CEH Cryptography

What 3 operations does *Threefish* involve?

1. Addition 2. Rotation 3. XOR

What 2 *mobile hash calculators* does the material recommend?

1. Hash Tools 2. HashDroid

What 2 *MD5 and MD6 hash calculators* does the material recommend?

1. MD5 Calculator 2. HashMyFiles

What two things can provide non-repudiation of email communications?

1. S/MIME 2. PGP

What 4 *disk encryption tools* does the material recommend?

1. VeraCrypt 2. Symantec Drive encryption 3. BitLocker Drive Encryption 4. FileVault

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 2?

1024

What is the size in bits of the digests produced by MD5?

128 bits

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 5?

1536

What is the key size of the Software Encryption Algorithm (SEAL)?

160 bits

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 14?

2048

Which of the following is optimized for confidential communications, such as bidirectional voice and video? 1. RC5 2. MD4 3. RC4 4. MD5

3. RC4

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 15?

3072

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 16?

4096

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 17?

6144

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 1?

768

What is the modulus size in bits used to generate the session key in Diffie-Hellman (DH) group 18?

8192

What is *GNU Privacy Guard (GPG)*?

A software replacement PGP and free implementation of OpenPGP standard

What is an attack where an attacker selects a series of ciphertexts and then observes the resulting plaintext blocks?

Adaptive chosen-ciphertext attack

What is an attack where an attacker makes a series of interactive queries, choosing subsequent plaintexts based on the information from the previous encryptions?

Adaptive chosen-plaintext attack

What type of hardware/software is susceptible to a *DUHK attack*?

Any hardware/software using an ANSI X9.31 random number generator (RNG)

Does PGP utilize symmetric or asymmetric encryption?

Asymmetric

What tool helps users compress, encrypt, and convert plaintext data into ciphertext using symmetric and public-key algorithms?

BCTextEncoder

What is an attack where an attacker attempts to find two passwords with matching hashes?

Birthday attack

Which component of public key infrastructure (PKI) issues and verifies digital certificates?

Certificate Authority (CA)

Which component of public key infrastructure (PKI) generates, distributes, stores, and verifies certificates?

Certificate Management System

What is an attack where an attacker usually breaks an n-bit key cipher into 2^(n/2) operations?

Chosen key attack

What is an attack where an attacker obtains plaintexts corresponding to an *arbitrary set* of ciphertexts of their own choosing?

Chosen-ciphertext attack

Which attack is most effective against public-key cryptography?

Chosen-ciphertext attack

What is an attack where an attacker defines their own plaintext, feeds it into the cipher, and analyzes the resulting cipher text?

Chosen-plaintext attack

What is an attack where an attacker has access to the cipher text?The goal of this attack is to recover the encryption key from the ciphertext.

Ciphertext only attack

What hash property ensures that a hash function will not produce the same hashed value for two different messages?

Collision resistance

What *cryptanalysis tool* does the material recommend?

CrypTool

What is an attack on a cross-protocol weakness on servers that support recent SSLv2 protocol suites? Used in online man-in-the-middle attacks.

DROWN attack

Name the cryptanalysis technique described below. 1. Generally applicable to symmetric key algorithms 2. Examines the differences in an input and how that affects the resultant difference in the output

Differential cryptanalysis

Which cryptanalysis technique works in both known plaintext and ciphertext only attacks?

Differential cryptanalysis

What is the cryptographic protocol that allows two parties to establish a shared key over an insecure channel?

Diffie-Hellman

Which component of public key infrastructure (PKI) establishes people's credentials in online transactions?

Digital certificates

What cryptographic algorithm has been proposed as a replacement for the RSA algorithm to minimize the key size?

ECC

Which component of public key infrastructure (PKI) requests, manages, and uses certificates?

End User

What key pair is created when a TPM is manufactured and is permanent?

Endorsement key pair

What is the study of the frequencies of letters or groups of letters in a ciphertext, based on the fact that in any given stretch of written language, certain letters and combinations of letters occur with varying frequencies?

Frequency analysis

What is *GAK*?

Government Access to Keys

What is a type of message authentication code that combines a cryptographic key with a cryptographic hash function to verify the integrity of the data and authentication of a message?

HMAC

Which of the following hardware encryption devices is an additional external security device used in a system for crypto-processing and can be used for managing, generating, and securely storing cryptographic keys?

HSM

What is an encryption technique where math operations are performed to encrypt plaintext, allowing users to secure and leave their data in an encrypted format even while the data are being processed or manipulated?

Homomorphic encryption

Name the cryptanalysis technique described below. For block size b, hold (b - k) bits constant and run the other k bits through all 2^k possibilities

Integral cryptanalysis

Which cryptanalysis technique is useful against block ciphers based on substitution and permutation networks?

Integral cryptanalysis

What e-learning software allows comprehensive cryptographic experimentation on Linux, Mac OS X, and Windows and also allows users to develop and extend its platform in various ways with their own crypto plug-ins?

JCrypTool (JCT)

What is a component of public key infrastructure (PKI) where a copy of a private key is stored to *provide third-party access*?

Key escrow

What are the key size, block size, and number of rounds for *RC5*?

Key size: 0 to 2040 bits Block size: 32, 64, or 128 Number of rounds: 0 to 255

What are the key size, block size, and number of rounds for *Tiny Encryption Algorithm (TEA)*?

