W04: Basic Cryptography
Secure Hash Algorithm (SHA)
A secure hash algorithm that creates more secure hash values than Message Digest (MD) algorithms.
pseudorandom number generator (PRNG)
An algorithm for creating a sequence of numbers whose properties approximate those of a random number.
Stream Cipher
An algorithm that takes one character and replaces it with one character.
XOR cipher
An encryption algorithm based on the binary operation eXclusive OR that compares two bits.
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
Block Cipher
A cipher that manipulates an entire block of plaintext at one time.
Substitution Cipher
A cipher that substitutes one character with another
sponge function
A cryptographic function that applies a process on the input that has been padded with additional characters until all characters are used.
Hardware Security Module (HSM)
A device that can safely store and manage encryption keys. This can be used in servers, data transmission, protecting log files, etc.
Asymmetric Cryptography
A form of cryptography that uses two separate, but mathematically related, keys for encryption and decryption; also called public key cryptography.
Downgrade Attack
An attack in which the system is forced to abandon the current higher security mode of operation and fall back to implementing an older and less secure mode.
Collision Attack
An attempt to find two input strings of a hash function that produce the same hash result.
Symmetric cryptography
Encryption that uses a single key to encrypt and decrypt a message.
RACE Integrity Primitives Evaluation Message Digest (RIPEMD)
The primary design feature of RIPEMD is two different and independent parallel chains of computation, the results of which are then combined at the end of the process. All versions of RIPEMD are based on the length of the digest created, including RIPEMD-128, RIPEMD-256, and RIPEMD-320.
Common asymmetric cryptographic algorithms include
Rivest-Shamir-Adleman (RSA) Elliptic Curve Cryptography (ECC) Digital Signature Algorithm (DSA) and those relating to Key Exchange
Decryption
a process that reverses encryption, taking a secret message and reproducing the original plain text
Full Disk Encryption (FDE)
a technology that encrypts everything stored on a storage medium automatically, without any user interaction
ciphertext attack
Attackers use this when they only have ciphertext for analysis without any useful information about the plaintext data.
misconfiguration implementation
Breaches of cryptography that are the result of incorrect configuration or uses of the cryptography
one-time pad (OTP)
Combining plaintext with a random key to create ciphertext that cannot be broken mathematically.
Common symmetric cryptographic algorithms include:
Data Encryption Standard (DES) Triple Data Encryption Standard (Triple DES) Advanced Encryption Standard (AES) Rivest Cipher (RC) Blowfish
Common hashing algorithms are:
Message Digest, Secure Hash Algorithm, and RACE Integrity Primitives Evaluation Message Digest
Encryption
Process of converting readable data into unreadable characters to prevent unauthorized access.
Cleartext
The unencrypted form of data. Also known as plaintext
Hardware encryption devices can protect:
USB devices and standard hard drives
Which of the following is not to be decrypted but is only used for comparison purposes? a. Digest b. Key c. Stream d. Algorithm
a. Digest
What is data called that is to be encrypted by inputting it into a cryptographic algorithm? a. Plaintext b. Byte-text c. Cleartext d. Ciphertext
a. Plaintext
What are public key systems that generate different random public keys for each session? a. Public Key Exchange (PKE) b. perfect forward secrecy c. Elliptic Curve Diffie-Hellman (ECDH) d. Diffie-Hellman (DH)
b. perfect forward secrecy
What is a collision? a. Two files produce the same digest. b. Two ciphertexts have the same length. c. Two algorithms have the same key. d. Two keys are the same length
a. Two files produce the same digest.
Quantum computing uses:
atomic-scale units (qubits) that can be both 0 and 1 simultaneously.
Which of these is the strongest symmetric cryptographic algorithm? a. Data Encryption Standard b. Advanced Encryption Standard c. Triple Data Encryption Standard d. RC 1
b. Advanced Encryption Standard
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? a. Alice's private key b. Alice's public key c. Bob's public key d. Bob's private key
b. Alice's public key
Deo has been asked to explain RSA to his colleague. After his explanation, Deo is asked what, if any, weaknesses RSA has. How would Deo respond? a. RSA has no known weaknesses. b. As computers become more powerful, the ability to compute factoring has increased. c. RSA weaknesses are based on ECC. d. The digest produced by the RSA algorithm is too short to be secure.
b. As computers become more powerful, the ability to compute factoring has increased.
Basil was reading about a new attack that forces the system to abandon a higher cryptographic security mode of operation and instead fall back to an older and less secure mode. What type of attack is this? a. Deprecation attack b. Pullback attack c. Downgrade attack d. Obfuscation attack
c. Downgrade attack
Which of these is NOT a characteristic of a secure hash algorithm? a. The results of a hash function should not be reversed. b. Collisions should occur no more than 15 percent of the time. c. A message cannot be produced from a predefined hash. d. The hash should always be the same fixed size.
b. Collisions should occur no more than 15 percent of the time.
