Security+ - Chapter 14 - Cryptography
What is a DEK, KEK, and MEK?
1. AES uses a Data Encryption Key (DEK) to encrypt data. 2. A Key Encryption Key (KEK) encrypts the DEK. 3. A Master Encrypting Key (MEK) describes the DEK or KEK in use.
List five types of block ciphers.
1. Electronic Codebook (ECB). 2. Cipher Block Chaining (CBC). 3. Cipher Feedback (CFB). 4. Output Feedback (OFB). 5. Galois/Counter Mode (GCM). 6. Counter (CTR).
What are three advantages of AES?
1. Fast. 2. Usable on many types of network. 3. Low resource cost.
List two reasons why the LANMAN hash is weak.
1. Maximum password length of 14 characters. 2. Relies on DES algorithm. 3. Maximum of seven capital letters.
List the ways to secure against a pass the hash attack.
1. Multifactor authentication. 2. Require clients to use a TOS. 3. Use tokens. 4. Least privilege.
Name five types of symmetric encryption algorithms.
1. RC4, RC5, RC6. 2. DES and 3DES. 3. AES. 4. Blowfish and Twofish.
What are three types of asymmetric encryption?
1. RSA. 2. Diffie-Hellman. 3. Elliptic curve.
While AES has not been compromised, it is vulnerable to two attack types: ______ and ______.
1. Side channel attacks. 2. Related-key attacks.
ECC is vulnerable to what types of attacks?
1. Side-channel attacks. 2. Fault attacks. 3. Backdoors. 4. Quantum cryptoanalysis.
What are three typical uses of AES?
1. WPA2. 2. USB flash drive encryption. 3. Windows Encrypting File Service (EFS). 4. Bitlocker.
MD5 uses a key length of ______ and is vulnerable to ______. It is also vulnerable to two other forms of attack: _____ and ______.
128 bits; hash collisions; rainbow tables; pre-image attacks
SHA-1 originally used hash sizes of ______ and is deprecated. SHA-2 has hash sizes of ________.
160 bits; 256 and 512 bits
What is SKIP?
A hybrid key distribution protocol.
An encryption standard that uses a combination of XOR, substitution, and reordering is ______.
AES
How does the RSA encryption algorithm function?
Asymmetric encryption that involves multiplying two prime numbers.
What is the purpose of a Message Authentication Code?
Authenticates a message and provides integrity and authenticity.
Often used with symmetric encryption, ______ uses a binary key to create ciphertext, but it is insecure on its own.
EXclusive OR (XOR)
Two algorithms that have been adapted to use elliptic curves as part of their cryptographic standards are _______ and _______.
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE); Elliptic Curve Digital Signature Algorithm (ECDSA)
To encrypt individual files, use ______. To encrypt an entire hard drive, use _______. To encrypt a USB flash drive, use ______.
Encrypting File System (EFS); Bitlocker; Bitlocker to Go
A cipher that provides encryption with authentication is ______.
Galois/Counter Mode (GCM)
The NTLMv2 hash uses what hash to store passwords? Despite its greater security, Windows servers typically default to _______, but it is sometimes used with users ______.
HMAC-MD5; Kerberos; that use only a local account
When a secret key is included with a main message and then hashed, it is known as _______.
Hash-based Message Authentication Code (HMAC)
How does a cipher's key work?
It describes how the cipher functions (thus allowing for encryption/decryption).
______ is used to digitally sign packets sent over an IPSec connection.
Keyed Hashing for Message Authentication Code (KHMAC)
Concealing hidden messages within VoIP conversations involves the use of ______. Concealing hidden messages within a compromised wireless network involves ______.
Lost Audio Packets Steganography (LACK); Hidden Communication for Corrupted Systems (HICCUPS)
The initial replacement for LANMAN hashing was _______. Its primary weakness is that it is based on _______.
NT LAN Manager hash (NTLM); RC4 cipher
PGP has a non-proprietary version called _______. This was used to create ______.
OpenPGP; GNU Privacy Guard (GPG)
What standard is used in HSMs?
PKCS#11
A cryptographic algorithm that is used primarily for email communications is _______.
Pretty Good Privacy (PGP)
An open-source alternative to SHA-2, ________ typically uses key sizes of _______, but can be used with key sizes up to _______.
RACE Integrity Primitives Evaluation Message Digest (RIPEMD); 160 bits; 256 or 320 bits
The encryption used on a Clipper Chip was ______.
Skipjack
What is the drawback of symmetric encryption? What is the drawback of asymmetric encryption?
Symmetric: poor at providing non-repudiation and it scales poorly because everyone needs a secret key. Asymmetric: computationally slow.
One way to make WEP more secure is to use ______, which is an encryption algorithm with a key size of ______.
TKIP; 128 bits.
