Cryptography Fundamentals: Key Concepts and Algorithms, Exams of Nursing

An introduction to cryptography, covering fundamental concepts and algorithms. It includes explanations of symmetric and asymmetric key encryption, block and stream ciphers, hashing, and various cipher modes. Key topics include rsa, dsa, aes, des, and common attacks like rainbow and dictionary attacks. The document also covers essential concepts such as entropy, prngs, trngs, and hardware security modules, making it a valuable resource for understanding the basics of cryptography. It also includes questions and answers.

Typology: Exams

2024/2025

Available from 11/05/2025

moses-gachoka
moses-gachoka 🇺🇸

5

(1)

602 documents

1 / 34

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Introduction to Cryptography -
D334 with correct answers
2025/2026
XOR the following
0101110101010111
1001100000111010
------------------ - correct answers1100010101101101
asymmetric key-based encryption
-typical methods - correct answersRSA
DSA
El Gamal
Symmetric key-based encryption
-Typical Methods - correct answersRC2- 40 bit key size 64 bit block
RC4- (Stream Cipher)- Used in SSL and WEP
RC5- (Variable Key size, 32, 64, or 128 bit block size)
AES- (128, 192 or 256 bit key size, 128 bit block size)
DES- (56 bit key size. 64 bit Block size)
3DES- (112 bit key size, 64 bit block size)
Block Encryption - correct answersRC2(40 bit key size)
RC5(Variable block size)
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22

Partial preview of the text

Download Cryptography Fundamentals: Key Concepts and Algorithms and more Exams Nursing in PDF only on Docsity!

Introduction to Cryptography - D334 with correct answers 2025/ XOR the following 0101110101010111 1001100000111010 ------------------ - correct answers asymmetric key-based encryption -typical methods - correct answersRSA DSA El Gamal Symmetric key-based encryption -Typical Methods - correct answersRC2- 40 bit key size 64 bit block RC4- (Stream Cipher)- Used in SSL and WEP RC5- (Variable Key size, 32, 64, or 128 bit block size) AES- (128, 192 or 256 bit key size, 128 bit block size) DES- (56 bit key size. 64 bit Block size) 3DES- (112 bit key size, 64 bit block size) Block Encryption - correct answersRC2(40 bit key size) RC5(Variable block size)

IDEA

DES

3DES

AES (Rijndael) Blowfish twofish stream encryption - correct answersRC Chacha Rainbow Attack - correct answersThe method of knowing the mapping between the hashed values and the original data Dictionary-type attack - correct answersa brute force analysis ∉ - correct answersdoes not belong to when an object is not in a set ∈ - correct answersBelongs to when an object is within a set ⊆ - correct answerssubset subset has fewer elements or equal to the set A ∪ B - correct answersunion (objects that belong to set A or set B) | - correct answerssuch that

Morse Code cipher 5 - correct answersEncoding method, rather than a cipher, that works by translating characters into sequences of dots (.) and dashes (-) Playfair Cipher 4 - correct answers5 × 5 matrix containing the alphabet less the letter J. Cipher/decipher process consists of a set of rules outlining use of column and row combinations. BIFID Cipher 3 - correct answersMakes use of a grid and which maps the letters into numeric values. Rail Code Cipher 2 - correct answersEmploys a method to scramble text by writing it in a sequence across a number of rails. Pig Pen Cipher 1 - correct answersMono- alphabetic substitution cipher that makes use of mapping plaintext characters to graphical characters rather than to alphabetic ones. i.e. A=(pick a symbol), vs A=(pick a letter). Disadvantage: once the mapping is known, it is difficult to keep the message secret. Encryption - correct answersin simplest terms is changing plaintext into ciphertext Decryption - correct answersThe process of converting a ciphertext into plaintext. AESCrypt - correct answersEncrypt individual files and encrypt full disks with options such as Bitlocker and FileVault Mono-alphabetic - correct answersc code or substitution is where a single mapping from our alphabet to a cipher alphabet is created. Many early cryptosystems used this.

