1. A. Cryptanalysis is the process of trying to reverse-engineer a cryptosystem with the possible goal of uncovering the key used. Once this key is uncovered, all other messages encrypted with this key can be accessed. Cryptanalysis is carried out by the white hats to test the strength of the algorithm. 2. C. A brute force attack is resource-intensive. It guesses values until the correct one is obtained. As computers have more powerful processors added to them, attackers can carry out more powerful brute force attacks. 3. D. A hashing algorithm will take a string of variable length, the message can be of any size, and compute a fixed-length value. The fixed-length value is the message digest. The MD family creates the fixed-length value of 128 bits, and SHA creates one of 160 bits. 4. C. Hashing algorithms generate message digests to detect whether modification has taken place. The sender and receiver independently generate their own digests, and the receiver compares these values. If they differ, the receiver knows the message has been altered. 5. C. SHA was created to generate secure message digests. Digital Signature Standard (DSS) is the standard to create digital signatures, which dictates that SHA must be used. DSS also outlines the digital signature algorithms that can be used with SHA: RSA, DSA, ECDSA. 6. C. In an HMAC operation, a message is concatenated with a symmetric key and the result is put through a hashing algorithm. This provides integrity and system or data authentication. CBC-MAC uses a block cipher to create a MAC, which is the last block of ciphertext. 7. A. RSA can be used for data encryption, key exchange, and digital signatures. DSA can be used only for digital signatures. 8. C. The U.S. government has greatly reduced its restrictions on cryptography exportation, but there are still some restrictions in place. Products that use encryption cannot be sold to any country the United States has declared is supporting terrorism. The fear is that the enemies of the country would use encryption to hide their communication, and the government would be unable to break this encryption and spy on their data transfers. 9. C. A digital signature is a message digest that has been encrypted with the sender’s private key. A sender, or anyone else, should never have access to the receiver’s private key. 10. D. A digital signature provides authentication (knowing who really sent the message), integrity (because a hashing algorithm is involved), and nonrepudiation (the sender cannot deny sending the message). 11. A. DES has a key size of 64 bits, but 8 bits are used for parity, so the true key size is 56 bits. Remember that DEA is the algorithm used for the DES standard, so DEA also has a true key size of 56 bits, because we are actually talking about the same algorithm here. DES is really the standard and DEA is the algorithm. We just call it DES in the industry because it is easier. 12. C. The reason a certificate is revoked is to warn others who use that person’s public key that they should no longer trust the public key because, for some reason, that public key is no longer bound to that particular individual’s identity. This could be because an employee left the company, or changed his name and needed a new certificate, but most likely it is because the person’s private key was compromised. 13. B. Data Encryption Standard was developed by NIST and the NSA to be used to encrypt sensitive but unclassified government data. 14. D. A registration authority (RA) accepts a person’s request for a certificate and verifies that person’s identity. Then the RA sends this request to a certificate authority (CA), which generates and maintains the certificate. Some companies are in business solely for this purpose—Entrust and VeriSign are just two examples. 15. C. DEA is the algorithm that fulfilled the DES standard. So DEA has all of the attributes of DES: a symmetric block cipher that uses 64-bit blocks, 16 rounds, and a 56-bit key. 16. D. The first released public key cryptography algorithm was developed by Whitfield Diffie and Martin Hellman. 17. D. After a session key has been created, it must be exchanged securely. In most cryptosystems, an asymmetric key (the receiver’s public key) is used to encrypt this session key, and it is sent to the receiver. 18. A. DES carries out 16 rounds of mathematical computation on each 64-bit block of data it is responsible for encrypting. A round is a set of mathematical formulas used for encryption and decryption processes. 19. B. Data encryption always requires careful key management. Most algorithms are so strong today it is much easier to go after key management rather than launch a brute force attack. Hashing algorithms are used for data integrity, encryption does require a good amount of resources, and keys do not have to be escrowed for encryption. 20. D. Message A was encrypted with key A and the result is ciphertext Y. If that same message A were encrypted with key B, the result should not be ciphertext Y. The ciphertext should be different since a different key was used. But if the ciphertext is the same, this occurrence is referred to as key clustering. 21. B. The work factor of a cryptosystem is the amount of time and resources necessary to break the cryptosystem or its encryption process. The goal is to make the work factor so high that an attacker could not be successful at this type of attack. 