Hands on ethical hacking chapter 12

Asymmetric cryptography, also called public key cryptography uses how many keys?

2

The encryption algorithm used in the DES standard; a symmetric algorithm that uses 56 bits for encryption.

Data Encryption Algorithm (DEA)

OpenPGP is focused on protecting which of the following?

E-mail messages

A certification authority (CA) issues private keys to recipients. True or False?

False

Which of the following is a program for extracting Windows password hash values?

Fgdump

List the three MIT professors who developed the RSA algorithm.

Rivest, Shamir, and Adleman

Symmetric algorithms can be block ciphers or stream ciphers. True or False?

True

What is the standard for PKI certificates?

X.509

data that can be read by anyone

also called cleartext

A key that maps each letter or number to a different letter or number.

cipher

A block cipher that operates on 64-bit blocks of plaintext, but its key length can be as large as 448 bits.

Blowfish

Intercepting messages destined for another computer and sending back messages while pretending to be the other computer is an example of what type of attack?

Man-in-the-middle

A 128-bit cryptographic hash function; still used, even though its weaknesses make finding collisions practical with only moderate computing power. Most useful for file integrity checking.

Message Digest 5 (MD5)

A free e-mail encryption program that allows typical users to encrypt e-mails.

Pretty Good Privacy (PGP)

Digital signatures are used to do which of the following?

Provide authentication and nonrepudiation

A stream cipher created by Ronald L. Rivest that's used in WEP wireless encryption.

RC4

A block cipher created by Ronald L. Rivest that can operate on different block sizes: 32, 64, and 128 bits. The key size can reach 2048 bits.

RC5

Which of the following is an asymmetric algorithm?

RSA

Advanced Encryption Standard (AES) replaced DES with which algorithm?

Rijndael

The NIST standard hashing algorithm that's much stronger than MD5 but has demonstrated weaknesses. For sensitive applications, NIST recommends not using SHA-1, and federal agencies are replacing it with longer digest versions, collectively called SHA-2.

Secure Hash Algorithm (SHA)

A standard developed to address the vulnerabilities of DES; it improved security, but encrypting and decrypting data take longer.

Triple Data Encryption Standard (3DES)

A sequence of random bits used in an encryption algorithm to transform plaintext into ciphertext, or vice versa.

key

RSA uses only a one-way function to generate a _____

key

The range of all possible key values contained in an encryption algorithm.

keyspace

A cipher that maps each letter of the alphabet to a different letter. The Book of Jeremiah was written by using a substitution cipher called Atbash.

substitution cipher

A NIST standard for protecting sensitive but unclassified data; it was later replaced because the increased processing power of computers made it possible to break DES encryption.

Data Encryption Standard (DES)

Two different messages producing the same hash value results in which of the following?

Collision

Intruders can perform which kind of attack if they have possession of a company's password hash file?

Dictionary

Used to verify data integrity

Hashing algorithms

A block cipher that operates on 64-bit blocks of plaintext and uses a 128-bit key; used in PGP encryption software.

International Data Encryption Algorithm (IDEA)

The Internet public key encryption standard for PGP messages; can use AES, IDEA, RSA, DSA, and SHA algorithms for encrypting, authenticating, verifying message integrity, and managing keys. The most common free version is GNU Privacy Guard (GnuPG or GPG).

OpenPGP

Public key encryption standard, included in Microsoft Outlook, for encrypting e-mail.

S/MIME

Which of the following describes a chosen-plaintext attack?

The attacker has plaintext, can choose what part of the text gets encrypted, and has access to the ciphertext.

A hash value is a fixed-length string used to verify message integrity. True or False?

True

In public key cryptography, a public key can be downloaded from ________ and is mathematically related to a private key known only to the owner.

a Web site

Diffie-Hellman is used to encrypt e-mail messages. True or False?

False

A file issued by a certification authority (CA) that binds a public key to information about its owner.

digital certificate

A method of signing messages by using asymmetric encryption that ensures authentication and nonrepudiation.

digital signature

A free public key encryption standard based on the PGP e-mail encryption program.

OpenPGP

A structure made up of several components for encrypting data.

PKI

A public key encryption standard for encrypting and digitally signing e-mail. It can also encrypt e-mails containing attachments and use PKI certificates for authentication.

Secure Multipurpose Internet Mail Extension (S/MIME)

Asymmetric cryptography systems are which of the following?

Slower than symmetric cryptography systems

Hiding data in a photograph is an example of which of the following?

Steganography

Why did the NSA decide to drop support for DES?

The processing power of computers had increased.