Polyalphabetic - correct answersrefers to the mapping of our alphabet to a number of cipher alphabets. This approach added a bit of complexity to early cryptosystems. One-time pad - correct answersis considered to be unbreakable since it only uses its cipher code once. Pseudo-Random Number Generators (PRNGs) - correct answersThis method repeats the random numbers after a given time (periodic). They are fast and are also deterministic and are useful in producing a repeatable set of random numbers. Frequency Analysis - correct answersis cipher cracking methodology that involves identifying patterns and variations in the probability of codes. i.e. a three-letter ciphered text combination spotted at the beginning of a string too often could tip us off that those three letters correlate the letters THE in the English alphabet. True Random Number Generators (TRNGs) - correct answersThis method generates a true random number and uses some form of random process. One approach is to monitor the movements of a mouse pointer on a screen or from the pauses between keystrokes. Overall, the method is generally slow, especially if it involves human interaction, but is non-deterministic and aperiodic. Entropy - correct answersmeasures level of unpredictability; in encryption relates to the degree of uncertainty of the encryption process. ASCII - correct answers8-bit values, up to 256 characters UTF-16 - correct answers16- bit values, up to 65,536 characters

symmetric stream encryption - correct answers-involves encrypting one bit at a time, i.e., a synchronous stream -is often much faster than block and can typically be applied in real-time applications. Symmetric block ciphers - correct answers-manage how blocks of data are processed through block cipher mode implementations. For instance, one may choose to use the DES block cipher configured with ECB as the mode of operation. Common Block Cipher Modes - correct answersElectronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback (CFB) Output Feedback (OFB) Counter (CTR) Mode CFB, OFB, CTR - correct answersimplementations essentially allow the block cipher to operate like a stream cipher. Salting - correct answersthe process of adding an initialization vector to the ciphering process to change its operation and ensure that the ciphertext does not give the original plaintext when played back. Work Factor - correct answersThis represents the time and effort required to break a cryptography system.

Electronic Code Book (ECB) - correct answers-Most basic, weak, and unsecure mode -Each block is processed separately -No Salt or IV is used and the same key will be used to encrypt each block. This means if a given plaintext is encrypted in ECB and results in a given ciphertext, that same ciphertext will be output EVERY TIME the same plaintext is encrypted. Cipher Block Chaining (CBC) - correct answers-Minor step up from ECB with the incorporation of an initialization vector for the first block. -Results of encryption from previous block is XOR'd with plaintext of the current block. That result is input into to encryption process of the current block. Cipher Feedback (CFB) - correct answers-Converts the block cipher into a self-synchronizing stream cipher. -Current block takes output of the XOR ⊕ process vs from the cipher stage of the previous block (difference between CFB and OFB). Output Feedback (OFB) - correct answers-Converts the block cipher to a synchronous stream output. -Current block takes output from the cipher stage vs from the output of the XOR process of the previous block (difference between CFB and OFB). -The first stage takes the data blocks and X-ORs it with the encrypted version of the IV value. The output of the first stage encryption is then feed into the next stage, and encrypted, with the output being X-OR'ed with the second block. Counter Mode (CTR) - correct answers-Converts the block cipher into a stream cipher. -Generates a counter value and a nonce, and encrypts this, in order to EX-OR with the plain text block.

HMAC - correct answersis a message authentication code (MAC) that can be used to verify the integrity and authentication of the message. It involves hashing the message with a secret key, and thus differs from standard hashing, which is purely a one-way function Passwords which use a hashed value can be cracked - correct answersas either with rainbow tables or brute force. One Time Passwords (OTP) - correct answersThis allows a new unique password to be created for each instance, based on an initial seed Timed one time password (TOTP) - correct answersThis allows for a new unique passcode to be created for each instance, based on an initial seed and for a given time period. Hashed One Time Password (HOTP) - correct answersThis allows a new unique passcode to be created each instance, based on a counter value and an initial seed. Public Key - correct answersencryption (asymmetric cryptography) makes use of a key pair (one public, one private) to perform encryption and decryption. If a given key in a key pair is used for encryption, only the opposite key in that key pair can perform the reverse decryption. Only the public key should be distributed or shared - correct answersexchanged via digital signature, posted on a site etc Public-key encryption is an excellent method of keeping data secure - correct answersbut it is often too slow for real-time communications.