22. B. Passwords are usually run through a one-way hashing algorithm so the actual password is not transmitted across the network or stored on the authentication server in plaintext. This greatly reduces the risk of an attacker being able to obtain the actual password. 23. B. The RSA algorithm’s security is based on the difficulty of factoring large numbers into their original prime numbers. This is a one-way function. It is easier to calculate the product than it is to identify the prime numbers used to generate that product. 24. A. DES is a symmetric algorithm. RSA is a public key algorithm. DES is used to encrypt data, and RSA is used to create public/private key pairs. 25. A. When an HMAC function is used, a symmetric key is combined with the message, and then that result is put though a hashing algorithm. The result is an HMAC value. HMAC provides data origin authentication and data integrity. Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affecting the protocol, algorithm, key, message, or any parts of the encryption system. Passive attacks are hard to detect, so in most cases methods are put in place to try to prevent them rather than detect and stop them. Altering messages, modifying system files, and masquerading as another individual are acts that are considered active attacks because the attacker is actually doing something instead of sitting back and gathering data. Passive attacks are usually used to gain information prior to carrying out an active attack. The following sections address some active attacks that relate to cryptography. Cipher-Only Attack In this type of attack, the attacker has the ciphertext of several messages. Each of the messages has been encrypted using the same encryption algorithm. The attacker’s goal is to discover the key used in the encryption process. Once the attacker figures out the key, she can decrypt all other messages encrypted with the same key. A ciphertext-only attack is the most common type of active attack because it is very easy to get ciphertext by sniffing someone’s traffic, but it is the hardest attack to actually be successful at because the attacker has so little information about the encryption process. Known-Plaintext Attacks In known-plaintext attacks, the attacker has the plaintext and ciphertext of one or more messages. Again, the goal is to discover the key used to encrypt the messages so other messages can be deciphered and read. Messages usually start with the same type of beginning and close with the same type of ending. An attacker might know that each message a general sends out to his commanders always starts with certain greetings and ends with specific salutations and the general’s name and contact information. In this instance, the attacker has some of the plaintext (the data that are the same on each message) and can capture an encrypted message, and therefore capture the ciphertext. Once a few pieces of the puzzle are discovered, the rest is accomplished by reverse-engineering, frequency analysis, and brute force attempts. Known-plaintext attacks were used by the United States against the Germans and the Japanese during World War II. Chosen-Plaintext Attacks In chosen-plaintext attacks, the attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext. This gives her more power and possibly a deeper understanding of the way the encryption process works so she can gather more information about the key being used. Once the key is discovered, other messages encrypted with that key can be decrypted. How would this be carried out? I can e-mail a message to you that I think you not only will believe, but that you will also panic about, encrypt, and send to someone else. Suppose I send you an e-mail that states, “The meaning of life is 42.” You may think you have received an important piece of information that should be concealed from others, everyone except your friend Bob, of course. So you encrypt my message and send it to Bob. Meanwhile I am sniffing your traffic and now have a copy of the plaintext of the message, because I wrote it, and a copy of the ciphertext. Chosen-Ciphertext Attacks In chosen-ciphertext attacks, the attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Again, the goal is to figure out the key. This is a harder attack to carry out compared to the previously mentioned attacks, and the attacker may need to have control of the system that contains the cryptosystem. Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

Please remember that these questions are formatted and asked in a certain way for a reason. Keep in mind that the CISSP exam is asking questions at a conceptual level. Questions may not always have the perfect answer, and the candidate is advised against always looking for the perfect answer. The candidate should look for the best answer in the list. 1. What is the goal of cryptanalysis? A. To determine the strength of an algorithm B. To increase the substitution functions in a cryptographic algorithm C. To decrease the transposition functions in a cryptographic algorithm D. To determine the permutations used 2. The frequency of brute force attacks has increased because: A. The use of permutations and transpositions in algorithms has increased. B. As algorithms get stronger, they get less complex, and thus more susceptible to attacks. C. Processor speed and power has increased. D. Key length reduces over time. 3. Which of the following is not a property or characteristic of a one-way hash function? A. It converts a message of arbitrary length into a value of fixed length. B. Given the digest value, it should be computationally infeasible to find the corresponding message. C. It should be impossible or rare to derive the same digest from two different messages. D. It converts a message of fixed length to an arbitrary length value. 