Cryptography and Hashing Algorithms

Questions and Answers

What is the hash value in bits for MD5?

• 128 (correct)
• 160
• 512
• 256

In IPSec Tunnel mode, what type of encryption is provided?

• End-to-end encryption
• Gateway-to-gateway encryption (correct)
• Host-to-network encryption
• Point-to-point encryption

What is a weakness of one-way hashing without additional measures?

• It produces the same output for the same input. (correct)
• It increases computational time significantly.
• It cannot handle large inputs.
• It creates varied outputs for the same input.

What key size should be minimally used with RC4?

40 bits (B)

Which algorithm has a block size of 64 bits and a key size of 56 bits?

DES (D)

What does a rainbow table consist of?

Precomputed hash values for passwords (B)

What is the maximum key size for RC4?

2048 bits (A)

Which key should be shared in asymmetric cryptography to facilitate decryption?

Public key (D)

Which options refer to the modes used in symmetric encryption to process blocks of data?

Block cipher modes (C)

Which symmetric block cipher modes allow operation similar to a stream cipher?

CFB, OFB, CTR (C)

Symmetric block ciphers perform substitution using which method?

S-boxes (C)

What is the block size in bits for the PRESENT cipher?

64 (D)

Which type of cryptography uses a pair of keys for encryption and decryption?

Asymmetric (D)

Which key is necessary to facilitate symmetric encryption decryption?

Secret key (B)

What is the maximum key size for the RC5 symmetric block cipher?

2048 (B)

What key size and IV does the Rabbit cipher operate with?

128 bit keys; 64 bit IV (D)

Which is a known public key encryption method that protects against adaptive chosen ciphertext attacks?

Cramer-Shoup (D)

Which encoding scheme supports Base64 and ASCII formats for x.509 certificates?

PEM (D)

What allows for generating a unique passcode for each instance based on a time period?

Timed One Time Password (TOTP) (A)

Which key method is utilized to create a tunnel in SSL/TLS?

Symmetric key method (B)

What unit is used to measure computational work within Ethereum applications?

Gas (B)

Which cipher is designed specifically for hardware implementations and uses variable parameters?

SIMON (C)

Which asymmetric key is used to sign a digitally signed message?

Shawn's private key (C)

Which of the following best describes a system where an attacker reuses sent messages at a later time?

Replay attack (A)

In the context of certificate management, which stage involves certificate expiration and revocation?

Cancellation (C)

What cryptographic method uses a direct relationship between parts of known plaintext and ciphertext?

Known plaintext attack (C)

What term describes a method where it is possible mathematically for government agents to access encrypted information?

NOBUS (A)

What is the protocol number for the encapsulation security protocol (ESP)?

50 (C)

Which type of hash solution do Buzhash, Cityhash, and Spookyhash represent?

Non-cryptographic (D)

What type of contracts automate execution and do not require intermediaries?

Smart contracts (B)

Which attack method involves mixing parts of two encrypted messages to form a new message?

Cut-and-paste attack (D)

What component is crucial for the ID management and lifecycle of digital certificates?

Certificate authority (CA) (D)

What is the key difference between a revoked status and a hold status in certificate lifecycle?

Hold status is temporary; revoked status is permanent. (B)

Which of the following best describes the elliptic curve used in RFID implementations?

A light-weight solution (C)

What protocol is used for key exchange in the IPSec handshake?

UDP port 500 (B)

Which cipher employs a grid that maps letters into numeric values?

Bifid (A)

What block size is utilized by AES?

128 bits (D)

Which encryption standard is referred to as PKCS #5?

Password-based encryption (B)

What does the 'birthday attack' refer to in probability theory?

Hash collisions (D)

Which method supports symmetric key exchange in elliptic curve cryptography?

ECDH (B)

Which cipher is known as a shift cipher that replaces letters down the alphabet?

Caesar (D)

Which block cipher mode is susceptible to copy-and-paste attacks?

ECB (A)

In symmetric cryptography, which process is faster for real-time communication?

Symmetric cryptography (C)

What is measured by entropy in the context of encryption?

Unpredictability (B)

Which initialization vector (IV) size does WPA use for TKIP?

