What is Kerchoff's principle?
B
Explanation:
Only the key needs to be secret, not the actual algorithm
https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
Kerckhoffs's principle of cryptography was stated by Netherlands born cryptographer Auguste
Kerckhoffs in the 19th century: A cryptosystem should be secure even if everything about the system,
except the key, is public knowledge.
When learning algorithms, such as RSA, it is important to understand the mathematics being used. In
RSA, the number of positive integers less than or equal to some number is critical in key generation.
The number of positive integers less than or equal to n that are coprime to n is called ______.
C
Explanation:
Euler's totient
https://en.wikipedia.org/wiki/Euler%27s_totient_function
In number theory, Euler's totient function counts the positive integers up to a given integer n that
are relatively prime to n.
Incorrect answers:
Fibonacci number - commonly denoted Fn, form a sequence, called the Fibonacci sequence, such
that each number is the sum of the two preceding ones, starting from 0 and 1.
Fermat's number - named after Pierre de Fermat, who first studied them, is a positive integer of the
form Fn = 2^2^n+1 where n is a non-negative integer. The first few Fermat numbers are:
3, 5, 17, 257, 65537, 4294967297, 18446744073709551617, …
Mersenne prime – prime number that is one less than a power of two. That is, it is a prime number
of the form Mn = 2^n − 1 for some integer n. They are named after Marin Mersenne, a French Minim
friar, who studied them in the early 17th century.
The Clipper chip is notable in the history of cryptography for many reasons. First, it was designed for
civilian used secure phones. Secondly, it was designed to use a very specific symmetric cipher. Which
one of the following was originally designed to provide built-in cryptography for the Clipper chip?
C
Explanation:
Skipjack
https://en.wikipedia.org/wiki/Clipper_chip
The Clipper chip was a chipset that was developed and promoted by the United States National
Security Agency (NSA) as an encryption device that secured “voice and data messages" with a built-in
backdoor that was intended to “allow Federal, State, and local law enforcement officials the ability to
decode intercepted voice and data transmissions.". It was intended to be adopted by
telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by
1996.
he Clipper chip used a data encryption algorithm called Skipjack to transmit information and the
Diffie–Hellman key exchange-algorithm to distribute the cryptokeys between the peers. Skipjack was
invented by the National Security Agency of the U.S. Government; this algorithm was initially
classified SECRET, which prevented it from being subjected to peer review from the encryption
research community. The government did state that it used an 80-bit key, that the algorithm was
symmetric, and that it was similar to the DES algorithm. The Skipjack algorithm was declassified and
published by the NSA on June 24, 1998. The initial cost of the chips was said to be $16
(unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI
Technology, Inc (see the VLSI logo on the image on this page).
Which of the following is an asymmetric cipher?
A
Explanation:
RSA
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA (Rivest–Shamir–Adleman) is a public-key cryptosystem that is widely used for secure data
transmission. It is also one of the oldest. The acronym RSA comes from the surnames of Ron Rivest,
Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977. An equivalent
system was developed secretly, in 1973 at GCHQ (the British signals intelligence agency), by the
English mathematician Clifford Cocks. That system was declassified in 1997.
In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which
is kept secret (private). An RSA user creates and publishes a public key based on two large prime
numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be
encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime
numbers.
Incorrect answers:
DES - is a symmetric-key algorithm for the encryption of digital data. Although its short key length of
56 bits makes it too insecure for applications, it has been highly influential in the advancement of
cryptography.
RC4 - RSA (Rivest–Shamir–Adleman) is one of the first public-key cryptosystems and is widely used
for secure data transmission (stream cipher).
AES - is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent
Rijmen and Joan Daemen, who submitted a proposal to NIST during the AES selection process.
Rijndael is a family of ciphers with different key and block sizes. For AES, NIST selected three
members of the Rijndael family, each with a block size of 128 bits, but three different key lengths:
128, 192 and 256 bits.
Juanita has been assigned the task of selecting email encryption for the staff of the insurance
company she works for. The various employees often use diverse email clients. Which of the
following methods is available as an add-in for most email clients?