4. What would indicate that a message had been modified? A. The public key has been altered. B. The private key has been altered. C. The message digest has been altered. D. The message has been encrypted properly. 5. Which of the following is a U.S. federal government algorithm developed for creating secure message digests? A. Data Encryption Algorithm B. Digital Signature Standard C. Secure Hash Algorithm D. Data Signature Algorithm 6. Which of the following best describes the difference between HMAC and CBC-MAC? A. HMAC creates a message digest and is used for integrity; CBC-MAC is used to encrypt blocks of data for confidentiality. B. HMAC uses a symmetric key and a hashing algorithm; CBC-MAC uses the first block for the checksum. C. HMAC provides integrity and data origin authentication; CBC-MAC uses a block cipher for the process of creating a MAC. D. HMAC encrypts a message with a symmetric key and then puts the result through a hashing algorithm; CBC-MAC encrypts the whole message. 7. What is an advantage of RSA over the DSA? A. It can provide digital signature and encryption functionality. B. It uses fewer resources and encrypts faster because it uses symmetric keys. C. It is a block cipher rather than a stream cipher. D. It employs a one-time encryption pad. 8. Many countries restrict the use or exportation of cryptographic systems. What is the reason given when these types of restrictions are put into place? A. Without standards, there would be many interoperability issues when trying to employ different algorithms in different programs. B. The systems can be used by some countries against their local people. C. Criminals could use encryption to avoid detection and prosecution. D. Laws are way behind, so adding different types of encryption would confuse the laws more. 9. What is used to create a digital signature? A. The receiver’s private key B. The sender’s public key C. The sender’s private key D. The receiver’s public key 10. Which of the following best describes a digital signature? A. A method of transferring a handwritten signature to an electronic document B. A method to encrypt confidential information C. A method to provide an electronic signature and encryption D. A method to let the receiver of the message prove the source and integrity of a message 11. How many bits make up the effective length of the DES key? A. 56 B. 64 C. 32 D. 16 12. Why would a certificate authority revoke a certificate? A. If the user’s public key has become compromised B. If the user changed over to using the PEM model that uses a web of trust C. If the user’s private key has become compromised D. If the user moved to a new location 13. What does DES stand for? A. Data Encryption System B. Data Encryption Standard C. Data Encoding Standard D. Data Encryption Signature 14. Which of the following best describes a certificate authority? A. An organization that issues private keys and the corresponding algorithms B. An organization that validates encryption processes C. An organization that verifies encryption keys D. An organization that issues certificates 15. What does DEA stand for? A. Data Encoding Algorithm B. Data Encoding Application C. Data Encryption Algorithm D. Digital Encryption Algorithm 16. Who was involved in developing the first public key algorithm? A. Adi Shamir B. Ross Anderson C. Bruce Schneier D. Martin Hellman 17. What process usually takes place after creating a DES session key? A. Key signing B. Key escrow C. Key clustering D. Key exchange 18. DES performs how many rounds of permutation and substitution? A. 16 B. 32 C. 64 D. 56 19. Which of the following is a true statement pertaining to data encryption when it is used to protect data? A. It verifies the integrity and accuracy of the data. B. It requires careful key management. C. It does not require much system overhead in resources. D. It requires keys to be escrowed. 20. If different keys generate the same ciphertext for the same message, what is this called? A. Collision B. Secure hashing C. MAC D. Key clustering 21. What is the definition of an algorithm’s work factor? A. The time it takes to encrypt and decrypt the same plaintext B. The time it takes to break the encryption C. The time it takes to implement 16 rounds of computation D. The time it takes to apply substitution functions 22. What is the primary purpose of using one-way hashing on user passwords? A. It minimizes the amount of primary and secondary storage needed to store passwords. B. It prevents anyone from reading passwords in plaintext. C. It avoids excessive processing required by an asymmetric algorithm. D. It prevents replay attacks. 23. Which of the following is based on the fact that it is hard to factor large numbers into two original prime numbers? A. ECC B. RSA C. DES D. Diffie-Hellman 24. Which of the following describes the difference between the Data Encryption Standard and the Rivest-Shamir-Adleman algorithm? A. DES is symmetric, while RSA is asymmetric. B. DES is asymmetric, while RSA is symmetric. C. They are hashing algorithms, but RSA produces a 160-bit hashing value. D. DES creates public and private keys, while RSA encrypts messages. 25. Which of the following uses a symmetric key and a hashing algorithm? A. HMAC B. Triple-DES C. ISAKMP-OAKLEY D. RSA Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

