CNA 210 | Ch. 3, Basic Cryptology
Diffusion
________ means that if a single character of plaintext is changed then it should result in multiple characters of the ciphertext changing.
Integrity
_________ ensures that the information is correct and no unauthorized person or malicious software has altered the data.
Ciphertext
_________ is the scrambled and unreadable output of encryption.
Obfuscation
__________ is making something obscure or unclear.
Hardware Security Module (HSM)
A ___ is a secure cryptographic processor. This includes an on-board key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption.
hash
A ____ algorithm creates a unique "digital fingerprint" of a set of data.
Hashed Message Authentication Code (HMAC)
A ____ uses hashing to authenticate the sender. This is done by using both a hash function and a secret cryptographic key.
digest
A _____ is not decrypted but is only used for comparison purposes.
checksum hash
A ______ is intended to verify the integrity of data and identify data-transmission errors, while a ____ is designed to create a unique digital fingerprint of the data.
sponge function
A ______________ takes as input a string of any length, and returns a string of any requested variable length.
XOR cipher
A common algorithm called ___________ is based on the binary operation exclusive or that compares two bits: if the bits are different a 1 is returned, but if they are identical then a 0 is returned.
resource vs. security constraint
A limitation in providing strong cryptography due to the tug-of-war between the available resources and the security provided by cryptography is often referred to as ________________________.
lightweight cryptography
A new sub-field of cryptography is being developed called ____________________. This is a new technology specifically tailored for low-power devices that need to manage resource vs. security constraints.
0
Abram was asked to explain to one of his coworkers the XOR cipher. He showed his coworker an example of adding two bits, 1 and 1. What is the result of this sum?
data-in-transit
Actions that transmit the data across a network, like a sent email, are called _____________.
ROT13
Alexei was given a key to a substitution cipher. The key showed that the entire alphabet was rotated 13 steps. What type of cipher is this?
B. Confusion
Alyosha was explaining to a friend the importance of protecting a cryptographic key from cryptanalysis. He said that the key should not relate in a simple way to the cipher text. Which protection is Alyosha describing? A. Diffusion B. Confusion C. Integrity D. Chaos
C. Verify the receiver
Egor wanted to use a digital signature. Which of the following benefits will the digital signature not provide? A. Verify the sender B. Prove the integrity of the message C. Verify the receiver D. Enforce non-repudiation
random numbers
For algorithms to provide strong security they depend upon the quality of ______________, or numbers for which there is no identifiable pattern or sequence.
8-16 bytes/block
What is the size range for plaintext when it's separated and encrypted using a block cipher?
self-encrypting drives (SEDs)
When the computer or other device with an ___ is initially powered up, the drive and the host device perform an authentication process. This security makes it impossible to install the encrypted drive on another computer.
block
Whereas a stream cipher works on one character at a time, a ____ cipher manipulates an entire section of plaintext at one time.
steganography
Whereas cryptography scrambles a message so that it cannot be understood, __________________ hides the existence of the data.
D. In the directory structure of the file system
Which areas of a file cannot be used by steganography to hide data? A. In areas that contain the content data itself B. In the file header fields that describe the file C. In data that is used to describe the content or structure of the actual data D. In the directory structure of the file system
C. Diffie-Hellman (DH)
Which of the following key exchanges uses the same keys each time? A. Diffie-Hellman-RSA (DHRSA) B. Diffie-Hellman Ephemeral (DHE) C. Diffie-Hellman (DH) D. Elliptic Curve Diffie-Hellman (ECDH)
C. Alice's public key
If Bob wants to send a secure message to Alice using an asymmetric cryptographic algorithm, which key does he use to encrypt the message? A. Alice's private key B. Bob's public key C. Alice's public key D. Bob's private key
D. RSA
Illya was asked to recommend the most secure asymmetric crytographic algorithm to his supervisor. Which of the following did he choose? A. SHA-2 B. ME-312 C. BTC-2 D. RSA
SHA-3
In 2015 ____ was announced as a new standard for hash algorithms. Because of it's relatively compact size, this new hash may be suitable for some low-power devices.
ROT13
In a specific type of substitution cipher called ______, the entire alphabet is rotated 13 steps.
Elliptic curve cryptography (ECC)
Instead of using large prime numbers as the RSA does, ___ uses slopping curves.
512 bits
SHA pads messages of less than ______ with zeroes and an integer that describes the original length of the message.
stream
Some algorithms use a _____ cipher that takes one character and replaces it with one character.
