1601 ch.9 study

online certificate status protocol (OCSP)

??

Blowfish

A 64-bit block cipher that has a variable key length from 32 to 448 bits. Strong Algorithm that has been included in more than 150 products

stream cipher

A cryptographic cipher that encrypts a single byte (or bit) at a time

Asymmetric Key Cryptography

A cryptographic technique that uses two mathematically related keys - one key to encrypt data and another key to decrypt data.

brute-force attack

A method used to attempt to compromise logon and password access controls by attempting every input combination. Brute-force password attacks usually follow a specific attack plan, including the use of social engineering to obtain user information.

SSL handshake

A process that creates the first secure communications session between a client and a server.

certificate authority (CA)

A trusted entity that stores and distributes verified digital certificates such as Verisign or Computer Associates.

symetric key cryptography

A type of cryptography that cannot secure correspondence until after the two parties exchange keys

RC2 block cypher

A variable key-size block cipher. Operates as a drop-in replacement for DES and operates on 64-bit blocks.

simple substitution cipher

Allowing any letter to uniquely map to any other letter.

diffie-hellman algorithm

An algorithm in which a sender and receiver use asymmetric encryption to securely exchange symmetric keys.

hash

An algorithm that converts a large amount of data to a single (long) number. Once mathematically hashed, the hash value can be used to verify the integrity of that data.

hmac

An algorithm that provides a very secure method to authenticate a mobile device user using an authenticate a mobile device user using an authentication server.

elliptic curve (DHE)

An asymmetric cryptographic key exchange algorithm that uses algebraic curves to generate keys.

chosen-ciphertext attack

An attach where cryptanalysts submit data coded with the same cipher and key they are trying to break to the decryption device to see either the plaintext output or the effect the decrypted message has on some system.

chosen-plaintext attack

An attack where cryptanalysts can encrypt any information and observe the output.

ciphertext-only attack

An attack where the cryptanalysts has access only to a segment of encrypted data and has no choice as to what those dat may be.

transposition cipher

An encryption cipher that rearranges characters or bits of data.

Vigenere cipher

An encryption cipher that uses multiple encryptions schemes in succession. For example, you could encrypt every fifth letter with its own substitute cipher.

digitized signature

An image of an electronically reproduced signature.

Decryption

Betty receives a cipher text message from her colleague Tim. What type of function does Better need to use to read the plaintext message?

block cipher

Cryptographic cipher that encrypts an entire block of input at a time.

Data Encryption Standard (DES)

Encryption cipher that is a product cipher with a 56-bit key consisting of 16 iterations of substitution and transformation.

product cipher

Encryption cipher that is combination of multiple ciphers. Each could be transposition or substitution.

False: Ciphertext-only attack (COA)

In a Known plain text attack (KPA) the cryptanalyst has access only to a segment of encrypted data and has no choice as to what the data might be?

nonrepudiation

Prevents a party from denying a previous statement or action.

timestamping

Providing an exact time when a producer ceates or sends information

salt value

Random characters that you can combine with an actual input key to create the encryption key.

revocation

Stopping authorization for access to data.

differential cryptanalysis

The act of looking for patterns in vast amounts of ciphertext.

decryption

The act of unscrambling ciphertext into plaintext.

stegonography

The art and science of writing hidden messages.

known-plaintext attack

The cryptanalysts possesses certain pieces of information before and after encryption.

vernam cipher

The only unbreakable cryptographic cipher. Also called a one-time pad.

checksum

The output of a one-way algorithm. A mathematically derived numerical representation of some input.

cryptanalysis

The process of breaking codes without knowledge of the key.

authentication

The process of proving you are the person or entity you claim to be.

key distribution

The process of securely transporting an encryption key from the key generator to the key user, without disclosing the key to any unauthorized user.

confidentiality

The requirement to keep information private or secret.

cryptography

The study or practice of hiding information.

integrity

The validity of information or data. Data with high integrity has not been altered or modified.

CAST algorithm

This 64-bit symmetric block cipher can use keys from 40 to 256 bits.

International Data Encryption Algorithm (IDEA)

This block cipher operates on 64-bit blocks. It uses a 128-bit key and runs somewhat faster than DES on hardware and software.

True

True or False: A person demonstrates anonymity when posting info to a web discussion site without authorities knowing who he or she is?

True

True or False: A physical courier delivering an asymmetric key is an example of in-band key exchange.

False: Symmetric

True or False: A private key cipher is also called an asymmetric key cipher. True or False

True

True or False: A substitution cipher replaces bits, characters, or blocks of information with other bits, characters, or blocks

True

True or False: An algorithm is a repeatable process that produces the same result when it receives the same input.

digital certificate

Verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply

Secure Sockets Layer

What does SSL stand for?

Wired Equivalent Privacy

What does WEP stand for?

WiFi Protected Access Standard

What does WPA stand for?

512

What is not a valid encryption key length for use with a blowfish algorithm?

Vernam

What is the only unbreakable cipher when it is used properly?

Factoring large primes

What mathematical problem forms the basis of most modern cryptographic algorithms?

Quantum cryptography

Which approach to cryptography provides the strongest theoretical protection?

chosen plain text attack

Which cryptographic attack offers cryptanalysis the most information about how an encryption algorithm works?

Certification

Which information security objective allows trusted entities to endorse information?

Witnessing

Which information security objective verifies the action to create an object or verify an object's existence by an entity other than the creator