In the previous example, if Cheryl were to use an HMAC function instead of just a plain hashing algorithm, a symmetric key would be concatenated with her message. The result of this process would be put through a hashing algorithm, and the result would be a MAC value. This MAC value is then appended to her message and sent to Scott. If Bruce were to intercept this message and modify it, he would not have the necessary symmetric key to create the MAC value that Scott will attempt to generate. Steps of a hashing process: 1. The sender puts the message through a hashing function. 2. A message digest value is generated. 3. The message digest is appended to the message. 4. The sender sends the message to the receiver. 5. The receiver puts the message through a hashing function. 6. The receiver generates her own message digest value. 7. The receiver compares the two message digest values. If they are the same, the message has not been altered. Steps of an HMAC: 1. The sender concatenates a symmetric key with the message. 2. The result is put through a hashing algorithm. 3. A MAC value is generated. 4. The MAC value is appended to the message. 5. The sender sends the message to the receiver. (Just the message with the attached MAC value. The sender does not send the symmetric key with the message.) 6. The receiver concatenates a symmetric key with the message. 7. The receiver puts the results through a hashing algorithm and generates her own MAC value. 8. The receiver compares the two MAC values. If they are the same, the message has not been modified. Now, when we say that the message is concatenated with a symmetric key, we don’t mean a symmetric key is used to encrypt the message. The message is not encrypted in an HMAC function, so there is no confidentiality being provided. Think about throwing a message in a bowl and then throwing a symmetric key in the same bowl. If you dump the contents of the bowl into a hashing algorithm, the result will be a MAC value. This type of technology requires the sender and receiver to have the same symmetric key. The HMAC function does not involve getting the symmetric key to the destination securely. That would have to happen through one of the other technologies we have discussed already (Diffie-Hellman and key agreement, or RSA and key exchange). Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

If a CBC-MAC is being used, the message is encrypted with a symmetric block cipher in CBC mode and the output of the final block of ciphertext is used as the MAC. The sender does not send the encrypted version of the message, but instead sends the plaintext version and the MAC attached to the message. The receiver receives the plaintext message and encrypts it with the same symmetric block cipher in CBC mode and calculates an independent MAC value. The receiver compares the new MAC value with the MAC value sent with the message. This method does not use a hashing algorithm, as does HMAC. The use of the symmetric key ensures that the only person who can verify the integrity of the message is the person who has a copy of this key. No one else can verify the data’s integrity, and if someone were to make a change to the data, he could not generate the MAC value (HMAC or CBC-MAC) the receiver would be looking for. Any modifications would be detected by the receiver. Now the receiver knows that the message came from the system that has the other copy of the same symmetric key, so MAC provides a form of authentication. It provides data origin authentication, sometimes referred to as system authentication. This is different from user authentication, which would require the use of a private key. A private key is bound to an individual; a symmetric key is not. MAC authentication provides the weakest form of authentication because it is not bound to a user, just to a computer or device. Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

RSA, named after its inventors Ron Rivest, Adi Shamir, and Leonard Adleman, is a public key algorithm that is the most popular when it comes to asymmetric algorithms. RSA is a worldwide de facto standard and can be used for digital signatures, key exchange, and encryption. It was developed in 1978 at MIT and provides authentication as well as key encryption. The security of this algorithm comes from the difficulty of factoring large numbers. The public and private keys are functions of a pair of large prime numbers, and the necessary activity required to decrypt a message from ciphertext to plaintext using a private key is comparable to factoring a product into two prime numbers. One advantage of using RSA is that it can be used for encryption and digital signatures. Using its one-way function, RSA provides encryption and signature verification, and the inverse direction performs decryption and signature generation. RSA has been implemented in applications; operating systems by Microsoft, Apple, Sun, and Novell; and at the hardware level in network interface cards, secure telephones, and smart cards. It can be used as a key exchange protocol, meaning it is used to encrypt the symmetric key to get it securely to its destination. RSA has been most commonly used with the symmetric algorithm DES, which is quickly being replaced with AES. So, when RSA is used as a key exchange protocol, a cryptosystem generates a symmetric key using either the DES or AES algorithm. Then the system encrypts the symmetric key with the receiver’s public key and sends it to the receiver. The symmetric key is protected because only the individual with the corresponding private key can decrypt and extract the symmetric key. Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