Which of these provides cryptographic services and is external to the device? a. Trusted Platform Module (TPM) b. Hardware Security Module (HSM) c. Self-encrypting hard disk drives (SED) d. Encrypted hardware-based USB devices
b. Hardware Security Module (HSM)
Cryptography can prevent an individual from fraudulently reneging on an action. What is this known as? a. Repudiation b. Nonrepudiation c. Obfuscation d. Integrity
b. Nonrepudiation
Which of the following is NOT a symmetric cryptographic algorithm? a. DES b. SHA c. Blowfish d. 3DES
b. SHA
What is low latency? a. A low-power source requirement of a sensor. b. The time between when a byte is input into a cryptographic cipher and when the output is obtained. c. The requirements for an IoT device that is using a specific network. d. The delay between when a substitution cipher decrypts the first block and when it finishes with the last block
b. The time between when a byte is input into a cryptographic cipher and when the output is obtained.
Egor wanted to use a digital signature. Which of the following benefits will the digital signature NOT provide? a. Verify the sender b. Verify the receiver c. Prove the integrity of the message d. Enforce nonrepudiation
b. Verify the receiver
Which of the following is FALSE about "security through obscurity"? a. It attempts to hide its existence from outsiders. b. It can only provide limited security. c. It is essentially impossible. d. Proprietary cryptographic algorithms are an example.
c. It is essentially impossible.
Brielle is researching substitution ciphers. She came across a cipher in which the entire alphabet was rotated 13 steps. What type of cipher is this? a. XOR b. XAND13 c. ROT13 d. Alphabetic
c. ROT13
Which of these is NOT a basic security protection for information that cryptography can provide? a. Integrity b. Authenticity c. Risk d. Confidentiality
c. Risk
Cicero is researching hash algorithms. Which algorithm would produce the longest and most secure digest? a. SHA-256 b. MD5 c. SHA3-512 d. SHA6-6
c. SHA3-512
Which of the following hides the existence of information? a. Encryption b. Decryption c. Steganography d. Ciphering
c. Steganography
Cryptography can provide:
confidentiality, integrity, authentication, nonrepudiation, and obfuscation (making something obscure or unclear)
Hashing
creates a unique digital fingerprint called a digest, which represents the contents of the original material
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)? a. It provides cryptographic services in hardware instead of software. b. It can generate asymmetric cryptographic public and private keys. c. It can easily be transported to another computer. d. It includes a pseudorandom number generator (PRNG).
d. It includes a pseudorandom number generator (PRNG).
Cryptography can also protect data as it resides in any of three states:
data in processing, data in transit, and data at rest
Metadata
data that describes other data
quantum communication exchange can easily detect
eavesdroppers
Hardware encryption cannot be:
exploited like software cryptography
Software-based cryptography can protect large numbers of:
files on a system or an entire disk
Cryptographic encryption algorithm
has a mathematical value (a key) used to create ciphertext
Steganography
hides the existence of data
Message Digest (MD)
is a fixed size numeric representation of the contents of a message, computed by a hash function. A message digest can be encrypted, forming a digital signature. Messages are inherently variable in size.
Blockchain
is a shared, immutable ledger that facilitates the process of recording transactions and tracking assets that are linked across several computers in a peer-to-peer business network.
private key
is known only to the recipient of the message and must be kept secure
Cryptography
is the practice of transforming information into a secure form so unauthorized persons cannot access it. Masks the content of data so that it cannot be read.
Cryptography faces constraints that can impact its effectiveness in:
low-power devices and applications needing ultra-fast response times. Resource vs. security constraint (time and energy).
Modern OSs provide encryption support
natively
Plaintext
normal text that has not been encrypted
One subcategory of quantum cryptography is:
quantum communication or secure telecommunications
Quantum cryptography takes advantage of:
quantum computing for increasing cybersecurity.
More sophisticated hardware encryption options include:
self-encrypting drives, the Hardware Security Model, and the Trusted Platform Module.
Cryptography can be applied through either:
software or hardware
Cryptography constraints are:
speed, size, weak keys, key length, longevity, predictability, reuse, entropy, and computational overhead
cyphertext
the encrypted form of a message
ROT13
the entire alphabet is rotated 13 steps.
Lightweight cryptography is being developed to:
to use less memory, less computing resource, and less power supply to provide a security solution that can work over resource-limited devices such as battery-powered devices.
entropy encryption
used to produce random numbers, which in turn are used to produce security keys to protect data while it's in storage or in transit.
public key is:
widely available and can be freely distributed
