PoIS Chapter 8 (Discussion)
Which kind of an attack on cryptosystems involves using a collection of pre-identified terms? Which kind of attack involves sequential guessing of all possible key combinations?
> Uses pre-identified terms: Dictionary attack> All possible key combinations: Brute force attack
What is a cryptographic key, and what is it used for? What is a more formal name for a cryptographic key?
A cryptographic key is a series of characters or bit injected into the algorithm along with the original message to create the encrypted message (451). Cryptographic keys allow only those with the key to decrypt the message back plaintext. This key is also referred to as a cryptovariable. This information is usually used in conjunction with the algorithm to create the ciphertext from the plaintext (454).
What critical issue in symmetric and asymmetric encryption is resolved by using a hybrid method like Diffie-Hellman?
A hybrid system can be used without the need for out-of-band key exchange.
What does it mean to be "out of band"? Why is it important to exchange keys out of band in symmetric encryption?
An out-of-band channel is a channel of communication that does not carry the ciphertext. Key exchange must either be done out of band or using a secured method so that the key is not intercepted and used to read the secret message.
What is the fundamental difference between symmetric and asymmetric encryption?
Asymmetric encryption is also known as public-key encryption. It uses two different keys to encrypt messages: the public key and the private key. Symmetric encryption is different because it uses only one key to encrypt and decrypt messages. Symmetric encryption is much faster for the computer to process, but it raises the costs of key management.In symmetric encryption, also called private key encryption, the same key is used both to encrypt and decrypt the message. Both the sender and receiver must own encryption of the key. The problem with symmetric encryption is getting a copy of the key to the sender.Asymmetric encryption uses two different keys. Either key may encrypt or decrypt the message, but one key must be used for encryption only and the other must be used for decryption only. The technique has the greatest value when one key is used as a private key and the other is used as a public key. The public key is stored in a public location where anyone can use it. The problem with asymmetric encryption is that it requires four keys to hold a single conversation between two parties.Due to the number of keys involved in asymmetric encryption, it is not as efficient as symmetric encryption in terms of CPU computations and key management.
What is cryptography and cryptanalysis?
Cryptography and cryptanalysis are two things that encompass Cryptology. Cryptography is the act of making and using codes to secure messages. Cryptanalysis is the act of breaking or cracking encrypted messages back to their original forms.
What is the difference between a digital signature and a digital certificate?
Digital signatures authenticate the origin of a message. This means that it can verify that the message comes from where it claims. Digital certificates are documents attached to a file that contains an encryption key. Digital certificates authenticate the cryptographic key that is embedded in the certificate or document to verify the authenticity of the document.
What are the three basic operations in cryptography?
Encrypting, decrypting, and hashing are the three basic operations in cryptography.
What is a hash function, and what can it be used for?
Hash functions are Mathematical algorithms that generate a message summary or digest to confirm a message identity and integrity. Hash functions are uses to show that a message content had not been changed. Hash functions are critical for e-commerce .
What is the typical key size of a strong encryption system used on the Web today?
Key size: WPA used 128-bit keys, and NextGen Wireless Protocols such as RNS uses up to 256
How does Public-key Infrastructure add value to an organization seeking to use cryptography to protect information assets?
PKI makes the use of cryptographic systems more convenient and cost-effective.
What are the components of PKI?
PKI, aka Public Key Infrastructure, is a public-key based cryptosystem that functions off of the usage of digital certificates and certificate authorities. Its components include: Certificate Authorities (CA) - An entity or application that issues, manages, authenticates, signs, an revokes user's digital certificates Registration Authority (RA) - An entity of application that handles certification functions such as verifying registration information, generating end-user keys, revoking certificates, and validating user certificates alongside the CA Certificate Directories - Central locations for certificate storage that provide a single access point for administration and distribution Management Protocols - Practices and procedures that coordinate the functionality and communication between CAs, RAs, and end users. Policies and Procedures - written guidelines that assist the organization in the technical and legal aspects of certificate usage.
Which security protocols are used to protect email?
S/MIME, PEM, and PGP Mail applications use Secure/Multipurpose Internet Mail Extension (S/MIME) certificates for signing and encrypting e-mail (479). This is a type of digital certificate. S/MIME - security protocol that builds on the encoding format of the multipurpose internet mail extension (MIME) protocol and uses digital signatures based on public-key cryptosystems to secure e-mail . Privacy-Enhanced Mail (PEM)- a standard that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures Pretty Good Privacy (PGP) - uses the IDEA cipher for message encoding as well as RSA for symmetric key exchange and digital signatures
What are the most popular encryption systems used over the Web?
SET, SSL, S-HTTP, Secure Shell (SSH-2), and IP Security (IPSec)
Which security protocols are predominantly used in web-based e-commerce?
Secure Sockets Layer (SSL) Secure Electronic Transactions (SET) Secure Shell (SSH-2) IP Security (IPSec)
What is steganography, and what can it be used for?
Steganography is a process used to hide messages within digital encoding of pictures and graphics. It is a concern for security professionals because hidden messages can contain sensitive information that needs to be protected.
What encryption standard is currently recommended by NIST?
The current standard set by NIST is AES (Advanced Encryption Standard, based off the Rijndael Algorithm), announced November 26, 2001 in the Federal Information Processing Standards (FIPS) Publication 197. The algorithm itself is a symmetric block cipher that can be used for encryption or decryption, and is capable of using keys of 128, 192, and 256 bits to encrypt/decrypt data into blocks of 128 bits.
What was the earliest reason for the use of cryptography?
The earliest use of cryptography was in 1900 bc when Egyptians used hieroglyphs when they inscribed tablets. Their work has been extensively uncovered and documents as well as transcribed to study a lot of the aspects of their lives.
IPSec can be implemented using two modes of operation. What are they and why?
Transport:IPSec provides encryption protection for just the payload and leaves the original message header intact. Tunnel: PSec provides encryption protection for both the payload and message header by encapsulating the entire original LAN protocol packet and adding its own temporary IPSec header.Should be use when you're connecting over an untrusted network.
If you were setting up an encryption-based network, what key size would you choose and why?
a key size of 256, particularly the SHA-256 algorithm. From a security perspective, this 256 bit hash function is just as secure as the 512 bit key. This is due to the fact that both would take an astronomical amount of time to brute-force. The 256-bit encryption alone could take more than 4 sextillion years according to the book.