48 bits (A)

What type of encryption does the Paillier cryptosystem support?

Homomorphic encryption (A)

Which cipher utilizes a two-dimensional array to encode characters?

Four-square (C)

Which key size is used for AES when operating with 14 rounds?

256 bits (A)

What key size is standard for 3DES encryption?

112 bits (D)

What type of cipher is used by Blowfish?

Symmetric block cipher (A)

Which of these hashing algorithms is considered a lightweight algorithm?

PHOTON (D)

What is the key size of the Skipjack cipher?

80 bits (B)

What critical step does a certificate authority take after generating a digital certificate?

Sign the certificate with the CA's own private key (B)

Which algorithm is known for operating with asymmetric keys in key exchange?

Diffie-Hellman (D)

What type of encoding supports up to 65,536 characters?

UTF-16 (C)

Which cipher is characterized by having a variable key size up to 2048 bits and block sizes of 32, 64, or 128 bits?

RC5 (A)

What is the recommended minimum key size for RC2 encryption?

40 bits (C)

Which statement correctly defines a mono-alphabetic substitution?

Employs a single mapping of the entire alphabet (C)

ChaCha is classified as which type of algorithm?

Symmetric stream cipher (A)

What is the primary purpose of HMAC?

Authenticate messages and verify integrity (C)

Which of the following is NOT a characteristic of the One-time pad?

Uses a key multiple times (C)

What does WEP use for its RC4 encryption?

40 bits (A)

IDEA ciphers have how many rounds of substitution and transposition?

17 rounds (A)

Flashcards

What is the hash size of MD5?

MD5 produces a 128-bit hash value. It's important to remember that MD5, while popular once, is now considered insecure.

What is the hash size of SHA-1?

The hash value in bits for SHA-1 is 160. It's a popular algorithm, but modern security standards advise using SHA-256 or SHA-3.

What is IPSec Tunnel mode?

IPSec Tunnel mode means the data only gets encrypted when it leaves the local network. Traffic is likely unencrypted between the user's device and the gateway. This makes it easier for network admins to see what traffic is leaving.

What is IPSec Transport mode?

IPSec Transport mode encrypts data from the source to the destination, meaning the data remains encrypted throughout the entire journey. This is stronger security, but might make network monitoring more difficult.

What is Chaskey and what is it used for?

Chaskey is a lightweight cryptography method for signing messages (MAC). It's ideal for resource-constrained environments like the Internet of Things (IoT) due to its minimal hardware requirements.

What is a salt and why is it important?

A salt is used to add randomness to the hashing process, making it harder to crack passwords by using precomputed hash tables (rainbow tables). It prevents the same plaintext from producing the same hash value.

What is RC4 and what is its maximum key size?

RC4 is a symmetric stream cipher with a variable key size up to 2048 bits. However, the minimum recommended key size is 40 bits for strong security. Smaller key sizes are more vulnerable to attacks.

What is DES and its key features?

Data Encryption Standard (DES) is a block cipher with a 64-bit block size, a 56-bit key size, and 16 rounds of complex operations. Although DES is considered outdated, it's still significant for its historical impact in cryptography.

Blockchain

A cryptographic method used to secure data by storing it on a network of computers, rather than on a single server, making the information difficult to tamper with or hack.

Playfair Cipher

An early cipher that uses a 5 × 5 matrix containing the alphabet (except for the letter "J") to encrypt plaintext characters. The cipher process involves rules based on column and row combinations.

Pigpen Cipher

A mono-alphabetic substitution cipher where plaintext characters are mapped to graphical characters instead of other alphabet characters.

Vigenere Cipher

A polyalphabetic cipher using a keyword to shift letters, creating a unique mapping for each character in the message.

Caesar Cipher

A mono-alphabetic substitution cipher where each plaintext letter is shifted by a fixed number of positions down the alphabet.

Four-square Cipher

An early cipher using four 5 × 5 matrices arranged in a square, each containing 25 letters, for encoding and decoding.

What is the block size of AES?

The block size of AES.

