Notes from other Students

Give 4 aspects of WPA-Enterprise.

1) Also referred to as WPA-802.1x mode 2)Designed for enterprise networks 3)Requires a RADIUS authentication server 4) An Extensible Authentication Protocol (EAP) is used for authentication

What are 4 aspects of Yarrow, even though it is no longer recommended for use.

1) An entropy accumulator that collects semi-random samples from various sources and accumulates them in two pools. 2) It generates PRNG outputs. 3) It reseeds the key periodically with new entries from the entropy pools. 4) It determines when reseeding should occur.

Give 4 examples of Mono-Alphabet substitution.

1) Caesar Cipher 2) Atbash Cipher 3) Affine Cipher 4) Rot13 Cipher

Give 3 examples of poly-alphabetic substitution.

1) Cipher Disk 2) Vigenère Cipher 3) Enigma Machine

How big is the key used for TKIP with Wi-Fi protected access?

A 128-bit per-packet key is used, and it dynamically generates a new key for each packet.

What is the most difficult type of attack?

A cypher-text only attack because the attacker has the least amount of information.

What is a Distinguishing attack?

A distinguishing attack is any nontrivial method that detects a difference between the ideal encryption scheme and the actual encryption scheme.

How does a Certificate Chain work?

A regional office can certify local office keys. The certificate on the regional office's key consists of two signed messages: the central CA's delegation message that authorizes the regional office's key, and the regional office's certification of the local office's key.

What is the K2 BSI classification?

A sequence of numbers which is indistinguishable from 'true random' numbers according to specified statistical tests

What is the K1 BSI classification?

A sequence of random numbers with a low probability of containing identical consecutive elements

What is Cipher Feedback, or CFB?

A symmetric algorithm where the previous ciphertext block is encrypted, then the ciphertext is XORed back with the plaintext to produce the current ciphertext. It is a block cipher in contrast to the cipher block chaining (CBC) mode, which encrypts a set number of bits of plaintext at a time It is at times desirable to encrypt and transfer some plaintext values instantly one at a time, for which ciphertext feedback is a method.

What is Kerberos?

A widely used key management system that is based on the Needham-Schroeder protocol.

What is a Birthday attack?

An attack that depends on the fact that duplicate values, also called collisions, appear much faster than you would expect. In general, if an element can take on N different values, then you can expect the first collision after choosing about N random elements.

How much security should a modern system provide?

At least a 128-bit security level. That means that any attack will require at least 2 to the 128th power steps. If successful, it will quite likely still be in operation 30 years from now, and should provide at least 20 years of confidentiality for the data after the point at which it was last used.

What is the difference between a block cipher and block cipher mode?

Block ciphers encrypt only fixed-size blocks. If you want to encrypt something that isn't exactly one block long, you have to use a block cipher mode.

What happens during a Chosen Cipher-text attack?

Both the plaintext values and cipher-text values are chosen. For every plaintext that you choose, you get the corresponding cipher-text, and for any cipher-text you choose, you get the corresponding plaintext.

What is Counter, or CTR?

CTR is used to turn a block cipher into a stream cipher. CTR generates the keystream block by encrypting successive values of a counter.

How secure are 160-bit hash functions?

Collisions against any 160-bit hash function can be generated in only 2 to the 80th power steps, well below the security level of modern block ciphers with key sizes from 128 to 256 bits.

What does CrypTool do?

CrypTool allows you to enter in any text, choose the historic algorithm you wish to use, then encrypt that text in a matter of seconds.

How does someone verify their public key with a Certificate Authority?

Each user takes his public key to the CA and identifies himself to the CA. Certificate requests are signed by the private key of the user himself, otherwise the wrong public key may be signed by the CA. The CA then signs the user's public key using a digital signature. The signed message, or certificate, states: "I, the CA, have verified that Bob's public key belongs to Bob."

What are Null ciphers?

Essentially the message is hidden in unrelated text.

Describe the Caesar Cipher.

Every letter is shifted a fixed number of spaces to the left or the right in the alphabet.

What size primes should be used for modern cryptography?

For public-key cryptography, the primes we want to generate are 2000 to 4000 bits long.

Give an example of a modulo calculation.

If you take 25 modulo 7 you divide 25 by 7, which gives us a quotient of 3 with a remainder of 4. The remainder is the answer, so (25mod7)=4.

What is one of the great advantages of RSA?

It can be used for both encrypting messages and signing messages.

What is the K4 BSI classification?

It should be impossible for an attacker to calculate or guess from an inner state of the generator any previous numbers in the sequence or any previous inner generator state

What is the K3 BSI classification?

It should be impossible for any attacker to calculate or otherwise guess from any given sub-sequence any previous or future values in the sequence

What is Output Feedback Mode, or OFB?