C
Explanation:
PGP
https://en.wikipedia.org/wiki/Pretty_Good_Privacy
Pretty Good Privacy (PGP) is an encryption program that provides cryptographic privacy and
authentication for data communication. PGP is used for signing, encrypting, and decrypting texts, e-
mails, files, directories, and whole disk partitions and to increase the security of e-mail
communications. Phil Zimmermann developed PGP in 1991.
What is a salt?
D
Explanation:
Random bits intermixed with a hash to increase randomness and reduce collisions
https://en.wikipedia.org/wiki/Salt_(cryptography)
Salt is random data that is used as an additional input to a one-way function that hashes data, a
password or passphrase. Salts are used to safeguard passwords in storage. Historically a password
was stored in plaintext on a system, but over time additional safeguards were developed to protect a
user's password against being read from the system. A salt is one of those methods.
Incorrect answers:
Key whitening - a technique used to increase the security of block ciphers. It consists of steps that
combine the data with portions of the key (most commonly using a simple XOR) before the first
round and after the last round of encryption.
Key rotation - is when you retire an encryption key and replace that old key by generating a new
cryptographic key. Rotating keys on a regular basis help meet industry standards and cryptographic
best practices.
Random bits intermixed with a symmetric cipher to increase randomness and make it more secure –
Initialization Vector (IV)
Which of the following was a multi alphabet cipher widely used from the 16th century to the early
20th century?
D
Explanation:
Vigenere
https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher
The Vigenère cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar
ciphers, based on the letters of a keyword. It employs a form of polyalphabetic substitution.
First described by Giovan Battista Bellaso in 1553, the cipher is easy to understand and implement,
but it resisted all attempts to break it until 1863, three centuries later. This earned it the description
le chiffre indéchiffrable (French for 'the indecipherable cipher'). Many people have tried to
implement encryption schemes that are essentially Vigenère ciphers. In 1863, Friedrich Kasiski was
the first to publish a general method of deciphering Vigenère ciphers.
Incorrect answers:
Caesar - Monoalphabetic cipher where letters are shifted one or more letters in either direction. The
method is named after Julius Caesar, who used it in his private correspondence.
Atbash - Single substitution monoalphabetic cipher that substitutes each letter with its reverse (a and
z, b and y, etc).
Scytale - Transposition cipher. A staff with papyrus or letter wrapped around it so edges would line
up. There would be a stream of characters which would show you your message. When unwound it
would be a random string of characters. Would need an identical size staff on other end for other
individuals to decode message.
A symmetric Stream Cipher published by the German engineering firm Seimans in 1993. A software
based stream cipher that uses a Lagged Fibonacci generator along with concepts borrowed from
shrinking generator ciphers.
B
Explanation:
FISH
https://en.wikipedia.org/wiki/FISH_(cipher)
The FISH (FIbonacci SHrinking) stream cipher is a fast software based stream cipher using Lagged
Fibonacci generators, plus a concept from the shrinking generator cipher. It was published by
Siemens in 1993. FISH is quite fast in software and has a huge key length. However, in the same
paper where he proposed Pike, Ross Anderson showed that FISH can be broken with just a few
thousand bits of known plaintext.
Incorrect answers:
Twofish - symmetric algorithm. Designed by Bruce Schneier, John Kelsey, Doug Whiting, David
Wagner, Chris Hall, and Niels Ferguson. Uses a block size of 128 bits and key sizes of 128, 192, or 256
bits. It is a Feistel cipher.
IDEA - symmetric algorithm. Designed by James Massey and Xuejia Lai. Operates on 64 bit blocks and
has a 128 bit key. Consists of 8 identical transformations each round and an output transformation.
DESX - symmetric algorithm. 64 bit key is appended to data, XOR it, and then apply the DES
algorithm.
What advantage do symmetric algorithms have over asymmetric algorithms
C
Explanation:
They are faster
Symmetric key encryption is much faster than asymmetric key encryption, because both the sender
and the recipient of a message to use the same secret key.
