C839 and ECES Study Cards (a collection)
PGP Certificates
Defines it own format. A single certificate can contain multiple signatures. Includes: Version Number Certificate holder's public key Certificate holder's information Digital signature of certificate owner Certificates validity period Preferred symmetric encryption algorithm for the key
What is the variable 'N'? (IRT Cryptography)
Denotes the natural number. 1, 2, 3, etc...
What is the variable 'Q'? (IRT Cryptography)
Denotes the rational numbers (ratio of integers (fractions)). Any number that can be expressed as a ratio of two integers (3/2, 17/4, 1/5, etc...)
What is the variable 'R'? (IRT Cryptography)
Denotes the real numbers. This includes rational numbers as well as numbers that cannot be expressed as a ratio of two integers. For example (square root of 2)
Layer 2 Tunneling Protocol (L2TP) VPN
Designed as an enhancement to PPTP Like PPTP, works at the data link layer Offers many modes of authentication: CHAP, EAP, PAP, SPAP, and MS-CHAP Can work on X.25 networks (phone) Uses IPSec for its encryption
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Designed for Wireless LAN products that implements the standards of the IEEE 802.11i. an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM mode) of the Advanced Encryption Standard (AES) standard.[1] It was created to address the vulnerabilities presented by Wired Equivalent Privacy (WEP).
WPA - Enterprise (WPA-802.1x)
Designed for enterprise networks. Requires a RADIUS server for authentication. Extensible Authentication Protocol (EAP) is used for authentication. (EAP-TLS and EAP-TTLS)
Propagating Cipher-Block Chaining (PCBC)
Designed to cause small changes in the cipher text to propagate indefinitely when decrypting, as well as encrypting, a variation of the CBC mode of operation, has not been published as a federal standard.
Steganalysis
Detecting steganography and extracting the hidden information. Done with software. By analyzing changes in an images close color pairs, the steganalyst can determine if LSB was used. Close color pairs consist of two colors whose binary values differ only in the LSB.
Linear Congruential Generator
Determined by the following four integer values: m - the modulus m>0 a - the multiplier 0, 0<a<m c - the increment 0, 0<c<m X0 - the starting value 0, 0,X0<m The algorithm is: Xn + 1 = (aXn + C)mod m
Secure Socket Layer (SSL)
Developed by Netscape and has been replaced by TLS. It was the preferred method used with secure websites (i.e. https) A protocol for establishing authenticated and encrypted links between networked computers. SSL is a predecessor of TLS.
Skipjack
Developed by the NSA and was designed for the clipper chip, a chip with built in encryption. Decryption key was kept in escrow for law enforcement to decrypt the data without the owner's cooperation, made this algorithm highly controversial. Uses an 80bit key to encrypt and decrypt 64bit data blocks. An unbalanced Feistel network with 32 rounds.
Which method of brute-force attack uses a list of common words and phrases in an attempt to break passwords?
Dictionary attack Dictionary attack is the process of systematically entering every word in a dictionary as a password to see if the hashed code matches against the one in the password file.
Which of the following is a cryptographic protocol that allows two parties to establish a shared key over an insecure channel?
Diffie-Hellman Diffie-Hellman key exchange is a method of securely exchanging cryptographic keys over a public channel and was one of the first public-key protocols as originally conceptualized by Ralph Merkle and named after Whitfield Diffie and Martin Hellman. DH is one of the earliest practical examples of public key exchange implemented within the field of cryptography.
What is the result of a hash function?
Digest
A security analyst is validating the integrity and authenticity of a data transaction. Which PKI component is being used?
Digital Signature Digital signatures provide Integrity, Authentication, and Non-Repudiation (but not Confidentiality)
A _________ is a digital representation of information that identifies you as a relevant entity by a trusted third party?
Digital Signature A digital signature is a mathematical scheme for demonstrating the authenticity of digital messages or documents
U.S. Patent 5,231,668 and FIPS 186 define what algorithm?
Digital Signature Algorithim
FIPS 186-4
Digital Signature Standard (DSS) Defines DSA. A Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology (NIST) in 1994. Four revisions to the initial specification have been released: FIPS 186-1 in 1996,[1] FIPS 186-2 in 2000, FIPS 186-3 in 2009, and FIPS 186-4 in 2013.
A developer wants to install a newly released patch received from a software manufacturer. Which cryptographic algorithm can the developer use to trust that the software truly came from the vendor and that the patch has not been altered or manipulated?
Digital signature algorithms Digital signatures algorithms are used with hash functions to provide proof of origin and message integrity.
An intruder is trying to break a cryptographic code by attacking both the plaintext and the ciphertext at the same time. Which type of attack is the intruder using?
Double DES Attack Double DES attack involves attacking both the plaintext and the ciphertext at the same time to find a common point between the operations.
Double DES Attack
Double DES attack involves attacking both the plaintext and the ciphertext at the same time to find a common point between the operations.
With _____, the message is divided into blocks and each block is encrypted separately. This is the most basic mode for symmetric encryption.
ECB It is the simplest encryption scheme
Which encryption mode always produces the same result for the same plaintext?
ECB Electronic Code Book A weakness of this is that the same plain text always equals the same cipher text
List some Block Cipher Modes
ECB: Electronic Codebook CBC: Cipher-Block Chaining PCBC: Propagating Cipher-Block Chaining CFB: Cipher Feedback OFB: Output Feedback CTR: Counter IV: Initialization Vector
Which mechanism can be used to ensure perfect forward secrecy during key exchange when using symmetric encryption?
ECDH Elliptic Curve Diffie-Hellman provides forward secrecy
Cipher-Block Chaining (CBC)
Each block of plaintext is XORed with the previous cipher text block before being encrypted. This creates significantly more randomness in the final cipher text. More secure than electronic codebook mode.
Homophonic Substitution
Early attempt to make substitution ciphers more robust, masks letter frequencies, plain text letters map to multiple cipher text symbols
Enigma Machine
Electromechanical rotor-based cipher used in World War II.
Which encryption mode is least secure?
Electronic Code Book
Define ECB and its properties
Electronic Code Book Block Cipher Mode Blocks are encrypted independently, but identical plaintext blocks = Identical ciphertext blocks. IV is used on the first block Most basic encryption mode.
Which mode produces the same ciphertext from two identical plaintext blocks?
Electronic Code Book (ECB)
What equation does y2 = x3 + Ax + B belong to?
Elliptic Curve
What is based on y2 = x3 + Ax + B?
Elliptic Curve
Define ECC and its properties
Elliptic Curve Cryptography Asymmetric. Key Size: Variable up to 160 bits. Generates key pairs based on a mapped curve. Endorsed by NSA. Size of curve determines difficulty of finding the algorithm.
Employee B sends Employee A an encrypted message. What does Employee A use to decrypt the message from Employee B?
Employee A's Private Key Within PKI, the sender encrypts message with the recipient's public key. When the recipient receives the messages, they decrypt the message with their private key.
Employee A created a secret key and wants to send it to Employee B without any coworkers being able to decrypt the message. Which key needs to encrypt the message?
Employee A's Private Key. This is in reference to Diffie-Hellman Key Exchange. When exchanging keys, the only things that are public are their public keys, and the modulus. In turn, Employee B would send A their Private key. In the end, as long as both equations equate to the same value, they will be able to communicate securely.
Large Volumes of plaintext need to be encrypted, and the encryption keys need to be securely distributed. Which approach should be used for encryption and distribution?
Encrypt by using symmetric keys and distribute by using asymmetric keys
Encryption by Default
Encryption by default is common in mobile devices where the encryption key is kept in escrow on a domain server, making it easy to crack.
Digital Signatures
Encryption of a message digest with the sender's private key. Provides: - Authentication - Integrity - Non-repudation
Caesar Cipher
Every letter is simply shifted a fixed number of spaces to the left or to the right.
Audio Steganalysis
Examines noise distortion in the carrier file. Noise distortion could indicate the presence of a hidden signal.
PPTP VPN Authentication
Extensible Authentication Protocol (EAP) Challenge-Handshake Authentication Protocol (CHAP)
Which IT security standard provides internationally-recognized criteria for validating and approving encryption devices for deployment?
FIPS 140-2 FIPS 140-2 provides standard criteria for deployment of encryption.
Which FIPS is relevant to Digital Signature Standards (DSS)?
FIPS 186-4: Digital Signature Standards. Defines DSA. A Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology (NIST) in 1994. Four revisions to the initial specification have been released: FIPS 186-1 in 1996,[1] FIPS 186-2 in 2000, FIPS 186-3 in 2009, and FIPS 186-4 in 2013.
Which FIPS is relevant to Advanced Encryption Standard (AES)?
FIPS 197: Advanced Encryption Standard (AES) This publication specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information.
Which FIPS is relevant to Personal Identity Verification (PIV) requirements?
FIPS 201: Personal Identity Verification (PIV) requirements This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.
FIPS 199
FIPS Publication 199 defines a set of standards for categorizing information and information systems.
This algorithm was published by the German engineering firm Seimans in 1993. It is a software based stream cipher using Lagged Fibonacci generator along with a concept borrowed from the shrinking generator ciphers.
FISH Created in 1993 by Germans.
FISMA
FISMA sets out guidelines for managing information security that must be followed for all information systems used or operated by a U.S. federal government agency in the executive or legislative branches, or by a contractor or other organization on behalf of a federal agency in those branches.
Define FISH and its properties
Fibonacci Shrinking Software-based Stream Cipher. Vulnerable to known plaintext attacks.
Digital Signature Algorithm (DSA)
Filed July 26, 1991 under U.S. Patent 5,231,668. Adopted by the U.S. Government in 1993 with FIPS186. It functions on the framework of modular exponentiation and discrete logarithmic problems, which are difficult to compute as a force-brute system. Three Benefits: Message Authentication, Integrity Verification, Non-Repudiation.
Twofish
Finalist to replace DES. Block size of 128bits and key sizes up to 256bits, it's a Feistel cipher. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson.
Define Diffie-Hellman and its properties
First publicly described asymmetric Algorithm. Cryptographic protocol that allows two parties to establish a shared key over an insecure channel.
Initialization Vector (IV)
Fixed size input to a cryptographic primitive that is random or pseudorandom. Called a 'nonce' if it is non-repeating and not truly random. Used along with a secret key for encryption.
Verisign Class 5 Certificate
For private organizations or governmental security
Verisign Class 3 Certificate
For servers and software signing, for which independent verification and checking of identity and authority is done by the issuing CA
Differential Cryptanalysis
Form of cryptanalysis applicable to symmetric key algorithms. The examination of differences in an input and how that affects the resultant difference in output. Originally only worked w/ chosen plain text.
International Data Encryption Algorithm (IDEA)
Formerly known as Improved Proposed Encryption Standard (IPES). A block cipher designed as a replacement for DES. Designed by James Massey and Xuejia Lai in 1991. Operates on 64-bit blocks using a 128-bit key and consists of a series of 8 identical transformations (a round) and an output transformation (the half-round).
List some Random Number Generators
Fortuna (LFG) Lagged Fibonacci Generator (ALFG) Addition Lagged Fibonacci Generator (MLFG) Multiplication Lagged Fibonacci Generator (GFS) Two-Gap Generalized Feedback Shift Register (which is Lagged Fibonacci Generator using XOR) Blum Blum Shum
Which encryption component ensures that the compromise of a long-term key prevents the compromise of any previous session keys?
Forward Secrecy
CrypTool
Free learning tool that allows you to enter text and then choose a historical algorithm to encrypt the text
Single Substitution Weakness
Frequency Analysis (Word and Letter) Literacy rates have risen since ancient times, all languages have a certain word and letter frequencies. Underlying word and letter frequencies lead to vulnerabilities.
A company wants to protect the content of employees' laptops to make sure that, in case of a loss, someone who finds the laptop cannot easily bypass the operating system access controls by placing the hard drive in another computer system. Which encryption method can the company use for this scenario?
Full Disk Encryption With full disk encryption, someone who finds the laptop cannot easily bypass the operating system access controls by placing the hard drive in another computer system.
WPA2
Has stronger security and is easier to configure than the WEP and WPA. It uses the Advanced Encryption Standard (AES) instead of TKIP. Based on IEEE 802.11i and provides: - Advanced Encryption Standard (AES) using the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames. - Optional use of Pairwise Master Key (PMK) caching and opportunistic PMK caching. (caches results of 802.1x authentications to improve access time) - Optional use of pre-authentication that allows WPA2 wireless client to authenticate with other wireless access points in range.
GOST
Hash algortihm created by the Russians. Produces a fixed length output of 256bits. Input message is broken up into 256 bit blocks. If block is less than 256 bits then it is padded with 0s.
How does TKIP improve WPA over WEP?
Hashes the initialization vector and secret key
Define Tiger and its properties
Hashing Algorithm 192 bit hash function Collision resistant design
Define GOST and its properties
Hashing Algorithm Russian Hash Algorithm Hash Size: 256 bits
Atbash Cipher
Hebrew cipher which substitutes the first letter of the alphabet for the last, and the second letter for the second-to-last, in other words, it simply reverses the alphabet.
StegVideo
Hides data in a video sequence
Snow
Hides data in whitespace
Playfair Cipher
Invented by Charles Wheatstone in 1854. Encrypts two letters instead of one, this makes it more complex. Uses a 5x5 table containing a keyword. No more secure than any other older ciphers.
Bifid Cipher
Involves creating a grid with scrambled characters, mapping the letters into numeric values, and arranging the two-character value (bigram) into two rows. A cipher which combines the Polybius square with transposition, and uses fractionation to achieve diffusion. Uses a grid to map letters into numeric values. It was invented around 1901 by Felix Delastelle.
NOBUS Backdoor
It is possible for government agents to crack the encryption, but no one else can.
If you use substitution alone, what weakness is present in the resulting cipher text?
It maintains letter and word frequency. Changing the letters used and not changing anything else allows patterns to be discovered.
What is an attribute of the Rivest Cipher 4 (RC4) algorithm?
It requires a unique nonce (# used once)
K3 (IRT PRNG)
It should be impossible for any attacker (for all practical purposes) to calculate, or otherwise guess, from any given sub-sequence, any previous or future values in the sequence, nor any inner state of the generator.
The formula to calculate the Sender's key for Diffie-Hellman?
K = (Yb)Xa mod q The Sender receives the Receiver's public key, multiplies it by their private key, and then mods it against a prime number.
What are the four criteria for quality of PRNG?
K1, K2, K3, K4
Which technique should a security analyst use to determine the key length in a vigenere cipher?