OFB is different in that the message itself is never used as an input to the block cipher. Instead, the block cipher is used to generate a pseudorandom stream of bytes called the key stream, which in turn is XORed with the plaintext to generate the ciphertext. OFB is a stream cipher.

What is a secure block cipher?

One for which no attack exists.

What is Homophobic substitution?

One of the earlier attempts to make substitution ciphers more robust by masking the letter frequencies. Plain text letters map to more than one cipher text symbol.

Which SHA functions are most secure?

One of the newer SHA hash function such as SHA-224, SHA-256, SHA-384, or SHA-512. NIST has not yet officially chosen the SHA-3 contender that will be used in the future.

What is the security protocol used by Web browsers to connect securely to Web servers?

SSL.

Describe a Chosen Plaintext attack.

Select specially prepared plain-texts, chosen to make it easy to attack a system. You can choose any number of plain-texts and then get the corresponding cipher-texts.

What are Serpent and TwoFish?

Serpent is a considerably slower, but very much more secure version of AES-type block cipher. Twofish is faster than Serpent, but not quite as secure.

What does Diffie-Hellman deal with?

Shared secret key exchange over insecure channels.

What is Salt?

Simply a random number that is stored alongside the data that was encrypted with the password. It should be 256 bits long.

How many bits are used by the NSA's Skipjack?

Skipjack uses an 80-bit key to encrypt or decrypt 64-bit data blocks. It is an unbalanced Feistel network with 32 rounds.

What does Euclid's Theorem 3 suggest?

That there are an infinite number of primes.

What does the Chinese Remainder Theorem state?

The Chinese Remainder Theorem states that you can compute the inverse function.

What is BSI?

The German Federal Office for Information Security.

What is a top level Certificate Authority called?

The Root.

How does XOR work?

The XOR operator outputs a 1 whenever the inputs do NOT match.

Why is a known-plaintext attack is more powerful than a cipher-text-only attack?

The attacker gets more information than in the cipher-text-only attack.

What is Cipher Block Chaining, or CBC?

The cipher block chaining (CBC) mode is one of the most widely used block cipher modes. The problems of ECB are avoided by XORing each plaintext block with the previous ciphertext block.

What is a Cipher disk?

The cipher disk, like Scytale, is a physical device used to encrypt. The cipher disk was invented by Leon Alberti in 1466.

What are Meet in the Middle attacks?

The cousins of birthday attacks, together called collision attacks. Instead of waiting for a key to repeat, you build a table of keys that you have chosen yourself and then eavesdrop on transactions waiting for those keys to be used.

What is the I V?

The initialization vector used to start cipher block chaining or a stream cipher. The most secure I V is done by encrypting a nonce.

What was an Enigma machine?

The machine was designed so that when the operator pressed a key the encrypted cipher text for that plain text was different each time.

What is an Electronic Codebook, or ECB?

The most basic encryption mode is the electronic codebook, or ECB, mode. The message is divided into blocks and each block is encrypted separately. The problem is that if you submit the same plaintext more than once, you always get the same ciphertext.

What is the Rabin-Miller primality test?

The purpose of the test is to determine whether an odd integer is prime. Almost all composite numbers are rejected by the very first Rabin-Miller test that you do.

How is someone's signature verified when they send a signed message to someone else?

The receiver uses the sender's public key to verify their signature.

What is Cryptography?

The science of altering communication so that it cannot be understood without having the key.

What are book ciphers?

The simplest implementation is to send coordinates for words. So, for example, 3, 3, 10 means to go to page 3, line 3, and the 10th word.

What is a Nonce?

The term is a contraction of "number used once." The critical property of a nonce is that it is unique.

Which key is used to encrypt a message to another person?

Their public key. They then use their private key to decrypt it.

What is the function of cryptographic protocols?

To minimize the amount of trust required.

Describe WPA2.

WPA2 is based on the IEEE 802.11i standard. It is the only wireless encryption protocol that fully implements 802.11i. It uses the the Counter Mode-Cipher Block Chaining (CBC)-Message Authentication Code (MAC) Protocol (CCMP) that provides data confidentiality, data origin authentication, and data integrity for wireless frames.

What are Side Channel attacks?

When an attacker has additional channel information about a system. For example, an attacker could make measurements of the time it takes to encrypt a message. That timing information could allow an attacker to infer private information about the message itself or the underlying encryption key. An attacker could also measure how much current a CAC draws over time. Magnetic fields, RF emissions, power consumption, timing, and interference on other data channels can all be used for side-channel attacks.

What is a Chosen Key attack?

When an attacker specifies some part of a key, and then performs a related-key attack on the rest of the key.

What is a Replay attack?

When the attacker records a message and then later resends that same message.

What is a Rail Fence cipher?

You take the message you want to encrypt and alter each letter on a different row.

How does the AND function work?

Zero and Zero is zero. One and One is one.