CompTIA Security+ (SY0-601): Cryptography

Ace your homework & exams now with Quizwiz!

Brute-force attacks try

Character combinations

Which term describes the result of plaintext that has been fed into an encryption algorithm along with an encryption key? Hash Ciphertext Message digest Digital signature

Correct Answer: Ciphertext results from feeding plaintext and an encryption key into an encryption algorithm. Incorrect Answers: A hash is a unique representation of data that was fed into a one-way hashing algorithm; no key is used. "Message digest" is synonymous with hash. A digital signature is created with a sender's private key and verified by the recipient with the related public key; it assures the recipient of message authenticity and that the message has not been tampered with.

You are ordering laptops for sales executives that travel for work. The laptops will run the Windows 10 Enterprise operating system. You need to ensure that protection of data at rest is enabled for internal laptop disks. The encryption must be tied to the specific laptop. What should you do? Order laptops with HSM chips and configure BitLocker disk encryption. Order laptops with HSM chips and configure EFS encryption. Order laptops with TPM chips and configure EFS encryption. Order laptops with TPM chips and configure BitLocker disk encryption.

Correct Answer: Order laptops with TPM chips and configure BitLocker disk encryption. A Trusted Platform Module (TPM) chip in a computer is used to secure the integrity of the machine boot process and to store disk volume encryption keys. Incorrect Answers: A Hardware Security Module (HSM) is not a chip installed within a computer; it is a tamper-resistant device used for cryptographic operations and the storage of encryption keys. Encrypting File System (EFS) file encryption is tied to the user account, not tied to the machine.

You are verifying a digital signature. Which key will be used? Sender public key Your public key Sender private key Your private key

Correct Answer: Sender public key. Verifying digital signatures is done using the sender's public key (the sender's private key creates the digital signature). Incorrect Answers: The listed keys are not used to verify a digital signature.

Public Key Infrastructure (PKI)

Uses a hierarchy structure with certificate authorities CAs and immediate CAs (Certificate Authority)

asymmetric encryption

Uses a key pair -public key (only used to encrypt) -Private key (only used to decrypt)

Web of Trust (WoT)

Uses a network of mutually trusting peers

Digital certificates come in many different forms including

Web (Which includes DV, EV, Wildcard, and SAN), Email, code signing, machine/computer, and user.

AES is

a U.S. government encryption standard supported by NIST

Feistel function

a function that takes two inputs, a data block, and a subkey, and returns one output the same size as the data block.

Classic cryptography components

1 Algorithm 2 Key for encryption

Short key

56 bits

Blowfish

64-bit Block size 16 rounds Key size: 32-448 bit

Triple DES (3DES)

A more-secure variant of DES that repeatedly encodes the message using three separate DES keys.

Streaming Ciphers

A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream. In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream

Data Encryption Standard (DES)

A symmetric block cipher that uses a 56-bit key and encrypts data in 64-bit blocks.

Advanced Encryption Standard (AES)

A symmetric cipher that was approved by the NIST in late 2000 as a replacement for DES.

Ephemeral key

A temporary key that is used only once before it is discarded. -Provides perfect forward secrecy

After several data breaches involving stolen laptops and stolen removable media, you are asked to implement a solution to mitigate the issue. The solution must protect data at rest with a minimum of user inconvenience. What solution best addresses the scenario?

A. Encrypting File system (EFS) B. Hardware Security Module (HSM) C. Trusted Platform Module (TPM) D. Self-Encrypting Drive (SED) *

Which type of encryption uses a single key for encryption and decryption? Asymmetric RSA Symmetric SHA256

Correct Answer: Symmetric encrypting uses a single "secret" key for encrypting and decrypting. Incorrect Answers: Asymmetric keys (public and private keys) are used for security in the form of encryption, digital signatures and so on; the recipient public key is used to encrypt and the related private key is used to decrypt. RSA is a public and private key pair cryptosystem. SHA256 is a hashing algorithm.

Symmetric Key Algorithm

Any encryption method that uses the same key for both encryption and decryption. Same key is used

Kerckhoff's Principle

As long as you don't know what the key is to an encryption you can actually understand the completely

Cryptographic attacks can be put into three main categories

Attack the algorithm, implementation, or key.

AES

Block Cipher 128-bit Block size Key Size: 128, 192, or 256-bits Rounds 10, 12, or 14

DES =

Block Cipher 64-bit Block size 16 rounds Key size: 56 bit

3DES

Block Cipher 64-bit Block size 16 rounds Key size: 56-bit x 3 168 bit key

Expired certificates are included in a certificate authority's published list called a certificate revocation list

CRL

The Vigenere cipher employs the

Caesar cipher as one element of the encryption process

P12 files include the

Certificate, chain certificates, chain certificates, and the private key.