Kasiski Examination
Which technique solves polyalphabetic substitution ciphers by deducing the key length?
Kasiski's method
Which concept stipulates that algorithms should be openly shared and scrutinized, but keys must be completely secured?
Kerckhoff's Principle
Which of the following is a fundamental principle of cryptography that holds that the algorithm can be publicly disclosed without damaging security?
Kerckhoffs principle
What is a vulnerability of the Data Encryption Standard (DES)?
Key length is too short
A wireless client wants to gain access to a network. Which wireless security standards can the network device use to authenticate the client?
LEAP LEAP (Lightweight Extensible Authentication Protocol) is an authentication protocol used in wireless networks, and it is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks).
LM Hash
LM hashing uses the Data Encryption Standard (DES) encryption method to create an encryption key from the user's password. It is used in many versions of Microsoft Windows operating systems to store user passwords that are fewer than 15 characters long.
Which of the following is generally true about block sizes?
Larger Block sizes increase security Larger block sizes do increase security, however at the cost of processing power and encryption time.
Facts about the Feistel Function
Larger block sizes increase security. Larger key size increases security. If the round function is secure, then more rounds increase security.
Which factor increases the required number of attempts in a brute force attack?
Larger key size
Internet Protocol Security (IPSec) VPN
Latest of the three VPN protocols Encrypts not only the packet data, but also the header information Has protection against unauthorized re-transmission of packets Provides Network Layer Encryption
A Windows credential is identified as follows: user:insertrandomcharactersthatdenotegibberish:afterquotestherearemorecharacters::: What is used to store this password?
NTLM An NTLM hash within a SAM file is stored as follows: Username:RelativeIdentifier:LMHash:NTHash:::
Fibonacci Numbers
Named after Leonardo of Pisa. Sequence of numbers are derived by adding the last two numbers to create the next number, N1 + N2 = n3. Example, 0, 1, 1, 2, 3, 5, 8, 13, 21, 35, 56. Some random number generators use this.
Vigenere Cipher
Once considered very secure, invented by Giovan Battista Bellaso in 1553. Used until early 1900's. Encrypts text by using a series of different Caesar cipher based on a keyword. Poly-Alphabet cipher that used a series of different Mono-Alphabetic ciphers. Based on the letters of a keyword. Effective prior to the advent of computers
Cut and Paste Attack
One part of ciphertext is replaced by another ciphertext with known (or at least, known legible) plaintext, so the resulting message has a different meaning to the receiver of the encrypted message. It should be avoided by using authenticated encryption.
What is Kerckhoff's principle?
Only the key needs to be kept secret, not the algorithm
Secure Shell (SSH) VPN
OpenSSH offers VPN tunneling (distinct from port forwarding) to secure remote connections to a network or to inter-network links. OpenSSH server provides a limited number of concurrent tunnels. The VPN feature itself does not support personal authentication.
CAST-128
Or CAST5. A symmetric-key block cipher. Consists of a 12- or 16-round Feistel network with a 64-bit block size and a key size of between 40 and 128 bits (but only in 8-bit increments). The full 16 rounds are used when the key size is longer than 80 bits. Default cipher in some versions of GPG and PGP.
CAST-256
Or CAST6. A symmetric-key block cipher published in June 1998. Uses the same elements as CAST-128, including S-boxes, but is adapted for a block size of 128 bits - twice the size of its 64-bit predecessor. Acceptable key sizes are 128, 160, 192, 224 or 256 bits. Composed of 48 rounds, sometimes described as 12 "quad-rounds", arranged in a generalized Feistel network.
Mersenne Twister Pseudorandom Function
Originally not suitable for cryptography but permutations of it are. Created by Makoto Matsumoto and Takuji Nishimura. Has a very large period, greater than many other generators.
Define OFB and its properties
Output Feedback Block Cipher Mode Generates keystream blocks that are XORd with the plaintext blocks. Turns block cipher into stream cipher
This is a method for turning a block cipher into a stream cipher by generating a keystream block, which are then XORed with the plaintext blocks to get the ciphertext.
Output feedback (OFB) A keystream is a stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message (the ciphertext). Ergo, output is the process of taking the product and combining it with the next plaintext block to create a new cipher.
Which of the following modes can be used to turn a block cipher into a stream cipher?
Output feedback (OFB) and Counter Mode (CTR)
Which mechanism mitigates a copy-and-paste attack when using AES?
Output feedback (OFB) loop
Symmetric Decryption Equation
P = Dk(C) C = Ciphertext D = Decryption Function K = Key P = Plaintext
What is the mathematical formula used for symmetric decryption?
P = E (K,C) P = Plain text E = Encryption/Decryption K = Key C = Cipher Text
Symmetric Algorithm Decryption Expressed Mathematically
P=D(k,c) The plain text (P) is equal to the encryption function (E) with the key (k) and the cipher text (c) being passed as parameters to that function.
Which attribute of a hashing function makes a birthday attack possible?
Partial-Message collision The partial-message collision attacks all rely on birthday attacks
SAM File
Password hashes are stored in a SAM file in Windows. It's in c:\windows\system32\config\SAM. There is a backup of this file in the repair folder. It's encrypted with Syskey which is 128 bit.
What is the hidden message in a steganographic communication?
Payload Payload = The data to be covertly communicated, the message you wish to hide Carrier = The signal, stream, or data file into which the payload is hidden Channel = The type of medium used. This may be still photos, video, or sound files
FIPS 201
Personal Identity Verification (PIV) requirements This Standard specifies the architecture and technical requirements for a common identification standard for Federal employees and contractors. FIPS 201 specifies that an identity credential must be stored on a smart card. SP 800-73, a NIST special publication, contains the technical specifications to interface with the smart card to retrieve and use the PIV identity credentials.
Scytale Cipher
Physical cylinder that was used to encrypt messages. Turning the cylinder produced different ciphertexts. Required a cylinder of the same diameter as the cylinder used to create the message to read the message.
Cipher Disk
Physical device (disk) that was turned to encrypt. Poly-Alphabetic, each turn used a new cippher.
Six common protocols used by VPNs
Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP) Internet Protocol Security (IPSec) Secure Socket Tunneling Protocol (SSTP) Internet Key Exchange version 2 (IKEv2) SSL/TLS VPN
What is a Rainbow Table?
Precompiled list of hash values
Which encryption technology is a serial combination of hashing, data compression, symmetric-key cryptography, and Public-Key Infrastructure (PKI) and can be used for encrypting texts, emails, files, and directories or for full disk encryption?
Pretty Good Privacy (PGP) Remember, this is not an algorithm, but...it uses other established Asymmetric and Symmetric Algorithms.
Components of Kerberos
Principal Authentication Server (AS) Ticket-Granting Ticket (TGT) Ticket-Granting Service (TGS) Key Distribution Center (KDC) Service Principal Name (SPN) Service Server (SS) Realm Remote Ticket Granting Server (RTGS) Ticket Session key Authenticator
A business wants to use keys issued by a trusted third party to demonstrate to potential customers that it is a legitimate organization. What key is used to sign the certificate issued to the business?
Private Key of the Root CA To provide authenticity when issuing certs, the Issuing authority (Root CA) will sign issued certificates with its private key.
Smart contracts
Programs stored on a blockchain that run when predetermined conditions are met. They typically are used to automate the execution of an agreement so that all participants can be immediately certain of the outcome, without any intermediary's involvement or time loss.
A crypto miner is competing with other miners to mine a new token that will be added to the cryptocurrency blockchain. Which technique can the miner use to mine the block?
Proof of Work Proof of work is used in cryptocurrency mining for validating transactions and mining new tokens
Which cryptographic concept is used to validate where a message came from?
Proof of origin Proof of origin is used to validate where a message came from.
Define PCBC and its properties
Propagating Cipher Block Chaining Block Cipher Mode Each plaintext block is XORd with the XOR of the previous plaintext block and previous ciphertext block before being encrypted
Define Menezes-Qu-Vanstone and its properties
Protocol for key agreement Based on Diffie-Hellman
Ticket-Granting Service (TGS)
Provides tickets and Ticket-Granting Tickets (TGT) to the client systems.
Which type of certificate must be certified by an authority to verify it with other participants?
Public Certificate
PKCS#1
Public Key Cryptography Standard (PKCS) #1 RSA Cryptography Standard Defines the mathematical properties and format of RSA public and private keys (ASN.1-encoded in clear-text), and the basic algorithms and encoding/padding schemes for performing RSA encryption, decryption, and producing and verifying signatures.
PKCS#10
Public Key Cryptography Standard (PKCS) #10 Certification Request Standard Format of messages sent to a certification authority to request certification of a public key. See certificate signing request.
PKCS#11
Public Key Cryptography Standard (PKCS) #11 Cryptographic Token Interface Also known as "Cryptoki". An API defining a generic interface to cryptographic tokens (see also hardware security module). Often used in single sign-on, public-key cryptography and disk encryption[10] systems. RSA Security has turned over further development of the PKCS #11 standard to the OASIS PKCS 11 Technical Committee
What should an administrator use to import and export all items written using X.509 that are part of a chain of trust?
Public Key Cryptography Standard (PKCS) #12 PKCS #12: Personal Information Exchange Syntax Standard Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key.
PKCS#12
Public Key Cryptography Standard (PKCS) #12 Personal Information Exchange Syntax Standard Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key.
PKCS#13
Public Key Cryptography Standard (PKCS) #13 Elliptic Curve Cryptography Standard Abandoned? The only reference is a proposal from 1998.
PKCS#14
Public Key Cryptography Standard (PKCS) #14 Pseudo-random Number Generation Apparently abandoned, no documents exist.
PKCS#15
Public Key Cryptography Standard (PKCS) #15 Cryptographic Token Information Format Standard Defines a standard allowing users of cryptographic tokens to identify themselves to applications, independent of the application's Cryptoki implementation (PKCS #11) or other API. RSA has relinquished IC-card-related parts of this standard to ISO/IEC 7816-15.
PKCS#2
Public Key Cryptography Standard (PKCS) #2 Withdrawn
PKCS#3
Public Key Cryptography Standard (PKCS) #3 Diffie-Hellman Agreement Standard A cryptographic protocol that allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.
PKCS#4
Public Key Cryptography Standard (PKCS) #4 Withdrawn
PKCS#5
Public Key Cryptography Standard (PKCS) #5 Password-based Encryption Standard See RFC 8018 and PBKDF2.
PKCS#6
Public Key Cryptography Standard (PKCS) #6 Extended-Certificate Syntax Standard Defines extensions to the old v1 X.509 certificate specification. Obsoleted by v3 of the same.
PKCS#7
Public Key Cryptography Standard (PKCS) #7 Cryptographic Message Syntax Standard Used to sign and/or encrypt messages under a PKI. Used also for certificate dissemination. Formed the basis for S/MIME.Public Key Cryptography Standard (PKCS)#7
PKCS#8
Public Key Cryptography Standard (PKCS) #8 Private-Key Information Syntax Standard Used to carry private certificate keypairs (encrypted or unencrypted).
PKCS#9
Public Key Cryptography Standard (PKCS) #9 Selected Attribute Types Defines selected attribute types for use in PKCS #6 extended certificates, PKCS #7 digitally signed messages, PKCS #8 private-key information, and PKCS #10 certificate-signing requests.
Steganography Implementations
QuickStego - easy to use but limited Invisible Secrets - robust, has free and commercial versions MP3Stego - MP3 files Stealth File 4 - Sound files, video files, and image files Snow - Hides data in whitespace StegVideo - Hides data in a video sequence
Define RIPEMD-160 and its properties
RACE Integrity Primitives Evaluation Message Digest Hashing Algorithm 128, 256, 320 bit versions More secure than MD5
RIPEMD-160
RACE Integrity Primitives Evaluation Message Digest is a 160bit hash algorithm created by Hans Dobbertin, Antoon Bosselaers and Bart Preneel. Also has 128, 256, and 320bit versions which replace the original version because of collision issues. Doesn't follow any standard security policies or guidelines.
Which cryptographic cipher is stream-based?
RC4 RC4 is a stream-based cipher.
List some Symmetric Stream Ciphers
RC4 FISH PIKE ChaCha
Which of the following is a stream cipher that uses variable length key from 1 to 256 bytes?
RC4 RC4 is a stream cipher that uses variable key lengths from 1 to 256 bytes
In 1977 researchers and MIT described what asymmetric algorithm?
RSA
Which algorithm relies on factoring the product of large prime numbers?
RSA
List some Asymmetric Ciphers
RSA ECC ElGamal DSA Diffie Hellman
The most widely used asymmetric encryption algorithm is what?
RSA. RSA encryption algorithm is one of the most widely used public key encryption algorithms that have ever been invented. It was created by the three scientists Ronald Rivest, Adi Shamir, and Leonard Adleman in 1977, and today it is increasingly being used in the network area.
What is a salt?
Random bits intermixed with a hash to increase randomness and reduce collisions.
Salt
Random bits that are used as one of the inputs to a hash. Complicates dictionary attacks.
Key
Random bits used to encrypt and decrypt a message.
Define RSA and its properties
Rivest, Shamir, Aldeman Based on difficulty of factoring Product of two large prime numbers. Key Size: 1024 - 4096 bits. Most widely used public key cryptography algorithm in existence.
Which hash algorithm produces a 160-bit output value?
SHA-1
What is the difference between SHA-256 and SHA-512?
SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.
SP 800-53
SP 800-53 relates to systems, including firewalls, that monitor and control the external boundaries of the network and systems that connect to parts of the network. It provides extensive standards for firewall management.
What is the potential weakness of a PseudoRandom Number Generator (PRNG)?
Same internal state used more than once Another problem arises if the same PRNG state is used more than once. This can happen when two or more virtual machines (VMs) are booted from the same state and read the same seed file from disk.
Define SHA-1 and its properties
Secure Hash Algorithm Hashing Algorithm 160 bit hash function similar to MD5. Designed by the NSA
Define SHA-2 and its properties
Secure Hash Algorithm Hashing Algorithm Consists of SHA 224, 256, 384, 512. Differ in block sizes. SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.
Define SHA-3 and its properties
Secure Hash Algorithm Hashing Algorithm Developed by NIST in 2015. Similar to SHA-2 Bitrate
Which key does the Certificate Authority (CA) use to digitally sign keys that it issues?
Server's Private Key
Encrypting File System (EFS)
Since Windows 2000, this has been used along with NTFS. Allows a simple way to encrypt and decrypt files/folders. Simply right-click, choose properties, then advanced. Encrypted files will appear in green and are tied to the user who encrypted them.
