Cyber Security Essentials - Module 4: Encryption & Hashing

Questions and Answers

What is 'ciphertext'?

Ciphertext is a secure, coded form of a message that has been encrypted.

What is the function of the 'key' in encryption?

The key is a special password or piece of information that controls the mathematical function used for encryption and decryption.

What are the two main types of cryptographic systems?

• Analog key systems and Digital key systems
• Symmetric key systems and Asymmetric key systems (correct)
• Private key systems and Public key systems
• Simple key systems and Complex key systems

What are the two basic principles of symmetric encryption?

Substitution and Transposition (B)

The 'key' in symmetric encryption must be kept secret from both the sender and the receiver.

False (B)

What is the purpose of 'salted' hashes in password protection?

Salted hashes are used to add a random string to the password before hashing, making it more difficult for attackers to use rainbow tables to crack passwords.

The Public Key Infrastructure (PKI) utilizes a 'trusted party' to guarantee the authenticity of public keys.

True (A)

What does a digital certificate contain?

The user's public key, information about the user, and the trusted party's digital signature (D)

What is the role of the 'Registration Authority' (RA) in PKI?

The RA verifies user requests for digital certificates and informs the CA to issue the certificates. They also perform administrative functions on behalf of the CA.

Quantum computing could potentially pose a threat to current encryption methods.

True (A)

Which of the following is NOT a benefit of using HTTPS?

Faster loading times for web pages (B)

What is the purpose of a VPN?

A VPN creates a secure, private network over a public telecommunications infrastructure, enabling secure and private communication even when using a public network.

S/MIME is a standard secure email protocol that uses asymmetric encryption and digital signatures.

True (A)

What are the potential benefits of encrypting data at rest?

Protecting sensitive data from unauthorized access (A), Reducing the risk of data breaches through encryption (B)

What is cryptanalysis?

Cryptanalysis is the science of breaking cryptographic protection by identifying weaknesses in algorithms, discovering secret keys, or decrypting ciphertext without the key.

What is a 'side-channel attack'?

An attack that targets physical characteristics of the system, like timing or power consumption (D)

Storing passwords in cleartext is considered a secure practice.

False (B)

What is password entropy?

Password entropy is a measure of the unpredictability and security of a password against guessing or brute-force attacks. It quantifies the difficulty an attacker would have in finding the password.

How can you improve password entropy?

All of the above (D)

Encryption can be misused by criminals to hide malware or facilitate criminal activities.

True (A)

What are some of the risks associated with encryption?

Some risks associated with encryption include the potential for key compromises, the evolution of faster password-cracking tools, and the obsolescence of encryption algorithms over time, increasing the vulnerability of encrypted data.

Flashcards

Encryption

The process of converting plaintext into a secure, coded form called ciphertext.

Decryption

Converting ciphertext back into plaintext, using the appropriate key.

Key

A special password used to control the encryption and decryption process.

Atbash Cipher

An older, simple substitution cipher where the first letter is replaced with the last, the second with the penultimate, etc.

Polybius Square

A method using a 5x5 grid to encode letters into pairs of digits.

Symmetric key system

A cryptographic system using a single, secret key for both encryption and decryption.

Asymmetric key system

A cryptographic system using a pair of complementary keys: a public key and a private key.

Encryption algorithm

A mathematically based function that encrypts or decrypts data.

Key length

A predetermined length for a key. Longer keys are harder to crack.

Plaintext

The original, readable message.

Ciphertext

The encrypted message, unreadable without the key.

Modern encryption

A cryptographic system where the strength relies on the secrecy of the key, not the algorithm.

Electronic Codebook (ECB)

A mode of encryption where each plaintext block is encrypted independently using the same key.

Cipher Block Chaining (CBC)

A mode of encryption where each plaintext block is XORed with the previous ciphertext block before encryption.

Cipher Feedback (CFB)

A mode of encryption where the previous ciphertext block is encrypted and XORed with plaintext.

Output Feedback (OFB)

A mode of encryption where the output of the encryption function is fed back into the encryption process.

Counter (CTR)

A mode of encryption where a unique counter value is encrypted and XORed with plaintext.

RC4

A fast but obsolete stream cipher, considered weak.

Data Encryption Standard (DES)

A block cipher developed by IBM, now considered weak.

Advanced Encryption Standard (AES)

A block cipher developed by Vincent Rijmen and Joan Daemen, widely used for secure communication.

Asymmetric encryption for non-repudiation

A method for signing messages to ensure the sender cannot deny sending it.

RSA (Rivest, Shamir, Adleman)

A widely used standard for asymmetric encryption, using prime number factorization.

Elliptical Curve Cryptography (ECC)

An asymmetric encryption method using elliptic curves for smaller key sizes.

Hashing

A process for creating a short code representing a document, used for digital signatures.

Hash

The code generated by a hashing algorithm.

Transport Layer Security (TLS)

A standard used to ensure the integrity of data transmitted over a network.