Output Feedback (OFB) Mode

In this block cipher mode, the encrypted version of the Initialization Vector (IV) from the first stage is used as input for the second stage.

What is the key size of 3DES?

The key size for 3DES.

What is the key size in 10 rounds of AES?

The key size used when AES operates with 10 rounds.

What is the block size in 10 rounds of AES?

The block size used when AES operates with 10 rounds.

What is the key size in 14 rounds of AES?

The key size used when AES operates with 14 rounds.

What is the key size in 12 rounds of AES?

The key size used when AES operates with 12 rounds.

Elliptic Curve Diffie Hellman (ECDH)

A type of Elliptic Curve cryptography used for exchanging symmetric keys.

Homomorphic Encryption

A type of encryption where operations can be performed on encrypted data without decrypting it first.

AES

A symmetric block cipher using 128-bit blocks, known for its strength and widespread adoption.

Skipjack Cipher

A symmetric block cipher using a 64-bit block size and an 80-bit key.

RC5

A symmetric block cipher with a 64-bit block size and a variable key size up to 2048 bits.

XTEA

A symmetric block cipher used in XTEA.

Camelia

A symmetric block cipher with 128-bit blocks.

RC6 Cipher

A symmetric block cipher known for its speed and relatively low memory requirements.

RC4 Cipher in WEP

A symmetric stream cipher employed in WEP (Wired Equivalent Privacy) with a 40-bit key.

RC4 Cipher in WPA

A symmetric stream cipher that uses 128-bit keys.

AES in WPA2

A symmetric block cipher used in WPA2.

Mono-alphabetic substitution Cipher

A substitution cipher where one letter maps to a single ciphertext letter (eg. A=Z, B=Y, etc.).

Polyalphabetic Substitution Cipher

A substitution cipher where different letters can map to different ciphertext letters depending on their position in the message (eg. A in the first position = Z, A in the second position = Y, etc.).

One-time pad

An encryption method considered unbreakable as the same code is used only once.

Collision

A process where two different input values produce the same hash signature.

Hardware Security Module (HSM)

A physical hardware device that protects cryptographic secrets and performs cryptographic operations securely.

Trusted Platform Module (TPM)

A dedicated processor in a computer system that manages encryption and provides secure storage for cryptographic keys.

Public key

In asymmetric cryptography, this key is used for encryption and is given to others. It can decrypt data encrypted by its corresponding private key.

Block cipher modes

These modes manage how blocks of data are processed in symmetric encryption. They ensure that the encryption process is secure and efficient.

CFB, OFB, CTR (Cipher Feedback, Output Feedback, Counter Mode)

These symmetric block cipher modes allow the cipher to act like a stream cipher, processing data one bit or byte at a time.

S-boxes (Substitution boxes)

Used in symmetric block ciphers for substitution during encryption. They replace a set of bits with another set, making the data more difficult to decipher.

PRESENT

A light-weight symmetric block cipher with a key size of 80 or 128 bits, 32 rounds, and a 64-bit block size. It is designed for use in constrained environments.

Asymmetric cryptography

This cryptography uses a key pair (public and private) for encryption and decryption. The public key can encrypt data, but only the private key can decrypt it.

Secret key

In symmetric cryptography, this key is shared between sender and receiver. It's used for both encryption and decryption.

Sue's private key

To decrypt a digitally signed message using public key cryptography, the recipient uses their private key.

Cramer-Shoup

This public key encryption method extends El Gamal by incorporating one-way hashing for improved security against attacks.

Timed One Time Password (TOTP)

This method generates a new, unique passcode for each instance based on a time-sensitive seed.

PEM (Privacy Enhanced Mail)

This encoding scheme for x.509 certificates is compatible with both Base64 and ASCII formats. It provides flexibility in certificate storage and transfer.

Shawn's private key

To digitally sign a message using asymmetric cryptography, the sender uses their private key.

Shawn's public key

To verify a digitally signed message using public key cryptography, the recipient uses the sender's public key.

Non-cryptographic hash solutions

These are non-cryptographic hash solutions like Buzhash, Cityhash, Spookyhash, and Bernstein. They are used for hashing but don't provide cryptographic security.

