Cryptography Basics

Questions and Answers

What is the primary purpose of the Diffie-Hellman algorithm in asymmetric cryptography?

• Digital signature
• Key exchange (correct)
• Authentication
• Symmetric encryption

Which of the following block cipher modes is vulnerable to error propagation?

• ECB
• CFB
• CBC (correct)
• OFB

What is the primary advantage of Elliptic Curve Cryptography (ECC) over RSA?

• Shorter key lengths (correct)
• Faster computation
• Resistance to DoS attacks
• Improved security against quantum computers

What is the purpose of padding in block ciphers?

To fill the final block of plaintext to the block size (B)

What is the main advantage of stream ciphers over block ciphers?

Parallelization of computations (A)

What is the primary purpose of a keyed-hash function in digital signature algorithms?

To ensure integrity and authenticity (B)

What is the main difference between a MAC and a MIC?

A MAC is a hash followed by encryption, while a MIC is a normal hash (C)

What is the primary vulnerability exploited in a Return-Oriented Programming (ROP) attack?

Buffer overflow (C)

What is the purpose of a KDF (Key Derivation Function) in cryptography?

To derive multiple keys from a single password (A)

What is the main difference between a CWE (Common Weakness Enumeration) and a CVE (Common Vulnerabilities and Exposures)?

A CWE is a theoretical vulnerability, while a CVE is an actual vulnerability (A)

Flashcards are hidden until you start studying

Study Notes

Terms

• Confidentiality: protecting sensitive information from unauthorized access
• Integrity: ensuring data is accurate, complete, and not modified without authorization
• Authentication: verifying the identity of a user, device, or system
• Authorization: controlling access to resources based on user identities and permissions
• Non-repudiation: ensuring a sender cannot deny sending a message

Symmetric Cryptography

• Key sharing: out-of-band, asymmetric, key agreement algorithms, key management systems
• Key sizes: 56-bit (DES), 128-256 bit (AES)
• Block sizes: 64-bit (DES), 128-bit (AES)
• DES: outdated, can be brute forced
• Triple DES: repeated DES three times, actual key length of 112 bits
• Blowfish: alternative to AES
• AES: most widely used, key sizes 128-256 bits, block size 128 bits

Block Ciphers

ECB (Electronic Code Book)

• Parallel computations, each block independent
• Same plaintext yields same ciphertext

CBC (Cipher Block Chaining)

• Initialization vector required
• Plaintext XORed with previous ciphertext, error propagation possible

Padding

• Always add padding, last byte determines amount of padding (up to an entire block)

Stream Ciphers

CTR (Counter Mode)

• Requires nonce concatenated with a counter
• Can be parallelized and allows random access (counter can be precomputed)

CFB (Cipher Feedback)

• Initialization vector encrypted with key generates keystream
• Similar to CBC

OFB (Output Feedback)

• Similar to CFB, but keystream is chained, not output ciphertext

Asymmetric Cryptography

• Computationally heavier
• Used for key distribution (confidentiality) and digital signatures (integrity and authentication, hashing message and private crypt)
• Very long keys required
• Diffie-Hellman: key exchange only, vulnerable to man-in-the-middle attacks
• RSA: for any purpose, breakable by quantum computers, 2048-bit keys
• Elliptic Curve Cryptography (ECC): RSA alternative with shorter keys (256-512 bits)
• Digital Signature Algorithm (DSA): digital signatures only

Hash Functions

• Digest used for integrity in combination with encryption (keyed-hash)
• Fast, difficult to invert, and collision-free
• MD5: 512-bit block size, 128-bit digest, insecure
• SHA-2: 512-bit block size, digest sizes 256/384/512-bit, secure
• Keyed-digest: hashing message and key combined, doesn't require encryption

Memory Vulnerabilities

CWE-119 Buffer Overflow

• Reading or writing to memory locations outside the buffer

CWE-125 Buffer Overread

• Reading memory locations beyond the buffer

CWE-416 Use After Free

• Using a dangling pointer not reset to NULL

CWE-190 Integer Overflow

• Overflowing an integer value

CWE-134 Use of Externally-Controlled Format String

• Format string generated or modified by an external source

CWE-78 OS Command Injection

• Injecting shell commands, mitigated by checking content and using least privilege

Code Reuse

• Return-to-libc: using buffer overflow to return to exec() with malicious parameters

Return-Oriented Programming (ROP)

• Using small code gadgets, ending with RET, to craft malicious code
• Stack can be overflowed with fake return addresses

Secure Coding

• CWE: Common Weakness Enumeration, theoretical vulnerabilities
• CVE: Common Vulnerabilities and Exposures, actual vulnerabilities
• KDF: Key Derivation Functions
• PKI: Public Key Infrastructure