Secure Hypertext Transfer Protocol (HTTPS)

A secure version of HTTP, using TLS for encrypted sessions.

Virtual Private Network (VPN)

A secure private network over a public network, using encryption.

Secure Multipurpose Internet Mail Extensions (S/MIME)

A standard secure email protocol providing authentication, integrity, and confidentiality.

Cryptanalysis

The process of breaking cryptographic protection by finding weaknesses in algorithms or the key.

Salted hashing

A method to protect passwords by adding a random string before hashing.

Password entropy

A measure of how unpredictable and secure a password is against guessing.

Ransomware

A type of malware that encrypts data and demands ransom for decryption.

Study Notes

Cyber Security Essentials - Module 4: Encryption & Hashing

• This module covers encryption and hashing, crucial concepts in cybersecurity.
• 376,791 active bots were identified in the last 24 hours according to Spamhaus.
• China and the United States are among the countries with the highest botnet activity.
• There are several countries and ISPs with significant botnet activity in 2024.
• Encryption converts plaintext to ciphertext, making it unreadable without a key.
• Decryption reverses this process.
• Encryption uses a mathematical function controlled by a key (or keys).
• Encryption is a process much older than modern cybersecurity.
• Various ancient methods of encryption were demonstrated, such as the Scytale algorithm and Atbash cipher.
• The Polybius Square cipher was a Greek method using a grid.
• The Caesar cipher is an early substitution method.
• Modern cryptography often uses the Enigma machine and Kurt Schoenmaekers cipher.
• Encryption is heavily regulated in some countries. Algorithms and key lengths may be restricted.
• Encryption is part of the broader field of cryptography.
• Encryption protects data at rest (stored data) and in transit (flowing data).
• Encryption is used to protect data from unauthorized viewing and manipulation.
• Encryption protects transmitted data from unauthorized interception and manipulation.
• Verification of transaction or document authenticity is handled with digital signatures.
• Encoding transforms a message to another form, is well-known, reversible, and doesn't need a key.
• Encryption and decryption require a key.
• Encoding, unlike encryption, just changes the format of data, making it unreadable without knowledge of how to convert it back to its original.
• Key elements of encryption systems include the algorithm itself and the encryption key.
• Key length impacts the security; longer keys are more difficult to crack by force.
• Plaintext is original text, ciphertext is encrypted text.
• Algorithm strength, key secrecy, avoiding backdoors, and the inability to decrypt parts all influence a system's strength.
• Known plaintext attacks weaken systems by leveraging information about the plaintext.
• Symmetric Encryption systems use the same key for encryption and decryption.
• Symmetric encryption example: encrypting a message to close a door and reopen it with the same key.
• Advantages of symmetric encryption include simplicity and speed, suitable for large data volumes.
• Disadvantages of symmetric encryption include key distribution challenges.
• Stream ciphers encrypt data one bit or byte at a time (e.g., real-time video streaming).
• Block ciphers encrypt data in fixed-size blocks (e.g., file transfer).
• Electronic Codebook (ECB) mode encrypts each block independently using the same key, but it's vulnerable to pattern analysis.
• Cipher Block Chaining (CBC) mode encrypts each block using the previous ciphertext block. It's more secure than ECB.
• Cipher Feedback (CFB) mode encrypts in smaller units than block size.
• Output Feedback (OFB) mode encrypts asynchronously.
• Counter (CTR) mode encrypts using a counter value.
• Various encryption algorithms, including RC4, DES, and AES are listed and compared. Some algorithms are deprecated.
• Asymmetric Encryption uses two complementary keys for encryption (public key) and decryption (private key).
• Asymmetric encryption speeds and efficiency vary from symmetric methods.
• RSA, a well-known standard in asymmetric encryption relies on the difficulty of factoring very large numbers.
• Elliptic Curve Cryptography (ECC) is used often to offer equivalent security with smaller key sizes.
• Hashing creates a shorter code (hash) representing a larger document.
• Hashing is used to verify document integrity by comparing the hash of the origin code to the hash of a received copy.
• MD5, SHA-1, SHA-256, SHA-512, RIPEMD, are various hashing algorithms.
• Hashing is crucial for password protection. Passwords are hashed rather than stored directly, using "salting" to reduce vulnerability.
• The attacker cannot derive the password directly from the hash value.
• Password entropy quantifies a password's security against guessing and attacks.
• A higher entropy (typically longer and more diverse passwords) implies a stronger password.
• Misuse of encryption can affect the security of data, such as ransomware attacks.
• Public Key Infrastructure (PKI) is used to address key distribution.
• A Certificate Authority (CA) issues and manages security certificates.
• A Registration Authority (RA) helps in the verification of user identities, required for digital certificates.
• Digital certificates include information about the owner and the certificate.

Description

Explore the crucial concepts of encryption and hashing in this module on Cyber Security Essentials. Learn about ancient and modern encryption techniques, the workings of algorithms, and the significance of key management in safeguarding information. This quiz will test your understanding of these foundational aspects of cybersecurity.