The technique of moving a given letter a fixed number of spaces to the right or left is called what?
Single Substitution Single substitution moves one letter a fixed number of spaces to the left or right.
Which algorithm is designated as a Type 2 product by the National Security Agency?
Skipjack
Which block algorithm includes a provision for the decryption key kept in a key escrow?
Skipjack Skipjack was developed by the NSA and was designed for the Clipper Chip; a chip with built-in encryption. The decryption key was to be kept in a key escrow in case law enforcement needs to decrypt data without the computer owner's cooperation.
Which information protection method has an 80-bit key and operates on 64-bit data blocks?
Skipjack Uses an 80 bit key to encrypt and decrypt 64 bit data blocks. An unbalanced Feistel network with 32 rounds.
____ was designed to provide built in cryptography for the clipper chip.
Skipjack The Clipper chip used a data encryption algorithm called Skipjack to transmit information and the Diffie-Hellman key exchange-algorithm to distribute the cryptokeys between the peers.
Which of the following is an example of an unbalanced Feistel?
Skipjack Unbalanced Feistel ciphers use a modified structure where Lo Ro are not of equal lengths. The Skipjack cipher is an example of such a cipher
Which of the following uses an 80 bit key on 64 bit blocks?
Skipjack uses 64 bit blocks with 80 bit keys.
VeraCrypt
Software for maintaining an on-the-fly-encrypted volume. Data is automatically encrypted right before it is saved, then decrypted right after it is loaded, all w/o user intervention.
Symmetric Stream Ciphers
Sometimes called a state cipher. Random key is XOR'd with stream of plain text. Stream of pseudo-random digits is generated independently and is combined with plaintext to encrypt or ciphertext to decrypt
Steganographic File Systems
Stores data in seemingly random files. Proposed by Ross Anderson, Roger Needham, and Adi Shamir. Also something about 'vectors' and 'decrypt all lower levels'. Sorry. I was tired when making this card.
What is a difference between WPA-Enterprise and WPA-Personal?
Support for an authentication server. WPA-PSK is used in homes and small offices WPA-Enterprise is used in enterprises where an authentication server is utilized
Define RC5/RC6 and its properties
Symmetric Block Mode Ciphers Key Size: Variable up to 2048
Define Twofish and its properties
Symmetric Block/Feistel Cipher Block Size: 128 bits Key Size: Up to 256 bits
Define Blowfish and its properties
Symmetric Block/Feistel Cipher Block Size: 64 bits Key Size: 32 - 448 bits Rounds: 16
Which encryption standard uses the same key to encrypt and decrypt messages?
Symmetric Key Encryption
Define RC4 and its properties
Symmetric Stream Cipher Used identically for encryption and decryption as the data stream is simply XORed with the key. Uses variable length key from 1 to 256 bytes. Generates pseudo-random strings of bits.
What is used to efficiently encrypt large files?
Symmetric encryption
Serpent
Symmetric key block cipher, created by Ross Anderson, Eli Biham, and Lars Knudsen. Block size of 128bits. Can have key sizes 128, 192, or 256bits. Uses 32 rounds working with a block of four 32bit words.
What are three types of random number generators?
Table Look-up Hardware Algorithmic (software) - this category is most often used in cryptography and produces a pseudo random number.
Which feature of Wi-Fi Protected Access (WPA) increases the difficulty of attack?
Temporal Key Integrity Protocol (TKIP)
Popular Symmetric Block Cipher Algorithms
The Feistel Network, DES, 3DES, AES, Blowfish, Serpent, Twofish, Skipjack, IDEA, CAST, TEA, SHARK
IN element (IRT Bitcoin Transaction Process)
The IN element of the Bitcoin transaction involves the receiver sending a public key to the sender, and the sender then uses their private key to create a signature for the transaction, and also adds a public key.
International Traffic in Arms Regulations (ITAR)
The International Traffic in Arms Regulations (ITAR) is the United States regulation that controls the manufacture, sale, and distribution of defense and space-related articles and services.
There are different parts involved in Bitcoin transactions. Which part of the transaction defines the number of bitcoins to be transferred to the receiver with the receiver's public key ID?
The OUT part of the Bitcoin transaction The OUT part of the Bitcoin transaction defines the number of bitcoins to be transferred to the receiver with the receiver's public key ID.
OUT element (IRT Bitcoin Transaction Process)
The OUT part of the Bitcoin transaction defines the number of bitcoins to be transferred to the receiver with the receiver's public key ID.
The greatest weakness with symmetric algorithms is _____.
The Problem of Key exchange The biggest problem with symmetric key encryption is that you need to have a way to get the key to the party with whom you are sharing data.
RSA Cracking
The RSA cracking method involves using side attacks where the intruder observes the current flows on a processor or the memory utilization of the cache memory storing the private RSA key.
Wassenaar Agreement
The Wassenaar Arrangement allows publicly-available cryptographic algorithms to be exported and imported freely among member countries without any types of restrictions.
Global Deduction (Cryptanalysis Success)
The attacker discovers a functionally equivalent algorithm for encryption and decryption, but without key learning.
Key Distribution Center (KDC)
The center of the Kerberos process. This holds a database of the keys used in the authentication process and consists of two main parts: an Authentication Service and a Ticket Granting Service. Often runs as TGS services.
Kerberos Authentication Process (Definition 1)
The client authenticates itself to the Authentication Server (AS) which forwards the username to a key distribution center (KDC). The KDC issues a ticket-granting ticket (TGT), which is time stamped and encrypts it using the ticket-granting service's (TGS) secret key and returns the encrypted result to the user's workstation. This is done infrequently, typically at user logon; the TGT expires at some point although it may be transparently renewed by the user's session manager while they are logged in.
What happens to the hash of a file if it is rehashed after the first character of the file is changed?
The entire hash is different. Changing any part of plaintext before hashing will result in a different hash each time. If changes are made, the message is hashed, and you results are the same hashes, then there is a collision.
Frequency Analysis
The most basic tool for breaking most classical ciphers. The study of the frequency of letters or groups of letters in a ciphertext. Not effective against modern ciphers.
Birthday Paradox
The number of people you need to have a high likelihood that two share the same birthday. The answer is 23. This is a classic math problem that relates to hashes.
Birthday Theorem
The number of people you would have to invite to a party so that two will have the same birthday (with high probability). √365 You need √N to have a high probability of collision. Answer is approximately 1.174 √365 to have a high probability of collision.
One Time Pad (OTP)
The only unbreakable encryption. Has a separate substitution for each character making the key as long as the text. No substitution is used more than once. Key is used one time then destroyed. Impractical for most situations.
Bitwise AND ( & )
The output of bitwise AND is 1 if the corresponding bits of two operands is 1. If either bit of an operand is 0, the result of corresponding bit is evaluated to 0. Example: 1101 & 0110 = 0100
Bitwise OR ( | (Pipe symbol))
The output of bitwise OR is 1 if at least one corresponding bit of two operands is 1. Example: 1101 | 1001 = 1101
Block Mining
The person creating or mining the block has to solve a complex mathematical puzzle with a technique called proof of work when calculating the block address needed to add a block to a blockchain.
What does Cipher Block Chaining (CBC) use with the key to encrypt subsequent blocks of plaintext?
The previous generated ciphertext
What is used when creating a digital signature, using Public Key Infrastructure?
The private key of the person creating the message
Internet Key Exchange version 2 (IKEv2)
The protocol used to set up a security association (SA) in the IPsec protocol suite. Builds upon the Oakley protocol and ISAKMP. Uses X.509 certificates for authentication ‒ either pre-shared or distributed using DNS (preferably with DNSSEC) ‒ and a Diffie-Hellman key exchange to set up a shared session secret from which cryptographic keys are derived. In addition, a security policy for every peer which will connect must be manually maintained.
Self-Synchronizing Stream Cipher
The receiver will automatically synchronise with the keystream generator after receiving N ciphertext digits, making it easier to recover if digits are dropped or added to the message stream. Single-digit errors are limited in their effect, affecting only up to N plaintext digits. (Autokey Cipher) An example of this is Cipher Feedback Mode (CFB)
RFC 3647
The reference document for writing a certificate policy is, as of December 2010. The RFC proposes a framework for the writing of certificate policies and Certification Practice Statements (CPS)
Bitwise XOR ( ^ ) (exclusive OR)
The result of bitwise XOR operator is 1 if the corresponding bits of two operands are opposite. To reverse XOR your result back with your second number and you will get the first number. Example: 1101 ^ 0110 = 1011
Single-Key Encryption
The same key is used to both encrypt and decrypt a message.
Symmetric-Key Cryptography
The same key is used to encrypt and decrypt the message, faster than asymmetric but has an issue with key exchange.
Cryptography
The science of altering communication so that it cannot be understood without a key.
Information Theory
The scientific study of the quantification, storage, and communication of digital inforamtion. A key measure in information theory is entropy. Modern cryptography began in 1949 when Claude Shannon published a paper about the Mathematical Theory of Communication. This idea improved cryptography.
Certificate Distribution (IRT Cert Life Cycle)
The second phase of the certificate cycle occurs when the CA distributes the certificate to the user. This is considered a separate process because it might require management intervention from the CA. During this stage, the CA sets policies that affect the use of the certificate.
What needs to be installed on end users computers' to allow them to trust applications that have been digitally signed by the developer?
The sender's public key (the dev's public key)
NSA Suite B Cryptography
This classification of algorithms are published. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI)
FORK-256
This hash is in analysis phase and not in widespread use. Uses 512bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256bit block through four branches that divides each 512 block into sixteen 32bit words that are further encrypted and rearranged. Branches are used in parallel making it hard to analyze.
MD6
This hash uses a Merkle Tree like structure to allow for immense parallel computation of hashes for very long inputs. Was submitted to the NIST SHA-3 competition. In 2009 Rivest stated that this hash is not ready to be a candidate for SHA-3 because of speed issues and other concerns.
Shiva Password Authentication Protocol (S-PAP)
This is a proprietary version of PAP. Encrypts username and password as it is sent across network.
Electronic Codebook (ECB)
This is the most basic encryption mode. The message is divided into blocks and each block is encrypted separately. A weakness of this is that the same plain text always equals the same cipher text which gives the attacker a way to begin analyzing the cipher to derive the key.
Certificate on Hold
This reversible status can be used to note the temporary invalidity of the certificate (e.g., if the user is unsure or if they have lost the private key). In this example, the private key was found, and nobody had access to it, the status could be reinstated, and the certificate is valid again, thus removing the certificate from future CRLs.
Which field displays the hash, or digest of the certificate in an X.509 certificate?
Thumbprint The Thumbprint field within a X.509 Certificate displays the hash, or digest of the certificate
What is a TGS?
Ticket-Granting Service in Kerberos
Define TEA and its properties
Tiny Encryption Algorithm Symmetric Block Cipher Block Size: 64 bits Key Size: 128 bits
Define 3DES and its properties
Triple DES Symmetric Block Cipher Block Size: 64 bits Key Size: Key bundle Rounds: 48
NSA Type 3 Algorithms
Type 3 product is a device for use with Sensitive But Unclassified (SBU) information on non-national security systems. Algorithms include: DES 3DES SHA AES (some implementations of AES are type 1)
Which default port must be open for the IPsec key exchange to be successful?
UDP 500 Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE). This is carried out over UDP port 500
Clipper Chip
Used a data encryption algorithm called Skipjack to transmit information and the Diffie-Hellman key exchange-algorithm to distribute the cryptokeys between the peers. Skipjack was designed to provide built in cryptography for this.
MS-CHAP
Used as one authentication option in Microsoft's implementation of the PPTP protocol for virtual private networks. It is also used as an authentication option with RADIUS servers which are used with IEEE 802.1X (e.g., WiFi security using the WPA-Enterprise protocol). It is further used as the main authentication option of the Protected Extensible Authentication Protocol (PEAP)
Elliptic Curve Diffie-Hellman (ECDH)
Used for Key Exchange. A key agreement protocol that allows two parties, each having an elliptic-curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or to derive another key. The key, or the derived key, can then be used to encrypt subsequent communications using a symmetric-key cipher. It is a variant of the Diffie-Hellman protocol using elliptic-curve cryptography. Provides perfect forward secrecy
Datagram Transport Layer Security (DTLS)
Used in Cisco AnyConnect VPN and in OpenConnect VPN[8] to solve the issues SSL/TLS has with tunneling over TCP (tunneling TCP over TCP can lead to big delays and connection aborts)
Modulus Operator
Used in a number of cryptography algorithms. Simply divide A by N and return the remainder. For example: 5 mod 2 = 1 (5 divided by 2 is 2 with a remainder of 1) 12 mod 5 = 2 (12 divided by 5 is 2 with a remainder of 2)
Registration Authority (RA)
Used to take the burden off of a CA by handling verification prior to certificates being issued. Acts as a proxy between user and CA. Receives request, authenticates it and forwards it to the CA.
In order for User A to send User B an encrypted message that only User B can read, User A must encrypt message with which of the following keys?
User B's Public Key. Public key cryptography, or asymmetrical cryptography, is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner
Counter (CTR)
User to turn a block cipher into a stream cipher, much like OFB mode. Generates the next keystream block by encrypting successive values of a "counter". The counter can be any simple function that does not repeat for a long time.
Wi-Fi Protected Access (WPA)
Uses Temporal Key Integrity Protocol (TKIP). Dynamically generates a new key for each packet.
Mersenne Primes
Uses a formula, Mn = 2n − 1 where n is a prime number, to generate primes. Works for 2, 3, 5, 7 but fails on 11 and on many other n values.
Unbalanced Feistel Cipher
Uses a modified structure where L0 and R0 are not equal lengths. This variation is used with the Skipjack algorithm.
Hash Function
Uses an H function that takes a variable size input (m) and returns a fixed size string. Can be expressed mathematically as h=H(m) Has a variable length input with fixed length output, same sized output is produced regardless of what you put into the algorithm.
How does CBC mode encryption function?
Uses an Initialization Vector (IV) to encrypt the first block, then uses the result of the encryption to encrypt the next block.
Public Key Infrastructure (PKI)
Uses asymmetric key pairs and combines software, encryption and services to provide a means of protecting the security of business communication and transactions.
Wired Equivalent Privacy (WEP)
Uses the RC4 stream cipher to secure the data and a CRC-32 checksum for error checking. Standard version uses a 40bit key with a 24bit initialization vector to form 64bit encryption. 128bit version uses 104bit key with 24bit IV. Because RC4 is a stream cipher, the same traffic key must never be used twice. 24bit IV is not enough prevent repetition on a busy network. Vulnerable to related key attack. 50% chance every 5000 packets to use same key. Transmits IV in plaintext.