What cryptographic devices were used during World War II?

a. Enigma machine c. Purple Machine d. Bombe

Birthday attacks, brute-force attacks, mathematical attacks, man-in-the-middle attacks, replay attacks, and dictionary attacks are examples of

active attacks

Attacks used to find the same hash value for two different inputs and reveal mathematical weaknesses in a hashing algorithm.

birthday attacks

A symmetric algorithm that encrypts data in blocks of bits. These blocks are used as input to mathematical functions that perform substitution and transposition of the bits, making it difficult for someone to reverse-engineer the mathematical functions that were used.

block cipher

The two main types of symmetric algorithms are

block ciphers and stream ciphers.

An attack in which the attacker uses software that attempts every possible combination of characters to guess passwords.

brute-force attack

A digital document that verifies whether two parties exchanging data over the Internet are really who they claim to be. Each certificate has a unique serial number and must follow the X.509 standard.

certificate

A third party, such as VeriSign, that vouches for a company's authenticity and issues a certificate binding a public key to a recipient's private key.

certification authority (CA)

Plaintext (readable text) that has been encrypted.

ciphertext

plaintext is also called

cleartext

A field of study devoted to breaking encryption algorithms.

cryptanalysis

Any data not moving through a network or being used by the OS; usually refers to data on storage media.

data at rest

An attack in which the attacker runs a password-cracking program that uses a dictionary of known words or passwords as an input file against the attacked system's password file.

dictionary attack

To create a _______________, the hash value must be encrypted with the sender's private key.

digital signature

Digital Signature Standard (DSS) ensures that ______________ can be verified.

digital signatures

Ciphertext is data that has been

encrypted

To create a digital signature, the hash value must be ___________ with the sender's private key.

encrypted

A mathematical formula or method for converting plaintext into ciphertext.

encryption algorithm

Diffie-Hellman, ECC, and EIGamal use ___________, __________, and __________to secure data.

encryption, key distribution, and digital signatures

Block ciphers, such as AES, operate on _______________of data

fixed-length chunks

To create a digital signature, the ___________must be encrypted with the sender's private key.

hash value

A function that takes a variable-length string or message and produces a fixed-length hash value, also called a message digest.

hashing algorithm

An attack in which attackers place themselves between the victim computer and another host computer, and then intercept messages sent from the victim to the host and pretend to be the host computer.

man-in-the-middle attack

An attack in which properties of the encryption algorithm are attacked by using mathematical computations. Categories of this attack include ciphertextonly attack, known plaintext attack, chosen-plaintext attack, chosen-ciphertext attack, and side-channel attack.

mathematical attack

The fixed-length value that a hashing algorithm produces; used to verify that data or messages haven't been changed.

message digest

Write the equation to calculate how many keys are needed to have 20 people communicate with symmetric keys.

n(n - 1) / 2 = number of symmetric keys, or 20(20 - 1) / 2 = 190 keys

A private key is

never shared

The process of ensuring that the sender and receiver can't deny sending or receiving the message; this function is available in asymmetric algorithms but not symmetric algorithms.

nonrepudiation

stream ciphers, such as RC4, operate on _________ of data at a time.

one bit

Symmetric cryptography uses _______ to encrypt and decrypt data.

one key

What are the Asymmetric cryptography keys?

one key to encrypt and another to decrypt data

RSA uses only a ___________to generate a key

one-way function

Wireshark, Tcpdump, Nmap, Unicornscan, and others that don't affect the algorithm (key), message, or any parts of the encryption system are examples of

passive attacks

Readable text that hasn't been encrypted; also called cleartext.

plaintext

In a key pair, the secret key used in an asymmetric algorithm that's known only by the key owner and is never shared. Even if the public key that encrypted a message is known, the owner's private key can't be determined.

private key

To create a digital signature, the hash value must be encrypted with the sender's ______________.

private key

PKI includes __________, _________, and _________.

protocols, programs, and security policies

In a key pair, the key that can be known by the public; it works with a private key in asymmetric key cryptography, which is also known as public key cryptography.

public key

Also known as asymmetric key cryptography, an asymmetric algorithm that uses two mathematically related keys.

public key cryptography

Asymmetric cryptography is also called?

public key cryptography

PKI uses ______________to protect data transmitted over the Internet.

public key cryptography

A structure consisting of programs, protocols, and security policies.

public key infrastructure (PKI)

A lookup table of password hash values that enables certain programs to crack passwords much faster than with brute-force methods.

rainbow table

An attack in which the attacker captures data and attempts to resubmit the data so that a device, such as a workstation or router, thinks a legitimate connection is in effect.

replay attack

An active attack on a cryptosystem attempts to determine the

secret key used to encrypt plaintext.

A passive attack on a cryptosystem uses

sniffing and scanning tools

The method of hiding data in plain view in pictures, graphics, or text.

steganography

A symmetric algorithm that operates on plaintext one bit at a time.

stream cipher

An encryption algorithm that uses only one key to encrypt and decrypt data. The recipient of a message encrypted with a key must have a copy of the same key to decrypt the message.

symmetric algorithm