1.1 Introduction to Cryptography

Questions and Answers

What is a significant flaw associated with MD5 hash algorithms?

• They can have collisions. (correct)
• They are computationally expensive.
• They require large key sizes.
• They are secure against all forms of attack.

Which hash algorithm is known to produce outputs of varying lengths such as SHA-256 and SHA-512?

• Secure Hash Algorithm (SHA) (correct)
• Message Digest (MD)
• HAVAL
• RIPEMD

What information is typically included in a digital certificate?

• User's social media handles
• Access permissions
• Personal identification number
• Public key (correct)

What was the significant achievement of researchers regarding SHA-1 as documented in 2017?

They demonstrated the first ever SHA-1 hash collision. (D)

Which of the following hash algorithms should not be trusted due to known weaknesses?

MD4 (A)

What impact does a hash collision have on data integrity?

It allows data to be safely altered undetected. (B)

Which characteristic is unique to hash algorithms like SHA and MD?

They produce fixed-length hash values. (A)

What can the presence of collisions in hash algorithms lead to?

Endanger the security of digital signatures. (B)

Which hashing algorithm was initially published by Ronald Rivest?

MD5 (D)

What algorithm family includes SHA-256 and SHA-512 as components?

Secure Hash Algorithm (C)

What is a primary disadvantage of asymmetric cryptography?

It is significantly slower than symmetric cryptography. (D)

Which of the following is a characteristic of symmetric key algorithms?

Keys must be distributed secretly. (A), They are generally efficient for encrypting large blocks of data. (B)

Which asymmetric key algorithm is known for its commercial use?

Rivest Shamir Adleman (RSA) (C)

What are the central aspects of modern cryptography?

Data confidentiality, data integrity, authentication, and non-repudiation (D)

In a hybrid cryptosystem, what is the function of the session key generated by Alice?

To encrypt messages for both Alice and Bob efficiently. (B)

In symmetric cryptography, what is the first step that Alice and Bob must take?

Alice and Bob agree on a cryptosystem (B)

What is the role of hash functions in cryptography?

To compute a unique hash value reflecting large datasets. (D)

What does non-repudiation in cryptography ensure?

The data was created or modified by a specific individual (B)

Which of the following statements about hybrid cryptosystems is correct?

They combine both asymmetric and symmetric encryption techniques. (B)

How does asymmetric cryptography primarily differ from symmetric cryptography?

Alice and Bob do not need to agree on a common key (D)

What is a common weakness of symmetric encryption methods?

The same key is used for both encryption and decryption. (C)

Which of the following applications does NOT directly relate to cryptography?

Data analytics (D)

Which asymmetric algorithm is known for its open-standard characteristics?

PGP (Pretty Good Privacy) (D)

What is the primary purpose of maintaining data integrity in cryptography?

To verify that unauthorized changes have not occurred (D)

What is the main challenge associated with key distribution in asymmetric cryptography?

The keys must remain private at all times. (B)

Which statement is true regarding the efficiency of asymmetric cryptography?

It is primarily used to encrypt keys rather than actual messages. (B)

When Alice encrypts her message using Bob's public key, what cryptographic principle is she employing?

Asymmetric encryption (A)

Which field does modern cryptography intersect with?

Mathematics, computer science, and electrical engineering (D)

What does the term 'confidentiality' primarily refer to in the context of cryptography?

Ensuring that secret data is protected from unauthorized access (A)

What common feature do both symmetric and asymmetric cryptography share?

They both use encryption algorithms (D)

What is Cryptogrphy

A method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. (A)

What are the goals of Cypgtography

1. Confidentiality , 2. Integrity, 3. Non-Repudiation, 4. Authentication. (D)

The two main types of cryptography are:

1. Symmetric cryptography 2. Asymmetric cryptography (C)

Flashcards

Cryptography

The practice and study of techniques for secure communication, protecting data from unauthorized access.

Confidentiality

Ensuring that data remains confidential and accessible only to authorized parties.

Integrity

Guaranteeing that data remains unchanged and authentic, preventing unauthorized modifications.

Non-repudiation

Establishing proof of origin and authenticity, preventing denial of actions.

Authentication

Verifying the identity of a person or entity, confirming they are who they claim to be.

Symmetric Cryptography

A cryptographic method where both the sender and receiver use the same secret key for encryption and decryption.

Asymmetric Cryptography

A cryptographic method using separate keys for encryption and decryption, with a public key for encryption and a private key for decryption.

DES (Data Encryption Standard)

A core element of symmetric cryptography, DES uses a 56-bit key to encrypt data.

Triple DES (3DES)

An improved version of DES that uses three keys for encryption.

AES (Advanced Encryption Standard)

A symmetric key algorithm known for its speed and security, popular for encrypting large amounts of data.

RSA (Rivest-Shamir-Adleman)

A public-key cryptography algorithm used for encryption, digital signatures, and key exchange.

Elliptic Curve Cryptography (ECC)

A cryptographic method using a special type of math designed to make it computationally difficult to crack.

Hybrid Cryptosystems

A method of combining symmetric and asymmetric cryptography to achieve both efficiency and security.