How does cipher block chaining (CBC) create randomness in a second block after encrypting the first block with an initialization vector(IV)?
Uses the results of the IV to encrypt the next block
DESx
Variation of DES that uses a technique called Key Whitening. XORs a key with text before or after the round function, or both before and after.
A bank's customer wants to log in to a bank's website at https://www.bankname.com to do an online banking transaction. How can this customer make sure the bank is authentic and someone else is not pretending to be the bank?
Verifying that the public key belongs to the bank through the bank's digital certificate The digital certificate is used to authenticate a public key. It is used to link a public key to its owner.
X.509 Certificate Content
Version Certificate holder's public key Serial number Holder's Distinguished name Certificate's validity period Unique name of certificate issuer Digital signature of issuer Signature algorithm identifier
PGP Certificate Contents
Version Number Certificate holder's public key Certificate holder's information Digital signature of certificate owner Certificates validity period Preferred symmetric encryption algorithm for the key
Which of the following was a multi alphabet cipher widely used from the 16th century to the early 20th century?
Vigenere What is now known as the Vigenère cipher was originally described by Giovan Battista Bellaso in his 1553 book La cifra del. Sig. Giovan Battista Bellaso. He built upon the tabula recta of Trithemius, but added a repeating "countersign" (a key) to switch cipher alphabets every letter.
Blockchain Uses
Voting Protecting Intellectual property Anti-Money laundering Tracking items through a supply chain Recording the land registry deeds Public or official documents Record keeping
Certificate Validation (IRT Cert Life Cycle)
When a certificate is used, the certificate's current status is checked in order to verify that it is still valid. During this process, the RADIUS checks the certificate revocation list (CRL) on the server, this is a list of certificates that have been revoked by the CA that issued them before they were set to expire.
Microsoft Point-to-Point Encryption (MPPE)
Works with the Point-to-Point Tunneling Protocol and in several compatible implementations on other platforms.
What is the standard used by most digital certificates?
X.509 In cryptography, X.509 is a standard that defines the format of public key certificates.
.p12 (IRT X.509)
X.509 Certificate File Extensions PKCS#12, may contain certificate(s) (public) and private keys (password protected).
.p7b, .p7c (IRT X.509)
X.509 Certificate File Extensions PKCS#7 SignedData structure without data, just certificate(s) or CRL(s).
.cer, .crt, .der (IRT X.509)
X.509 Certificate File Extensions Usually in binary DER form, but Base64-encoded certificates are common also.
Privacy Enhanced Mail (.pem) (IRT X.509)
X.509 Certificate File Extensions. A Base64 encoded DER certificate, enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
Key Whitening
XORing a key with text before, after, or both before and after the round function.
Whitening
XORing in an additional key
What are the public variables within a Diffie-Hellman Key Exchange?
Y, X, q (prime number)
SSL Process
1. The browser asks the web server to prove its identity. 2. The server sends back a copy of its SSL certificate. 3. The browser checks to see if the certificate is from a CA it trusts. 4. The server sends back a digitally signed acknowledgement and a session is started.
Kerberos Authentication Process (Definition 2)
1. The user enters a username and password at the client system. 2. The client uses a one-way hash to mask the password. This one-way hash is considered the client secret. 3. The client sends the username to the Authentication Server. 4. The Authentication Server retrieves the user password from the credential store and creates a one-way hash. 5. The Authentication Server checks to ensure that the client is in the approved client database. 6. If the client is approved, the Authentication Server will send back a Ticket Granting Server session key and a Ticket Granting Ticket. 7. The client is then authenticated to the Ticket Granting Server.
What is the bit size range for Blowfish?
32- to 448-bits
Revoked Certificates
A certificate is irreversibly revoked if, for example, it is discovered that the certificate authority (CA) had improperly issued a certificate, or if a private-key is thought to have been compromised. Certificates may also be revoked for failure of the identified entity to adhere to policy requirements, such as publication of false documents, misrepresentation of software behavior, or violation of any other policy specified by the CA operator or its customer. The most common reason for revocation is the user no longer being in sole possession of the private key (e.g., the token containing the private key has been lost or stolen).
Security Account Manager (SAM) File
A database file in Windows XP, Windows Vista, Windows 7, 8.1, 10 and 11 that stores users' passwords. It can be used to authenticate local and remote users. Beginning with Windows 2000 SP4, Active Directory authenticates remote users. SAM uses cryptographic measures to prevent unauthenticated users accessing the system.
Digital Certificate
A digital document that contains a public key and some information to allow your system to verify where that key came from. Used for web servers, Cisco Secure phones, E-Commerce. Certifies the ownership of a public key by the named subject of the certificate.
ElGamal signature scheme
A digital signature scheme which is based on the difficulty of computing discrete logarithms. It was described by Taher Elgamal in 1985. Rarely used in practice.
Co-Prime Numbers
A number that has no factors in common with another number. For example, 3 and 7 are this.
Tiny Encryption Algorithm (TEA)
A simple algorithm that is easy to implement in code, a Feistel Cipher that uses 64 rounds. Created by David Wheeler and Roger Needham in 1994. Block Size: 64-bits Key Size: 128-bits Rounds: 64
Virtual Private Network (VPN)
A way to use the internet to create a virtual connection between a remote user or site and a central location. Packets are encrypted making the network private. Emulates a direct network connection.
Which Encryption Standard was chosen to replace DES in 2001?
AES
A developer wants to send a system administrator an encrypted message but is concerned that an intruder might copy the encrypted message and play back the ciphertext to decode the original message. How can the developer make sure that the ciphertext does not give the original plaintext if played back?
Add salt with an initialization vector Adding salt to the ciphering process changes its operation to ensure that the ciphertext does not give the original plaintext when played back.
Mono-Alphabetic Substitution
Algorithms that simply substitute one character of cipher text for one character of plain text. These are primitive algorithms.
CryptoBench
An app that allows you to see the output of a number of hashes. Enter the text you wish to encrypt, select an algorithm, then enter a key.
CRC Table
An array of 256 32-bit constants
Know Ciphertext Attack
An attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts. While the attacker has no channel providing access to the plaintext prior to encryption, in all practical ciphertext-only attacks, the attacker still has some knowledge of the plaintext.
Extensible Authentication Protocol (EAP)
An authentication framework frequently used in network and internet connections. An authentication framework for providing the transport and usage of material and parameters generated by EAP methods. Not a wire protocol; instead it only defines the information from the interface and the formats. Each protocol that uses EAP defines a way to encapsulate by the user EAP messages within that protocol's messages.
Menezes-Qu-Vanstone (MQV)
An authentication protocol for key agreement based on the Diffie-Hellman scheme. Provides protection against an active attacker. Created in 1995. Incorporated into the public key standard IEEE P1363.
Lightweight Extensible Authentication Protocol (LEAP)
An authentication protocol used in wireless networks, and it is designed to provide more secure authentication for 802.11 WLANs (wireless local area networks).
Trusted Third Party (TTP)
An entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all critical transaction communications between the parties, based on the ease of creating fraudulent digital content.
Define ElGamal and its properties
Asymmetric Encryption Algorithm. Based on Diffie-Hellman. Used in some PGP and GPG software.
Noar-Reingold Pseudorandom Function
Created in 1997 by Moni Naor and Omer Reingold. The mathematics of this function are complex for non-mathematicians.
Book Cipher
Cryptographic method that uses whole words from a well-known text such as a dictionary as a one-to-one replacement for plaintext
Lai-Massey Scheme
Cryptographic structure used in the design of block ciphers. Similar to a Feistel Network in design, using a round function and a half-round function. The round function is a function which takes two inputs, a sub-key and a Data block, and which returns one output of equal length to the Data block. The half-round function takes two inputs and transforms them into two outputs. For any given round, the input is split into two halves, left and right. Initially, the inputs are passed through the half-round function. In each round, the difference between the inputs is passed to the round function along with a sub-key, and the result from the round function is then added to each input. The inputs are then passed through the half-round function. This is then repeated a fixed number of times, and the final output is the encrypted data.
What is the variable 'Z'? (IRT Cryptography)
Denotes the integers. Whole numbers (without decimal places). 1, 2, 50, -100, etc...
Which mode of block encryption results in the same outcome for matching blocks of a plaintext message?
Electronic Code Book (ECB) A weakness of ECB is that the same plain text always equals the same cipher text.
What is the formula Me%n related to?
Encrypting with RSA
Chain of Trust
Established by validating each component of hardware and software from the end entity up to the root certificate. It is intended to ensure that only trusted software and hardware can be used while still retaining flexibility.
What function is part of the RSA algorithm?
Euler's Totient Function
FIPS 140-2
FIPS 140-2 provides standard criteria for deployment of encryption.
Which FIPS is relevant to Cryptographic Modules?
FIPS 140: Cryptographic Modules Coordinates the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government.
Verisign Class 2 Certificate
For organizations for which proof of identity is required
Which cryptanalysis technique examines ciphertext for recurring letter combinations?
Frequency analysis
A system administrator received an encrypted message from one of the company's software vendors. Which cryptographic technique can the system administrator use to authenticate the message sender and also ensure that the message has not been tampered with
Hashed-based Message Authentication Code (HMAC) HMAC is a message authentication code that can be used to verify the integrity and authentication of the message. It involves hashing the message with a secret key. It is different from standard hashing, which is purely a one-way function.
Steganophony
Hiding messages in sound files. Can be done via LSB and Echo Hiding
Video Steganography
Hiding messages in video files. Can be done via Discrete Cosine Transform
Trust Models
Hierarchical Single Authority Web of Trust
NSA Type 1 Algorithms
Highest level of encryption algorithms. Used for classified or sensitive U.S. government information. Includes: JUNIPER - Block Cipher MAYFLY - Asymmetric FASTHASH - Hashing WALBURN - High bandwidth link encryption PEGASUS - Satellite telemetry
Blockchain Implementations
Hyperledger and Etherium
VPN Protocols
IPSec Transport Layer Security (SSL/TLS) Datagram Transport Layer Security (DTLS) Microsoft Point-to-Point Encryption (MPPE) Microsoft Secure Socket Tunneling Protocol (SSTP) Multi Path Virtual Private Network (MPVPN) Secure Shell (SSH) VPN WireGuard IKEv2
A fixed-size pseudorandom number that is fed into a symmetric cipher to increase randomness is called what?
IV Initialization vector
Which certificate management process involves key recovery?
Issued
K4 (IRT PRNG)
It should be impossible, for all practical purposes, for an attacker to calculate, or guess from an inner state of the generator, any previous numbers in the sequence or any previous inner generator states.
The formula to calculate the Receiver's key for Diffie-Hellman?
K = (Ya)Xb mod q The Receiver receives the Sender's public key, multiplies it by their private key, and then mods it against a prime number.
Rail Fence Cipher
Most widely known transposition cipher, encrypts the message by altering each letter on a different row, message must then be written down left to right and put into rows
UDP port 500
Negotiation of IPsec security association (SA), typically through Internet key exchange (IKE) is carried out over this port.
Cryptography provides various security benefits. Which cryptographic benefit is used in e-commerce to provide proof that a customer cannot deny being the source of a transaction?
Non-Repudiation Non-repudiation is the assurance that someone cannot deny being the source of an activity.
Password Authentication Protocol (PAP)
One of the most basic authentication protocols. Passwords are sent over the network in clear text. The basic authentication feature built into HTTP uses this.
Define PAP and its properties
Password Authentication Protocol Authentication Protocol Username/Password over HTTP sent in cleartext (main weakness) Most basic form of authentication. Passwords stored in tables are encrypted, but transmissions aren't. HTTP uses for authentication
Which port does Secure Socket Tunneling Protocol (SSTP) use?
Port 443 HTTPS
Which cipher is used with WEP?
RC4
Multi-Alphabetic Substitution
Rotates through multiple various alphabets, such as +1, -1, +2
Which key is used to sign a message or a message digest?
Sender's Private Key
What does an end user need to verify a Rivest-Shamir-Adleman (RSA) digitally signed message?
Sender's Public Key
Authentication Server (AS) (IRT Kerberos)
Server that authorizes the principal and connects them to the Ticket Granting Server.
Stealth File 4
Sound files, video files, and image files
What is X.509?
The Standard for digital certificates
Data
The quantity of plain texts and cipher texts required.
Non-Repudiation
The sender cannot claim they never sent the message if verifies the signature.
NTLMv1
The server authenticates the client by sending an 8-byte random number, the challenge. The client performs an operation involving the challenge and a secret shared between client and server, specifically one of the two password hashes described above. The client returns the 24-byte result of the computation. In fact, in NTLMv1 the computations are usually made using both hashes and both 24-byte results are sent. The server verifies that the client has computed the correct result, and from this infers possession of the secret, and hence the authenticity of the client.
Carrier (IRT Stego)
The signal, stream, or data file into which the payload is hidden.
Microsoft Secure Socket Tunneling Protocol (SSTP)
Tunnels Point-to-Point Protocol (PPP) or Layer 2 Tunneling Protocol traffic through an SSL/TLS channel (SSTP was introduced in Windows Server 2008 and in Windows Vista Service Pack 1)
Digital Certificate Management
Two types of systems: Centralized key-management systems Decentralized key-management systems
NSA Type 2 Algorithms
Used for unclassified cryptographic equipment, assemblies, or components. Endorsed by the NSA for use in telecommunications and automated information systems for the protection of national security information. These include: Skipjack (a block cipher) KEA (Key Exchange Algorithm - Asymmetric)
Define DESx and its properties
Variation of DES that XORs another 64 bit key to the plaintext before Applying the DES algorithm. Uses key whitening.
Which method of encryption uses a polyalphabetic substitution cipher to encrypt a plaintext message?
Vigenère cipher Vigenère cipher uses a polyalphabetic cipher to encrypt a plaintext message.
.pfx (IRT X.509)
X.509 Certificate File Extensions Predecessor of PKCS#12 (usually contains data in PKCS#12 format, e.g., w/ PFX files generated in IIS).