identity checking and key protection are - correct answersTwo main applications of public key encryption RSA leverages - correct answersthe fact that products of large prime numbers are difficult to factorize as basis of its encryption. Homomorphic Encryption - correct answerscan perform mathematical operations on ciphered values i.e., before decryption. RSA has a heavy overhead - correct answerson processor loading and is not well suited for embedded systems (as the power drain can be high, along with heavy requirements for processing and memory). An improved solution over RSA is - correct answersElliptic Curve which is often used in key exchange methods (such as with Elliptic Curve Diffie Hellman - ECDH) and for the creation of digital signatures (Elliptic Curve Digital Signature Algorithm - ECDSA) The main advantages of Elliptic Curve methods are: - correct answers▪ Much smaller keys. The prime number P is normally only 160 bits, and much smaller than in RSA. This considerably speeds up the encryption process. ▪ Creation of the curves are more difficult than generating prime numbers, which makes it more difficult to crack than RSA. ▪ They can be used to factorize values, such as finding the prime number factors within RSA. Bitcoins use Elliptic Curve cryptography - correct answerswith 32-byte private keys (which is a random number) and 64-byte public keys, on a secp256k1 curve.

➢ Step 2: [Sender Encrypts] Sender packages up [original message + encrypted hash] and encrypts both with the receiver's public key --------------------MESSAGE SENT----------------- ➢ Step 3: [Receiver Decrypts] Receiver decrypts packaged up [original message + encrypted hash] with receiver's private key ➢ Step 4: [Receiver verifies] Receiver decrypts the encrypted hash with sender's public key ➢ Step 5: [Receiver verifies] Receiver computes hash of the original message and compares to the now decrypted original hash to ensure they match. The two main methods for key exchange in symmetric cryptography is to - correct answers(1) use a key exchange algorithm (such as Diffie-Hellman) (2) encrypt the key with the recipient's public key, pass it to the other side and then allow the recipient use their private key to decrypt it i.e., via public key encryption. An important concept within key exchange is the usage of forward secrecy, which means - correct answersthat a compromise of the long-term keys will not compromise any previous session keys. Diffie-Hellman methods have been used extensively to create a shared secret key but suffers from - correct answersman-in-the-middle attacks, where an attacker sits in-between and passes the values back and forward and negotiates two keys: one between a sender and the attacker, and the other between the receiver and the attacker. An improved method is to use public key encryption

With ephemeral key methods - correct answersa different key is used for each connection, and, again, the leakage of any long-term key would not cause all the associated session keys to be breached. Diffie-Hellman is a widely used key exchange algorithm - correct answersused to exchange the secret key in symmetric cryptography. A weakness discovered in Diffie Hellman is that - correct answersit is fairly easy to precompute values for two popular Diffie-Hellman parameters (and which use the DHE_EXPORT cipher set). DHE_EXPORT Downgrade Attack - correct answersinvolves forcing the key negotiation process to default to 512-bit prime numbers. For this the client only offers DHE_EXPORT for the key negotiation, and the server, if it is setup for this, will accept it. The precomputation of 512-bit keys with g values of 2 and 5 (which are common) are within a reasonable time limits. Methods to combat DHE_EXPORT Downgrade attacks on Diffie Hellman include: - correct answers(1) Disabling Export Cipher Suites (2) Using (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE) (3) Use a strong group. Diffie Hellman has three groups (bases): - correct answersGroup 1 Group 3 or Group 5, which vary in the size of the prime number used. The strength of Diffie-Hellman relates to - correct answersthe size of the prime number bases which are used in the key exchange.

