Applied Cryptography Lecture 8

Questions and Answers

Which property ensures that two different messages do not produce the same hash value?

Hash sensitivity

Collision resistance (correct)

Second-preimage resistance

Preimage resistance

What is one of the common applications of hash functions?

Encryption of data

Compression algorithms

Symmetric key generation

Digital signatures (correct)

What is the output length of the MD5 hash function?

512 bits

128 bits (correct)

160 bits

256 bits

Which of the following hash functions was specifically designed for increased security provided by AES?

SHA-256

What characteristic of a hash function refers to its sensitivity to input changes?

Hash sensitivity

Which of the following hash functions was designed by Ron Rivest and produces a 128-bit hash?

MD4

Which hash function family is the US federal standard specified by NIST?

SHA Family

What is the main purpose of using hash functions for password hashing?

To create a secure representation of passwords

What is the primary problem the Diffie–Hellman key exchange aims to solve?

Key distribution problem

What mathematical problem does the security of the Diffie-Hellman key exchange rely on?

Discrete logarithm problem

What is the primary function of hash functions in a Windows machine?

To store passwords as hashes instead of texts.

Which of the following describes the domain parameters in the Diffie–Hellman key exchange?

Public parameters p and α

In the context of the Diffie–Hellman key exchange, what do Alice and Bob derive together?

Common session key

What distinguishes the NTLM Hash from the LM Hash?

NTLM Hash is based on RC4, while LM Hash is based on DES.

What should the private keys a and b be generated from in the Diffie-Hellman key exchange?

A true random generator

Which attack allows an attacker to authenticate without possessing the plaintext password?

Pass the Hash Attack

What is the purpose of salting in hash functions?

To add randomness to passwords, preventing cracking.

When Alice and Bob use the key kAB, which symmetric algorithms could employ this key for secure communication?

AES and 3DES

What is the primary function of a hash function in cryptography?

Compressing or computing a digest of a message

Which technique is used to enhance the security of a weak key?

Key Stretching

Which of the following best describes a message digest?

A unique representation or fingerprint of a message

What does the Birthday Attack exploit in hash functions?

The collision of different messages yielding identical hash outputs.

Which layer of security can help prevent Pass the Hash attacks?

Establishing least privilege access.

Which of the following techniques can help protect against the reuse of passwords?

Nonce usage

Study Notes

Applied Cryptography - Lecture #8

• Public key cryptography is a type of cryptography that uses two keys: a public key and a private key.
• Symmetric ciphers use the same key for encryption and decryption.
• Asymmetric ciphers use different keys for encryption and decryption.
• Diffie-Hellman key exchange (DHKE) is a method for securely exchanging cryptographic keys over an insecure channel.
• DHKE is based on the discrete logarithm problem (DLP).
• Exponentiation in the group Zp, where p is a prime number, is a one-way function.
• Exponentiation is commutative.
• The joint secret key is calculated using a generator (α) raised to the power of the private key.
• The public parameters (p and α) are needed for key exchange.
• The Diffie-Hellman key exchange protocol consists of a setup protocol and a main protocol.
• The setup protocol involves choosing a large prime (p) and an integer (α) between 2 and p-2. These values are then published.
• For key exchange, Alice and Bob choose their private keys, compute their respective public keys, and then derive a shared secret key.
• Alice and Bob compute the same session key.
• The session key (KAB) is used to establish a secure communication.
• A hash function compresses or computes a digest of a message, creating a short, fixed-length bitstring.
• The message digest is unique to the message.
• Hash functions are used in many parts of cryptography and there are different types with differing security properties.
• Uses of hash functions include message authentication, integrity checks, digital signatures, timestamping, and password hashing.
• Practical hash functions have output lengths between 128 and 512 bits.
• Hashing functions should be sensitive to all input bits.
• Properties of hash functions include preimage resistance, second preimage resistance, collision resistance.
• MD, SHA families are examples of cryptographic hash functions.
• MD2, MD4 and MD5 have 128 bit output. SHA-1 has 160 bit, SHA-2(224, 256, 384, 512) have different sizes.

Hashing Attacks

• Pass the Hash: Attackers authenticate to a remote server using the hash instead of the password.
• Birthday Attack: Attackers find two different messages with the same hash digest.
• Preventing Pass the Hash includes using trusted operating systems, multifactor authentication, patching workstations, and using least privilege.

Increasing Hash Security

• Key Stretching: A technique to increase the time needed to crack a key.
• WiFi Protected Access (WPA), WPA2, and other algorithms use this method and employ random values (nonces) to prevent password reuse.
• Salting: Adding random data to a hash to resist password cracking techniques.

Exercise

• Find the shared secret key given parameters p, α, a, and b. p = 17, α = 3, a=7, b = 4

Description

Explore the intricacies of public key cryptography and the Diffie-Hellman key exchange in this quiz. Learn about the differences between symmetric and asymmetric ciphers and how secure key exchange works over insecure channels. Test your understanding of key concepts such as the discrete logarithm problem and exponentiation in cryptography.