Weaknesses of LM Hash
1. Password length limited to a maximum of 14 characters. 2. Passwords are not case-sensitive. All passwords are converted to uppercase before hashing 3. 14-character password is broken into 7+7 characters and the hash is calculated for each half separately. This way of calculating the hash makes it dramatically easier to crack, as the attacker only needs to brute-force 7 characters twice instead of the full 14 characters. 4. If the password is 7 characters or less, then the second half of hash will always produce same constant value (0xAAD3B435B51404EE). Therefore, a password is less than or equal to 7 characters long can be identified visibly without using tools (though with high speed GPU attacks, this matters less). 5. The hash value is sent to network servers without salting, making it susceptible to man-in-the-middle attacks such as replay the hash. Without salt, time-memory tradeoff pre-computed dictionary attacks, such as a rainbow table, are feasible.
NTLM Protocol Process
1. The client establishes a network path to the server and sends a NEGOTIATE_MESSAGE advertising its capabilities. 2. The server responds with CHALLENGE_MESSAGE which is used to establish the identity of the client.[10] 3. The client responds to the challenge with an AUTHENTICATE_MESSAGE.
Kerberos Resource Request
1. The client sends a request to the Ticket Granting Service. The request contains the Ticket Granting Ticket and an authenticator encrypted using the Ticket Granting Server session key. 2. The Ticket Granting Service sends the client a client-to-server ticket and a client/server session key. 3. The client sends the client-to-server ticket and a new authenticator to the server where the resource resides. 4. The server then sends a confirmation message back to the client. 5. The client confirms the server and begins sending requests.
LM Hashing Algorithm
1. The user's password is restricted to a maximum of fourteen characters.[Notes 1] 2. The user's password is converted to uppercase. 3. The user's password is encoded in the System OEM code page.[3] 4. This password is NULL-padded to 14 bytes.[4] 5. The "fixed-length" password is split into two 7-byte halves. 6. These values are used to create two DES keys, one from each 7-byte half, by converting the seven bytes into a bit stream with the most significant bit first, and inserting a parity bit after every seven bits (so 1010100 becomes 10101000). This generates the 64 bits needed for a DES key. (A DES key ostensibly consists of 64 bits; however, only 56 of these are actually used by the algorithm. The parity bits added in this step are later discarded.) 7. Each of the two keys is used to DES-encrypt the constant ASCII string "KGS!@#$%",[Notes 2] resulting in two 8-byte ciphertext values. The DES CipherMode should be set to ECB, and PaddingMode should be set to NONE. 8. These two ciphertext values are concatenated to form a 16-byte value, which is the LM hash.
Explain Key Generation IRT DSA.
1. You first choose a prime number q, which is known as the prime divisor. 2. Another prime number, p, is chosen such that p-1 mod q = 0. 3. Choose an integer g (1<g<p), satisfying the two conditions, g**q mod p = 1 and g = h**((p-1)/q) mod p (x is our private key, and it is a random integer such that 0 < x < q.) (y is our public key, and you can calculate it as y = gx mod p.) 4. Now the private key package is {p,q,g,x}. The public key package is {p,q,g,y}.
Explain Signature Verification IRT DSA.
1. You use the same hash function (H#) to generate the digest h. 2. You then pass this digest off to the verification function, which needs other variables as parameters too. 3. Compute the value of w such that: s*w mod q = 1 4. Calculate the value of u1 from the formula, u1 = h*w mod q 5. Calculate the value of u2 from the formula, u2 = r*w mod q 6. The final verification component v is calculated as v = [((gu1 . yu2) mod p) mod q]. It compares the value of v to the value of r received in the bundle. If it matches, the signature verification is complete.
How many transformation rounds does AES use with a 192-bit key?
12 Rounds. AES uses 10 rounds with a 128-bit key, 12 rounds with a 192-bit key, and 14 rounds with a 256-bit key.
What is the length (in bits) of an MD5 hash?
128 bits An MD5 has is 128 bits in length beginning with $1$
Which block size does the Advanced Encryption Standard (AES) use?
128-bit block size
MD5
128bit hash specified by RFC1321. Breaks down message into 512 byte chunks, padded with 0s if needed to reach 512. Length of the message is appended as the last 64bits. Operates on a 128bit state, divided into 4 32bit words. Four nonlinear function (F) rounds. This hash is also not collision resistant. In 1996 a flaw was found in this hash function that was created by Ron Rivest in 1991 to replace an earlier, similarly named, hash function.
How many characters are used in an LM hash password?
14 Characters Users are restricted to 14 character long passwords within an LM hash
Tiger
192bit hash function created by Ross Anderson and Eli Biham in 1995. Designed using the Merkle-Damgard construction (collision resistant hash functions). One way compression function operates on 64bit words, maintaining 3 words of state and processing 8 words of data. 24 rounds and 8 input words.
What is the length (in bits) of the private key used to sign transactions and associated with an individual wallet in the context of Bitcoin?
256
What is the maximum length (in bits) of encryption keys used by the WEP protocol?
40 WEP utilizes RC4 which uses 40-bit keys
What is the key size for RC4 with WEP?
40 bits Standard version of WEP uses RC4 with a 40 bit key with a 24 bit Initialization Vector to form 64 bit encryption.
What is 29 mod 12?
5 The modulus is the remainder of division. 29 divided by 12 is 2 with a remainder of 5.
Which protocol indicates the Virtual Private Network (VPN) is using Authentication Header (AH)?
51 The AH protocol (RFC 2404) has protocol number 51, and it authenticates both the header and payload. (Within a VPN)
DES uses keys of what size?
56 bits DES has 2^56 total possible keys
Digital Signature Standard (DSS)
A Federal Information Processing Standard specifying a suite of algorithms that can be used to generate digital signatures established by the U.S. National Institute of Standards and Technology (NIST) in 1994. Four revisions to the initial specification have been released: FIPS 186-1 in 1996,[1] FIPS 186-2 in 2000, FIPS 186-3 in 2009, and FIPS 186-4 in 2013.
Feistel Cipher
A Feistel network uses a round function, a function which takes two inputs - a data block and a subkey - and returns one output of the same size as the data block. In each round, the round function is run on half of the data to be encrypted, and its output is XORed with the other half of the data. This is repeated a fixed number of times, and the final output is the encrypted data.
If a cryptanalysis uncovers a method that can derive a key for an algorithm, but is only slightly faster than brute force, what is this called?
A Success Anything faster than Brute forcing is a success
RC4
A Symmetric Stream Cipher created by Ron Rivest in 1987. Most widely used software stream cipher. Identically used for encryption and decryption, the data stream is simply XORed with the key. Uses a variable length key from 1 to 256 bytes.
Remote Ticket Granting Server (RTGS)
A TGS in a remote Kerberos realm.
NTLM Protocol
A challenge-response authentication protocol which uses three messages to authenticate a client in a connection-oriented environment (connectionless is similar), and a fourth additional message if integrity is desired.
Autokey Cipher
A cipher that incorporates the message (the plaintext) into the key. The key is generated from the message in some automated fashion, sometimes by selecting certain letters from the text or, more commonly, by adding a short primer key to the front of the message.
Web of Trust
A concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority (or a hierarchy of such).
Distinguishing Algorithm (Cryptanalysis Success)
A cryptanalysis success where the attacker can distinguish the cipher from a random permutation.
Instance (Local) Deduction (Cryptanalysis Success)
A cryptanalysis success where the attacker discovers additional plain texts (or cipher texts) not previously known.
Information Deduction (Cryptanalysis Success)
A cryptanalysis success where the attacker gains some Shannon information about plain texts (or cipher texts) not previously known.
Digest
A cryptographic hash function containing a string of digits created by a one-way hashing formula to protect the integrity of the message
Diffie-Hellman Key Exchange
A cryptographic protocol that allows two parties to establish a shared key over an insecure channel. Released in 1976, developed earlier by British Intelligence Service. Used for the exchange of symmetric keys. The Sender and Receiver's private keys are private. Their public keys, are publicly available. For them to share the same key, the sender and receiver will get each other's public key, multiply it by their private keys, and mod it by a prime number (q) Sender: K = (Yb)Xa mod q Receiver: K = (Ya)Xb mod q If both the values of K generated are equal, the Diffie-Hellman key exchange algorithm is complete.
Kerckhoff's Principle
A cryptosystem should be secure, even if everything about the system is publicly known. Divulge everything. Hide the key tho.
Point-to-Point Protocol (PPP)
A data link layer (layer 2) communication protocol between two routers directly without any host or any other networking in between. It can provide connection authentication, transmission encryption, and data compression.
Secure Socket Tunneling Protocol (SSTP)
A form of virtual private network (VPN) tunnel that provides a mechanism to transport PPP traffic through an SSL/TLS channel.
Ophcrack
A free open-source program that cracks Windows log-in passwords by using LM hashes through rainbow tables. The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, Ophcrack can crack most passwords within a few minutes.
A Round Function
A function which takes two inputs - a data block and a subkey.
Fortuna
A group of PRNGs that has many options for whoever implements the algorithm. Consists of three parts: -A generator -An entropy accumulator -A seed file
SHA-3
A hash function formerly called Keccak, chosen in 2012 after a public competition among non-NSA designers. It supports the same hash lengths as SHA-2, and its internal structure differs significantly from the rest of the SHA family.
Hashed Menezes-Qu-Vanstone (HMQV)
A hashed variant of MQV. Designed to address Kasiski's attack, with the additional goals of achieving provable security and better efficiency.
Security Level
A measure of the strength that a cryptographic primitive — such as a cipher or hash function — achieves. Usually expressed in "bits", where n-bit security means that the attacker would have to perform 2n operations to break it, but other methods have been proposed that more closely model the costs for an attacker. This allows for convenient comparison between algorithms and is useful when combining multiple primitives in a hybrid cryptosystem, so there is no clear weakest link.
Entropy
A measure of the uncertainty associated with a random variable.
Encapsulating Security Payload (ESP)
A member of the IPsec protocol suite. It provides origin authenticity through source authentication, data integrity through hash functions and confidentiality through encryption protection for IP packets. ESP also supports encryption-only and authentication-only configurations, but using encryption without authentication is strongly discouraged because it is insecure.
Chosen Plaintext Attack
A method for cracking modern cryptography. The attacker obtains the cipher texts corresponding to a set of plain texts of own choosing. Allows the attacker to attempt to derive the key. Difficult but not impossible.
Kasiski Examination
A method of attacking polyalphabetic substitution ciphers, this method can be used to deduce the length of the keyword used in a polyalphabetic substitution cipher. This is sometimes also called Kasiski's test or Kasiski's method.
Raw Quick Pair (IRT Stego)
A method to analyze an image to detect hidden messages. Based on statistics of the number of unique colors and close-color pairs in a 24bit image. Analyzes the pairs of colors created by LSB embedding. Countermeasure- Maintaining the color palette w/o creating new colors.
Which of the following is not required for a hash?
A minimum key length of 256 Its not required, but its NIST recommended.
Rainbow Tables
A password cracker that works with per-calculated hashes of all passwords available within a character space. Useful against trying to crack hashes. Best way to crack a hash is by finding a match sine they are one-way. Used by popular tools like Ophcrack.
New Technology File System (NTFS)
A proprietary journaling file system developed by Microsoft. Uses several files typically hidden from the user to store metadata about other files stored on the drive which can help improve speed and performance when reading data. Supports shadow copy to allow backups of a system while it is running, but the functionality of the shadow copies varies between different versions of Windows.
Transport Layer Security (TLS)
A protocol for encrypting transmissions (Application-level traffic). A client and server negotiate a connection by using a handshaking procedure. The server sends back its identification as a X.509 certificate. The client contacts the CA to confirm the validity of the certificate before proceeding. This protocol also supports secure bilateral connection mode.
WireGuard
A protocol. In 2020, WireGuard support was added to both the Linux[14] and Android[15] kernels, opening it up to adoption by VPN providers. By default, WireGuard utilizes Curve25519 for key exchange and ChaCha20 for encryption, but also includes the ability to pre-share a symmetric key between the client and server.
What is the role of a key in asymmetric encryption and decryption?
A public key is used for encryption, and a private key is used for decryption PKI example
Rivest-Shamir-Adleman (RSA) Algorithm
A public-key cryptosystem that is widely used for secure data transmission. It is also one of the oldest. An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers. The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the "factoring problem" RSA is a relatively slow algorithm.
SHA-0
A retronym applied to the original version of the 160-bit hash function published in 1993 under the name "SHA". It was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
Certificate Policy (CP)
A set of rules that defines how a certificate may be used. A document which aims to state what are the different entities of a public key infrastructure (PKI), their roles and their duties. This document is published in the PKI perimeter. Relevant to RFC 3647.
ROT13 Cipher
A single alphabet substitution cipher where all characters are rotated 13 characters through the alphabet.
Service Server (SS)
A sort of Resource Server that contains services.
International Telecommunication Union (ITU)
A specialized agency of the United Nations responsible for many matters related to information and communication technologies. It was established on 17 May 1865 as the International Telegraph Union, making it the oldest UN agency.
Hash Message Authentication Codes (HMAC)
A specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message.
ChaCha Cipher
A stream cipher developed by D. J. Bernstein in 2008. It is a refinement of Salsa20 and was used as the core of the SHA-3 finalist, BLAKE. Maps 16, 32-bit input words to 16, 32-bit output words. By convention, 8 of the input words consist of a 256-bit key, 4 are constants and the remaining four are a nonce and block counter. The output words are converted to bytes and XORed with the plaintext to produce ciphertext. In order to generate sufficient output bytes to XOR with the whole plaintext, the block counter is incremented and ChaCha is run again, as many times as needed, for up to 2^70 bytes of output. Google adopted ChaCha20/Poly1305 for use in OpenSSL, and they are also a part of OpenSSH.
Synchronous Stream Ciphers
A stream of pseudorandom digits is generated independently. That stream is then combined with the plaintext (encrypt) or the ciphertext (decrypt)
Domain Name System Security Extensions (DNSSEC)
A suite of extension specifications by the Internet Engineering Task Force (IETF) for securing data exchanged in the Domain Name System (DNS) in Internet Protocol (IP) networks. The protocol provides cryptographic authentication of data, authenticated denial of existence, and data integrity, BUT NOT AVAILABILITY OR CONFIDENTIALITY.
FISH
A symmetric Stream Cipher published by the German engineering firm Seimans in 1993. A software based stream cipher that uses a Lagged Fibonacci generator along with concepts borrowed from shrinking generator ciphers.
Blowfish
A symmetric block cipher designed in 1993 by Bruce Schneier. Was intended as a replacement for DES. Like DES, it is a 16 round Feistel working on 64bit blocks. Can have key sizes of 32bits to 448 bits.
Triple Data Encryption Standard (3DES)
A symmetric cipher that was designed to replace DES. Performs DES three times with three different 56bit keys.