One Time Passwords (OTP)

One Time Passwords (OTP) allow for a new unique passcode to be created for each instance based on an initial seed. They are a good security measure as each code is used only once.

IPSec Handshake Port

The IPSec handshake, which facilitates key exchange, takes place on UDP port 500.

ESP Protocol Number

The protocol number for Encapsulating Security Payload (ESP) is 50.

AH Protocol Number

The protocol number for IPSec Authentication Header (AH) is 51.

SSL/TLS Key Method

With SSL/TLS, a secure tunnel uses a symmetric key method to encrypt data, and then a signature is created using a defined hashing method to ensure data integrity.

VPN Tunnel

A Virtual Private Network (VPN) tunnel creates a secure connection from a host machine to a private network over a public network. Think of it like a secure tunnel.

Onion Routing

Onion routing involves using subscriber computers to route data packets over the internet instead of publicly available routers. It's used to anonymize internet traffic.

Tor Network

The Tor network, using computers of volunteers globally, helps to anonymize internet traffic by routing it through multiple intermediaries. It significantly reduces the chances of tracing the original source.

Hash Algorithms for Fingerprint

Hash algorithms like SHA1 and MD5 are primarily used to establish a fingerprint or thumbprint for data in cryptography. These fingerprints are used to verify data integrity.

Blockchain Block Addition Time

In blockchain mining, a new block of transactions is added to the blockchain every 10 minutes or so. This process essentially confirms the transactions within the block.

Blockchain as a Ledger

The blockchain acts as a ledger of transactions within the Bitcoin network, recording the number of bitcoins each user has in their account. This provides transparency.

Miners in Blockchain

In blockchain mining, miners compile a list of recent transactions and attempt to solve a complex mathematical problem. The first miner to solve the problem receives rewards.

Miner Rewards

Miners are rewarded for their successful mining efforts in blockchain networks.

Smart Contracts

Smart contracts are programs stored on a blockchain that automatically execute when specific conditions are met. They remove the need for intermediaries and are transparent.

Gas in Ethereum

Within the Ethereum application development context, 'gas' is a unit used to measure the amount of computational work required to perform a single Keccak-256 hash operation.

NOBUS Backdoor

A NOBUS (Nobody But Us) backdoor is a hidden vulnerability in cryptography that allows only specific parties, such as government agencies, to decrypt encrypted data, while others cannot.

Exhaustive Search Cipher Cracking

Exhaustive search is a brute-force method used to crack a cipher by trying every possible key until the correct one is found. It's computationally intensive and time-consuming.

Man-in-the-middle (MITM) Attack

A Man-in-the-middle (MITM) attack is a technique in which an attacker intercepts communication between two parties, impersonating each of them to the other party.

Known Plaintext Attack

In a known plaintext attack, the attacker knows part of the ciphertext and the corresponding plaintext. This information can be used to decrypt the rest of the ciphertext.

Certificate Issuance

The certificate issuance stage involves retrieval/recovery and validation of the certificate after it has been issued.

Certificate Cancellation

The certificate cancellation stage is when the certificate expires or is revoked due to reasons like compromise or obsolescence.

Certificate Initialization

Certificate distribution takes place in the initialization stage of certificate management.

CRL Publication

The CA (Certificate Authority) is responsible for publishing the CRL (Certificate Revocation List).

Hold vs. Revoked Certificate

The main distinction is that a certificate in hold status can be restored to an active status, while a revoked certificate cannot be reversed, indicating a permanent status.

Certificate Revocation

A certificate that has been compromised, outdated, or superseded should be revoked, making it invalid for further use.

Time Attack

A time attack involves determining the amount of time required to decrypt a message, potentially revealing clues about the key used.

Cut-and-paste Attack

A cut-and-paste attack involves combining parts of two encrypted messages to create a new, potentially meaningless message. It aims to trick the receiver and gain an advantage.

Replay System Attack

The replay system refers to when an attacker intercepts a legitimate message and re-sends it later to gain unauthorized access or disrupt the system.

Man-in-the-middle Attack

A man-in-the-middle (MITM) attack occurs when an attacker hides between two parties and replaces their identities, manipulating the communication for malicious purposes.