A hashing attack that attempts to cause a collision via probabilities is _______. To prevent this from happening, it is best to _______.
birthday attack; use encryption (TLS)
A symmetric algorithm that encrypts a group of bits collectively is called a ______.
block cipher
AES is an example of a ______ cipher. Its block size is ______. The key used is up to _____.
block; 128 bits; 256 bits
Blowfish is a _______ cipher with a block size of ______. It has been replaced by Twofish, another block cipher with a block size of ______ and a typical key size of ______.
block; 64 bits; 128 bits; 128, 192, or 256 bits.
RC5 and RC6 are ______ ciphers with typical block sizes of ______ and _____, respectively.
block; 64-bits; 256-bits
DES is an example of a _____ cipher. Its block size is _____. The key used is _____. This has been replaced by 3DES, which functions similarly but uses a key size of ______.
block; 64 bits; 56 bits; 168 bits
An algorithm that can perform encryption or decryption is a ______.
cipher
Hash functions based on block ciphers are known as ______.
cryptographic hash functions
An electronic document that uses a digital signature to bind the key with the identity is known as a ______.
digital certificate
A ______ is a hash value encrypted with a private key.
digital signature
Compared to other asymmetric cryptographies, ______ requires lower computational power. In general, the keys used are ______ the size of the keys required by other asymmetric encryptions.
elliptic curve crypotgraphy (ECC); one-sixth
RSA can prevent MITM attacks and provides ______ and _______.
encryption; authentication
Physically tampering with a device that uses cryptography is a ________ attack.
fault
Ephemeral Diffie-Hellman is more secure than the regular Diffie-Hellman because it ______. This ensures that the compromise of one message will not compromise another message, which is known as ______.
generates a new key for every connection; perfect forward secrecy (PFS)
When the relationship between the plaintext and the key is so complicated that an attacker can't easily reverse engineer/analyze the ciphertext to determine the key/plaintext, it is known as ______.
hash confusion
When a single change in the plaintext results in multiple changes spread throughout the ciphertext, it is known as ______.
hash diffusion
A ______ converts a variable-sized amount of data into a fixed, smaller block of data.
hash function
Hashes provide _______ whereas encryption provides _______.
integrity; confidentiality
A digital signature ensures _____ and ______. It also protects against _____ and _____.
integrity; non-repudiation; forgery; tampering
Taking a weak key and increasing its length is known as _______. Two programs that do this are _______.
key stretching; PBKDF2 and bcrypt
Both RSA and Diffie-Hellman are vulnerable to ______ attacks.
man-in-the-middle
To establish shared secret keys, the Diffie-Hellman key exchange relies on ______.
multiplying prime numbers by a base integer (secret integers)
The cryptographic standard that theoretically has perfect security is ______, but one weakness of this cryptography is that ______.
one-time pad; it requires perfect randomness and most computers are pseudorandom number generators
A stream cipher that encrypts plaintext with a secret random key that is the same length as the plaintext is known as _______. It encrypts using a randomized string of bits that are known as a _______.
one-time pad; keystream
Most hashes cannot be reversed, which means they are a ______.
one-way function
When an attacker obtains the password hash of a user account and reapplies the hash to a server or other system to fool the system into thinking that the attacker is authentic, it is called a _______ attack. In plaintext, the attacker _______.
pass the hash; uses a hash to authenticate instead of a password
An attack on cryptographic hash functions attempting to find a message that has a specific hash value is called a _______.
pre-image attack
PGP relies on symmetric encryption in the form of ______ but also uses asymmetric encryption in the form of _______, so it is considered ______.
pre-shared keys (PSK); RSA for digital signatures and sending the session key; hybrid cryptoanalysis
In asymmetric encryption, _____ is used to encrypt a message while a ______ is used to decrypt it.
public key; private key
Bits of a key can be encoded as bits that exist in multiple states in ______. The most common medium for transmission of this data is _______.
quantum cryptography; fibre channel
When decrypting an encrypted message with RSA, you use the (sender's/receiver's) (public/private) key.
receiver's private
When sending an encrypted message with RSA, you use the (sender's/receiver's) (public/private) key.
receiver's public
Turning off LANMAN hashing involves running the ______ command. If this is impossible, one work-around is to ______.
secpol.msc; set minimum password length of 15 characters
When sending an encrypted signature with RSA, you use the (sender's/receiver's) (public/private) key.
sender's private
When decrypting an encrypted signature with RSA, you use the (sender's/receiver's) (public/private) key.
sender's public
ECC is used with what three types of technology?
smart cards, wireless security, and communications (e.g., VoIP/IPSec)
A symmetric algorithm that encrypts each binary digit one at a time is called a ______.
stream cipher
Rivest Cipher 4 is a ______ cipher used to encrypt data, but it is considered weak. Its key size is typically ______. What are three ways it is implemented?
stream; 128 bits; WEP, SSL, and RDP
For encryption, PGP validates public key pairs via a ______.
web of trust