We went from DES to Triple-DES (3DES), so it might seem we skipped Double-DES. We did. Double-DES has a key length of 112 bits, but there is a specific attack against Double-DES that reduces its work factor to about the same as DES. Thus, it is no more secure than DES. So let’s move on to 3DES. Many successful attacks against DES and the realization that the useful lifetime of DES was about up brought much support for 3DES. NIST knew that a new standard had to be created, which ended up being AES, but a quick fix was needed in the meantime to provide more protection for sensitive data. The result: 3DES. 3DES uses 48 rounds in its computation, which makes it highly resistant to differential cryptanalysis. However, because of the extra work 3DES performs, there is a heavy performance hit. It can take up to three times longer than DES to perform encryption and decryption. Although NIST has selected the Rijndael algorithm to replace DES as the AES, NIST and others expect 3DES to be around and used for quite some time. 3DES can work in different modes, and the mode chosen dictates the number of keys used and what functions are carried out: • DES-EEE3 Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted. • DES-EDE3 Uses three different keys for encryption, and the data are encrypted, decrypted, and encrypted. • DES-EEE2 The same as DES-EEE3 but uses only two keys, and the first and third encryption processes use the same key. • DES-EDE2 The same as DES-EDE3 but uses only two keys, and the first and third encryption processes use the same key. EDE may seem a little odd at first. How much protection could be provided by encrypting something, decrypting it, and encrypting it again? The decrypting portion here is decrypted with a different key. When data are encrypted with one symmetric key and decrypted with a different symmetric key, it is jumbled even more. So the data are not actually decrypted in the middle function, they are just run through a decryption process with a different key. Pretty tricky. Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

International Data Encryption Algorithm (IDEA) is a block cipher and operates on 64- bit blocks of data. The 64-bit data block is divided into 16 smaller blocks, and each has eight rounds of mathematical functions performed on it. The key is 128 bits long and IDEA is faster than DES when implemented in software. The IDEA algorithm offers different modes similar to the modes described in the DES section, but it is considered to be harder to break than DES because it has a longer key size. IDEA is used in the PGP and other encryption software implementations. It was thought to replace DES, but it is patented, meaning that licensing fees would have to be paid to use it. As of this writing, there have been no successful practical attacks against this algorithm, although there have been numerous attempts. Blowfish Blowfish is a block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 bits up to 448 bits, and the data blocks go through 16 rounds of cryptographic functions. Bruce Schneier designed it. It was intended as a replacement to the aging DES. While many of the other algorithms have been proprietary in nature and thus encumbered by patents or kept as government secrets, this wasn’t the case with Blowfish. Bruce Schneier, the creator of Blowfish, has stated that, “Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone.” RC4 RC4 is one of the most commonly implemented stream ciphers. It has a variable key size, is used in the SSL protocol, and was (improperly) implemented in the 802.11 WEP protocol standard. RC4 was developed in 1987 by Ron Rivest and was considered a trade secret of RSA Data Security, Inc. until someone posted the source code on a mailing list. Since the source code was released nefariously, the stolen algorithm is sometimes implemented and referred to as ArcFour or ARC4 because the title RC4 is trademarked. The algorithm is very simple, fast, and efficient, which is why it became so popular. RC5 RC5 is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. It was created by Ron Rivest and analyzed by RSA Data Security, Inc. The block sizes used in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2048 bits. The number of rounds used for encryption and decryption is also variable. The number of rounds can go up to 255. RC6 RC6 is a block cipher that was built upon RC5, so it has all the same attributes as RC5. The algorithm was developed mainly to be submitted as AES, but Rijndael was chosen instead. There were some modifications of the RC5 algorithm to increase the overall speed, the result of which is RC6. Source: CISSP All-In-One Study Guide by Shon Harris Review full Cryptography Chapter at www.LogicalSecurity.com

5-day workshop with Bill Dettmer, internationally renowned consultant and author of four books on the Theory of Constraints; leading to self-sufficiency in the Logical Thinking Process developed by Eli Goldratt