Backdoor in Cryptography

Key escrow and NOBUS (Nobody But Us) are methods that can create a backdoor condition, allowing specific parties to decrypt data even if it's encrypted.

Study Notes

Hashing Algorithms

• MD5 hash value in bits: 128
• SHA-1 hash value in bits: 160
• MD4 hash value in bits: 128
• Hashing takes a variable-length input and produces a fixed-length output (message digest).

IPSec Modes

• IPSec Transport mode: End-to-end encryption; data encrypted from sender's device to receiver's device.
• IPSec Tunnel mode: Encryption from gateway to gateway; only through the public network space. Encryption occurs just before leaving the local network. Traffic between user device and local network boundary is likely unencrypted

Chaskey

• Lightweight cryptography method for signing messages (MAC).
• Suitable for IoT implementation due to low hardware requirements.
• Key size: 128 bits

One-Way Hashing Weakness

• Applying salt prevents the same plaintext from resulting in the same ciphertext.

RC4

• Symmetric stream cipher with variable key size up to 2048 bits.
• Minimum recommended key size: 40 bits.

Data Encryption Standard (DES)

• Block size: 64 bits
• Key size: 56 bits
• 16 rounds of substitution & transposition.

Rainbow Table

• Collection of precomputed hash values of actual plaintext passwords used for password cracking

x.509 Certificate File Types

• .cer is a common x.509 certificate file type used with PEM and DER formats

Triple Data Encryption Standard (3DES)

• Block size: 64 bits
• Key size: 112 bits
• 48 rounds of substitution & transposition.

Advanced Encryption Standard (AES)

• Key sizes: 128, 192, or 256 bits
• Operates using 128-bit blocks

Skipjack

• Symmetric block cipher
• Key size: 80 bits
• Block size: 64 bits

Enocoro

• Key size: 128 bits
• Initialization vector (IV): 64 bits

Light-weight Hashing Algorithms

• Examples Include PHOTON, SPONGENT, Lesamnta-LW, and Quark

IDEA

• Block size: 64 bits
• Key size: 128 bits
• More than 17 rounds of substitution & transposition

RSA

• Partially homomorphic crypto system
• Uses prime number characteristics
• Variable key size (1024-4096 bits)
• 1 round

Blowfish and Twofish

• Symmetric block ciphers
• Common key sizes include 128, 192, or 256 bits.

RC5

• Symmetric block cipher with variable key size up to 2048 bits.
• Uses block sizes of 32, 64, or 128 bits

Quark

• Hash value: 64 or 112 bits

XTEA

• Block size: 64 bits
• Key size: 128 bits

Camelia

• Symmetric block cipher

RC6

• Symmetric block cipher

RC2

• Block size: 64 bits
• Variable key size up to 128 bits
• Minimum recommended key size: 40 bits

Mickey v2

• Key size: 80 bits
• Initialization vector (IV): Up to 80 bits

ChaCha

• Symmetric stream cipher

RSA and DSA

• Asymmetric algorithms

Diffie-Hellman

• Provides a method for key exchange using a one-way function

WEP

• Uses 40-bit RC4

WPA

• Uses 128-bit RC4

WPA2

• Uses AES

Mono-alphabetic and polyalphabetic Substitution Ciphers

• Mono-alphabetic: Single mapping from our alphabet to a cipher alphabet.
• Polyalphabetic: Mapping to a number of cipher alphabets.

One-time Pad

• Considered unbreakable due to its one-time use of cipher code

Encoding Methods

• ASCII: 8-bit values, supports up to 256 characters.
• UTF-16: 16-bit values, supports up to 65,536 characters.

Collision

• Occurs when two different inputs produce the same hash signature.

Hardware Security Modules (HSMs)

• Tamper-evident and intrusion-resistant devices.
• Safeguard and manage cryptographic keys.
• Provide cryptographic processing.

Trusted Platform Modules (TPMs)

• Dedicated processors for hardware-level encryption.
• Allow full disk encryption with minimal performance impact.

HMAC

• Message authentication code (MAC).
• Verifies message integrity and authentication by hashing the message with a secret key.