C. Encrypts the message and the key
The Hashed Message Authentication Code (HMAC) ________. A. Encrypts only the message B. Encrypts only the key C. Encrypts the message and the key D. Encrypts the DHE key only
Digital Signature Algorithm (DSA)
The ___ is a U.S. Federal government standard for digital signatures.
International Data Encryption Algorithm (IDEA)
The ____ is a block cipher that processes 64 bits with a 128-bit key with 8 rounds. It is generally considered to be secure.
security through obscurity
The concept of obfuscation has let to an approach in security called ____________________, or the notion that virtually any system can be made secure so long as outsiders are unaware of it or how it functions.
symmetric cryptographic algorithms
The original cryptographic algorithms for encrypting and decrypting data are _______________________________, which use the same key to encrypt and decrypt a document.
B. Hardware Security Module (HSM)
Which of these has an onboard key generator and key storage facility, as well as accelerated symmetric and asymmetric encryption, and can back up sensitive material in encrypted form? A. Trusted Platform Module (TPM) B. Hardware Security Module (HSM) C. Self-encrypting hard disk drives D. Encrypted hardware-based USB drvices
B. Risk loss
Which of these is NOT a basic security protection for information that cryptography can provide? A. Authenticity B. Risk loss C. Integrity D. Confidentiality
A. Collisions should be rare.
Which of these is NOT a characteristic of a secure hash algorithm? A. Collisions should be rare. B. A message cannot be produced from a predefined hash. C. The results of a hash function should not be reversed. D. The hash should always be the same fixed size.
C. Advanced Encryption Standard
Which of these is the strongest symmetric cryptographic algorithm. A. Data Encryption Standard B. Triple Data Encryption Standard C. Advanced Encryption Standard D. RC 1
public key private key
With asymmetric algorithms the _________ is known to everyone and can be freely distributed, while the ____________ is known only to the individual to whom it belongs.
Advanced Encryption Standard (AES)
___ a symmetric cipher that replaced DES in 2000 performs three steps on every block of plaintext. Within each round, bytes are substituted and rearranged, and then special multiplication is performed based on the new arrangement.
One-time pad (OTP)
___ can be hand-calculated and is the only known method to perform encryption that cannot be broken mathematically.
Secure Hash Algorithm (SHA)
___ is a newer family of hashes that was patterned after MD4 and MD5, but creates a digest that is 16- bits instead of 128 bits in length.
Pretty Good Privacy (PGP)
___ is a widely used asymmetric cryptography software for encrypting files and email messages. It uses both asymmetric and symmetric cryptography.
Trusted Platform Module (TPM)
___ is essentially a chip on the motherboard of the computer that provides cryptographic services. It also includes a true random number generator instead of a PRNG, as well as full support for asymmetric encryption.
RSA
___ is the most common asymmetric cryptography algorithm and is the basis for several products. The first step of this algorithm involves multiplying two large prime numbers.
Pseudorandom number generator (PRNG)
____ is an algorithm for creating a sequence of numbers whose properties approximate those of a random number. This is the closest way computer software can get to random numbers.
Elliptic Curve Diffie-Hellman (ECDH)
____ key exchange uses elliptic curve cryptography instead of prime numbers in its computation.
3DES
____ was designed to replace DES. It uses three rounds of encryption instead of just one like DES did. The most secure versions use different keys for each round.
GNU privacy Guard (GNuPG)
_____ is similar to PGP and is an open-source product that runs on different operating systems.
Lucifer Data Encryption Standard (DES)
______ a product originally designed in the 1970s by IBM with a key length of 128 bits was the predecessor of ___, which has a key length of 56 bits and is considered the first widely popular symmetric cryptography algorithm.
RIPEMD
______, a hash designed after MD4, is two different and independent parallel chains of computation, the results of which are then combined at the end of the process.
Blowfish Twofish
_______ is a block cipher algorithm that operates on 64-bit blocks and can have a key length from 32 to 448 bits. It as designed to run efficiently on 32-bit computers. A later derivation of this called ________ was created and is also considered to be a strong algorithm.
Confusion
___________ is a method where the key does not relate in a simple way to the ciphertext. Each character of the ciphertext should depend upon several different parts of the key.
Data-in-use
___________ is data actions being performed by "endpoint devices", such as printing a report from a desktop computer.
Non-repudiation
___________ is the process of proving that a user performed an action, such as sending an email message. This prevents an individual from fraudulently reneging on an action.
Data-in-rest
________________ is a term for data that is being stored on electronic media.
Cryptography
________________ is the practice of transforming information so that it is secure and cannot be accessed by unauthorized parties.
