The greatest weakness with symmetric algorithms is _____.
B
Explanation:
The problem of key exchange
https://en.wikipedia.org/wiki/Symmetric-key_algorithm
Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for
both encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be
a simple transformation to go between the two keys. The keys, in practice, represent a shared secret
between two or more parties that can be used to maintain a private information link. This
requirement that both parties have access to the secret key is one of the main drawbacks of
symmetric key encryption, in comparison to public-key encryption (also known as asymmetric key
encryption).
In IPSec, if the VPN is a gateway-gateway or a host-gateway, then which one of the following is true?
D
Explanation:
IPSec has two different modes: transport mode and tunnel mode.
Only the tunnel mode can be used
https://en.wikipedia.org/wiki/IPsec
In tunnel mode, the entire IP packet is encrypted and authenticated. It is then encapsulated into a
new IP packet with a new IP header. Tunnel mode is used to create virtual private networks for
network-to-network communications (e.g. between routers to link sites), host-to-network
communications (e.g. remote user access) and host-to-host communications (e.g. private chat).
Incorrect answers:
Encapsulating Security Payload (ESP) authentication must be used. ESP in transport mode does not
provide integrity and authentication for the entire IP packet. However, in Tunnel Mode, where the
entire original IP packet is encapsulated with a new packet header added, ESP protection is afforded
to the whole inner IP packet (including the inner header) while the outer header (including any outer
IPv4 options or IPv6 extension headers) remains unprotected.
IPSec does not involve gateways. Wrong.
Only transport mode can be used. Transport mode, the default mode for IPSec, provides for end-to-
end security. It can secure communications between a client and a server. When using the transport
mode, only the IP payload is encrypted.
What is the formula m^e %n related to?
D
Explanation:
Encrypting with RSA
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
RSA Encrypting a message m (number) with the public key (n, e) is calculated:
M' := m^e %n
Incorrect answers:
Decrypting with RSA:
M'' := m^d %n
Generation Mersenne primes:
Mn = 2^n - 1
Encrypting with Elliptic Curve (EC):
y^2 = x^3 + ax + b
A real time protocol for verifying certificates (and a newer method than CRL).
A
Explanation:
Online Certificate Status Protocol (OCSP)
https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol
The Online Certificate Status Protocol (OCSP) is an Internet protocol used for obtaining the
revocation status of an X.509 digital certificate. It is described in RFC 6960 and is on the Internet
standards track. It was created as an alternative to certificate revocation lists (CRL), specifically
addressing certain problems associated with using CRLs in a public key infrastructure (PKI).
Incorrect answers:
Public Key Infrastructure (PKI) - set of roles, policies, hardware, software and procedures needed to
create, manage, distribute, use, store and revoke digital certificates and manage public-key
encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a
range of network activities such as e-commerce, internet banking and confidential email. It is
required for activities where simple passwords are an inadequate authentication method and more
rigorous proof is required to confirm the identity of the parties involved in the communication and to
validate the information being transferred.
Registration Authority (RA) - сomponent of PKI that validates the identity of an entity requesting a
digital certificate.
Server-based Certificate Validation Protocol (SCVP) - Internet protocol for determining the path
between an X.509 digital certificate and a trusted root (Delegated Path Discovery) and the validation
of that path (Delegated Path Validation) according to a particular validation policy.
Which of the following is not a key size used by AES?
D
Explanation:
512 bits
https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
AES is a subset of the Rijndael block cipher developed by two Belgian cryptographers, Vincent Rijmen
and Joan Daemen, who submitted a proposal to NIST during the AES selection process. Rijndael is a
family of ciphers with different key and block sizes. For AES, NIST selected three members of the
Rijndael family, each with a block size of 128 bits, but three different key lengths: 128, 192 and 256
bits.
Which one of the following is an authentication method that sends the username and password in
cleartext?
A
Explanation:
PAP
https://en.wikipedia.org/wiki/Password_Authentication_Protocol
Password Authentication Protocol (PAP) is a password-based authentication protocol used by Point
to Point Protocol (PPP) to validate users. Almost all network operating system remote servers
support PAP. PAP is specified in RFC 1334.
PAP is considered a weak authentication scheme (weak schemes are simple and have lighter
computational overhead but are much more vulnerable to attack; while weak schemes may have
limited application in some constrained environments, they are avoided in general). Among PAP's
deficiencies is the fact that it transmits unencrypted passwords (i.e. in plain-text) over the network.
PAP is therefore used only as a last resort when the remote server does not support a stronger
scheme such as CHAP or EAP.
Incorrect answers:
SPAP - Shiva Password Authentication Protocol, PAP with encryption for the usernames/passwords
that are transmitted.
CHAP - calculates a hash, shares the hash with the client system, the hash is periodically validated to
ensure nothing has changed.
Kerberos - computer-network authentication protocol that works on the basis of tickets to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. Its designers aimed it primarily at a client–server model and it provides mutual
authentication—both the user and the server verify each other's identity. Kerberos protocol
messages are protected against eavesdropping and replay attacks.
Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally
may use public-key cryptography during certain phases of authentication.
A _________ is a digital representation of information that identifies you as a relevant entity by a
trusted third party.
A
Explanation:
Digital Signature
https://en.wikipedia.org/wiki/Digital_signature
A digital signature is a mathematical scheme for verifying the authenticity of digital messages or
documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very
strong reason to believe that the message was created by a known sender (authentication), and that
the message was not altered in transit (integrity).
Modern symmetric ciphers all make use of one or more s-boxes. Both Feistel and non-Feistel ciphers
use these s-boxes. What is an s-box?
A
Explanation:
Substitution box where input bits are replaced
https://en.wikipedia.org/wiki/S-box
In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which
performs substitution. In block ciphers, they are typically used to obscure the relationship between
the key and the ciphertext — Shannon's property of confusion.
A cryptographic hash function which uses a Merkle tree-like structure to allow for immense parallel
computation of hashes for very long inputs. Authors claim a performance of 28 cycles per byte for
MD6-256 on an Intel Core 2 Duo and provable resistance against differential cryptanalysis.
D
Explanation:
MD6
https://en.wikipedia.org/wiki/MD6
The MD6 Message-Digest Algorithm is a cryptographic hash function. It uses a Merkle tree-like
structure to allow for immense parallel computation of hashes for very long inputs. Authors claim a
performance of 28 cycles per byte for MD6-256 on an Intel Core 2 Duo and provable resistance
against differential cryptanalysis.[2] The source code of the reference implementation was released
under MIT license.
Speeds in excess of 1 GB/s have been reported to be possible for long messages on 16-core CPU
architecture.
In December 2008, Douglas Held of Fortify Software discovered a buffer overflow in the original MD6
hash algorithm's reference implementation. This error was later made public by Ron Rivest on 19
February 2009, with a release of a corrected reference implementation in advance of the Fortify
Report.
What size block does FORK256 use?
B
Explanation:
512
https://en.wikipedia.org/wiki/FORK-256
FORK-256 was introduced at the 2005 NIST Hash workshop and published the following year.[6]
FORK-256 uses 512-bit blocks and implements preset constants that change after each repetition.
Each block is hashed into a 256-bit block through four branches that divides each 512 block into
sixteen 32-bit words that are further encrypted and rearranged