Chapter 7
True or False? A product cipher is an encryption algorithm that has no corresponding decryption algorithm. True False
False A product cipher is a combination of multiple ciphers. One-way algorithms, or hashing functions, have no corresponding decryption algorithm.
True or False? In a known-plaintext attack (KPA), the cryptanalyst has access only to a segment of encrypted data and has no choice as to what that data might be. True False
False In a ciphertext-only attack (COA), the cryptanalyst has access to only a segment of encrypted data. In a KPA, the cryptanalyst possesses certain pieces of information before and after encryption.
Bob is sending a message to Alice. He wants to ensure that nobody tampers with the message while it is in transit. What goal of cryptography is Bob attempting to achieve? Confidentiality Authentication Nonrepudiation Integrity
Integrity Integrity ensures that no one, not even the sender, changes information after transmitting it. If a message does not decrypt properly, someone or something probably changed the ciphertext in transit.
True or False? A salt value is a set of random characters you can combine with an input key to create an encryption key. True False
True
True or False? An algorithm is a repeatable process that produces the same result when it receives the same input. True False
True
True or False? Digital signatures require asymmetric key cryptography. True False
True
True or False? Elliptic curve cryptography (ECC) relies on algebraic structures of elliptic curves over finite fields. True False
True
True or False? In cryptography, a keyspace is the number of possible keys to a cipher. True False
True
True or False? Transport Layer Security (TLS) is an example of a transport encryption protocol. True False
True
True or False? Whereas a cipher performs a particular task, a key gives the specific directions for how to do it. True False
True
True or False? You can break a cipher by analyzing the ciphertext to find the plaintext or key or by analyzing the ciphertext and its associated plaintext to find the key. True False
True
True or False? A private key cipher is also called an asymmetric key cipher. True False
False Private key ciphers are also called symmetric key ciphers.
True or False? The U.S. government currently has no standard for creating cryptographic keys for classified applications. True False
False The U.S. government currently has no standard for creating cryptographic keys for unclassified applications.
True or False? You must always use the same algorithm to encrypt information and decrypt the same information. True False
False The algorithm you use to encrypt information may or may not be the same one you use to decrypt that information. For example, a simple algorithm that adds X to each value to encrypt would have to subtract X from each value to decrypt.
True or False? The term certificate authority (CA) refers to a trusted repository of all public keys. True False
False The key directory is a trusted repository of all public keys. A CA vouches for the validity of a credential.
Some ciphers, regardless of type, rely on the difficulty of solving certain mathematical problems, which is the basis for asymmetric key cryptography. Which of the following is a branch of mathematics that involves multiplicative inverses that these ciphers use? Factoring small numbers Quantum physics Subset sum problems Field theory
Field theory These ciphers use a branch of mathematics known as field theory. A field is any domain of numbers in which every element other than 0 has a multiplicative inverse. For example, all rational numbers form a field; therefore, given x ≠ 0, you can always compute 1/x. Fields do not have to be infinite. Instead of counting to infinity, you can restart counting after reaching a particular value.
Maria receives a ciphertext message from her colleague Wen. What type of function does Maria need to use to read the plaintext message? Encryption Hashing Decryption Validation
Decryption Decryption is the process of unscrambling ciphertext into plaintext. Encryption is the process of scrambling plaintext into ciphertext.
Alice and Bob would like to communicate with each other using a session key, but they do not already have a shared secret key. Which algorithm can they use to exchange a secret key? Diffie-Hellman Blowfish Message digest algorithm (MD5) Rivest-Shamir-Adelman (RSA)
Diffie-Hellman Using the Diffie-Hellman algorithm, the sender and receiver use asymmetric encryption to securely exchange symmetric keys. After the initial key exchange, each party can then use symmetric encryption to encrypt and decrypt data.
Security objectives add value to relationships between businesses or between businesses and their customers. Which objective binds a message or data to a specific entity? Digital signature Nonrepudiation Message authentication Receipt and confirmation
Digital signature
Juan is a wireless security professional. He is selecting a standard for wireless encryption protocols for access points and devices for his agency. For the highest security, which protocol should Juan choose? Wi-Fi Protected Access version 2 (WPA2) Wi-Fi Protected Access (WPA) Wi-Fi Protected Access version 3 (WPA3) Wired Equivalent Privacy (WEP)
Wi-Fi Protected Access version 3 (WPA3) The WEP algorithm is cryptographically insecure and should no longer be used. WPA and its successor WPA2 are both strong, secure wireless encryption protocols. WPA3 is the newest and most secure protocol of the four listed here.
Bob received a message from Alice that contains a digital signature. What cryptographic key does Bob use to verify the digital signature? Bob's private key Bob's public key Alice's public key Alice's private key
Alice's public key The recipient of a digitally signed message uses the sender's public key to verify that the digital signature is authentic. Ahead: Digital Signatures and Hash Functions
Alice would like to send a message to Bob securely and wishes to use asymmetric encryption to encrypt the contents of the message. What key does she use to encrypt this message? Alice's public key Bob's public key Bob's private key Alice's private key
Bob's public key If you were encrypting a message to protect its confidentiality and integrity, you would use the recipient's public key. Only the recipient would be able to decrypt the message using the corresponding private key.
With asymmetric key ciphers, it is computationally infeasible to derive the second algorithm from the first algorithm. True False
True
True or False? Symmetric key ciphers require that both parties first exchange keys to be able to securely communicate. True False
True