Cryptography Concepts

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson
Download our mobile app to listen on the go
Get App

Questions and Answers

Which of the following BEST defines a 'threat' in cybersecurity?

  • An event that compromises system integrity.
  • Gaining unauthorized access to system resources.
  • An attempt to exploit a system's vulnerability.
  • An event with the potential to impact security properties. (correct)

Which scenario exemplifies a passive attack?

  • Monitoring network traffic to capture sensitive information. (correct)
  • Exploiting a software vulnerability for unauthorized access.
  • Exploiting legitimate access to steal sensitive data.
  • Using a brute-force attack to guess a user's password.

What does the acronym 'CIA' stand for in the context of information security?

  • Confidentiality, Identity, Availability
  • Confidentiality, Integrity, Availability (correct)
  • Control, Integrity, Authentication
  • Confidentiality, Integrity, Accountability

Which statement accurately compares the Data Encryption Standard (DES) and Rivest–Shamir–Adleman (RSA) algorithms?

<p>RSA uses two different keys for encryption and decryption. (B)</p> Signup and view all the answers

According to Claude Shannon's principles, what component is MOST critical to keep secret in a cryptographic system?

<p>The specific key used. (C)</p> Signup and view all the answers

Which statement accurately describes a transposition cipher?

<p>Each character's position is shifted relative to others. (B)</p> Signup and view all the answers

Which of the following data types is unsuitable for a Caesar cipher key?

<p>String of alphabetic characters (B)</p> Signup and view all the answers

Which modern cryptographic algorithm is the MOST susceptible to brute-force attacks, assuming a short key length?

<p>Data Encryption Standard (DES) (B)</p> Signup and view all the answers

What is the primary security risk associated with using Electronic Codebook (ECB) mode encryption?

<p>Patterns in the plaintext are visible in the ciphertext. (C)</p> Signup and view all the answers

What critical problem does the Diffie-Hellman key exchange primarily address?

<p>Preventing eavesdroppers from copying the key. (C)</p> Signup and view all the answers

What property is not a characteristic of a secure hash function?

<p>Different inputs may produce the same output. (A)</p> Signup and view all the answers

Which of the following is the MOST accurate definition of a rainbow table?

<p>A precomputed table of hash values used to crack passwords. (B)</p> Signup and view all the answers

What is the primary reason for using password salting?

<p>To increase the computational effort required for brute-force attacks. (C)</p> Signup and view all the answers

Which password is most likely to be easily guessed by both humans and dictionary attacks?

<p>apple (A)</p> Signup and view all the answers

What is the defining characteristic of password spraying?

<p>Using a single password across many accounts. (A)</p> Signup and view all the answers

Which authentication factor category does a smart card belong to?

<p>Something you possess (C)</p> Signup and view all the answers

What term describes when a valid user's biometric scan is rejected?

<p>False non-match (D)</p> Signup and view all the answers

Based on the lectures, what is typically the initial action performed by a virus?

<p>Check a condition to begin infecting a program (D)</p> Signup and view all the answers

What is the primary purpose of a webshell?

<p>To maintain unauthorized access to a server. (D)</p> Signup and view all the answers

When is a system considered safe from a zero-day exploit?

<p>Once the vulnerability is patched. (C)</p> Signup and view all the answers

Flashcards

Definition of a threat

An event with the potential to adversely impact the security properties of an information system.

Example of a passive attack

Attacker exploits vulnerability in bank system to view bank balances without authorization.

CIA acronym

Confidentiality, Integrity, and Availability.

DES vs. RSA keys

RSA uses two different keys for encryption and decryption.

Signup and view all the flashcards

Claude Shannon's key principle

The key needs to be the most important kept secret.

Signup and view all the flashcards

Transposition cipher

Each character of the plaintext is reordered to form the ciphertext.

Signup and view all the flashcards

Invalid Caesar cipher key

String of alphabetic characters.

Signup and view all the flashcards

Brute-forcing cryptographic algorithms

DES is the most vulnerable to brute-forcing attacks.

Signup and view all the flashcards

Avoid ECB mode because

Easy to see the relationship between plaintext and ciphertext.