ADFVGX Cipher
A transposition cipher invented 1918 by Fritz Nebel, used a 36 letter alphabet and a modified Polybius square with a single columnar transposition. Transposition used to encode a 36-letter alphabet. Key is 6 x 6 table.
Merkle Tree
A tree in which every "leaf" (node) is labelled with the cryptographic hash of a data block, and every node that is not a leaf (called a branch, inner node, or inode) is labelled with the cryptographic hash of the labels of its child nodes. A hash tree allows efficient and secure verification of the contents of a large data structure. A hash tree is a generalization of a hash list and a hash chain.
Layer 2 Tunneling Protocol (L2TP)
A tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It uses encryption ('hiding') only for its own control messages (using an optional pre-shared secret), and does not provide any encryption or confidentiality of content by itself. Rather, it provides a tunnel for Layer 2 (which may be encrypted), and the tunnel itself may be passed over a Layer 3 encryption protocol such as IPsec.
Public Blockchain
A type of blockchain bitcoin transactions where all the transactions are viewable Anyone can write to the blockchain and you have a public network of nodes all contributing to the creation and the mining of blocks. Every node on the network contains a copy of the blockchain and can verify the full chain. Any internet user with a computer has the ability to set up as a node on the bitcoin network, get a copy of the bitcoin ledger, and start mining blocks.
Two-Gap Generalized Feedback Shift Register (GFS)
A type of pseudorandom number generator using XOR.
Addition Lagged Fibonacci Generator (ALFG)
A type of pseudorandom number generator using addition.
Multiplication Lagged Fibonacci Generator (MLFG)
A type of pseudorandom number generator using multiplication.
Lagged Fibonacci Generator (LFG)
A type of pseudorandom number generator. If addition is used, then it is an ALFG. If multiplication is used then it is a MLFG. If XOR is used it is called a two-gap generalized feedback shift register, or GFS.
Service Principal Name (SPN)
A unique identifier of a service instance. SPNs are used by Kerberos authentication to associate a service instance with a service logon account. This allows a client application to request that the service authenticate an account even if the client does not have the account name.
Which encryption algorithm did the National Institute of Standards and Technology (NIST) designate as a specification for the encryption of electronic information?
AES
What is an example of a symmetric algorithm?
AES The only choice that is an example of a symmetric algorithm.
Rijndael Block Cipher
AES. Chosen as a replacement for DES in 2001. Designated as FIPS197. Can have three different key sizes; 128, 192, and 256. All three operate on a block size of 128 bits. Not based on a Feistel network. Operates on a 4x4 column-major order matrix of bytes called the state.
Asymmetric Cryptography
AKA public key cryptography. Slower than symmetric key cryptography. Developed to overcome weaknesses in symmetric cryptography. Uses a public and a private key.
What is one of the primary characteristics of a blockchain in the context of Bitcoin?
Adding blocks to a blockchain is computationally expensive
Define AES and its properties
Advanced Encryption Standard Symmetric Block Cipher Block Size: 128 bits Key Size: 128, 192, 256 bits Rounds: 10, 12, 14 Network: Substitution Permutation
FIPS 197
Advanced Encryption Standard (AES) This publication specifies a FIPS-approved cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information.
PseudoRandom Number Generator (PRNG)
Also known as Deterministic Random Number Generators DRNG) An algorithm for generating a sequence of numbers that approximates the properties of random numbers. The sequence is not truly random in that it is completely determined by a relatively small set of initial values, called the PRNG's state.
Advanced Encryption Standard (AES)
Also known as Rijndael block cipher. Chosen as a replacement for DES in 2001. Designated as FIPS197. Can have three different key sizes; 128, 192, and 256. All three operate on a block size of 128 bits. Not based on a Feistel network. Operates on a 4x4 column-major order matrix of bytes called the state.
X.509
An International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL. They are also used in offline applications, like electronic signatures. binds an identity to a public key using a digital signature. A certificate contains an identity (a hostname, or an organization, or an individual) and a public key (RSA, DSA, ECDSA, ed25519, etc.), and is either signed by a certificate authority or is self-signed. Relied on by S/MIME Defines Certificate Revocation Lists (CRL)
Online Certificate Status Protocol (OCSP)
An Internet protocol used for obtaining the revocation status of an X.509 digital certificate. Newer method than CRL.
What does $1$ denote?
An MD5 Hash
Ciphertext-Only Attack
An attack model for cryptanalysis where the attacker is assumed to have access only to a set of ciphertexts. While the attacker has no channel providing access to the plaintext prior to encryption, in all practical ciphertext-only attacks, the attacker still has some knowledge of the plaintext.
Integral Cryptanalysis
An attack that is particularly successful against block ciphers based on substitution-permutation networks. For a block size b, holds b-k bits constant and runs the other k through all 2k possibilities. For k=1, this is just deferential cryptanalysis, but with k>1 it is a new technique.
Certificate Authority (CA)
An entity that stores, signs, and issues digital certificates. acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.
CRC-32
An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.
Cyclic Redundancy Check (CDC)
An error-detecting code commonly used in digital networks and storage devices to detect accidental changes to raw data.
Blockchain
An incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions, but virtually everything of value. A continuously growing list of records called blocks, which are linked and secured using cryptography. Data becomes immutable (cannot be changed or deleted)
Affine Cipher
Any single substitution alphabet ciphers where each letter in the alphabet is mapped to some numeric value, permuted with some relatively simple mathematical function, and then converted back to a letter. The formula for any basic cipher of this type is ax+b(modM), M being the size of the alphabet, so for example Caeser cipher would be 1x+3(mod26)
What type of encryption uses different keys to encrypt and decrypt the message?
Asymmetric cryptography, also known as public key cryptography, uses public and private keys to encrypt and decrypt data.
A developer wants to send a message to a system administrator over the internet, so the developer uses the system administrator's publicly known key to send the message. The system administrator is able to decrypt the message using a unique private key. Which encryption method are the developer and system administrator using to communicate the message?
Asymmetric encryption Asymmetric encryption involves using a different key to decrypt the encrypted data.
ElGamal Encryption System
Asymmetric-Key Encryption Alorithm for public-key cryptography which is based on the Diffie-Hellman key exchange. Used in some PGP implementations as well as GNU Privacy Guard software. Consists of three parts: key generator, encryption algorithm, decryption algorithm. This encryption is probabilistic. NOT to be confused with the ElGamal signature scheme.
An administrator has configured a virtual private network (VPN) connection utilizing IPsec tunnel mode with Encapsulating Security Payload (ESP) between the corporate office and a remote office. Where can the packets be inspected by intrusion detection systems (IDS) and virus scanners?
At the headquarters and the offsite location Intrusion Detection Systems and Virus Scanners will inspect all traffic within the network depending on their placement. In this instance, they are placed at both locations behind the VPN concentrator. A bit of over-thinking went into the answer for this one.
Which substitution cipher system reverses the sequence of the alphabet?
Atbash
Which of the following is a substitution cipher used by ancient Hebrew scholars?
Atbash Atbash is a monoalphabetic substitution cipher originally used to encode the Hebrew alphabet. It can be modified for use with any known writing system with a standard collating order.
List some Historical Symmetric Ciphers
Atbash Caesar ROT-13 Cipher Disk Vigenere Playfair ADFGVX Affine Cipher Enigma Machine
Related-Key Attack
Attacker obtains ciphertexts encrypted by two different keys. Requires that both keys be closely related.
What do Digital Signatures provide?
Authentication Integrity Non-repudiation (NOT CONFIDENTIALITY)
Challenge-Handshake Authentication Protocol (CHAP)
Authenticator sends a "challenge" message to the peer after link establishment. Peer responds with a value using a "one-way hash" function. Authenticator checks the response against its own calculation of the hash value. Authenticator sends new challenges to the peer at random intervals.
Bitwise Compliment ( ~ )
Bitwise compliment operator is an unary operator (works on only one operand). It changes 1 to 0 and 0 to 1. Example: ~10010101 = 01101010
Two types of Symmetric Cyphers
Block Ciphers and Stream Ciphers
Define FORK-256 and its properties
Block Size: 512 bit Each block is hashed into 256 bit blocks in parallel. Under review, not widespread
Which attack tries every combination of letters, numbers, and special characters?
Brute Force
How is the substitution portion of symmetric key cryptography accomplished?
By XORing the plain text message with the key.
How can you tell if the hash is an MD5 Hash?
By the $1$ at the beginning of the hash.
Online banking transactions are almost identical every time and the data being transported back and forth is almost always the same. This makes the transaction very susceptible to attacks. How can a bank customer make sure that each banking session is different to mitigate an attack on the communication with the bank?
By using an initialization vector (IV) IV is used to prevent the easy linear analysis of the client's online communication with the bank. IV inputs randomization between different online banking sessions.
How can the bank prove the integrity of the message that a bank's customer is sending to its servers?
By using the HMAC value from the client's encrypted message HMAC (Hashed Message Authentication Code) value is used to prove the integrity of the message between the client's browser and the bank's server.
Which PKI component generates digital certificates?
Certificate Authority (CA)
Hierarchical Trust Model
Certificate Authority is at the top Intermediate CAs are the next level Users are the bottom level
Single Authority Trust Model
Certificate Authority is at the top Users are directly below the CA
What is referenced to determine if a certificate has been revoked?
Certificate Revocation List (CRL) or sometimes the Online Certificate Status Protocol (OCSP)
Which part of the public key infrastructure (PKI) defines how a credential is used?
Certificate policy (CP)
Administration Phase Processes (Digital Certificate Management Phase 2)
Certificate retrieval and validation Backup or escrow Recovery
Define CHAP and its properties
Challenge Handshake Authentication Protocol Authentication Protocol Shares a hash with the client system. Challenge is sent with acknowledgement, otherwise connection is terminated. After link establishment, authenticator sends challenge message to peer, peer responds with one-way hash function. Authenticator checks response against its own calculation. New challenge at random intervals.
An authentication method that periodically re-authenticates the client by establishing a hash that is then resent from the client is called ______.
Challenge handshake Authentication protocol
Diffusion
Changes made to one character in the plain text affect multiple characters in the cipher text, unlike in historical algorithms where each plain text character only affect one cipher text character.
Which of the following most accurately defines encryption?
Changing a message so it can only be easily read by the intended recipient
Substitution
Changing some part of the plain text for some matching part of cipher text. Historical algorithms typically use this.
A bank's customer opens the log-in page of the bank to do an online banking transaction. How can the customer verify that the bank's digital certificate is trustworthy and has not been canceled by the issuing certificate authority (CA)?
Check the Certificate Revocation List (CRL) The customer can check the Certificate Revocation List (CRL) to see if this is a certificate that has already been canceled or revoked.
An attacker is trying to break an encrypted message. The attacker is able to access the crypto device and wants to run plaintexts through the device to see how its encryption process works. What method is the attacker using to break the message?
Chosen Attack With chosen attacks, the attacker has access to the cryptosystem and can run plaintext messages through it to see how it works.
Which cryptanalysis method involves a person being tricked into encrypting a set of *known messages?
Chosen plaintext attack *Remember, it is a set of KNOWN MESSAGES, which are written in Plain Text*
Define CBC and its properties
Cipher Block Chaining Block Cipher Mode Each block of plaintext is XORd with the previous ciphertext block before being encrypted. Produces more randomness, which is more secure
List some Multi-Alphabetic Substitution Methods
Cipher Disk Vigenere Cipher Enigma Machine
Examples of Multi-Alphabet Substitution
Cipher Disk, Vigenere Cipher, Enigma Machine
This process is done by having each block of plaintext XORed with the previous ciphertext block before being encrypted.
Cipher block chaining In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted.
NSA Classification of Cryptography
Classified as types 1-4 (1 is highest)
A ______ refers to a situation where two different inputs yield the same output.
Collision
Which characteristic makes a hashing function suitable for use in signature schemes?
Collision Resistance Of the many properties that a good hash function should have, the one that is mentioned most often is collision resistance.
Which two concerns does the use of Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) address?
Confidentiality Integrity
CIA Triad
Confidentiality Integrity Availability
Define CTR and its properties
Counter Block Cipher Mode Turns block cipher into a stream cipher like OFB. Generates next keystream block by encrypting successive values of a counter.
Which mode is a stream algorithm that concatenates an incrementing value with a nonce?
Counter (CTR)
Which mode generates a key stream with a nonce and incrementing value?
Counter (CTR) Generates the next keystream block by encrypting successive values of a counter
Euler's Totient Function
Counts the positive integers up to a given integer n that are relatively prime to n. It is written using the Greek letter phi and may also be called Euler's phi function. In other words, it is the number of integers k in the range 1 ≤ k ≤ n for which the greatest common divisor gcd(n, k) is equal to 1. The integers k of this form are sometimes referred to as totatives of n. Part of the RSA algorithm!
Lehmer Random Number Generator
Created by D. H. Lehmer. It is a classic example of a Linear congruential generator. A PRNG type of linear congruential generator (LCG) that operates in multiplicative group of integers modulo n. The basic algorithm is Xi+1=(aXi + c) mod m, with 0 ≤ Xi ≤ m
Pretty Good Privacy (PGP)
Created by Phillip Zimmerman in early 1990's. Not itself an algorithm but uses other symmetric and asymmetric algorithms. Open source software for making encryption and decryption readily usable by end users. Most often associated with email encryption. Uses certificates that contain multiple signatures but they are self-signed so they can't be validated with a CA.
Shark
Created by Vincent Rijmen, Joan Daemen, Bart Preneel, Antoon Bosselaers, and Erik De Win. Uses a 64bit block with a 128bit key in six rounds. Shares similarities with the Rijndael cipher such as the use of S-boxes.
RSA
Created in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman at MIT. Most widely used public key cryptography algorithm. Based on relationships with prime numbers. This algorithm is secure because it is difficult to factor a large integer composed of two or more large prime factors.
Elliptic Curve
Created in 1985 by Victor Miller, IBM. Endorsed by the NSA, schemes based on it for Suite B. Protects information classified up to top secret with 384bit keys. Based on y2 = x3 + Ax + B.
Blum Blum Shub
Created in 1986 by Lenore Blum, Manuel Blum, and Michael Shub. Format is Xn+1 = Xn2 Mod M The main difficulty of predicting the output of this is the difficulty of the "quadratic residuosity problem". As difficult as breaking the RSA public-key cryptosystem.
Which two components involved in performing encryption are known to the party that will perform decryption before symmetric encryption is applied? (choose two)
Cryptographic Key Cryptographic Algorithm
FIPS 140
Cryptographic Modules: Coordinates the requirements and standards for cryptographic modules which include both hardware and software components for use by departments and agencies of the United States federal government.
