1_2_14 Section 1 – Attacks, Threats, and Vulnerabilities - 1.2 – Attack Types - Cryptographic Attacks

Questions and Answers

What is a common challenge when dealing with cryptographic attacks?

Ensuring the security of data during transmission (correct)

Sharing encryption keys with multiple parties

Randomizing data before encryption

Developing new encryption algorithms

In cryptographic attacks, what technique do attackers frequently use if they lack the decryption key?

Using brute force to crack the encryption

Exploiting weaknesses in the implementation of cryptography (correct)

Accessing a backup decryption key

Collaborating with insiders for access

What type of attack is based on the probability of two students sharing a birthday in a classroom?

Student coincidence strike

Birthday breach

Classroom assault

Birthday attack (correct)

Why is it important to secure data during its transmission?

To prevent attacks based on cryptographic vulnerabilities

What increases the likelihood of two students sharing a birthday in a classroom?

Having more students in the classroom

What aspect of cryptographic attacks do attackers typically focus on when attempting to access encrypted data?

Implementation vulnerabilities

What is a 'hash collision' in the digital world?

When two different plain texts create exactly the same hash

How can hash collisions be prevented?

By increasing the size of the hash

Why are collisions considered bad in hashing?

Hashes are always supposed to be unique

Which hashing algorithm experienced a well-known collision issue in 1996?

MD5 (Message Digest Algorithm version 5)

What type of attack involves downgrading encryption during communication?

Downgrade attack

What encryption mechanism was succeeded by Transport Layer Security (TLS)?

SSL (Secure Sockets Layer)

What version of SSL was prone to cryptographic vulnerabilities, leading to a downgrade attack in 2014?

SSL 3.0

In a downgrade attack, what did the two devices communicate at after being forced to downgrade?

SSL version 3.0

What happened after the vulnerability in SSL 3.0 was discovered in 2014?

'We all configured our servers not to allow SSL 3.0'

'Poodle' refers to a downgrade attack that affected which encryption mechanism?

'Secure Sockets Layer (SSL)'

What is a common method attackers use to gain access to encrypted data if they don't have the decryption key?

Exploiting cryptographic vulnerabilities

In cryptographic attacks, what often allows attackers to access encrypted data?

Flaws in the implementation of cryptography

What is a significant factor that increases the likelihood of successful attacks on encrypted data?

Mismanagement of cryptographic keys

Why do attackers focus on finding inconsistencies and vulnerabilities in data transfer methods?

To exploit weaknesses in the cryptography implementation

What is a key takeaway from the concept of the birthday attack mentioned in the text?

Probability plays a significant role in cybersecurity

How does the birthday attack concept relate to cybersecurity threats?

It demonstrates the importance of understanding probability in attacks

What is a hash collision in the digital world?

When two completely different types of plain text create exactly the same hash

What does increasing the size of a hash do in terms of collisions?

Decreases the potential for collisions

What was the major concern related to the MD5 hash collision in 2008?

Fake certificate authorities could be created

In cryptographic terms, what can a downgrade attack result in?

Forcing communication at a lower level of encryption

What was the significance of researchers finding a vulnerability in Transport Layer Security in 2014?

It led to a downgrade attack to SSL version 3.0

Why are hash collisions considered problematic in cryptography?

They violate the uniqueness of hash values

What did the 'Poodle' downgrade attack exploit in 2014?

Vulnerabilities in SSL 3.0 encryption

How did researchers exploit MD5 hash collisions in 2008?

Created fake legitimate certificate authorities

What could be a consequence of allowing SSL 3.0 encryption in communication?

'Poodle' attacks can easily decrypt data