CEH Cryptography
What 3 operations does *Threefish* involve?
1. Addition 2. Rotation 3. XOR
What 2 *mobile hash calculators* does the material recommend?
1. Hash Tools 2. HashDroid
What 2 *MD5 and MD6 hash calculators* does the material recommend?
1. MD5 Calculator 2. HashMyFiles
What two things can provide non-repudiation of email communications?
1. S/MIME 2. PGP
What 4 *disk encryption tools* does the material recommend?
1. VeraCrypt 2. Symantec Drive encryption 3. BitLocker Drive Encryption 4. FileVault
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 2?
1024
What is the size in bits of the digests produced by MD5?
128 bits
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 5?
1536
What is the key size of the Software Encryption Algorithm (SEAL)?
160 bits
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 14?
2048
Which of the following is optimized for confidential communications, such as bidirectional voice and video? 1. RC5 2. MD4 3. RC4 4. MD5
3. RC4
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 15?
3072
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 16?
4096
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 17?
6144
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 1?
768
What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 18?
8192
What is *GNU Privacy Guard (GPG)*?
A software replacement PGP and free implementation of OpenPGP standard
What is an attack where an attacker selects a series of ciphertexts and then observes the resulting plaintext blocks?
Adaptive chosen-ciphertext attack
What is an attack where an attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?
Adaptive chosen-plaintext attack
What type of hardware/software is susceptible to a *DUHK attack*?
Any hardware/software using an ANSI X9.31 random number generator (RNG)
Does PGP utilize symmetric or asymmetric encryption?
Asymmetric
What tool helps users compress, encrypt, and convert plaintext data into ciphertext using symmetric and public-key algorithms?
BCTextEncoder
What is an attack where an attacker attempts to find two passwords with matching hashes?
Birthday attack
Which component of public key infrastructure (PKI) issues and verifies digital certificates?
Certificate Authority (CA)
Which component of public key infrastructure (PKI) generates, distributes, stores, and verifies certificates?
Certificate Management System
What is an attack where an attacker usually breaks an n-bit key cipher into 2^(n/2) operations?
Chosen key attack
What is an attack where an attacker obtains plaintexts corresponding to an *arbitrary set* of ciphertexts of their own choosing?
Chosen-ciphertext attack
Which attack is most effective against public-key cryptography?
Chosen-ciphertext attack
What is an attack where an attacker defines their own plaintext, feeds it into the cipher, and analyzes the resulting cipher text?
Chosen-plaintext attack
What is an attack where an attacker has access to the cipher text?The goal of this attack is to recover the encryption key from the ciphertext.
Ciphertext only attack
What hash property ensures that a hash function will not produce the same hashed value for two different messages?
Collision resistance
What *cryptanalysis tool* does the material recommend?
CrypTool
What is an attack on a cross-protocol weakness on servers that support recent SSLv2 protocol suites? Used in online man-in-the-middle attacks.
DROWN attack
Name the cryptanalysis technique described below. 1. Generally applicable to symmetric key algorithms 2. Examines the differences in an input and how that affects the resultant difference in the output
Differential cryptanalysis
Which cryptanalysis technique works in both known plaintext and ciphertext only attacks?
Differential cryptanalysis
What is the cryptographic protocol that allows two parties to establish a shared key over an insecure channel?
Diffie-Hellman
Which component of public key infrastructure (PKI) establishes people's credentials in online transactions?
Digital certificates
What cryptographic algorithm has been proposed as a replacement for the RSA algorithm to minimize the key size?
ECC
Which component of public key infrastructure (PKI) requests, manages, and uses certificates?
End User
What key pair is created when a TPM is manufactured and is permanent?
Endorsement key pair
What is the study of the frequencies of letters or groups of letters in a ciphertext, based on the fact that in any given stretch of written language, certain letters and combinations of letters occur with varying frequencies?
Frequency analysis
What is *GAK*?
Government Access to Keys
What is a type of message authentication code that combines a cryptographic key with a cryptographic hash function to verify the integrity of the data and authentication of a message?
HMAC
Which of the following hardware encryption devices is an additional external security device used in a system for crypto-processing and can be used for managing, generating, and securely storing cryptographic keys?
HSM
What is an encryption technique where math operations are performed to encrypt plaintext, allowing users to secure and leave their data in an encrypted format even while the data are being processed or manipulated?
Homomorphic encryption
Name the cryptanalysis technique described below. For block size b, hold (b - k) bits constant and run the other k bits through all 2^k possibilities
Integral cryptanalysis
Which cryptanalysis technique is useful against block ciphers based on substitution and permutation networks?
Integral cryptanalysis
What e-learning software allows comprehensive cryptographic experimentation on Linux, Mac OS X, and Windows and also allows users to develop and extend its platform in various ways with their own crypto plug-ins?
JCrypTool (JCT)
What is a component of public key infrastructure (PKI) where a copy of a private key is stored to *provide third-party access*?
Key escrow
What are the key size, block size, and number of rounds for *RC5*?
Key size: 0 to 2040 bits Block size: 32, 64, or 128 Number of rounds: 0 to 255
What are the key size, block size, and number of rounds for *Tiny Encryption Algorithm (TEA)*?
