Hands on ethical hacking chapter 12
Asymmetric cryptography, also called public key cryptography uses how many keys?
2
The encryption algorithm used in the DES standard; a symmetric algorithm that uses 56 bits for encryption.
Data Encryption Algorithm (DEA)
OpenPGP is focused on protecting which of the following?
E-mail messages
A certification authority (CA) issues private keys to recipients. True or False?
False
Which of the following is a program for extracting Windows password hash values?
Fgdump
List the three MIT professors who developed the RSA algorithm.
Rivest, Shamir, and Adleman
Symmetric algorithms can be block ciphers or stream ciphers. True or False?
True
What is the standard for PKI certificates?
X.509
data that can be read by anyone
also called cleartext
A key that maps each letter or number to a different letter or number.
cipher
A block cipher that operates on 64-bit blocks of plaintext, but its key length can be as large as 448 bits.
Blowfish
Intercepting messages destined for another computer and sending back messages while pretending to be the other computer is an example of what type of attack?
Man-in-the-middle
A 128-bit cryptographic hash function; still used, even though its weaknesses make finding collisions practical with only moderate computing power. Most useful for file integrity checking.
Message Digest 5 (MD5)
A free e-mail encryption program that allows typical users to encrypt e-mails.
Pretty Good Privacy (PGP)
Digital signatures are used to do which of the following?
Provide authentication and nonrepudiation
A stream cipher created by Ronald L. Rivest that's used in WEP wireless encryption.
RC4
A block cipher created by Ronald L. Rivest that can operate on different block sizes: 32, 64, and 128 bits. The key size can reach 2048 bits.
RC5
Which of the following is an asymmetric algorithm?
RSA
Advanced Encryption Standard (AES) replaced DES with which algorithm?
Rijndael
The NIST standard hashing algorithm that's much stronger than MD5 but has demonstrated weaknesses. For sensitive applications, NIST recommends not using SHA-1, and federal agencies are replacing it with longer digest versions, collectively called SHA-2.
Secure Hash Algorithm (SHA)
A standard developed to address the vulnerabilities of DES; it improved security, but encrypting and decrypting data take longer.
Triple Data Encryption Standard (3DES)
A sequence of random bits used in an encryption algorithm to transform plaintext into ciphertext, or vice versa.
key
RSA uses only a one-way function to generate a _____
key
The range of all possible key values contained in an encryption algorithm.
keyspace
A cipher that maps each letter of the alphabet to a different letter. The Book of Jeremiah was written by using a substitution cipher called Atbash.
substitution cipher
A NIST standard for protecting sensitive but unclassified data; it was later replaced because the increased processing power of computers made it possible to break DES encryption.
Data Encryption Standard (DES)
Two different messages producing the same hash value results in which of the following?
Collision
Intruders can perform which kind of attack if they have possession of a company's password hash file?
Dictionary
Used to verify data integrity
Hashing algorithms
A block cipher that operates on 64-bit blocks of plaintext and uses a 128-bit key; used in PGP encryption software.
International Data Encryption Algorithm (IDEA)
The Internet public key encryption standard for PGP messages; can use AES, IDEA, RSA, DSA, and SHA algorithms for encrypting, authenticating, verifying message integrity, and managing keys. The most common free version is GNU Privacy Guard (GnuPG or GPG).
OpenPGP
Public key encryption standard, included in Microsoft Outlook, for encrypting e-mail.
S/MIME
Which of the following describes a chosen-plaintext attack?
The attacker has plaintext, can choose what part of the text gets encrypted, and has access to the ciphertext.
A hash value is a fixed-length string used to verify message integrity. True or False?
True
In public key cryptography, a public key can be downloaded from ________ and is mathematically related to a private key known only to the owner.
a Web site
Diffie-Hellman is used to encrypt e-mail messages. True or False?
False
A file issued by a certification authority (CA) that binds a public key to information about its owner.
digital certificate
A method of signing messages by using asymmetric encryption that ensures authentication and nonrepudiation.
digital signature
A free public key encryption standard based on the PGP e-mail encryption program.
OpenPGP
A structure made up of several components for encrypting data.
PKI
A public key encryption standard for encrypting and digitally signing e-mail. It can also encrypt e-mails containing attachments and use PKI certificates for authentication.
Secure Multipurpose Internet Mail Extension (S/MIME)
Asymmetric cryptography systems are which of the following?
Slower than symmetric cryptography systems
Hiding data in a photograph is an example of which of the following?
Steganography
Why did the NSA decide to drop support for DES?
The processing power of computers had increased.
