Module 06: Basic Cryptography
What are public key systems that generate different random public keys for each session?
perfect forward secrecy
blockchain
A shared, immutable ledger that facilitates the process of recording transactions and tracking assets in a business network.
low latency
A small amount of time that occurs between when a byte is input into a cryptographic algorithm and the time the output is obtained.
quantum communication
A subcategory of quantum cryptography used to secure telecommunications.
Ephemeral keys
A temporary key that is used only once before it is discarded.
data in transit
Actions that transmit the data across a network.
Which is the strongest symmetric cryptographic algorithm?
Advanced Encryption Standard
hash
An algorithm that creates a unique digital fingerprint.
stream cipher
An algorithm that takes one character and replaces it with one character.
elliptic curve cryptography (ECC)
An algorithm that uses elliptic curves instead of prime numbers to compute keys.
downgrade attack
An attack in which the system is forced to abandon the current higher security mode of operation and "fall back" to implementing an older and less secure mode.
What weakness does RSA (Rivest-Shamir-Adleman; a public-key cryptosystem) have
As computers become more powerful, the ability to compute factoring has increased.
What is NOT a characteristic of a secure hash algorithm?
Collisions should occur no more than 15 percent of the time.
algorithm
Consists of procedures based on a mathematical formula used to encrypt and decrypt the data. Also called a cipher.
post-quantum cryptography
Cryptographic algorithms that are secure against an attack by a quantum computer.
asymmetric cryptographic algorithms
Cryptography that uses two mathematically related keys. (knows as public key cryptography)
Data in processing
Data actions being performed by "endpoint devices," such as printing a report from a desktop computer.
Data at rest
Data that is stored on electronic media.
When implementing segmentation as a proactive measure, which of the following types of segments exist on a network?
Datacenter, Guests, & Users
Which of the following is not to be decrypted but is only used for comparison purposes?
Digest
self-encrypting drives (SEDs)
Drives that can automatically encrypt any data stored on them.
Symmetric cryptographic algorithms
Encryption that uses a single key to encrypt and decrypt a message. (Knowns as private key cryptography,)
True or False: Opal is a standard for FEDs.
False
True or False: Software Restriction Policy for restricting applications applies only to an individual user and not to a group of users
False
True or False: The basis of a quantum computer is a bit.
False
True or False: Unencrypted data that is input for encryption or is the output of decryption is called cleartext.
False
If two segments need to talk to each other in a segmented network, which of the following is required?
Firewall
steganography
Hiding the existence of data within another type of file, such as an image file.
Which of the following is NOT a characteristic of the Trusted Platform Module (TPM)?
It includes a pseudorandom number generator (PRNG).
Obfuscation
Making something obscure or unclear.
perfect forward secrecy
Public key systems that generate different random public keys for each session.
low-power devices
Small electronic devices that consume very small amounts of power.
Which encryption algorithms are examples of lightweight cryptography?
TWINE & OTR
high resiliency
The ability to quickly recover from resource vs. security constraints.
Entropy
The measure of randomness of a datagenerating function.
key length
The number of bits in a key.
cryptography
The practice of transforming information so that it is secure and cannot be understood by unauthorized persons.
decryption
The process of changing encrypted text into the original text.
encryption
The process of changing plaintext into ciphertext.
hashing
The process of creating a digital fingerprint.
nonrepudiation
The process of proving that a user performed an action.
key exchange
The process of sending and receiving secure cryptographic keys.
Cryptography can be implemented through software running on a device. Encryption can also be performed on a larger scale by:
encrypting the entire disk drive itself.
Opal
A set of specifications for SEDs developed by the Trusted Computing Group (TCG).
Trusted Platform Module (TPM)
A chip on the motherboard of the computer that provides cryptographic services.
block cipher
A cipher that manipulates an entire block of plaintext at one time.
quantum computer
A computer that relies on quantum physics using atomic-scale units (qubits) that can be both 0 and 1 at the same time.
weak key
A key that causes the cipher to behave in unpredictable ways or may compromise overall security.
resource vs. security constraint
A limitation in providing strong cryptography due to the "tug-of-war" between the available resources (time and energy) and the security provided by cryptography.
collision
When two files have the same hash (produce the same digest).
Hardware Security Module (HSM)
A removable external cryptographic device.
What are the key lengths of the Twofish Encryption model?
128, 192, 256-bit
The key sizes available in ECC are:
160, 224, 256, 384, 521 bits
What is the minimum key size in Elliptical Curve Cryptography (ECC)?
160-bits
What is the key length of the Triple-DES (3DES)?
168-bit
What is the key length of the Advanced Encryption Standard (AES)?
256-bit
What is the key length of the Data Encryption Standard (DES) algorithm?
56-bit
lightweight cryptography
A category of cryptography that has fewer features and is less robust than normal cryptography.
longevity
The useful lifetime of service of a cipher.
In asymmetric key encryption, what is the next step when a client initiates a session with a web server that is configured with a certificate?
The web server sends a certificate to the web browser
True or False: An administrator can blacklist or whitelist applications that the users can run using Software Restriction Policies
True
True or False: Asymmetric cryptography keys can work in both directions.
True
True or False: If an application or a specific path that contains the executables is blacklisted, then all executables within the defined path are blacklisted
True
True or False: Using a digital signature does not encrypt the message itself.
True
Which benefit will a digital signature NOT provide?
Verify the receiver