Sec 9.4 Cryptographic Attack
Which form of cryptanalysis focuses on weaknesses in software, the protocol, or the encryption algorithm?
An implementation attack exploits implementation weaknesses, such as in software, the protocol, or the encryption algorithm.
Which of the following attacks typically takes the longest amount of time to complete?
Brute force attack A brute force attack is a form of attack that attempts every possible key or password pattern for a message, login prompt, or security file.
Which of the following is an example of a statistical attack against a cryptosystem?
Exploiting a computer's inability to produce random numbers
Which of the following password attacks adds appendages to known dictionary words?
Hybrid A hybrid attack adds appendages to known dictionary words (for example, 1password, password07, and p@ssword1).
When an attacker decrypts an encoded message using a different key than was used during encryption, what type of attack has occurred?
Key clustering
Which of the following best describes a side-channel attack?
The attack is based on information gained from the physical implementation of a cryptosystem.
If two different messages or files produce the same hashing digest, then a collision has occurred. Which form of cryptographic attack exploits this condition?
birthday Attack
Which of the following is a mathematical attack that targets the complexity of a cryptosystem's algorithm?
Analytical An analytic attack is a mathematical that targets the complexity of a cryptosystem's algorithm. The goal of an analytic attack is to break the algorithm
Your company produces an encryption device that lets you enter text and receive encrypted text in response. An attacker obtains one of these devices and starts inputting random plaintext to see the resulting ciphertext.
Chosen plaintext A chosen plaintext attack is where the attacker chooses the plaintext to be encrypted. This event can occur when a worker steps away from the computer and the attacker sends a message and captures the resulting cipher text. The attacker can select plaintext that will produce clues to the encryption key used.
Which type of password attack employs a list of pre-defined passwords that it tries against a login prompt or a local copy of a security accounts database?
Dictionary
In which type of attack does the attacker have access to both the plaintext and the resulting cipher text, but does not have the ability to encrypt the plain text?
Known plaintext
Which of the following is not a countermeasure against dictionary attacks? Using three or four different keyboard character types (lowercase, uppercase, numerals, and symbols) Using short passwords Avoiding common words Avoiding industry acronyms
Using short passwords All too often, a short password is a simple common word. A dictionary attack is designed to quickly discover passwords that use common words. Dictionary attacks can be customized for the intended victim
If a birthday attack is successful, meaning the attacker discovers a password that generates the same hash as that captured from a user's login credentials, which of the following is true? (Select two.)
The discovered password will allow the attacker to log in as the user, even if the discovered password is not the same as the user's password. A collision was discovered.
Why are brute force attacks always successful?
They test every possible valid combination.