Key size: 128 Block size: 64 Number of rounds: 64

What are the key size, block size and number of rounds for *IDEA*?

Key size: 128 Block size: 64 Number of rounds: 8.5

What are the key size, block size, and number of rounds for *AES*?

Key size: 128, 192, 256 Block size: 128 Number of rounds: 10, 12, or 14 respectively

What are the key size, block size, and number of rounds for *Camellia*?

Key size: 128, 192, or 256 Block size: 128 Number of rounds: 18 or 24

What are the key size, block size, and number of rounds for *Serpent*?

Key size: 128, 192, or 256 Block size: 128 Number of rounds: 32

What are the key size, block size, and number of rounds for *Twofish*?

Key size: 128, 192, or 256 bits Block size: 128 bits Number of rounds: 16

What are the key size, block size, and number of rounds for *RC6*?

Key size: 128, 192, or 256 bits Block size: 128 bits Number of rounds: 20

What are the key size, block size, and number of rounds for *GOST / Magma*?

Key size: 256 Block size: 64 Number of rounds: 32

What are the key size, block size, and number of rounds for *Threefish*?

Key size: 256, 512, or 1024 respectively Block size: 256, 512, or 1024 respectively Number of rounds, 72, 72, or 80 respectively

What are the key size, block size and number of rounds for *Blowfish*?

Key size: 32-448 bits Block size: 64 bits Number of rounds: 16

What are the key size, block size, and number of rounds for *CAST-128*?

Key size: 40 to 128 bits (in 8 bit increments) Block size: 64 Number of rounds: 12 or 16

What are the key size, block size, and number of rounds for *DES*?

Key size: 56 bits Block size: 64 bits Number of rounds: 16

What is the process of strengthening a key that might be slightly too weak, usually by making it longer?

Key stretching

What is an attack where an attacker has knowledge of *some part of the plaintext*, using this information, the key used to generate ciphertext is deduced to decipher other messages?

Known-plaintext attack

What protocol provides the tunnel by which IP packets encapsulated in UDP packets can travel in a VPN connection but requires an encryption protocol (like IPSec) to secure the data being transferred?

Layer 2 Tunneling Protocol (L2TP)

Name the cryptanalysis technique described below. 1. Commonly used against block ciphers 2. Uses linear approximation to describe the behavior of the block cipher 3. Given sufficient pairs of plaintext and corresponding ciphertext, bits of information about the key can be obtained 4. Based on finding affine approximations to the action of the cipher

Linear cryptanalysis

What cryptanalysis technique is also known as a *known plaintext attack*?

Linear cryptanalysis

In what attack does an attacker reduce the number of brute-force permutations required to decode text encrypted by more than one key and use the space-time trade-off?

Meet-in-the-middle attack

What *cryptography toolkit* does the material recommend?

OpenSSL

What is an attack where an attacker exploits the padding validation of an encrypted message to decipher the ciphertext?

Padding oracle / Vaudenay attack

What protocol is used for data transferring across IP-based VPNs, but requires other protocols for the security of the data being transferred?

Point-to-Point Tunneling Protocol

What is the variable key size symmetric key stream cipher with byte-oriented operations and is based on the use of a random permutation?

RC4

What *email encryption tool* does the material recommend?

RMail

What is a *public-key* cryptosystem for Internet encryption and authentication that uses modular arithmetic and elementary number theory to perform computations using two large prime numbers?

RSA

What is used to provide a copy of an encryption key in the event that the original is lost?

Recovery agent

Which component of public key infrastructure (PKI) acts as the verifier of the applicant on behalf of the Certificate Authority (CA)?

Registration Authority (RA)

What is an attack where an attacker can obtain ciphertexts encrypted under *two different keys*? This attack is useful if the attacker can obtain the plaintext and matching ciphertext.

Related-key attack

What is the extraction of cryptographic secrets (e.g., the password to an encrypted file) from a person by *coercion or torture*?

Rubber hose attack

What algorithm provides better protection against brute force attacks by using a 160-bit message digest?

SHA-1

What hashing algorithm produces a 160-bit digest from a message with a maximum length of (264 - 1) bits, and it resembles the MD5 algorithm?

SHA-1

What is a family of two similar hash functions with different block sizes?

SHA-2 (generally SHA-256 and SHA-512)

What encryption algorithm uses a sponge construction where message blocks are XORed into the initial bits of the state that the algorithm then invertibly permutes?

SHA-3

What key is created when a user takes ownership of a TPM and can be cleared and changed by the user?

Storage root key

What is the protocol allows a client and server to authenticate each other, select an encryption algorithm, and exchange a symmetric key prior to data exchange?

TLS handshake protocol

What type of hardware encryption devices is a crypto-processor or chip present in the motherboard that can securely store encryption keys and perform many cryptographic operations?

TPM

What is the role of the *root Certificate Authority (CA)*?

The root CA is the trusted root that issues certificates

The strength of the session key used in the Diffie-Hellman key exchange process is determined by what?

The size of the modulus used to generate the session key

What is an an attack based on repeatedly measuring the exact execution times of modular exponentation operations?

Timing attack

Which component of public key infrastructure (PKI) stores certificates (with their public keys)?

Validation Authority (VA)

What is a public-key-based authenticated key exchange protocol?

YAK