Your company has numerous public-facing Web sites that use the same DNS domain suffix. You need to use PKI to secure each Web site. Which solution involves the least amount of administrative effort? Generate self-signed certificates for each Web site Acquire public certificates for each Web site Acquire a wildcard certificate Acquire an extended validation certificate

Correct Answer: Wildcard certificates allow a single certificate tied a DNS domain to be used by hosts within subdomains. Incorrect Answers: Using self-signed or public certificates for each Web site requires more effort than using a wildcard certificate. Extended validation certificates require the certificate issuer to perform extra due diligence in ensuring that the certificate request is legitimate.

Which block cipher mode uses the ciphertext from the previous block to be fed into the algorithm to encrypt the next block? CFB ECB CBC OFB

Correct Answer: With Cipher Feedback Mode (CFB), each previous block ciphertext is encrypted and fed into the algorithm to encrypt the next block. Incorrect Answers: Electronic Code Book (ECB), given the same plaintext, always results in the same ciphertext and is thus considered insecure. Cipher Block Chaining (CBC) is similar to ECB except that it used a random Initialization Vector (IV). Output Feedback Mode (OFB) uses a keystream of bits to encrypt data blocks.

You are decrypting a message sent over the network. Which key will be used for decryption? Your public key Sender public key Your private key Sender private key

Correct Answer: Your private key. Recipient private keys decrypt network messages (the recipient's related public key encrypts network messages). Incorrect Answers: The listed keys are not used for decryption.

Encryption/decryption

Cryptography or secure writing ensures that information is transformed into unintelligible forms before transmission and intelligible forms when it arrives at its destination to protect the informational content of messages.

Data in transit

Data that is in transit across a network, such as an email sent across the Internet.

Data at rest

Data that is stored on electronic media.

certificate authorities (CA) or Registration authorities (RA)

Identify and authenticate individuals registering for certificate; the middle entities are called intermediate CAs, the entity at the top of the hierarchy is called the root CA

Confusion

Make a mess out of something to cause confusion

Diffusion

Making something harder to see

Substitution

Making the normal wording something different to decode

Passwords are usually stored in hash format

Making them difficult to crack

Salting and key stretching adds another layer of

Obfuscation, making passwords even harder to crack than just hashing

A self-signed Certificate is

One that is authorized by the same entity who registers for the digital certificate (These should not be trusted outside an internal network)

Rainbow tables use

Pre-calculated hashes of passwords

Digital certificates store a

Public key with a digital signature, personal information about the resources, and a second digital signature from a trusted third party

ROT2

Rotate 2 times

ROT3

Rotate 3 times

Which technique is used to enhance the security of password hashes? Password length Key pinning Multifactor authentication Salting

Salting

Data in process

The state of data while it is being used.

Attacking the key means

Somehow figuring out the key in order to break in.

RC4

Streaming Cipher 1 bit at a time 1 Round Key Size: 40-2048 bits

block

Takes off a chunk of data and then encrypts it

Attacking the implementation means

Taking advantage of weakness in how the connection is made

P7B files include

The certificate and chain certificates, no private key

Vigenere Cipher

a method of encrypting text by applying a series of Caesar ciphers based on the letters of a keyword.

RC4 (Rivest Cipher4) is

a stream cipher

Cryptosystem

a system for encryption and decryption

Ceaser Cipher

a technique for encryption that shifts the alphabet by some number of characters

Session key

a unique symmetric encryption key chosen for a single secure session

Attacking the algorithm is nearly impossible for most up-to-date standards, as crackable

algorithms are usually taken out of production

Cryptanalysis

breaking secret codes

Cryptosystems define key properties

communication, requirements for the key exchange and the actions taken through the encryption and decryption process

Ephemeral keys provide perfect

forward secrecy due to the temporary nature of the key

Public key Cryptography Standards(PKCS)

gives details on digital certificate construction and use

The Caesar cipher is

one of the earliest known and simplest ciphers

Dictionary attacks use lists of probable

passwords

Cryptography is the

practice of disguising information in a way taht looks random

asymmetric encryption is used to

send a secure session key

Asymmetric encryption is

slow, but very useful in exchanging session keys

Initial permutation

stirring of the data

blow fish

symmetric cipher

Obfuscation

the action of making something obscure, unclear, or unintelligible

Cryptography

the art of protecting information by transforming it into an unreadable format, called cipher text

Final permutation

the inverse of the initial permutation) finishes off the ... via an XOR, sent through 8 S-boxes producing 32 new bits, and permuted again

Symmetric encryption is

the primary way we encrypt data

Algorithms

very specific, step-by-step procedures for solving certain types of problems


Related study sets

English II Vocabulary Test Study Guide #1

View Set

Chapter 15- Assessing Head and Neck

View Set

Environmental Economics and Policy Final Exam

View Set

DOHRN CASUALTY COMMON LAW POSSIBLE QUESTIONS

View Set

Biology 1308 - Final Exam Review

View Set