Key size: 128 Block size: 64 Number of rounds: 64
What are the key size, block size and number of rounds for *IDEA*?
Key size: 128 Block size: 64 Number of rounds: 8.5
What are the key size, block size, and number of rounds for *AES*?
Key size: 128, 192, 256 Block size: 128 Number of rounds: 10, 12, or 14 respectively
What are the key size, block size, and number of rounds for *Camellia*?
Key size: 128, 192, or 256 Block size: 128 Number of rounds: 18 or 24
What are the key size, block size, and number of rounds for *Serpent*?
Key size: 128, 192, or 256 Block size: 128 Number of rounds: 32
What are the key size, block size, and number of rounds for *Twofish*?
Key size: 128, 192, or 256 bits Block size: 128 bits Number of rounds: 16
What are the key size, block size, and number of rounds for *RC6*?
Key size: 128, 192, or 256 bits Block size: 128 bits Number of rounds: 20
What are the key size, block size, and number of rounds for *GOST / Magma*?
Key size: 256 Block size: 64 Number of rounds: 32
What are the key size, block size, and number of rounds for *Threefish*?
Key size: 256, 512, or 1024 respectively Block size: 256, 512, or 1024 respectively Number of rounds, 72, 72, or 80 respectively
What are the key size, block size and number of rounds for *Blowfish*?
Key size: 32-448 bits Block size: 64 bits Number of rounds: 16
What are the key size, block size, and number of rounds for *CAST-128*?
Key size: 40 to 128 bits (in 8 bit increments) Block size: 64 Number of rounds: 12 or 16
What are the key size, block size, and number of rounds for *DES*?
Key size: 56 bits Block size: 64 bits Number of rounds: 16
What is the process of strengthening a key that might be slightly too weak, usually by making it longer?
Key stretching
What is an attack where an attacker has knowledge of *some part of the plaintext*, using this information, the key used to generate ciphertext is deduced to decipher other messages?
Known-plaintext attack
What protocol provides the tunnel by which IP packets encapsulated in UDP packets can travel in a VPN connection but requires an encryption protocol (like IPSec) to secure the data being transferred?
Layer 2 Tunneling Protocol (L2TP)
Name the cryptanalysis technique described below. 1. Commonly used against block ciphers 2. Uses linear approximation to describe the behavior of the block cipher 3. Given sufficient pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained 4. Based on finding affine approximations to the action of the cipher
Linear cryptanalysis
What cryptanalysis technique is also known as a *known plaintext attack*?
Linear cryptanalysis
In what attack does an attacker reduce the number of brute-force permutations required to decode text encrypted by more than one key and use the space-time trade-off?
Meet-in-the-middle attack
What *cryptography toolkit* does the material recommend?
OpenSSL
What is an attack where an attacker exploits the padding validation of an encrypted message to decipher the ciphertext?
Padding oracle / Vaudenay attack
What protocol is used for data transferring across IP-based VPNs, but requires other protocols for the security of the data being transferred?
Point-to-Point Tunneling Protocol
What is the variable key size symmetric key stream cipher with byte-oriented operations and is based on the use of a random permutation?
RC4
What *email encryption tool* does the material recommend?
RMail
What is a *public-key* cryptosystem for Internet encryption and authentication that uses modular arithmetic and elementary number theory to perform computations using two large prime numbers?
RSA
What is used to provide a copy of an encryption key in the event that the original is lost?
Recovery agent
Which component of public key infrastructure (PKI) acts as the verifier of the applicant on behalf of the Certificate Authority (CA)?
Registration Authority (RA)
What is an attack where an attacker can obtain ciphertexts encrypted under *two different keys*? This attack is useful if the attacker can obtain the plaintext and matching ciphertext.
Related-key attack
What is the extraction of cryptographic secrets (e.g., the password to an encrypted file) from a person by *coercion or torture*?
Rubber hose attack
What algorithm provides better protection against brute force attacks by using a 160-bit message digest?
SHA-1
What hashing algorithm produces a 160-bit digest from a message with a maximum length of (264 - 1) bits, and it resembles the MD5 algorithm?
SHA-1
What is a family of two similar hash functions with different block sizes?
SHA-2 (generally SHA-256 and SHA-512)
What encryption algorithm uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertibly permutes?
SHA-3
What key is created when a user takes ownership of a TPM and can be cleared and changed by the user?
Storage root key
What is the protocol allows a client and server to authenticate each other, select an encryption algorithm, and exchange a symmetric key prior to data exchange?
TLS handshake protocol
What type of hardware encryption devices is a crypto-processor or chip present in the motherboard that can securely store encryption keys and perform many cryptographic operations?
TPM
What is the role of the *root Certificate Authority (CA)*?
The root CA is the trusted root that issues certificates
The strength of the session key used in the Diffie-Hellman key exchange process is determined by what?
The size of the modulus used to generate the session key
What is an an attack based on repeatedly measuring the exact execution times of modular exponentation operations?
Timing attack
Which component of public key infrastructure (PKI) stores certificates (with their public keys)?
Validation Authority (VA)
What is a public-key-based authenticated key exchange protocol?
YAK