.

Homomorphic

_____ allows for a new unique passcode to be created for each instance, based on an initial seed and for a given time period.

TOTP

Which encoding scheme for x.509 certificates supports Base64 and ASCII formats?

PEM

If Shawn plans to employ asymmetric cryptography to send Sue a digitally signed message, which key will Shawn use to sign the message?

Shawn's private key

If Shawn employs public key cryptography to send Sue a digitally signed message, which key will Sue use to verify the message?

Shawn's public key

Rabbit, Mickey v2, Trivium, Grain, and Enocoro are examples of light-weight _____ ciphers.

symmetric stream