ICT2213 Applied Cryptography Lecture 12: Key Management (Key Storage)

Questions and Answers

What is the purpose of using a salt in PBKDF2?

• To ensure the key is unique for each user (correct)
• To increase the number of iterations required to perform a dictionary attack
• To protect the password from being revealed
• To make the algorithm more efficient

What is the recommended minimum number of iterations for PBKDF2?

• 10000
• 100
• 1000 (correct)
• 500

How are private keys stored using PKCS #8?

• The private key is encrypted using a symmetric algorithm with a user-provided password
• The private key is stored in plaintext
• The private key is stored in a hardware security module
• The private key is encrypted using PBES2 with PBKDF2 for key derivation (correct)

Which S2K algorithm is recommended for PGP?

Type 3 S2K (iterated and salted) (B)

What is the main claim made by the security company about password-based cryptography?

Password-based keys can be compromised, but the level of security depends on the implementation (D)

What is the primary purpose of using PBKDF2 in password-based cryptography?

To increase the cost of dictionary attacks (B)

Which type of devices are commonly used to store MKs in high-security environments?

Hardware security modules (HSMs) (A)

What is the self-destruct mechanism of Hardware Security Modules (HSMs) triggered by?

Tampering detection (B)

Which technique involves using a key-generating key (KGK) with unique data to derive secret keys stored in secure embedded devices?

Key diversification (B)

Which standard defines key-wrap algorithms for use with an AES KEK to encrypt and store a secret key?

RFC 3394/5649 (D)

In the context of secure transactions, what is the purpose of passing KEKs and DKs as parameters to each transaction when needed?

To mitigate key theft risks (A)

What is the main purpose of issuing and storing keys in secure embedded devices like smart cards or tokens?

To ensure tamper-resistant key storage (A)

In a key hierarchy, what is the primary purpose of Master Keys (MKs)?

To distribute and protect Key-Encrypting Keys (KEKs) and Data Keys (DKs) (B)

Which of the following statements about Key-Encrypting Keys (KEKs) is correct?

KEKs are optional and used to distribute and protect Data Keys (DKs) (A)

What is the primary purpose of Data Keys (DKs) in a key hierarchy?

To encrypt and decrypt sensitive data, as well as generate Message Authentication Codes (MACs) (C)

Which of the following statements best describes the rationale behind using a key hierarchy?

To limit the exposure of encryption keys and minimize the amount of protected information (C)

In a key hierarchy, which of the following keys are distributed manually for security reasons?

Master Keys (MKs) (B)

Which of the following statements about key hierarchy is incorrect?

Master Keys (MKs) are used to encrypt and decrypt sensitive data directly (B)

Flashcards are hidden until you start studying