Signup and view all the flashcards

Diffie-Hellman solves

Solved by Third party making a copy of a key sent between communicating parties.

Signup and view all the flashcards

False property of a hash function

Different output for the same input.

Signup and view all the flashcards

Rainbow table definition

Dictionary of hashes.

Signup and view all the flashcards

Password salting reason

Increase the work required to brute force a password.

Signup and view all the flashcards

Password easy to guess

apple is most likely to be considered easy for humans to remember but ALSO easy for computers to guess using DICTIONARY attacks.

Signup and view all the flashcards

Password spraying

Use same password on many different accounts.

Signup and view all the flashcards

Smart card authentication type

Something you possess.

Signup and view all the flashcards

Biometric system fails to recognize an enrolled user

False non-match.

Signup and view all the flashcards

Main purpose of a web shell?

Maintain access

Signup and view all the flashcards

Most important requirement for a switched packet network

Delivery of packets.

Signup and view all the flashcards

Source port in packet header

Identifies which program on client will process the reply.

Signup and view all the flashcards

Study Notes

Section A - Concepts

  • A threat is defined best as an event with the potential to adversely impact the security properties of information systems
  • The best example of a passive attack involves an attacker exploiting system vulnerability to view bank balances
  • CIA acronym stands for Confidentiality, Integrity, Availability
  • RSA uses two different keys for both encryption and decryption
  • According to Claude Shannon, the key is the most important thing to keep secret
  • Transposition cipher reorders each character to form the ciphertext
  • String of alphabetic characters cannot be chosen as a key for Caesar cipher
  • DES is one of the modern cryptography algorithms that is the most vulnerable to brute-forcing attacks
  • It's easy to see the relationship between plaintext and ciphertext is the best reason to avoid using Electronic Code Book (ECB) mode of operation
  • Third party making a copy of a key sent between communicating parties is the main problem solved by the Diffie-Hellman method
  • A false property for a hash function is different output for the same input
  • Rainbow table is best defined as a dictionary of hashes
  • Password salting is used to increase the work required to brute force a password
  • A password like "apple" is easy for humans to remember and easy for computers to guess using dictionary attacks
  • Password spraying is using the same password on many different accounts
  • A smart card is best described as "something you possess"
  • When an enrolled user presents a biometric to an authentication system and it doesn't recognise them, it's called a "False non-match"
  • The initial action a virus performs involves checking whether a condition is met that enables it to find a program to infect
  • Web shell's primary function is to maintain access
  • A system is safe from a zero-day exploit once the vulnerability is fixed
  • The most important requirement for a switched packet network is the delivery of packets
  • Including a source port identifies which program on client will process the reply
  • With a shared key in a WPA2 network, it is false to say that you can protect your web traffic from sniffing using HTTPS
  • A digital certificate does not contain the owner's private key
  • For a MITM attack using an evil twin, it is LEAST important that the evil twin implements a captive portal

Section B - Applying Concepts

  • Being guilty because the action is more important than intention is the correct statement regarding guilt
  • Encrypting the plaintext MAXY with the Vigenere cipher and a key of BZ yields the ciphertext NZYX
  • Using a cipher with a block size of 16 bits requires 9 bits to be added as padding for a 151-bit plaintext
  • If Alice is using RSA to authenticate that she encrypted a message, she should use Alice’s private key

Section C - Short Answers

  • Credential stuffing attack: Attacker obtains usernames and passwords then test stolen credentials and gains access if credentials reused, use password per site and some form of SSO
  • Hash-based tokens and authenticators using a one-time-password need to have the counter synchronised with each other, since there is no direct communication between the token and the authenticator
  • Post quantum computing reduces the time to do number factorisation that is the basis of asymmetric crypto, this allows uses of code that is hard to solve that don't rely on factorising and cannot easily be solved using quantum algorithms

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

More Like This

Cryptography Key Terminologies Quiz
12 questions
Cryptography and IT Security
18 questions
Cryptography & Network Security Basics
5 questions
Use Quizgecko on...
Browser
Browser