Example Use: Passing PKI public keys in a verifiable way. - correct answersWhen a digital certificate is created, (whether self-generated/signed or by a trusted well-known Certificate Authority (CA) such as Verisign or Entrust, the certificate will contain the public key of the certificate owner. So, generating and securely sharing a certificate that can be validated by a trusted source is a viable option for public key transport in PKI. Two major encoding schemes for X.509 certificates - correct answersPEM (Base64 ASCII text) format, and DER (binary) format Common X.509 Certificate file types - correct answers.cer (used with both PEM and DER formats), others - .crt, .pem, .key (common with PEM formats) and .der (common with DER formats) With end-to-end authentication - correct answersthe user authenticates themselves to the end service with intermediate authentication - correct answersonly part of the conversation between the entities is authenticated The main stages of key/certificate management include: - correct answers▪ Initialization. This includes registration, key pair generation, certificate creation and certificate/key distribution, certificate dissemination, and key backup. ▪ Issued. This includes certificate retrieval, certificate validation, key recovery and key update. ▪ Cancellation. This includes certificate expiration, certificate revocation, key history and key archiving.

Certificates receive a period of validity designation - correct answers(timeframe the cert is valid and should be trusted) at creation via a start and end date or expiration date. There are also instances where a certificate needs to moved to an invalid/untrusted state (revoked) prior to the original expiration date. Some reasons warranting having a cert revoked include but are not limited to: - correct answers▪ Issuing CA was compromised ▪ The cert itself was compromised ▪ Certificate affiliation has changed ▪ Certificate has been updated or superseded RFC 5280 thus defines "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", and includes two main states for revocation: - correct answers➢ Revoked. This is where a certificate has been revoked, and cannot be reversed, and often occurs when a certificate is defined as having its private key breached. ➢ Hold. In this case the certificate's trust level is on hold and can be reversed at some time in the future. It could relate to a private key being thought to be compromised, but where an investigation has show that it has not been breached. CRL must be published by the CA who originally generated the targeted certificates - correct answersis only valid for a given amount of time (which is typically less than 24 hours). CRLs are signed by the CA - correct answersin order that they can be validated, and thus signed by the private key of the CA, and then checked

Quark produces a hash value of _____bits. - correct answers64 or 112 The block size used with XTEA is _____ bits. - correct answers The key size used with XTEA is _____ bits. - correct answers Camelia is a _____. - correct answersSymmetric key exchange algorithm RC6 can best be described as a _____. - correct answersSymmetric Block Cipher RC2 has a block size of 64 bits and variable key size up to 128 bits. What is the minimum recommended key size to use when employing RC2? - correct answers The light-weight symmetric steam cipher Mickey v2 operates with a key size of ______ bits and an initialization vector (IV) variable up to _____ bits. - correct answers80; 80 RC4 is a(n) _____. - correct answersSymmetric stream cipher An entity seeking to obtain a digital certificate must generate and submit a _____ request to a certificate authority to request the certificate. - correct answerscertificate signing request (CSR) ChaCha is a(n) _____. - correct answersSymmetric stream cipher RSA and DSA are both_____. - correct answersAsymmetric algorithms

_____ provides a method for key exchange using a one-way function. - correct answersDiffie-Hellman _____ is a Lightweight cryptography method for signing messages (MAC). - correct answersChaskey WEP uses _____-bit RC4. - correct answers An entity seeking to obtain a digital certificate must first generate a _____ for themselves. - correct answersasymmetric key pair WPA uses _____-bit RC4. - correct answers Wi-Fi Protected Access 2 (WPA2) uses 128-bit _____. - correct answersAES _____ substitution is where a single mapping from our alphabet to a cipher alphabet is created. - correct answersMono-alphabetic What step will a certificate authority (CA) take after generating a digital certificate for a requester, but before issuing the certificate to that requester? - correct answersSign the certificate with the CA's own private key _______ refers to the mapping of our alphabet to a number of cipher alphabets. - correct answersPolyalphabetic _____ is considered to be unbreakable since it only uses its cipher code once.

  • correct answersOne-time pad