Ethical Hacking Chapter 12

X.509

A certificate contains a unique serial number and must follow which standard that describes the creating of a certificate

certificate

A digital document that verifies that two parties exchanging data over the internet are really who they claim to be

key

A sequence of random bits generated from a range of allowable values

PKI

A structure consisting of programs, protocols, and security policies for encrypting data and uses public key cryptography to protect data transmitted over the Internet

False

AES uses a 128-bit key and is used in PGP encryption software

True

Asymmetric algorithms are more scalable that symmetric algorithms

ciphertext

Cryptography is the process of converting plaintext, which is readable text, into unreadable or encrypted

symmetric

Cryptosystems that have a single key that encrypts and decrypts data are using what type of algorithm

True

ECC is an efficient algorithm requiring few hardware resources, so it's perfect candidate for wireless devices and cell phones

DEA

Encryption algorithm used for the Data Encryption Standard

cryptanalysis

If a security professional decides to study the process of breaking encryption algorithms, they are performing what

ciphertext-only

In what type of attack does the attacker have the ciphertext of several messages that were encrypted with the sae encryption algorithm, but has no access to the plaintext so he or she must try to calculate the key used to encrypt the data

chosen-ciphertext

In what type of attack does the attacker need access to the cryptosystem, and the ciphertext to be decrypted to yield the desired plaintext results

stream cipher

Operates on plaintext one bit at a time

salt

The use of random data alongside plaintext as an input to a hashing function so that the output is unique

hashing algorithm

Used for verification, takes a variable-length input and converts it to a fixed-length output string

birthday attacks

Used to find the same hash value for two different inputs and reveal any mathematical weaknesses in a hashing algorithm

symmetric algorithm

Uses a single key to encrypt and decrypt data

asymmetric algorithm

Uses two keys: one to encrypt data and one to decrypt data

L0phtcrack

What application is considered the original password-cracking program and is now used by many government agencies to test for password strength

RSA

What encryption algorithm can be used for both encryption and digital signing, uses a one-way function, and is still widely used in e-commerce

ECC

What encryption algorithm is efficient requiring few resources, and is based on complex algebra and calculations on curves

brute force

What type of attack is being attempted when an attacker uses a password-cracking program to guess passwords by attempting every possible combination of letters

known plaintext

What type of attack is being conducted when the attacker has messages in both encrypted form and decrypted forms

SSL/TLS downgrade attack

What type of attack is being performed when an attacker intercepts the initial communications between a Web server and a Web browser while forcing a vulnerable server to insecurely renegotiate the encryption being used down to a weaker cipher

chosen-plaintext

What type of attack is being performed when the attacker has access to plaintext and ciphertext, and can choose which messages to encrypt

substitution cipher

What type of cryptography is demonstrated be reversing the alphabet so A becomes Z, B becomes Y, and so on

cryptosystem

What type of system converts between plaintext and ciphertext

dictionary

When an attacker has access to a password file, they can run a password-cracking program that uses a dictionary of known words or passwords as an input file. What type of attack is this attacker performing

Nonrepudiation

Which function ensures that a sender and receiver cannot deny sending or receiving a specific message

AES-256

Which of the following encryption standards is part of the NSA's suite B cryptographic algorithms and is valid strong enough to protect classified data

hashing algorithm

Which of the following is a function that takes a variable-length string or message and produces a fixed-length message digest

encryption key

Which of the following is a mathematical function or program that works with a key?

Keyspace

Which of the following is a range of allowable values that is used to generate an encryption key

EXPECT

Which of the following is a scripting language for Windows ans Linux performs repetitive tasks, such s password cracking

decryption

Which of the following is the process of converting ciphertext back into plaintext?

Authentication

Which of the following refers to verifying the sender or receiver (or both) is who they claim to be

stream cipher

Which type of symmetric algorithm operates on plaintext one bit at a time

True

Symmetric algorithms support confidentiality, but not authentication and nonrepudiation

False

Symmetric algorithms use two keys that are mathematically related