1_2_14 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Cryptographic Attacks

Questions and Answers

What is a common challenge when dealing with cryptographic attacks?

• Ensuring the security of data during transmission (correct)
• Sharing encryption keys with multiple parties
• Randomizing data before encryption
• Developing new encryption algorithms

In cryptographic attacks, what technique do attackers frequently use if they lack the decryption key?

• Using brute force to crack the encryption
• Exploiting weaknesses in the implementation of cryptography (correct)
• Accessing a backup decryption key
• Collaborating with insiders for access

What type of attack is based on the probability of two students sharing a birthday in a classroom?

• Student coincidence strike
• Birthday breach
• Classroom assault
• Birthday attack (correct)

Why is it important to secure data during its transmission?

To prevent attacks based on cryptographic vulnerabilities (D)

What increases the likelihood of two students sharing a birthday in a classroom?

Having more students in the classroom (C)

What aspect of cryptographic attacks do attackers typically focus on when attempting to access encrypted data?

Implementation vulnerabilities (B)

What is a 'hash collision' in the digital world?

When two different plain texts create exactly the same hash (D)

How can hash collisions be prevented?

By increasing the size of the hash (A)

Why are collisions considered bad in hashing?

Hashes are always supposed to be unique (D)

Which hashing algorithm experienced a well-known collision issue in 1996?

MD5 (Message Digest Algorithm version 5) (D)

What type of attack involves downgrading encryption during communication?

Downgrade attack (B)

What encryption mechanism was succeeded by Transport Layer Security (TLS)?

SSL (Secure Sockets Layer) (A)

What version of SSL was prone to cryptographic vulnerabilities, leading to a downgrade attack in 2014?

SSL 3.0 (A)

In a downgrade attack, what did the two devices communicate at after being forced to downgrade?

SSL version 3.0 (D)

What happened after the vulnerability in SSL 3.0 was discovered in 2014?

'We all configured our servers not to allow SSL 3.0' (C)

'Poodle' refers to a downgrade attack that affected which encryption mechanism?

'Secure Sockets Layer (SSL)' (B)

What is a common method attackers use to gain access to encrypted data if they don't have the decryption key?

Exploiting cryptographic vulnerabilities (D)

In cryptographic attacks, what often allows attackers to access encrypted data?

Flaws in the implementation of cryptography (C)

What is a significant factor that increases the likelihood of successful attacks on encrypted data?

Mismanagement of cryptographic keys (B)

Why do attackers focus on finding inconsistencies and vulnerabilities in data transfer methods?

To exploit weaknesses in the cryptography implementation (C)

What is a key takeaway from the concept of the birthday attack mentioned in the text?

Probability plays a significant role in cybersecurity (C)

How does the birthday attack concept relate to cybersecurity threats?

It demonstrates the importance of understanding probability in attacks (D)

What is a hash collision in the digital world?

When two completely different types of plain text create exactly the same hash (D)

What does increasing the size of a hash do in terms of collisions?

Decreases the potential for collisions (C)

What was the major concern related to the MD5 hash collision in 2008?

Fake certificate authorities could be created (D)

In cryptographic terms, what can a downgrade attack result in?

Forcing communication at a lower level of encryption (C)

What was the significance of researchers finding a vulnerability in Transport Layer Security in 2014?

It led to a downgrade attack to SSL version 3.0 (B)

Why are hash collisions considered problematic in cryptography?

They violate the uniqueness of hash values (A)

What did the 'Poodle' downgrade attack exploit in 2014?

Vulnerabilities in SSL 3.0 encryption (B)

How did researchers exploit MD5 hash collisions in 2008?

Created fake legitimate certificate authorities (D)

What could be a consequence of allowing SSL 3.0 encryption in communication?

'Poodle' attacks can easily decrypt data (B)