Which one of the following is an example of a symmetric key algorithm?
D
Explanation:
Rijndael
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
The Advanced Encryption Standard (AES), also known by its original name Rijndael. The algorithm
described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting
and decrypting the data.
Incorrect answers:
ECC - Elliptic-curve cryptography is an approach to public-key cryptography based on the algebraic
structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC
cryptography (based on plain Galois fields) to provide equivalent security.
Diffie–Hellman - key exchange is a method of securely exchanging cryptographic keys over a public
channel and was one of the first public-key protocols as conceived by Ralph Merkle and named after
Whitfield Diffie and Martin Hellman.
RSA - Rivest–Shamir–Adleman is a public-key cryptosystem that is widely used for secure data
transmission. It is also one of the oldest. The acronym RSA comes from the surnames of Ron Rivest,
Adi Shamir, and Leonard Adleman, who publicly described the algorithm in 1977.
The greatest weakness with symmetric algorithms is _____.
B
Explanation:
The problem of key exchange
https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for
both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be
a simple transformation to go between the two keys. The keys, in practice, represent a shared secret
between two or more parties that can be used to maintain a private information link. This
requirement that both parties have access to the secret key is one of the main drawbacks of
symmetric key encryption, in comparison to public-key encryption (also known as asymmetric key
encryption).
In IPSec, if the VPN is a gateway-gateway or a host-gateway, then which one of the following is true?
D
Explanation:
IPSec has two different modes: transport mode and tunnel mode.
Only the tunnel mode can be used
https://en.wikipedia.org/wiki/IPsec
In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a
new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for
network-to-network communications (e.g. between routers to link sites), host-to-network
communications (e.g. remote user access) and host-to-host communications (e.g. private chat).
Incorrect answers:
Encapsulating Security Payload (ESP) authentication must be used. ESP in transport mode does not
provide integrity and authentication for the entire IP packet. However, in Tunnel Mode, where the
entire original IP packet is encapsulated with a new packet header added, ESP protection is afforded
to the whole inner IP packet (including the inner header) while the outer header (including any outer
IPv4 options or IPv6 extension headers) remains unprotected.
IPSec does not involve gateways. Wrong.
Only transport mode can be used. Transport mode, the default mode for IPSec, provides for end-to-
end security. It can secure communications between a client and a server. When using the transport
mode, only the IP payload is encrypted.
What is the formula m^e %n related to?
D
Explanation:
Encrypting with RSA
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA Encrypting a message m (number) with the public key (n, e) is calculated:
M' := m^e %n
Incorrect answers:
Decrypting with RSA:
M'' := m^d %n
Generation Mersenne primes:
Mn = 2^n - 1
Encrypting with Elliptic Curve (EC):
y^2 = x^3 + ax + b
A real time protocol for verifying certificates (and a newer method than CRL).
A
Explanation:
Online Certificate Status Protocol (OCSP)
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the
revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet
standards track. It was created as an alternative to certificate revocation lists (CRL), specifically
addressing certain problems associated with using CRLs in a public key infrastructure (PKI).
Incorrect answers:
Public Key Infrastructure (PKI) - set of roles, policies, hardware, software and procedures needed to
create, manage, distribute, use, store and revoke digital certificates and manage public-key
encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a
range of network activities such as e-commerce, internet banking and confidential email. It is
required for activities where simple passwords are an inadequate authentication method and more
rigorous proof is required to confirm the identity of the parties involved in the communication and to
validate the information being transferred.
Registration Authority (RA) - сomponent of PKI that validates the identity of an entity requesting a
digital certificate.
Server-based Certificate Validation Protocol (SCVP) - Internet protocol for determining the path
between an X.509 digital certificate and a trusted root (Delegated Path Discovery) and the validation
of that path (Delegated Path Validation) according to a particular validation policy.
Which of the following is not a key size used by AES?
D
Explanation:
512 bits
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen
and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a
family of ciphers with different key and block sizes. For AES, NIST selected three members of the
Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256
bits.