What feature in Wired Equivalent Privacy (WEP) provides integrity control when sending packets over a wireless network?
Cyclic Redundancy Check (CRC) WEP - uses the stream cipher RC4 to secure the data and a CRC-32 checksum for error checking
Point-to-Point Tunneling Protocol (PPTP)
(often used for VPNs) - Oldest of the three protocols used in VPNs. Designed as a secure extension to the Point-to-Point Protocol (PPP). Adds the feature of encrypting packets and authenticating users to PPP. Works at the data link layer of the OSI model.
NSA Suite B Cryptography Algorithms
- AES w/ key sizes of 128 and 256bits - For traffic, AES should be used w/ the Galois/Counter Mode (GCM) mode of operation - symmetric encryption - Elliptic-Curve Digital Signature Algorithm (ECDSA) - digital signatures - Elliptic-Curve Diffie-Hellman (ECDH) - key agreement - Secure Hash Algorithm 2 (SHA-256 and SHA-384) - message digest
What are the three benefits to Digital Signatures?
- Authentication - Integrity - Non-repudation
What are the three different key sizes of AES?
128bit, 192bit, and 256bit
Hyperledger
A type of blockchain implementation.
What is the result of A|B and B|C?
A|C
Ticket (IRT Kerberos)
Data that authenticates a principal's identity.
List some Key Exchanges
Diffie-Hellman (DH) Menezes-Qu-Vanstone (MQV) Key Exchange Algorithm (KEA) Elliptic Curve Diffie-Hellman (ECDH)
Verisign Class 1 Certificate
For individuals, intended for email
Prime Number Theorem
If a random number N is selected, the chance of it being prime is approx. 1/ln(N), where ln(N) denotes the natural logarithm of N.
Why should an asymmetric public key be used to encrypt a symmetric key that is being sent to one person?
It encrypts a small amount of information, which is decrypted with the corresponding private key. An example of PKI
What are the three benefits to the Digital Signature Algorithm (DSA)?
Message Authentication, Integrity Verification, Non-Repudiation.
Define MD5 and its properties
Message Digest 5 Hashing algorithm Hash Size: 128 bits Block Processing: 512 Bits Hash starts with $1$
Which cryptographic algorithm has a 128-bit hash size?
Message Digest 5 (MD5)
Null cipher
Message hidden in unrelated text. Sender and receiver have pre-arranged to use a pattern to remove certain letters from the message which leaves only the true message behind.
Cipher
The algorithm(s) needed to encrypt and decrypt a message.
WPA - Personal (WPA-PSK)
Uses pre-shared key mode. Designed for home and small networks. Doesn't require authentication server. Each wireless device authenticates using the same 256bit key.
Which internationally recognized standard is used in public-key infrastructure (PKI) to define the format of public-key certificates?
X.509 standard X.509 is a standard defining the format of public-key certificates.
What is the most commonly used format for certificates?
X.509 v3
Which of the following equations is related to EC?
y2 = x3 + Ax + B
Common Cryptography Mistakes
- Using a standard modulus in RSA (modulus e=216+1=65537) - Using seeds for symmetric algorithms that are not random enough - Hard coded cryptographic secrets/elements - Using too short of a key - Re-using keys - Unsecure Key Escrow - Unsecure cryptographic mode (ECB mode) - Proprietary cryptographic algorithms
Bitwise complement of any number N
-(N+1)
Elliptic Curve Variations
-Elliptic Curve Diffie-Hellman (used for key exchange) -Elliptic Curve Digital Signature Algorith (ECDSA) -Elliptic Curve MQV key agreement protocol
What file extension is associated with PKCS#12?
.p12
Which extension designates a file containing a password-protected private key?
.p12
What file extension is associated with PKCS#7?
.p7b, .p7c
X.509 Certificate File Extensions
.pem .cer, .crt. .der .p7b, .p7c .p12 .pfx
TLS Handshake Process
1. Client connects to server requesting secure connection and presents a list of encryption/hash functions it can support. 2. Server picks strongest encryption/hash function and notifies client of the chosen algorithms. 3. Server sends back its digital certificate (X.509). 4. Client encrypts random number with the server's public key and sends the results to the server. 5. The server decrypts with its private key. 6. From the random number, both parties generate key material for encryption and decryption. `
The Four Stages of a Certificate Life Cycle
1. Enrollment 2. Distribution 3. Validation 4. Revocation
Steps in the DSA Algorithm
1. Generate the Key 2. Generate the Signature 3. Verify the Signature
What are four advantages of DSA?
1. Highly Robust 2. Better Speed 3. Less Storage 4. Patent Free
Explain Signature Generation IRT DSA.
1. It passes the original message (M) through the hash function (H#) to get our hash digest(h). 2. It passes the digest as input to a signing function, whose purpose is to give two variables as output, s, and r. - Apart from the digest, you also use a random integer k such that 0 < k < q. - To calculate the value of r, you use the formula r = (gk mod p) mod q. - To calculate the value of s, you use the formula s = [K-1(h+x . R)mod q]. 3. It then packages the signature as {r,s}. 4. The entire bundle of the message and signature {M,r,s} are sent to the receiver.
Three phases of key life cycle (IRT Digital Certificate Management)
1. Setup and initialization 2. Administration (Usage) 3. Cancellation
How many transformation rounds does AES use with a 128-bit key?
10 Rounds AES uses 10 rounds with a 128-bit key, 12 rounds with a 192-bit key, and 14 rounds with a 256-bit key.
What is the outcome when using the binary AND function (&) on 11011 and 10100
10000 Binary (bitwise) AND ( & ) will take two values and select like values. If both are 1, then it is 1, if both are 0, it is 0, if one is 1 and the other is 0, then the value is 0 11011 & 10100 = 10000
What size block does FORK256 use?
512 FORK-256 was introduced at the 2005 NIST Hash workshop and published the following year.[6] FORK-256 uses 512-bit blocks and implements preset constants that change after each repetition. Each block is hashed into a 256-bit block through four branches that divides each 512 block into sixteen 32-bit words that are further encrypted and rearranged
Which of the following is not a key size used by AES?
512 bits For AES, NIST selected three members of the Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256 bits.
SHA-1
A 160-bit hash function which resembles the earlier MD5 algorithm. This was designed by the National Security Agency (NSA) to be part of the Digital Signature Algorithm. Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
Key Escrow
A copy of the encryption key is in escrow so that it can be used by a government agent. A controversial potential backdoor. Skipjack and the Clipper Chip had this issue.
Avalanche
A desirable effect where a change to one bit leads to large change in output. Similar to Diffusion, but more is affected. This is Fiestel's take on Claude Shannon's concept of diffusion.
Certification Practice Statements (CPS)
A document from a certificate authority or a member of a web of trust which describes their practice for issuing and managing public key certificates.
Secure Hash Algorithms
A family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS)
SHA-2
A family of two similar hash functions, with different block sizes, known as SHA-256 and SHA-512. They differ in the word size; SHA-256 uses 32-bit words where SHA-512 uses 64-bit words.
Forward Secrecy (FS)
A feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key.
Perfect Forward Secrecy (PFS)
A feature of specific key agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key.
Bitcoin
A form of digital currency that is created and held entirely electronically instead of being printed.
Oakley Key Determination Protocol
A key-agreement protocol that allows authenticated parties to exchange keying material across an insecure connection using the Diffie-Hellman key exchange algorithm.
Certificate Revocation List (CRL)
A list of digital certificates that have been revoked by the issuing certificate authority (CA) before their scheduled expiration date and should no longer be trusted.
Realm (IRT Kerberos)
A logical Kerberos network.
Resource Server (RS) (IRT Kerberos)
A network resource (such as a database server or printer within a realm)
K2 (IRT PRNG)
A sequence of numbers which is indistinguishable from 'true random' numbers according to specified statistical tests.
K1 (IRT PRNG)
A sequence of random numbers with a low probability of containing identical consecutive elements.
Principal (Component of Kerberos)
A server or client that Kerberos can assign tickets to. Service on another node within a Kerberos network. Registered with the Ticket-Granting Service (TGS) with a Service Principal Name (SPN)
Message Authentication Codes (MAC)
A short piece of information used for authenticating a message. In other words, to confirm that the message came from the stated sender (its authenticity) and has not been changed. The MAC value protects a message's data integrity, as well as its authenticity, by allowing verifiers (who also possess the secret key) to detect any changes to the message content.
Credentials (IRT Kerberos)
A ticket and a service key.
Private Blockchain
A type of blockchain bitcoin transactions that takes place within a private space where all the transactions are restricted to only the concerned parties A smaller network of nodes or companies will write transactions, mine, and verify blocks. This means they could be much more efficient, as blocks are mined much quicker than opening it out to a huge public network of mining nodes. What's running in a private blockchain doesn't have the same decentralized security as a public blockchain. The companies that own it can also decide who can read blockchain transactions or have the ability to verify them. This means they have control over the privacy of the data that is recorded onto the blockchain.
Elliptic Curve Digital Signature Algorithm (ECDSA)
A variant of the Digital Signature Algorithm (DSA) which uses elliptic curve cryptography. The bit size of the private key believed to be needed for ECDSA is about twice the size of the security level, in bits. The signature size is the same for both DSA and ECDSA: approximately 4t bits, where t is the security level measured in bits. (4(128) = 512, t = 512bits)
What uses a 6x6 table?
ADFGVX Cipher
Which type of cipher converts a letter to a number, passes it through a mathematical function, and then converts it back to a letter?
Affine
What equation does (ax + b) mod M belong to?
Affine Cipher
Yarrow
Algorith that was created by Bruce Schneier, John Kelsey, and Niels Ferguson. No longer recommended, Fortuna is recommended instead. Consists of four parts: -Entropy Accumulator -Generation Mechanism -Reseed Mechanism -Reseed Control
NSA Type 4 Algorithms
Algorithms that are registered by NIST but not FIPS published. Also, unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage.
Memory
Amount of storage required for the attack
Server-based Certificate Validation Protocol (SCVP)
An Internet protocol for determining the path between a X.509 digital certificate and a trusted root (Delegated Path Discovery) and the validation of that path (Delegated Path Validation) according to a particular validation policy.
What does a frequency analysis attack to break encryption involve?
Analyzing ciphertext to identify text variation and comparing the text to standard English characters
Prime Number
Any number whose factors are 1 and itself. 1, 3, 5, 7, 11, 13, 17, 23, etc...
Databases
Are for fast storage and high performance when adding data into a table.
What is Blowfish used in?
BCrypt, Cryptodisk, DriveCrypt, Password Safe, Password Wallet, Backup for Workgroups, Crashplan.
Linear Cryptanalysis
Based on finding the approximations to the action of a cipher. Commonly used on block ciphers. A known plain text attack that uses linear approximation to describe the behavior of the block cipher. Given enough pairs of of plain text and corresponding cipher text, bits of information about the key can be obtained. The more pairs of plain text and cipher text the greater chance of success.
Feistel Function
Basis for most Block Ciphers. Splits blocks of plaintext data (often 64 bits) into two parts, L0/R0.
Which cipher uses a grid to map letters into numeric values?
Bifid
Bitcoin and Elliptic Curve Ciphers (ECC)
Bitcxoin uses Elliptic Curve Ciphers (ECC) with a 256-bit private key, and a 512-bit public key
RSA Problem
Breaking RSA encryption
Symmetric Encryption Equation
C = Ek(P) C = Ciphertext E = Encryption Function K = Key P = Plaintext
Symmetric Algorithm Encryption Expressed Mathematically
C=E(k,p) Cipher Text (C) is equal to the encryption function (E) with the key (k) and plain text (p) being passed as parameters to that function.
Central Distribution Point (CDP)
CDP is a location on an LDAP directory server or web server where a certificate authority (CA) publishes certification revocation lists (CRLs).
Which key would an administrator use to encrypt data so only the CEO can decrypt it?
CEO's Public key
If you wished to see a list of revoked certificates from a CA, where would you look?
CRL
What is contained in a CRL?
CRLs show revoked certs.
List some Mono-Alphabet Substitution methods
Caesar Cipher ROT-13 Atbash Affine
Chi-Square Analysis (IRT Stego)
Calculates the average LSB and builds a table of frequencies and Pair of Values. Performs a test on the two tables. It measures the theoretical vs. calculated population difference.
What are the two types of Digital Certificate Management systems?
Centralized key-management systems Decentralized key-management systems
Define CFB and its properties
Cipher Feedback Block Cipher Mode Allows encryption of partial blocks
The process wherein the ciphertext block is encrypted then the ciphertext produced is XOR'd back with the plaintext to produce the current ciphertext block is called what?
Cipher Feedback Cipher feedback takes the previous cipher output and mixes it with plaintext for the next cipher.
NSA Suite A Cryptography Algorithms
Classified
Which mode does the Fortuna algorithm use to generate random numbers?
Counter (CTR)
Which symmetric encryption technique uses a 56-bit key size and a 64-bit block size?
DES Symmetric block cipher 56 bit key size 64 bit block size 16 rounds Feistel
List some Symmetric Block Ciphers
DES 3DES DESx AES Blowfish Twofish Serpent Skipjack IDEA CAST TEA SHARK RC5 & RC6
Which of the following is not an asymmetric system?
DES The Data Encryption Standard is a symmetric-key algorithm for the encryption of electronic data. Although now considered insecure, it was highly influential in the advancement of modern cryptography.
Define DES and its properties
Data Encryption Standard Symmetric Block Cipher Block Size: 64 bits Key Size: 56 bits Rounds: 16
Electronic Signatures (ES)
Data that is logically associated with other data and which is used by the signatory to sign the associated data. This type of signature has the same legal standing as a handwritten signature as long as it adheres to the requirements of the specific regulation under which it was created.
What is the variable 'i'? (IRT Cryptography)
Denotes imaginary numbers. These are numbers whose square is a negative. For example; square root of -1 = 1i
How is information about Bitcoin transactions stored?
Distributed peer-to-peer network
Friedrich Kasiski
First person to carry out a successful attack on a Vigenere cipher
Verisign Class 4 Certificate
For online business transactions between companies
How do you measure the amount of computational effort required to perform a transaction or execute a contract on the Ethereum blockchain?
Gas Gas is the unit used to measure the amount of work required to perform a single Keccak-256 hash.
A _____ is a function that takes a variable-size input m and returns a fixed-size string.
Hash A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes.
