IT Security: Defense against the digital dark arts. Week2: Pelcgbybtl (Cryptology)
The specific function of converting plaintext into ciphertext is called a(n) ______.
encryption algorithm; An encryption algorithm is the specific function or steps taken to convert plaintext into encrypted ciphertext.
What are the components that make up a cryptosystem? Check all that apply
encryption algorithms decryption algorithms key generation algorithms; A cryptosystem is a collection of algorithms needed to operate an encryption service. This involves generating encryption keys, as well as encryption and decryption operations.
True or false: The same plaintext encrypted using the same algorithm and same encryption key would result in different ciphertext outputs.
false; If the plaintext, algorithm, and key are all the same, the resulting ciphertext would also be the same.
True or false: The smaller the encryption key is, the more secure the encrypted data is.
false; The reverse is true. The larger the key, the more secure the encrypted data will be.
If two different files result in the same hash, this is referred to as a ________.
hash collision; A hash collision is when two different inputs yield the same hash.
How is hashing different from encryption?
hash operations are one-directional; Hash functions, by definition, are one-way, meaning that it's not possible to take a hash and recover the input that generated the hash. Encryption, on the other hand, is two-directional, since data can be both encrypted and decrypted.
When authenticating a user's password, the password supplied by the user is authenticated by comparing the ____ of the password with the one stored on the system.
hash;Passwords are verified by hashing and comparing hashes. This is to avoid storing plaintext passwords.
Using an asymmetric cryptosystem provides which of the following benefits? Check all that apply.
non-repudiation authenticity confidentiality; Confidentiality is provided by the encryption, authenticity is achieved through the use of digital signatures, and non-repudiation is also provided by digitally signing data.
To create a public key signature, you would use the ______ key.
private; The private key is used to sign data. This allows a third party to verify the signature using the public key, ensuring that the signature came from someone in possession of the private key.
What are the two components of an asymmetric encryption system, necessary for encryption and decryption operations? Check all that apply.
public key private key; In asymmetric encryption systems, there's a private key used for encryption, and a public key used for decryption.
What information does a digital certificate contain? Check all that apply.
public key data Digital signature identifying information of the certificate owner; A digital certificate contains the public key information, along with a digital signature from a CA. It also includes information about the certificate, like the entity that the certificate was issued to.
If a rainbow table is used instead of brute-forcing hashes, what is the resource trade-off?
rainbow tables use less computational resources and more storage space; Instead of computing every hash, a rainbow table is a precomputed table of hashes and text. Using a rainbow table to lookup a hash requires a lot less computing power, but a lot more storage space.
What are some of the functions that a Trusted Platform Module can perform? Check all that apply.
remote attestation data binding and sealing; A TPM can be used for remote attestation, ensuring that a host is a known good state and hasn't been modified or tampered (from a hardware and a software perspective). TPMs can also seal and bind data to them, encrypting data against the TPM. This also allows it to be decrypted by the TPM, only if the machine is in a good and trusted state.
Studying how often letters and pairs of letters occur in a language is referred to as _______.
Frequency analysis; Frequency analysis involves studying how often letters occur, and looking for similarities in ciphertext to uncover possible plaintext mappings.
What's a common application for asymmetric algorithms?
Secure key exchange; Asymmetric encryption schemes are perfect for securely exchanging small amounts of data over untrusted networks by exchanging public keys that are used for encrypting data.
What's a hash collision?
When two different files generate the same hash digest; If two different files result in the same hash, this is referred to as a hash collision. Hash collisions aren't awesome, as this would allow an attacker to create a fake file that would pass hash verification.
The practice of hiding messages instead of encoding them is referred to as ______.
Steganography; Steganography involves hiding messages from discovery instead of encoding them.
What's the difference between a stream cipher and a block cipher?
Stream ciphers encrypt data as a continuous stream, while block ciphers operate on chunks of data; A stream cipher takes data in as a continuous stream, and outputs the ciphertext as a continuous stream, too. A block cipher encrypts the data in chunks, or blocks.
How is a Message Integrity Check (MIC) different from a Message Authentication Code (MAC)?
a MIC only hashes the message, while a MAC incorporates a secret key; A MIC can be thought of as just a checksum or hash digest of a message, while a MAC uses a shared secret to generate the checksum. This also makes it authenticated, since the other party must also have the same shared secret, preventing a third party from forging the checksum data.
In a PKI system, what entity is responsible for issuing, storing, and signing certificates?
certificate authority; The certificate authority is the entity that signs, issues, and stores certificates.
Plaintext is the original message, while _____ is the encrypted message.
cipher text; Once the original message is encrypted, the result is referred to as ciphertext.
Which of the following do asymmetric cryptosystems provide? Check all that apply.
confidentiality authenticity non-repudiation; Confidentiality is provided by the encryption and decryption functionality, while authenticity and non-repudiation are ensured by the signing and verification processes.
How can you defend against brute-force password attacks? Check all that apply.
run passwords through the hashing function multiple times incorporate salts into password hashing enforce the use of strong passwords; A brute-force password attack involves guessing the password. So, having complex and long passwords will make this task much harder and will require more time and resources for the attacker to succeed. Incorporating salts into password hashes will protect against rainbow table attacks, and running passwords through the hashing algorithm lots of times also raises the bar for an attacker, requiring more resources for each password guess.
ROT13 and a Caesar cipher are examples of _______.
substitution ciphers; These are both examples of substitution ciphers, since they substitute letters for other letters in the alphabet.
Which type of encryption does SSL/TLS use?
symmetric and asymmetric encryption; SSL/TLS use asymmetric algorithms to securely exchange information used to derive a symmetric encryption key.
DES, RC4, and AES are examples of ______ encryption algorithms.
symmetric; DES, RC4, and AES are all symmetric encryption algorithms.
What is steganography?
the practice of hiding messages; Steganography involves hiding messages, but not encoding them.
What makes an encryption algorithm symmetric?
the same keys used for encryption and decryption; The symmetry of a symmetric algorithm refers to one key being used for both encryption and decryption.
What advantages do asymmetric algorithms have over symmetric ones?
they allow secure communication over insecure channels; By exchanging public keys for encrypting data, asymmetric encryption securely exchanges information over untrusted channels.