Chapter 12: Cryptography
When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing?
dictionary
Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is validated strong enough to protect classified data?
AES-256
A digital document that verifies the two parties exchanging data over the internet are really who they claim to be
Certificate
What type of attack is being performed when the attacker has access to plaintext and ciphertext, and choose which messages to encrypt?
Chosen-plaintext
Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted text called which of the following?
Ciphertext
In what type of attack does the attacker have the ciphertext of serveral messages that were encrypted with the same encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data?
Ciphertext-only
If a security expert decides to study the process of breaking encryption algorithms, they are performing which of the following?
Cryptanalysis
What type of system converts between plaintext and ciphertext?
Cryptosystem
Encryption algorithm used for the Data Encryption Standard
DEA
Which of the following is the process of converting ciphertext back into plaintext?
Decryption
What encryption algorithm is efficient requiring few resources, and is based on complex algebra and calculations on curves?
ECC
Which of the following is a scripting language for Windows and Linux that performs repetitive tasks, such as password cracking?
EXPECT
Which of the following is a mathematical function or program that works with a key?
Encryption algorithm
AES uses a 128-bit key and is used in PGP encryption software
False
Symmetric algorithms use two keys that are mathematically related
False
Used for verification, takes a variable-length input and converts it to a fixed-length output string
Hashing algorithm
Which of the following is a function that takes a variable-length string or message and produces a fixed-length message digest?
Hashing algorithm
A sequence of random bits generated from a range of allowable values
Key
Which of the following is a range of allowable values that is used to generate an encryption key?
Keyspace
What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms?
Known plaintext
What application is considered the original password-cracking program and is now used by many government agencies to test fot password strength?
L0phtcrack
Which function ensures that a sender and receiver cannot deny sending or receiving a specific message?
Nonrepudiation
Operate on plaintext one bit at a time
Stream cipher
Which type of symmetric algorithm operates on plaintext one bit at a time?
Stream ciphers
What type of cryptography is demonstrated by reversing the alphebet so A becomes Z, B becomes Y, and so on?
Substitution cipher
Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm?
Symmetric
Asymmetric algorithms are more scalable than symmetric algorithms
True
ECC is an efficient algorithm requiring few hardware resources, so it's a perfect candidate for wireless devices and cell phones
True
Symmetric algorithms support confidentiality, but not authentication and non repudiation
True
A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate?
X.509
Uses two keys: one to encrypt data and one to decrypt data
asymmetric algorithm
In what type of attack does the attacker need access to the cryptosystem, and the ciphertext to be decrypted to yield the desired plaintext results?
chosen-ciphertext
Used to find the same hash value for two different inputs and reveal any mathematical weaknesses in a hashing algorithm
Birthday attacks
What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters?
Brute force
Which of the following refers to verifying the sender or receiver (or both) is who they claim to be?
Authentication
A structure consisting of programs, protocols, and security policies for encrypting data and uses public key cryptography
PKI
What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce?
RSA
What type of attack is being performed when an attacker intercepts the initial communications between a web server and a web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used to a weaker cipher?
SSL/TLS downgrade attack
The use of random data alongside plaintext as an intput to a hashing function so that the output is unique
Salt
Uses a single key to encrypt and decrypt data
Symmetric algorithm