Which cryptographic algorithm is used to protect network-level communications?
IPSec IPSec is used to provide network layer encryption.
Steganography Details
In every file, there are a certain number of bits per unit of the file. For example, an image file in Windows is 24bits per pixel. With Least Certificate Bit (LSB) replacement, some bits can be replaced without altering the file much.
Cipher Feedback (CFB)
In this mode, the previous ciphertext block is encrypted, the cipher text is XOR'd back with the plain text to produce the current cipher text block, essentially it loops back on itself, increasing the randomness of the ciphertext.
What can XOR use as a pseudorandom number to create unique ciphertext?
Initialization Vector (IV)
What is a concern with storing long-term secrets on media or memory?
Integrity
Define IDEA and its properties
International Data Encryption Algorithm Symmetric Block Cipher Block Size: 64 bits Key Size: 128 bits
Which encryption algorithm operates on 64-bit blocks of plaintext using a 128-bit key and has over 17 rounds with a complicated mangler function?
International Data Encryption Algorithm (IDEA) IDEA operates on 64-bit blocks of plaintext using a 128-bit key and has over 17 rounds with a complicated mangler function.
Which network-based virtual private network (VPN) prevents unauthorized logins by preventing packet retransmission?
Internet Protocol Security (IPsec)
Which solution is used in a Layer 2 Tunneling Protocol (L2TP) virtual private network (VPN) to secure data in transmission?
Internet Protocol Security (IPsec)
NTLMv2
Introduced in Windows NT 4.0 SP4[14] (and natively supported in Windows 2000), is a challenge-response authentication protocol. It is intended as a cryptographically strengthened replacement for NTLMv1, enhancing NTLM security by hardening the protocol against many spoofing attacks and adding the ability for a server to authenticate to the client.
BitLocker
Introduced with Windows 7. Can encrypt partitions or entire drives. Startup key only. Key information is stored on a flash drive or TPM. Uses AES with 128bit key.
MS-CHAPv2
Introduced with pptp3-fix that was included in Windows NT 4.0 SP4 and was added to Windows 98 in the "Windows 98 Dial-Up Networking Security Upgrade Release" and Windows 95 in the "Dial Up Networking 1.3 Performance & Security Update for MS Windows 95" upgrade. Windows Vista dropped support for MS-CHAPv1.
Bitcoin Transaction Process
Involves two parts: IT OUT
Why is symmetric stream used to encrypt video when speed is a major concern?
It uses the same key to encrypt and decrypt large amounts of data
Which cryptanalysis attacks involve examining patterns in the random characters combined with the plaintext message to produce the ciphertext to see how long the key goes before it starts to repeat?
Keystream Analysis Keystream analysis involves examining patterns in the keystream used to produce the ciphertext to see how long the key goes before it starts to repeat.
Keystream Analysis
Keystream analysis involves examining patterns in the keystream used to produce the ciphertext to see how long the key goes before it starts to repeat.
RFC 1321 describes what hash?
MD5
List some Hash Functions
MD5 MD6 SHA 1, 2, 3 FORK-256 RIPEMD-160 GOST Tiger MAC/HMAC
MP3Stego
MP3 files
Output Feedback (OFB)
Makes a block cipher into a synchronous stream cipher, and generates keystream blocks (which are then XOR'd with the plaintext blocks to get the ciphertext)
Which type of attacks are Diffie-Hellman methods vulnerable to?
Man-in-the-Middle With MITM, someone can intercept the exchanged private key pair or a recipient and decrypt the traffic.
Which technique does related-key cryptanalysis use to decipher a message?
Messages are encrypted using different secrets, and the *analyst compares the messages* to figure out how the algorithm works.
Define Affine Cipher and its properties
Mono-Alphabetic Substitution Letter is mapped to some numeric value, permuted with simple math function, then converted back to a letter. (ax +b) mod M)
Define Atbash Cipher and its properties
Mono-Alphabetic Substitution Reverses the Alphabet (A for Z, B for Y, C for X, etc...)
Define Caesar Cipher and its properties
Mono-Alphabetic Substitution Shifts letters a certain number of times. Most common shift is 3
_____ uses at least two different shifts, changing the shift with different letters in the plain text.
Multi-alphabet Encryption Polyalphabetic Substitution Ciphers are a lot more secure than their Monoalphabetic cousins, as they use different ciphertext alphabets in the encryption process.
A social media company refuses to hand over the encryption keys involved in secure communications to the government for an ongoing investigation. Which cryptographic backdoor will allow only the government agents to crack the encryption, but no one else?
NOBUS backdoor With NOBUS backdoor, it is possible for government agents to crack the encryption, but no one else can.
Birthday Attack
Name used to refer to a class of brute force attacks against hashes. Attempts to find a collision.
A number that is used only one time then discarded is called what?
Nonce
Time
Number of primitive operations which must be performed
One-time passwords (OTP)
OTP allows a new unique password to be created each time, based on an initial seed value.
Confusion
Occurs by using a complex substitution algorithm. Attempts to make the relationship between the statistical frequencies of the cipher text and the key as complex as possible.
What defines a Prime Number?
Only has factors of itself and 1
Pigpen Cipher
Pigpen is a mono alphabet substitution with characters laid out in sequence within four grids created in a square and a diagonal shape.
Original, unencrypted information is referred to as ____.
Plaintext. A term used in cryptography that refers to a message before encryption or after decryption. That is, it is a message in a form that is easily readable by humans. Encryption is the process of obscuring messages to make them unreadable in the absence special knowledge
Which cipher uses a five-by-five matrix with nonrepeating characters?
Playfair
What uses a 5x5 table?
Playfair Cipher
Which part of the public key infrastructure (PKI) is used to ensure that the format for a credential can be used by anyone on the internet?
Public Key Cryptography Standards (PKCS)
A business wants to use keys issued by a trusted third party to demonstrate it is a legitimate organization to potential customers. What key should the business send to potential customers to prove its identity?
Public Key of the Company
Federal Information Processing Standards (FIPS)
Publicly announced standards developed by the National Institute of Standards and Technology (NIST) for use in computer systems by non-military American government agencies and government contractors.
Which encryption process minimizes known plaintext attacks against Advanced Encryption Standard (AES)?
Randomizing the Initialization Vector
Keyspace
Refers to the number of possible keys. Calculated by 2^key size in bits
Cryptanalysis Resources
Regardless of technique used, there are always three present: Time - number of primitive operations which must be performed Memory - Amount of storage required for the attack Data - the quantity of plain texts and cipher texts required.
Setup and Initialization Phase Processes (Digital Certificate Management Phase 1)
Registration Key pair generation Certificate Generation Certificate Dissemination
What acts as a proxy between the user and the CA?
Registration Authority (RA)
Cancellation and History Phase Processes (Digital Certificate Management Phase 3)
Renewal Revocation Suspension Destruction
What does the OCSP protocol provide?
Revoked certificates
Which algorithm is used to generate the thumbprint of a certificate?
SHA-1
What prevents a rainbow table attack during the encryption process?
Salting This is simply a random number that is stored along side the data that was encrypted with the password
What is a common problem with using pre-shared keys (PSKs)?
Secure key exchange
Which task does a root CA perform before publishing its own certificate?
Signing it with its private key A Root CA signs its own certificate with its private key to provide authenticity.
NTLM2 Session
Similar to MS-CHAPv2.[17] It consists of authentication from NTLMv1 combined with session security from NTLMv2.
Which programs run on a blockchain to automate the execution of an agreement so that all participants can be immediately certain of the outcome, without any intermediary's involvement or time loss?
Smart contracts Smart contracts are programs stored on a blockchain that run when predetermined conditions are met. They typically are used to automate the execution of an agreement so that all participants can be immediately certain of the outcome, without any intermediary's involvement or time loss.
Steganography Detection Tools
StegSpy Stegdetect StegSecret
A process that puts a message into the least significant bits of a binary file is called what?
Steganograph
Which type of cryptography is being used when the author uses secret inks?
Steganography
Which type of cipher is ChaCha?
Stream Cipher
Two things all modern block cipher algorithms use
Substitution and Transposition
How is transposition done in symmetric key cryptography?
Swapping blocks of text.
A security analyst decrypted a data set with the same key that originally encrypted the data set. Which cryptographic operation did the analyst use?
Symmetric Symmetric encryption uses the same key to encrypt and decrypt the message
What should be used when large amounts of data needs to be encrypted and decrypted for secure storage based on groupings of 128, 192, or 256-bits?
Symmetric Block Symmetric block ciphers use the same key to encrypt and decrypt large amounts of data
Define Serpent and its properties
Symmetric Block Cipher Block Size: 128 bits Key Size: 128, 192, or 256 bits Rounds: 32 Network: Substitution-Permutation
Define CAST-128 and its properties
Symmetric Block Cipher Block Size: 64 bits Key Size: 40-128 bits
Define Skipjack and its properties
Symmetric Block Cipher Block Size: 64 bits Key Size: 80 bits. Rounds: 32 Built by NSA for clipper chip
Define PIKE and its properties
Symmetric Stream Cipher An improvement on FISH
How does a Dictionary Attack break a cipher?
Takes a list of the most common words and tries each entry
Authentication Header (AH)
The AH protocol (RFC 2404) has protocol number 51, and it authenticates both the header and payload.
Arms Export Control Act (AECA)
The Arms Export Control Act authorizes the President of the United States to control the import and export of defense articles and services.
Steganography
The art and science of writing hidden messages so that no one suspects the existence of the message, a type of security through obscurity. Message can be hidden in picture or audio file for example. Uses least significant bits in a file to store data.
Total Break (Cryptanalysis Success)
The attacker deduces the secret key.
Payload (IRT Stego)
The data to be covertly communicated, the message you wish to hide.
Certificate Enrollment (IRT Cert Life Cycle)
The first phase of the certificate cycle typically begins with a user, device, or machine requesting a certificate from a CA. The request contains a public key and other enrollment information. Once a request for the certificate is received, the CA verifies the information given based on an established set of rules that were set in advance. If the information is legitimate the CA creates the certificate and sends an identifying certificate to the requesting party.
Genesis Record
The first transaction created in bitcoin
Missile Technology Control Regime (MTCR)
The focus of the Missile Technology Control Regime (MTCR) is to limit the proliferation of missiles capable of delivering weapons of mass destruction.
Certificate Revocation (IRT Cert Life Cycle)
The last stage of a certificate lifecycle comes either when a certificate expires or when an administrator revokes the certificate prior to the expiry date. When a certificate is revoked, the CA automatically adds that certificate to the CRL, which instructs the RADIUS to no longer authenticate that certificate.
Algorithm
The mathematical process used to alter a message and make it unintelligible to anyone but the intended party.
How to Mine a Block
The node on the network has to go through a proof of work process to solve a complex hashing puzzle
Which key combination is used to decrypt and verify a digital signature?
The recipient uses their private key to decrypt the sender's public key in order to verify the signature.
Ticket-Granting Ticket (TGT)
The ticket that is granted during the authentication process. Contain the client ID, the client network address, the ticket validity period, and the Ticket Granting Server session key.
Channel (IRT Stego)
The type of medium used. This may be still photos, video, or sound files.
Gas
The unit used in Ethereum to measure the amount of work that is required to perform a single Keccak-256 hash
Public Key Cryptography Standards (PKCS)
These are a group of public-key cryptography standards devised and published by RSA Security LLC, starting in the early 1990s. The company published the standards to promote the use of the cryptography techniques to which they had patents, such as the RSA algorithm, the Schnorr signature algorithm and several others.
NSA Suite A Cryptography
This classification of algorithms are not published. Algorithms are classified. used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI) ACCORDION BATON CDL 1 CDL 2 FFC FIREFLY JOSEKI KEESEE MAYFLY MEDLEY MERCATOR SAVILLE SHILLELAGH WALBURN WEASEL
Random Number Generators
Three types; Table Look-up Hardware Software
Brute Force
Trying every possible key to break a cipher. For many types of encryption this is completely impractical because of the amount of time it would take to try every possible key.
What are traits of a good PRNG?
Uncorrelated sequences and Long periods
Cryptanalysis
Using a method (other than brute force) to derive the key of a cipher. In some cases cryptographic techniques can be used to test the efficacy of a cryptographic algorithm. Frequently used to test hash algorithms for collisions.
SSL/TLS VPN
VPN setup through a web browser, portal that uses SSL/TLS to secure traffic. Gives user access to the target network.
Which cipher uses a series of ciphers based on a keyword?
Vigenère
Which initiative allows publicly-available cryptographic algorithms to be exported and imported freely among member countries without any types of restrictions to prevent destabilizing accumulations of arms and dual-use goods and technologies?
W The Wassenaar Arrangement allows publicly-available cryptographic algorithms to be exported and imported freely among member countries without any types of restrictions.
Which wireless security standard uses a 128-bit RC4 stream cipher for encrypted communications?
WPA Specifically, Temporal Key Integrity Protocol (TKIP). The RC4 stream cipher is used with a 128-bit per-packet key, meaning that it dynamically generates a new key for each packet.
Data Encryption Standard (DES)
Was the premier block cipher for many years but is now considered outdated. Was selected a the Federal Information Processing Standard (FIPS) for the U.S. in 1976. This is a Feistel Cipher with 16 rounds and a 48bit key for each round. To generate round keys, a 56bit key is slit into two 28bit halves. This Feistel Cipher uses 8 S-boxes.
Which two pioneers are called the fathers of asymmetric cryptography used in PKI?
Whitfield Diffie and Martin Hellman Whitfield Diffie and Martin Hellman pioneered the Diffie-Hellman asymmetric method of encryption used in PKI.
Kerberos
Widely used, particularly with Microsoft operating systems. Created by MIT and derives its name from the mythical three headed dog. The is a great deal of verification for the tickets and the tickets expire quickly. Client authenticates to the Authentication Server once using a long term shared secret and receives back a Ticket-Granting Server. Client can reuse this ticket to get additional tickets without reusing the shared secret. These tickets are used to prove authentication to the Service Server.
Message Authentication
You can verify the origin of the sender using the right key combination.
Integrity Verification
You cannot tamper with the message since it will prevent the bundle from being decrypted altogether.
Key Clustering
different encryption keys generate the same ciphertext from the same plaintext message
QuickStego
easy to use but limited
An administrator needs to encrypt the following word with the Atbash cipher: "security" Which ciphertext is correct?
hvxfirgb Atbash cipher (Mono-Alphabet Substitution Cipher) simply reverses the alphabet (a is z, b is y, etc...)
Invisible Secrets
robust, has free and commercial versions