Asymmetric cryptographic algorithms
________________________, also known as public key cryptography uses two keys instead of only one.
B. SHA-3
What is the latest version of the Secure Hash Algorithm? A. SHA-2 B. SHA-3 C. SHA-4 D. SHA-5
message authentication code (MAC)
A ___ combines the original message with a shared secret key that only the sender and receiver know.
pad
A ___ is a long sequence of random numbers.
Diffie-Hellman (DH) Diffie-Hellman Ephemeral (DHE)
A __ key exchange requires both parties to agree upon a large prime number and a related integer. While the first exchange uses the same keys each time, ___ uses different keys that are discarded after each use.
C. It would be essentially impossible to keep its location a secret from everyone.
At a staff meeting one of the technicians suggested that the enterprise protect its new web server by hiding it and not telling anyone where it is located. Iosif raised his hand and said that security through obscurity was a poor idea. Why did he say that? A. It is an unproven approach and has never been tested. B. It would be too costly to have one isolated server by itself. C. It would be essentially impossible to keep its location a secret from everyone. D. It depends too heavily upon non-repudiation in order for it to succeed.
full disk encryption (FDE)
Cryptography can also be applied to entire disks instead of individual files or groups of files, this is known as ___, and it protects all data on an entire drive.
confidentiality
Cryptography can protect the _______________ of information by ensuring that only authorized parties can review it.
hidden writing
Cryptography comes from Greek words meaning ____________________.
metadata
Data that is used to describe the content or structure of the actual data is called ___________.
cleartext
Readable data that has been transmitted or stored in "the clear" and is not intended to be encrypted is called __________.
resiliency
It is important that there be high _________ in cryptography, or the ability to quickly recover from these resource vs. security constraints.
Encrypting File System (EFS) FileVault
Microsoft's ___ is a cryptography system for Windows OS that use the Windows NTFS file system. Apple's ______ performs a similar function.
Fixed size Unique Original Secure
Name three of the four required characteristics for a hashing algorithm to be considered secure.
substitution cipher
One category of algorithm called ____________________ takes one character and swaps it for another
Message Digest (MD) Message Digest 5 (MD5)
One of the earliest hash algorithms is actually a family of algorithms known as __. The most well known of these being ___.
algorithm
Plaintext data is input into a cryptographic _________, which consists of procedures based on a mathematical formula to encrypt and decrypt the data.
A. Non-repudiation
Proving that a user sent an email message is known as _______. A. Non-repudiation B. Repudiation C. Integrity D. Availability
B. Perfect forward secrecy
Public key systems that generate random public keys that are different for each session are called ______. A. Public Key Exchange (PKE) B. Perfect forward secrecy C. Elliptic Curve Diffie-Hellman (ECDH) D. Diffie-Hellman (DH)
perfect forward secrecy
Public key systems that generate random public keys that are different for each session are called ________________.
True. If SHA-2 was used, it would be called HMAC-SHA2
True or False? Any cryptographic hash functions can be used in the calculation of an HMAC.
True.
True or False? ECC is considered as an alternative for prime-number-based asymmetric cryptography for mobile and wireless devices.
False. They've grown significantly
True or False? In recent years, the number of small electronic devices that consume very small amounts of power has grown marginally.
True
True or False? Lightweight cryptography is not a weakened cryptography, but it may have fewer features and be less robust.
False. They do reduce collisions but they do not provide higher levels of security.
True or False? RIPEMD-256 and RIPEMD-320 reduce the risk of collisions and provide higher levels of security than RIPEMD-128 and RIPEMD-160.
False. It stands for their last names.
True or False? RSA stands for the first names of its three developers, Ron Rivest, Sasha Adleman, and Andrew Shamir.
True
True or False? SHA-2 is compromised of six variations, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256 and is currently considered to be a secure hash.
False. MD5 is also unsuitable for use.
True or False? Serious weaknesses have been identified in MD4 and is it is no longer considered suitable for use. MD5 is the current recommended alternative.
False. The stream does not vary.
True or False? Stream ciphers are considered more secure than block ciphers because the engine that generates the stream varies each time it's used.
True
True or False? The fundamental nature of computer software prohibits it from being capable of producing numbers that are truly random.
hash symmetric cryptographic asymmetric cryptographic
What are the three broad categories of cryptographic algorithms?
A. It provides cryptographic services in hardware instead of software
What is a characteristic of the Trusted Platform Module (TPM)? A. It provides cryptographic services in hardware instead of software B. It allows the user to boot a corrupted disk and repair it C. It is available only on Windows computers running BitLocker D. It includes a pseudorandom number generator (PRNG).
B. Plaintext
What is data called that is to be encrypted by inputting it into a cryptographic algorithm? A. Opentext B. Plaintext C. Cleartext D. Ciphertext