Binary Operations

• XOR: Example calculation provided.
• AND: Example calculation provided.
• OR: Example calculation provided.

Modular Arithmetic

• Example mod calculations provided.

Cipher Types

• Symmetric: Single secret key for encryption/decryption.
• Asymmetric: Key pair (public/private) for encryption/decryption.

Block Cipher Modes

• Block cipher modes manage how data blocks are processed in symmetric encryption
• CFB, OFB, CTR block cipher modes allow block cipher to operate like a stream cipher.

Symmetric Block Ciphers

• Use S-boxes for substitution during encryption.

Cryptographic Keys

• Public key: Shared or distributed for decryption in asymmetric cryptography.
• Secret key: Exchanged for decryption in symmetric cryptography

Block and Key Sizes (Examples):

• CLEFIA: 128-bit blocks, 128, 192, or 256-bit keys
• Rabbit: 128-bit keys, 64-bit IV
• PRESENT: 64-bit block size, 80 or 128-bit keys

Certificate Management Stages:

• Initialization: Certificate distribution
• Issued: Certificate retrieval/recovery and validation
• Cancellation: Certificate expiration and revocation

Certificate Authority (CA) and Certificate Revocation List (CRL)

• CA publishes CRL.
• CRL: Lists revoked certificates.

Online Certificate Status Protocol (OCSP)

• Online service for checking certificate validity.

Certificate Revoked Status vs. Hold Status

• Revoked: Cannot be reversed
• Hold: Reversible

Cryptographic Attacks

• Exhaustive search: Brute-force attack trying every possible key.
• Man-in-the-middle (MITM): Attacker impersonates both parties.
• Known plaintext attack: Intruder knows part of the ciphertext and corresponding plaintext.
• Time attack: Determining decryption time to find the key.
• Replay attack: Sending a legitimate message at a later time.
• Cut-and-paste attack: Mixing parts of different encrypted messages.

Cryptographic Backdoors

• Key escrow and NOBUS create backdoors in cryptography.

Blockchain

• Ledger of transactions for Bitcoin and other networks.
• Miners compile transaction lists.
• Miners receive rewards for successful mining efforts.
• Smart contracts automate agreements.
• Ethereum Gas: Unit to measure work for hashing.

Early Ciphers

• Caesar, Bifid, Playfair, Pigpen, Vigenere, and Four-square cipher are described as example ciphers.

AES Block and Key Sizes

• AES block size: 128 bits
• AES key sizes: 128, 192, or 256 bits

Block Cipher Modes (Examples)

• Output Feedback (OFB) encrypts IV and uses the result.
• Cipher Feedback (CFB) XORs data with encrypted IV.
• Counter Mode (CTR) enables parallel data block processing

Cryptographic Concepts (Examples)

• ECDH: Elliptic Curve Diffie-Hellman (key exchange).
• Paillier: Homomorphic encryption.
• PKCS #5/7: Password-based encryption and signing/encrypting messages Standards.
• Entropy: Measure of unpredictability in encryption.
• Digital certificate: Proves server identity in HTTPS.
• Public key: Found in digital certificates.
• WPA 48-bit Initialization Vector(IV) value.

Other

• LM Hash: Stores user passwords in some version of Windows (max 15 characters).
• Birthday Attack: Probability theory used in brute-force attacks in cryptography.
• TSP (Time-Stamp Protocol): Provides cryptographically-verified timestamps.
• El Gamal: Public key method for encryption and digital signing.
• Identity-based Encryption (IBE): Generating encryption keys from recipient identity information.
• RC4: Symmetric stream cipher used in SSL.
• Cipher Feedback (CFB): XORs data with encrypted IV.
• Counter Mode (CTR): Parallel data block processing.
• Unicode: Used in some security implementations.

Description

This quiz covers key concepts of cryptographic techniques, including hashing algorithms like MD5 and SHA-1, as well as IPSec modes and the Chaskey method. You will also explore the weaknesses of one-way hashing and the specifications of symmetric stream ciphers like RC4. Test your knowledge on these critical aspects of modern security architecture.