Hash Function

A fixed-length output produced by a function that takes variable-sized inputs.

SHA-1 (Secure Hash Algorithm 1)

A cryptographic hash function used to generate a 160-bit hash value, primarily used for digital signatures and integrity verification.

Message Digest (MD)

A popular family of hash functions

Secure Hash Algorithm (SHA)

A family of hash functions designed to be secure and widely deployed.

SHA-256

A cryptographic hash function that produces a 256-bit output, meaning it generates very short unique signatures.

Hashing

A method that produces a small block of data from a larger block of data that can be used to verify the integrity of the larger block.

MD5

A cryptographic hash function that produces a 128-bit output, meaning it generates shorter (but less secure) unique signatures.

Hash Collision

Two different inputs producing the same hash output.

Collisions in Hash Algorithms

A common occurrence in early hash algorithms (MD5), meaning a hash function can produce the same output for different inputs, compromising security.

Digital Certificates

They are electronic documents that contain information about the user and their digital identity, enabling secure communication and verification online.

Digital Signature

An electronic signature generated using cryptography to verify the authenticity and integrity of a digital document.

Symmetric Cryptography Process

1. Alice and Bob agree on a cryptosystem
2. Alice and Bob agree on a key
3. Alice takes her plaintext message and encrypts it using the encryption algorithm and the key. This creates a ciphertext message
4. Alice sends the ciphertext message to Bob
5. Bob decrypts the ciphertext message with the same algorithm and key and reads it

Asymmetric Cryptography Processes

1. Alice and Bob agree on a public-key cryptosystem
2. Bob sends Alice his public key
3. Alice encrypts her message using Bob’s public key and sends it to Bob
4. Bob decrypts Alice’s message using his private key

Study Notes

Introduction to Cryptography

• Cryptography is the art and science of protecting data, ensuring only intended recipients can read and process it, while blocking adversaries.
• Various aspects of information security, such as confidentiality, integrity, authentication, and non-repudiation, are central to modern cryptography.
• Modern cryptography combines mathematics, computer science, and electrical engineering
• Cryptography is used in ATMs, computer passwords, and electronic commerce.

Goals of Cryptography

• Confidentiality: Ensuring secret data remains secret from unauthorized access.
• Integrity: Verifying data hasn't been altered unauthorizedly.
• Non-repudiation: Proving data was created or modified by a specific individual.
• Authentication: Determining if someone or something is genuinely who or what it claims to be.

Two Kinds of Cryptography

• Symmetric Cryptography:
  • Alice and Bob agree on a cryptosystem and a key
  • Alice encrypts the plaintext message using the algorithm and key, creating ciphertext
  • Alice transmits ciphertext to Bob
  • Bob decrypts the message using the same algorithm and key.
• Asymmetric Cryptography:
  • Alice and Bob agree on a public-key cryptosystem.
  • Bob sends Alice his public key.
  • Alice encrypts her message with Bob's public key and sends it to Bob.
  • Bob decrypts the message with his private key.

Symmetric Cryptography Detail

• Uses the same key for encryption and decryption.
• Efficient for bulk data processing.
• Works well with smaller key sizes.
• Key distribution is a challenge.

Symmetric Key Algorithms

• Data Encryption Standard (DES)
• Triple DES (3DES)
• Blowfish & Twofish
• IDEA
• RC4, RC5, and RC6
• Advanced Encryption Standard (AES)

Asymmetric Cryptography Detail

• Uses two different but related keys.
• Encryption with one key, decryption with the other key.
• Solves key distribution challenges.
• Inefficient for large data blocks.
• Slower than symmetric cryptography.

Problems with Cryptography

• Symmetric: Keys need secure distribution. If a key is compromised, anyone can decrypt messages. Doesn't scale well for networks.
• Asymmetric: Significantly slower than symmetric. Vulnerable to attacks like chosen-plaintext attacks.

Public-Key Algorithms

• Not a substitute for symmetric algorithms.
• Used to encrypt keys (session keys) used by symmetric algorithms for message traffic.

Asymmetric Key Algorithms

• Rivest Shamir Adleman (RSA)
• Pretty Good Privacy (PGP)
• Open Standard PGP (RFC 4880) - implemented as Gnu Privacy Guard
• Elliptic Curve Cryptosystem (ECC)

Hybrid Cryptosystems

• Bob sends Alice his public key.
• Alice generates a session key, encrypts it with Bob's public key, and sends it to Bob.
• Bob decrypts the session key using his private key.
• Both use the same session key for further communication.

Hash Functions

• Computes a small hash value from large amounts of data.
• Different data results in different hash values.
• Protects data integrity - verifying no unauthorized alterations.
• Used in digital signatures.

Hash Algorithms

• Message Digest (MD) (e.g., MD2, MD4, MD5)
• Secure Hash Algorithm (SHA) (e.g., SHA-1, SHA-256, SHA-512)
• HAVAL

Digital Certificates

• Electronic documents containing information about the certificate (who issued it, whom it's issued to, valid until, public key, algorithms and key sizes, digital signature).
• Digital signatures verify data integrity.