1_4_6 Section 1 – Attacks, Threats, and Vulnerabilities - 1.4 – Network Attacks - Randomizing Cryptography

Questions and Answers

What is the core element of cryptography mentioned in the text?

Randomization in the encrypted data

Why is it problematic if encrypted data resembles the original plaintext?

It allows attackers to easily reverse engineer the original text

What is Electronic Code Book (ECB) mentioned in the text used for?

Encrypting blocks of data without randomization

What purpose does a nonce serve in cryptography?

Adding an arbitrary number for one-time use

How does lack of randomization affect the encryption process?

Results in non-random encrypted data

What happens when each block of data in cryptography lacks randomization?

Blocks look very similar to previous data blocks

What is the purpose of using a cryptographic nonce during a login process?

To prevent replay attacks by using a different hash value every time

What is an example of a cryptographic nonce commonly used in encryption methods?

Initialization Vector (IV)

How does using a different salt for each user's password hash in a database enhance security?

It ensures that different users with the same password have different hashed values

Why is it beneficial for a server to send a different nonce to a client each time they log in?

To prevent attackers from conducting replay attacks

Which term is used to describe a random value or something that is randomized enough to prevent guessing or replication by attackers?

Nonce

How does adding an Initialization Vector (IV) to an encryption key enhance the overall encryption method?

It adds randomization and strengthens the encryption method

What is a fundamental reason for ensuring a sufficient amount of randomization in cryptography?

To prevent attackers from guessing or replicating the original text

How does Electronic Code Book (ECB) encryption differ from other encryption methods mentioned in the text?

ECB uses a single key for all blocks of data

What is the impact of encrypting data with insufficient randomization, as seen in the example of the puppy image?

The encrypted output closely resembles the original input

Why is adding a nonce crucial to enhancing cryptographic processes?

To introduce randomness and prevent predictable patterns

In the context of cryptography, what role does a nonce play in encryption procedures?

Introduces randomness to prevent identical outputs for similar inputs

What is a significant drawback of using Electronic Code Book (ECB) encryption without adding randomization?

Indistinguishable output even when two blocks are identical

What is the primary reason for using a cryptographic nonce during a login process?

To authenticate the user to the system

How does the randomization introduced by a cryptographic nonce prevent replay attacks?

By encrypting the password hash differently each time

What is the function of an Initialization Vector (IV) in encryption?

To add randomization to the encryption key

Why is it important to use a unique salt for each user's password hash in a database?

To prevent attackers from identifying users with similar passwords

Which encryption method commonly uses an Initialization Vector (IV) for adding randomization?

WEP encryption

What is the purpose of including a nonce in the storage of password hashes permanently in a database?

To randomize passwords across all users