Ch. 14: Encryption and Hashing Concepts
Twofish
A 128-bit block cipher designed by Bruce Schneier and based on Feistel.
Message-Digest algorithm 5 (MD5)
A 128-bit key hash used to provide integrity of files and messages.
blowfish
A 64-bit block cipher designed by Bruce Schneier as an alternative to DES
one-time pad
A cipher that encrypts plaintext with a secret random key that is the same length as the plaintext.
symmetric key algorithm
A class of cipher that uses identical or closely related keys for encryption and decryption.
GNU Privacy Guard (GPG)
A free alternative to PGP that is compliant with OpenPGP
Secure Hash Algorithm (SHA)
A group of hash functions designed by the NSA and published by the NIST, widely used in government. The most common currently is SHA-1.
one-way function
A hash that is easy to compute when generated but difficult (or impossible) to compute in reverse.
hash function
A mathematical procedure that converts a variable-sized amount of data into a smaller block of data.
RSA
A public key cryptography algorithm created by Rivest, Shamir, Adleman. It is commonly used in e-commerce.
digital signature
A signature that authenticates a document through math, letting the recipient know that the document was created and sent by the actual sender and not someone else.
hash
A summary of a file or message. It is generated to verify the integrity of the file or message.
Advanced Encryption Standard (AES)
A symmetric key encryption standard, used with WPA and WPA2, that is the successor to DES/3DES and is composed of three different block ciphers: AES-128, AES-192, and AES-256
block cipher
A type of algorithm that encrypts a number of bits as individual units known as blocks.
stream cipher
A type of algorithm that encrypts each byte in a message one at a time.
asymmetric key algorithm
A type of cipher that uses a pair of different keys to encrypt and decrypt data.
private key
A type of key that is known only to a specific user or users who keep the key a secret.
public key
A type of key that is known to all parties involved in encrypted transactions within a given group.
Eliptic Curve Cryptography (ECC)
A type of public key cryptography based on the structure of an elliptic curve.
cipher
An algorithm that can perform encryption or decryption.
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE)
An asymmetric algorithm created by Diffie and Hellman that is based on elliptic curve cryptography and runs in ephemeral mode.
birthday attack
An attack on a hashing system that attempts to send two different messages with the same hash function, causing a collision.
pass the hash
An attack where password hashes are obtained from a server and reused in an attempt to trick the server's authentication system.
Pretty Good Privacy (PGP)
An encryption program used primarily for signing, encrypting, and decrypting e-mails in an attempt to increase the security of e-mail communications.
Data Encryption Standard (DES)
An older type of block cipher selected by the United States federal government back in the 1970s as its encryption standard; due to its weak key, it is now considered deprecated.
certificate
Digitally signed electronic document that binds a public key with a user identity.
cryptographic hash functions
Hash functions based on block ciphers.
A. A weak key
Imagine that you are an attacker. Which would be most desirable when attempting to compromise encrypted data? A. A weak key B. A block cipher C. Captured traffic D. The algorithm used by the encryption protocol
Diffie-Hellman key exchange
Invented in the 1970s, it was the first practical method for establishing a shared secret key over an unprotected communications channel.
B. A cipher can be reversed; a hash cannot.
Of the following, which statement correctly describes the difference between a secure cipher and a secure hash? A. A hash produces a variable output for any input size; a cipher does not. B. A cipher can be reversed; a hash cannot. C. A hash can be reversed; a cipher cannot. D. A cipher produces the same size output for any input size; a hash does not.
C. Block cipher
Sensitive network traffic needs to be protected from interception. Jason, a security administrator, selects a cipher that will encrypt 128 bits at a time before sending the data across the network. Which of the following has Jason chosen? A. RC4 B. Hashing algorithm C. Block cipher D. Stream cipher
Triple DES (3DES)
Similar to DES but applies the cipher algorithm three times to each cipher block.
NTLM hash
Successor to the LM hash. A more advanced hash used to store Windows passwords, based off the RC4 algorithm.
NTLMv2 hash
Successor to the NTLM hash. Based off the MD5 hashing algorithm.
key stretching
Takes a weak key, processes it, and outputs an enhanced and more powerful key, usually increasing key size to 128 bits.
key
The essential piece of information that determines the output of a cipher.
LANMAN hash
The original hash used to store Windows passwords, known as LM hash, based off the DES algorithm.
cryptography
The practice and study of hiding information.
Steganography
The science (and art) of writing hidden messages; it is a form of security through obscurity.
pseudorandom number generator (PRNG)
Used by cryptographic applications that require unpredictable output. Example: SHA2PRNG. Threat: random number generator attack. Prevention: additional randomness, AES, SHA256 or higher, and physical control of the system.
public key cryptography
Uses asymmetric keys alone or in addition to symmetric keys. The asymmetric key algorithm creates a secret private key and a published public key.
algorithms
Well-defined instructions that describe computations from their initial state to their final state.
C. Symmetrical
What is another term for secret key encryption? A. PKI B. Public key C. Symmetrical D. Asymmetrical
B. AES
When encrypting credit card data, which would be the most secure algorithm with the least CPU utilization? A. MD5 B. AES C. 3DES D. SHA-512
collision
When two different files end up using the same hash, which is possible with less secure hashing algorithms.
C. One-time pad
Which of the following combines the keystream with the plaintext message using the bitwise XOR operator to produce the ciphertext? A. PBKDF2 B. Obfuscation C. One-time pad D. ECDH
D. RC5
Which of the following encryption algorithms is used to encrypt and decrypt data? A. MD5 B. NTLM C. SHA-256 D. RC5
A. RSA
Which of the following encryption methods deals with two distinct, large prime numbers and the inability to factor those prime numbers? A. RSA B. WPA C. Symmetric D. SHA-1
B. RC4
Which of the following is not a valid cryptographic hash function? A. RIPEMD B. RC4 C. SHA-512 D. MD5
B. DES
Which of the following is the weakest encryption type? A. SHA B. DES C. RSA D. AES
B. Symmetric scheme
Which of the following is used by PGP to encrypt the session key before it is sent? A. Symmetric key distribution system B. Symmetric scheme C. Asymmetric key distribution system D. Asymmetric scheme
C. Symmetric
Which type of encryption technology is used with the BitLocker application? A. Hashing B. Asymmetric C. Symmetric D. WPA2
A. ECC (Elliptic Curve Cryptography)
You are tasked with selecting an asymmetric encryption method that allows for the same level of encryption strength, but with a lesser key length than is typically necessary. Which encryption method fulfills your requirement? A. ECC B. RSA C. Twofish D. DHE
D. Symmetric encryption
You need to encrypt and send a large amount of data. Which of the following would be the best option? A. Hashing algorithm B. Asymmetric encryption C. PKI D. Symmetric encryption
D. Private key
Your boss wants you to set up an authentication scheme in which employees will use smart cards to log in to the company network. What kind of key should be used to accomplish this? A. Public key B. Cipher key C. Shared key D. Private key