Question : A symmetric algorithm must have certain characteristics to be considered strong. Which of the following is correct pertaining to these types of characteristics?

Confusion is carried out through substitution, and diffusion is carried out through transposition.

This is Correct. Confusion is commonly carried out through
substitution and diffusion is carried out by using transposition. For a cipher to be considered strong it must contain both of these attributes, to ensure that reverse engineering is basically impossible. The randomness of the key values and the complexity of the mathematical functions dictate the level of confusion and diffusion that is involved.

Confusion is carried out through transposition, and diffusion is carried out through diffusion.

This is Incorrect.

Confusion and diffusion are both used to increase the work factor.

This is Incorrect.

The randomness of the cryptoperiod and functions in the algorithm correlate with the level of confusion and diffusion that is provided.

This is Incorrect.

Question : What is Kerckhoff’s principle and why is it relevant?

The only secret portion to a cryptosystem should be the key so that the algorithms can be stronger.

This is Correct. Auguste Kerckhoff published a paper in 1883
stating that the only secrecy involved with a cryptography system should be the key. He claimed that the algorithm should be publicly known.
Cryptographers in the private and academic sectors agree with Kerckhoff’s principle, because making an algorithm publicly available means that many more people can view the source code, test it, and uncover any type of flaws or weaknesses.

More than one alphabet should be used in substitution ciphers to increase the workfactor.

This is Incorrect.

A public key needs to with an individual’s identity for true non-
repudiation.

This is Incorrect.

One-time pads should be just as long as the message, otherwise patterns will be shown.

This is Incorrect.

Question : Which AES finalist makes use of prewhitening and postwhitening techniques?

Twofish

This is Correct. The Twofish algorithm, developed by Bruce Schneier, uses prewhitening and postwhitening.

Blowfish

This is Incorrect.

Skipjack

This is Incorrect.

Rijndael

This is Incorrect.

Question : What block size is used by the Advanced Encryption Standard?

128 bit

This is Correct. The Advanced Encryption Standard uses a 128-bit block size, even though the Rijndael algorithm it is based on allows a variable block size.

32 bit

This is Incorrect.

64 bit

This is Incorrect.

Variable

This is Incorrect.

Question : The NSA wanted to embed the clipper chip on all motherboards. Which encryption algorithm did the chip use?

Skipjack

This is Correct. The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured “voice and data messages” with a built-in backdoor. It used SkipJack, a block cipher.

RSA

This is Incorrect.

DSA

This is Incorrect.

3DES

This is Incorrect.

Question : Which is the MOST secure encryption type of these 4?

AES

This is Correct. DES, Blowfish and RC4 are no longer considered secure, AES is still considered secure.

RC4

This is Incorrect.

DES

This is Incorrect.

Blowfish

This is Incorrect.

Question : When we are talking about the Twofish encryption algorithm, which of these is TRUE?

It is a 128-bit block cipher with 128, 192 or 256 bit keys.

This is Correct.

It is a 64 bit block cipher with a 128-bit key.

This is Incorrect.

It is a 64 bit block cipher with a 112-bit key.

This is Incorrect.

It is a 64 bit block cipher, with 56-bit keys.

This is Incorrect.

Question : Depending on our implementation, we may choose to use asymmetric or symmetric encryption. Which of these are types of symmetric encryption? (Select all that apply).

DES

This is Correct.

Twofish

This is Correct.

AES

This is Correct.

DH

This is Incorrect.

ECC

This is Incorrect.

Question : Which of these would be a TRUE statement about symmetric encryption?

It is the strongest per bit.

This is Correct. Asymmetric vs Symmetric Encryption and Hybrid: Asymmetric Pros: It does not need a pre-shared key, only 2x users = total keys. Cons: It is much slower, it is weaker per bit. Symmetric: Pros: Much faster, stronger per bit. Cons: Needs a pre-shared key, n(n-1)/2 users, becomes unmanageable with many users.

It uses private and public keys to share a session key.

This is Incorrect.

It does not use a shared key.

This is Incorrect.

All of these.

This is Incorrect.

Question : We are talking about implementing new encryption in our organization. Which of these would be TRUE about IDEA?

It is a 64 bit block cipher with a 128 bit key.

This is Correct. IDEA (International Data Encryption Algorithm): Designed to replace DES. Symmetric, 128 bit key, 64 bit block size, considered safe. Not widely used now, since it is patented and slower than AES.

It is a 64 bit block cipher with a 112 bit key.

This is Incorrect.

It is a 128 bit block cipher with 128, 192 or 256 bit keys.

This is Incorrect.

It is a 64 bit block cipher, with 56 bit keys.

This is Incorrect.

Question : We are looking at implementing a new type of symmetric encryption. Which of these symmetric encryption types are no longer considered secure, and should be something we should NOT consider?

RC4

This is Correct. RC4: Used by WEP/WPA/SSL/TLS. Pseudorandom keystream. No longer considered secure. Symmetric, Stream cipher, 40-2048 bit key length.

3DES K1

This is Incorrect.

