Cryptography - 6.2 - Cryptographic Methods
How does NTLM work?
1) Client provides domain, username, and password. When password entered, client hashes password, but sends the user name to the server. 2) Server generates a random 16-byte nonce/challenge. Server sends the challenge to the client. Client encrypts challenge with hash of the password in a response. 3) Server send user name, challenge, and response to the domain controller. 4) DC takes username and retrieves the hash of the password from database. Takes the password it retrieved and encrypts the hash with the challenge. Gives it back to the server. 5) Server compares the encrypted challenge from client to encrypted challenge from DC. If same, authenticated. If not same, fails authentication.
Name two Diffie-Hellman methods that use ephemeral keys.
1) Diffie-Hellman Ephemeral 2) Elliptic Curve Diffie-Hellman Ephemeral
How does CHAP work?
1) The authenticating server sends a 'challenge' message to the client/peer/requestor 2) Requestor responds with a value obtained by using a one way hash function 3) Authenticating server checks response by comparing its own calculation of the expected hash value 4) If the hash values match, authentication is acknowledged
As of 2014, what size keys does RSA use?
1,024-bit keys minimum, recommended key size of 2,048-bit, with 4,096-bit keys in use.
What number of bits do HMAC-MD5 hashes create?
128-bit hash
What three key sizes can AES use?
128-bit, 192-bit, or 256-bit
What number of bits do HMAC-SHA hashes create?
160-bit hash
For SHA-3 what are the more common bit sizes available?
224-bit, 256-bit, 384-bits, and 512-bits
What key sizes does DES use?
56-bit only
What key sizes does 3DES use?
56-bit, 112-bit, or 168-bit
What is Network LAN Manager version 2 (NTLM2)?
A challenge-response authentication protocol which improves over NTLMv1 weaknesses by using the MD5 algorithm
What is Network LAN Manager (NTLM)?
A challenge-response authentication protocol, improving over the old LANMAN authentication protocol with two version: NTLMv1 and NTLMv2. NTLM sought to provide integrity, confidentiality, and authenticity.
What is Secure Hash Algorithm (SHA)?
A hashing algorithm grouped into one of four families - SHA-0, SHA-1, SHA-2, and SHA-3. Like MD5, it verifies the integrity of files, data, or messages.
What is Message Digest 5 (MD5)?
A hashing algorithm or checksum used to verify the integrity of files, data, or messages. Always produces a 128-bit hexadecimal hash.
What is SHA-0?
A hashing algorithm related to SHA and not really used anywhere
What is SHA-1?
A hashing algorithm that creates 160-bit hashes.
What is Diffie-Hellman?
A key exchange algorithm used to privately share a symmetric key between two parties. Once known, the symmetric key is then used to encrypt and decrypt the data. This method supports both static keys and ephemeral keys (DHE).
What is Hash-based Message Authentication Code (HMAC)?
A message authentication code which uses a hash function and a cryptographic key combined to verify integrity and authenticity. The hash provides the integrity, the key provides the authenticity and prevents an attacker from passing off a modified hash as the original hash.
What is Triple Data Encryption Standard (3DES)?
A symmetric block cipher and improvement over DES by encrypting data in 64-bit blocks in three passes with multiple keys. Sometimes just three passes generating three independent keys each time, sometimes just two keys. Uses key bit sizes of 56-bits, 112 bits, or 168 bits. Slow compared to AES.
What is Twofish?
A symmetric block cipher related to Blowfish, its predecessor, encrypts data in 128-bit blocks and uses 128-bit, 192-bit, or 256-bit keys
What is Blowfish?
A symmetric block cipher which encrypts data in 64-bit blocks and supports keys sizes between 32 and 448 bits. Faster than DES and succeeded by Twofish. It's 64-bit block size makes this cipher vulnerable to birthday attacks.
What is Data Encryption Standard (DES)?
A symmetric block cipher which encrypts data in 64-bit blocks, but a key size of only 56 bits. Broken via brute force attacks. Deprecated compared to other ciphers.
Between AES and RC4, which is typically recommended for use in TLS?
AES. It's believed that the NSA can crack RC4 with TLS even when implemented correctly.
What is Rivest-Shamir-Adelman (RSA)?
An asymmetric encryption algorithm which uses the properties of prime numbers to generate secure public and private keys.
What is Challenge Handshake Authentication Protocol (CHAP)?
An authentication protocol with stronger security than PAP and used in preventing replay attacks. CHAP allows a host or client to authenticate to an authenticating authority in demonstration of shared knowledge without divulging said knowledge explicitly.
What is Race Integrity Primitives Evaluation Message Digest (RIPEMD)?
An older hashing algorithm based on MD4 that creates fixed sized hashes in 160-bit (RIPEMD-160), 128-bit, 256-bit, and 320-bit sizes.
What format does encrypted data show up as?
Ciphertext format
What does encryption provide?
Confidentiality and prevents unauthorized disclosure of data
What does RSA ensure in its application to data or encryption?
Confidentiality, integrity, non-repudiation, and authenticity
What are One-Time Pads?
Considered to be one of the most secure algorithms in use since 1917, it is a hard copy printout of keys in a pad of paper. Each piece of paper has a single key and serial number identifying the page as does it's matching twin pad. Once a key is used in a single instance, it is destroyed and never reused again.
What kind of attacks do salts defend against?
Dictionary attacks, rainbow table attacks, brute force attacks, pre-hashed attacks
How many versions of SHA-2 are there?
Four
How does HMAC work?
HMAC combines with another hashing algorithm (SHA or MD5) and uses a shared key on top of this to add randomness to the resulting hash. For the receiver to produce the same hash on a file with HMAC, the receiver would need the same key as the sender. Only sender and receiver would know the secret key, no one else.
Where do versions of HMAC (HMAC-MD5 or HMAC-SHA) appear in use?
IPSec and TLS encryption
Where is the one-time pad concept adapted into use in computer systems?
In token or fob, synchronized with a server, which makes use of one-time rolling passwords for authentication.
Why is NTLMv1 deprecated?
It uses an MD4 hash of a user's password and LANMAN for backward compatibility, both of which have known vulnerabilities
What makes AES efficient?
It's less resource intensive compared to other algorithms like DES
How does RSA speed compare to ECC?
It's slower than ECC and takes more processing power
What protocol ultimately replaced NTLM?
Kerberos
When employed with WEP, was the RC4 algorithm itself the problem?
No. The problem with WEP was not due to the use of RC4 itself, but rather due to the re-use of RC4 keys. This was a case of incorrect implementation.
What is a salt?
Random data that is input into a password or data prior to running a hash function
What makes AES fast?
Requires only one pass to encrypt and decrypt data
For what protocols may RSA typically be used?
S/MIME, SSH, OpenPGP, SSL/TLS for asymmetric encryption and digital signature functions
What are the four versions of SHA-2?
SHA-224, SHA-256, SHA-384, and SHA-512
Where has RC4 been typically used?
TLS, SSL, or WEP
What is Advanced Encryption Standard (AES)?
The gold standard of encryption, it is a symmetric block cipher which encrypts data in 128-bit blocks. It can use three key sizes: 128-bit, 192-bit, or 256-bit. It is fast, strong, and efficient.
What do the numbers in each of the four SHA-2 versions represents?
The number of bits in the hash (e.g. SHA-384 creates 384-bit hashes)
What is Rivest Cipher 4 (RC4)?
Version four of a symmetric stream cipher which can use between 40 and 2,048 bits.