What cryptographic devices were used during World War II?
a. Enigma machine c. Purple Machine d. Bombe
Birthday attacks, brute-force attacks, mathematical attacks, man-in-the-middle attacks, replay attacks, and dictionary attacks are examples of
active attacks
Attacks used to find the same hash value for two different inputs and reveal mathematical weaknesses in a hashing algorithm.
birthday attacks
A symmetric algorithm that encrypts data in blocks of bits. These blocks are used as input to mathematical functions that perform substitution and transposition of the bits, making it difficult for someone to reverse-engineer the mathematical functions that were used.
block cipher
The two main types of symmetric algorithms are
block ciphers and stream ciphers.
An attack in which the attacker uses software that attempts every possible combination of characters to guess passwords.
brute-force attack
A digital document that verifies whether two parties exchanging data over the Internet are really who they claim to be. Each certificate has a unique serial number and must follow the X.509 standard.
certificate
A third party, such as VeriSign, that vouches for a company's authenticity and issues a certificate binding a public key to a recipient's private key.
certification authority (CA)
Plaintext (readable text) that has been encrypted.
ciphertext
plaintext is also called
cleartext
A field of study devoted to breaking encryption algorithms.
cryptanalysis
Any data not moving through a network or being used by the OS; usually refers to data on storage media.
data at rest
An attack in which the attacker runs a password-cracking program that uses a dictionary of known words or passwords as an input file against the attacked system's password file.
dictionary attack
To create a _______________, the hash value must be encrypted with the sender's private key.
digital signature
Digital Signature Standard (DSS) ensures that ______________ can be verified.
digital signatures
Ciphertext is data that has been
encrypted
To create a digital signature, the hash value must be ___________ with the sender's private key.
encrypted
A mathematical formula or method for converting plaintext into ciphertext.
encryption algorithm
Diffie-Hellman, ECC, and EIGamal use ___________, __________, and __________to secure data.
encryption, key distribution, and digital signatures
Block ciphers, such as AES, operate on _______________of data
fixed-length chunks
To create a digital signature, the ___________must be encrypted with the sender's private key.
hash value
A function that takes a variable-length string or message and produces a fixed-length hash value, also called a message digest.
hashing algorithm
An attack in which attackers place themselves between the victim computer and another host computer, and then intercept messages sent from the victim to the host and pretend to be the host computer.
man-in-the-middle attack
An attack in which properties of the encryption algorithm are attacked by using mathematical computations. Categories of this attack include ciphertextonly attack, known plaintext attack, chosen-plaintext attack, chosen-ciphertext attack, and side-channel attack.
mathematical attack
The fixed-length value that a hashing algorithm produces; used to verify that data or messages haven't been changed.
message digest
Write the equation to calculate how many keys are needed to have 20 people communicate with symmetric keys.
n(n - 1) / 2 = number of symmetric keys, or 20(20 - 1) / 2 = 190 keys
A private key is
never shared
The process of ensuring that the sender and receiver can't deny sending or receiving the message; this function is available in asymmetric algorithms but not symmetric algorithms.
nonrepudiation
stream ciphers, such as RC4, operate on _________ of data at a time.
one bit
Symmetric cryptography uses _______ to encrypt and decrypt data.
one key
What are the Asymmetric cryptography keys?
one key to encrypt and another to decrypt data
RSA uses only a ___________to generate a key
one-way function
Wireshark, Tcpdump, Nmap, Unicornscan, and others that don't affect the algorithm (key), message, or any parts of the encryption system are examples of
passive attacks
Readable text that hasn't been encrypted; also called cleartext.
plaintext
In a key pair, the secret key used in an asymmetric algorithm that's known only by the key owner and is never shared. Even if the public key that encrypted a message is known, the owner's private key can't be determined.
private key
To create a digital signature, the hash value must be encrypted with the sender's ______________.
private key
PKI includes __________, _________, and _________.
protocols, programs, and security policies
In a key pair, the key that can be known by the public; it works with a private key in asymmetric key cryptography, which is also known as public key cryptography.
public key
Also known as asymmetric key cryptography, an asymmetric algorithm that uses two mathematically related keys.
public key cryptography
Asymmetric cryptography is also called?
public key cryptography
PKI uses ______________to protect data transmitted over the Internet.
public key cryptography
A structure consisting of programs, protocols, and security policies.
public key infrastructure (PKI)
A lookup table of password hash values that enables certain programs to crack passwords much faster than with brute-force methods.
rainbow table
An attack in which the attacker captures data and attempts to resubmit the data so that a device, such as a workstation or router, thinks a legitimate connection is in effect.
replay attack
An active attack on a cryptosystem attempts to determine the
secret key used to encrypt plaintext.
A passive attack on a cryptosystem uses
sniffing and scanning tools
The method of hiding data in plain view in pictures, graphics, or text.
steganography
A symmetric algorithm that operates on plaintext one bit at a time.
stream cipher
An encryption algorithm that uses only one key to encrypt and decrypt data. The recipient of a message encrypted with a key must have a copy of the same key to decrypt the message.
symmetric algorithm