Ch12
What type of system converts between plaintext and ciphertext?
cryptosystem
When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?
dictionary
Which of the following is a function that takes a variable-length string or message and produces a fixed-length message digest?
hashing algorithm
Which of the following is a range of allowable values that is used to generate an encryption key?
keyspace
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
known plaintext
Which type of symmetric algorithm operates on plaintext one bit at a time?
stream ciphers
What type of cryptography is demonstrated by reversing the alphabet so A becomes Z, B becomes Y, and so on?
substitution cipher
Brute-Force Attack
A brute force attack can be used to guess passwords by trying every possible combination of letters.
Dictionary Attack
A dictionary attack is after attackers have access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file.
Man-in-the-Middle Attack
A man-in-the-middle attack is where attacks place themselves between the victim computer and another host computer. In the next Practice Activity, you walk through conducting a man-in-the-middle attack.
Replay Attack
A replay attack is a type of attack where the attacker captures data and attempts to resubmit the captured data, so that the device thinks a legitimate connection is in effect.
Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is validated strong enough to protect classified data?
AES-256
SSL/TLS Downgrade Attack
An attacker who intercepts the initial communications between a Web server and a Web browser can force a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher. The fix for this issue is to make sure all ciphers allowed by a server are secure.
Which of the following is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking?
EXPECT
Symmetric algorithms use two keys that are mathematically related.
False
What application is considered the original password-cracking program and is now used by many government agencies to test for password strength?
L0phtcrack
Cracking passwords is illegal in the United States. The general steps for cracking passwords are:
Obtain the password file from the system Perform a dictionary attack on the file using automated password cracking programs The following are several password cracking programs: Hashcat John the Ripper Ophcrack EXPECT L0phtcrack Pwdump7
Asymmetric algorithms are more scalable than symmetric algorithms.
True
ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones.
True
What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?
brute force
In what type of attack does the attacker need access to the cryptosystem, and the ciphertext to be decrypted to yield the desired plaintext results?
chosen-ciphertext
Birthday Attack
Birthday attacks can be used to find a mathematical weakness in hashing algorithms.
Which of the following refers to verifying the sender or receiver (or both) is who they claim to be?
Authentication
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?
RSA
Mathematical Attacks
The categories of mathematical attacks are: Ciphertext-only attack Known plaintext attack Chosen-plaintext attack Chosen-ciphertext attack Side-channel attack
