Cryptography Part 2
What is XKMS?
XML Key Management Specification Allows easy management of the PKI by abstracting the complexity of managing the PKI from client applications to a trusted third party
What is a hash function?
A mathematical function that converts a numerical input value into another compressed numerical value. The input to the hash function is of arbitrary length but output is always of fixed length. Values returned by a hash function are called message digest or simply hash values.
What is HAVAL*
Unlike MD5, but like most modern cryptographic hash functions, HAVAL can produce hashes of different lengths
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Alice would also like to digitally sign the message that she sends to Bob. What key should she use to create the digital signature?
Alice's private key
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. Which one of the following keys would Bob not possess in this scenario?
Alice's private key
MAC vs HASH
Basically the main difference is MAC uses a private key and hash does not use any keys. Because of that MAC allows us to achieve authentication. HASH FUNCTION: A function that maps a message of any length into a fixed length hash value, which serves as the authenticator.
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. When Bob receives the encrypted message from Alice, what key does he use to decrypt the message?
Bob's private key
Alice and Bob would like to use an asymmetric cryptosystem to communicate with each other. They are located in different parts of the country but have exchanged encryption keys by using digital certificates signed by a mutually trusted certificate authority. If Alice wishes to send Bob an encrypted message, what key does she use to encrypt the message?
Bob's public key
What is the certification authority (CA)?
CA confirms the identities of parties sending and receiving electronic payments or other communications
What are the functional components of a public key infrastructure?
Certification authorities, registration authorities, repositories, and archives
What is the cryptographic goal regarding protecting against the risks posed when a device is lost or stolen?
Confidentiality
What is Secure Hash Algorithm (SHA)*
Developed by NIST based on MD4 Revise version issued as SHA-1 based on MD5, - Considerabily stronger than MD5
Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?
Diffie-Hellman
What is the difference between encryption and hash?
Encryption involves key(s), and "encrypting" something implies you want to have a way to reverse that (decrypt) so that you can retrieve the original information. Hashing is different. Hashing does not involve any secret (e.g., key), and it is one-way (i.e., you cannot retrieve the input message from the hash digest).
What is the difference between encryption and hashing?
Encryption is a two-way function; what is encrypted can be decrypted with the proper key. Hashing, however, is a one-way function that scrambles plain text to produce a unique message digest. With a properly designed algorithm, there is no way to reverse the hashing process to reveal the original password.
What is a cryptanalysis hash attack?
Exploiting logical weakness in algorithm
What are the different types of PKI architectures?
- Single CA - Multiple CA - Peer-to-peer
What is Kerchoff's Law?
-"A cryptosystem should be secure even if everything about the system, except the key, is public knowledge."
What are the primary purposes of the public key infrastructure (PKI)?
-Publish keys/certificates -Certify that a key is tied to an individual/organization -Provide verification of the validity of a public key
Chris is designing a cryptographic system for use within his company. The company has 1,000 employees, and they plan to use an asymmetric encryption system. How many total keys will they need?
2000
What is a Public Key Infrastructure (PKI)?
A Public Key Infrastructure (PKI) is the key management environment for public key information of a public key cryptographic system •Public key infrastructure is the combination of software, encryption technologies, and services that enables enterprises to protect the security of their communications and business transactions on networks
What is a repository?
A database of active digital certificates for a CA system
What is an archive?
A database of information to be used in settling future disputes
What is a digital signature?
A digital signature is a block of bits generated based on the contents of the message sent and encrypted WITH THE SENDS PRIVATE KEY •Must contain some unique value that links it with the sender of the message that can be easily verified by the receiver as well as a third party
What is a registration authority (RA)?
A registration authority (RA) is an entity that is trusted by the CA to register or vouch for the identity of users to a CA Acts as a front-end to a CA by receiving entity requests, authenticating them, and forwarding to the CA
What is a HMAC?
A type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key.
What is ANSI X9.17?
Addresses the need of financial institutions to transmit securities and funds through an electronic medium
Which one of the following is not one of the basic requirements for a cryptographic hash function? The function must be one way. The function must be collision free. The function must work on fixed-length input. The function must be relatively easy to compute for any input.
The function must work on fixed-length input
Which one of the following is not an attribute of a hashing algorithm? It is very difficult to find two messages with the same hash value. They are irreversible. They take variable-length input. They require a cryptographic key.
They require a cryptographic key.
What is a brute-force hash attack?
Try many inputs Srtength proportional to size of has value
What is an x.509?
X. 509 certificate is a digital certificate that uses the widely accepted international X. 509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
What standard governs the creation and validation of digital certificates for use in a public key infrastructure?
X.509
If Diffie-Hellman key exchange provides PFS, why do we need certificates?
you still need certificates because symmetric encryption algorithms cannot provide non-repudiation of origin.
How do you know that the owner of the private key used to digitally sign is who they claim to be?
•A certificate is an electronic document used to identify an individual, a server, a company, or any other entity and to associate that identity with a public key •Have the public key signed by a third party - the Certificate Authority (CA) •The CA issues a digital certificate which includes the public key •The CA verifies identity before issuing a certificate
How are digital signals created?
In most cases the digital signature is created by encrypting the hash of the message with the senders private key The resulting bits (digest) is appended to the message The recipient decrypts the signature with the public key of the sender Verifies that message has not been altered and establishes non-repudiation of origin
What is the Message Digest Algorithm (MD5)*
Most widely used hasing algorithm Generates a 128-bit output digest from an input of any length
What is a message authentication code (MAC)?
Small block of data generated with a secret key and appended to the message When message is received, the recipient can generate MAC using the secret key and compare it to the original MAC attached to the message used for authentication and verification of received messages.
_____ integrates integrates digital certificates, public key cryptography, and certification authorities into a complete enterprise-wide network security architecture
PKI
What do message integrity controls do?
Provides assurance that a message has not been modified - Checksum - Hash functions
Howard is choosing a cryptographic algorithm for his organization, and he would like to choose an algorithm that supports the creation of digital signatures. Which one of the following algorithms would meet his requirement?
RSA
In Transport Layer Security, what type of key is used to encrypt the actual content of communications between a web server and a client?
Session key
Alison is examining a digital certificate presented to her by her bank's website. Which one of the following requirements is not necessary for her to trust the digital certificate? She trusts the CA. She knows that the server belongs to the bank. She verifies that the certificate is not listed on a CRL. She verifies the digital signature on the certificate.
She knows that the server belongs to the bank.