AES

This is Incorrect.

Twofish

This is Incorrect.

Question : DES is very easy to break today. To remedy the problems with DES, 3DES was developed. Which of these is TRUE about 3DES K1?

It is a 64-bit block cipher with a 112-bit key strength.

This is Correct. 3 DES (Triple DES): Was developed to extend life of DES systems while getting ready for AES. Symmetric – 64-bit block cipher – 56-bit key, 16 rounds of encryption, uses Fistel. 3 rounds of DES vs 1. K1 (keymode1) – 3 different keys with a key length of 168-bits (three 56-bit DES keys), but due to the meet-in-the-middle attack, the effective security it provides is only 112-bits.

It is a 64-bit block cipher, with 56 bit keys.

This is Incorrect.

It is a 64-bit block cipher with a 128-bit key strength.

This is Incorrect.

It is a 128-bit block cipher with 128, 192 or 256-bit keys.

This is Incorrect.

Question : How many keys would we have if we had 100 users using symmetric encryption?

4950

This is Correct. Symmetric: n(n-1)/2 users, with 100 users we would need 100(100-1)/2 or (100×99)/2 = 4950 keys.

200

This is Incorrect.

100

This is Incorrect.

2000

This is Incorrect.

Question : As technology progresses or flaws are found in the symmetric algorithms, we stop using that encryption. Which of these symmetric encryption types are no longer considered secure?

3DES K3

This is Correct. 3DES (Triple DES) K3 (keymode3) – Same key 3 times, just as insecure as DES (encrypt/decrypt/encrypt).

3DES K1

This is Incorrect.

AES

This is Incorrect.

Twofish

This is Incorrect.

Question : How many bits of keying material does the Data Encryption Standard use for encrypting information?

56 bit

This is Correct. DES uses a 64-bit encryption key, but only 56 of those bits are actually used as keying material in the encryption operation. The remaining 8 bits are used to detect tampering or corruption of the key.

64 bit

This is Incorrect.

128 bit

This is Incorrect.

256 bit

This is Incorrect.

Question : Florian and Tobias would like to begin communicating using a symmetric cryptosystem, but they have no prearranged secret and are not able to meet in person to exchange keys. What algorithm can they use to securely exchange the secret key?

Diffie-Hellman

This is Correct. The Diffie-Hellman algorithm allows for the secure exchange of symmetric encryption keys over a public network.

RSA

This is Incorrect.

IDEA

This is Incorrect.

MD5

This is Incorrect.

Question : The Double DES (2DES) encryption algorithm was never used as a viable alternative to the original DES algorithm. What attack is 2DES vulnerable to that does not exist for the DES or 3DES approach?

Meet in the middle

This is Correct. The meet-in-the-middle attack uses a known plaintext message and uses both encryption of the plaintext and decryption of the ciphertext simultaneously in a brute force manner to identify the encryption key in approximately double the time of a brute force attack against the basic DES algorithm.

Man in the middle

This is Incorrect.

Bruteforce

This is Incorrect.

Chosen Ciphertext

This is Incorrect.

Question : Which 3DES implementation encrypts each block of data three times, each time with a different key?

3DES-EEE3

This is Correct. The 3DES-EEE3 implementation encrypts each block of data three times, each time with a different key. The 3DES-EDE3 implementation encrypts each block of data with the first key, decrypts each block with the second key, and encrypts each block with the third key. The 3DES-EDE2 implementation encrypts each block of data with the first key, decrypts each block with the second key, and then encrypts each block with the first key. The 3DES-EEE2 implementation encrypts each block of data with the first key, encrypts each block with the second key, and then encrypts each block with the third key.

3DES-EDE3

This is Incorrect.

3DES-EDE2

This is Incorrect.

3DES-EEE2

This is Incorrect.

Question : What block size is used by the 3DES encryption algorithm?

64 bit

This is Correct.

32 bit

This is Incorrect.

128 bit

This is Incorrect.

256 bits

This is Incorrect.

Question : Which one of the following Data Encryption Standard (DES) operating modes can be used for large messages with the assurance that an error early in the encryption/decryption process won’t spoil results throughout the communication?

Output Feedback (OFB)

This is Correct. Output feedback (OFB) mode prevents early errors from interfering with future encryption/decryption. Cipher Block Chaining and Cipher Feedback modes will carry errors throughout the entire encryption/decryption process. Electronic Code Book (ECB) operation is not suitable for large amounts of data.

Cipher Feedback (CFB)

This is Incorrect.

Electronic Code Book (ECB)

This is Incorrect.

Cipher Block Chaining (CBC)

This is Incorrect.

Question : What cryptosystem provides the encryption/decryption technology for the commercial version of Phil Zimmerman’s Pretty Good Privacy secure email system?

IDEA

This is Correct. Pretty Good Privacy uses a “web of trust” system of digital signature verification. The encryption technology is based on the IDEA private key cryptosystem.

ROT13

This is Incorrect.

ECC

This is Incorrect.

El Gamal

This is Incorrect.

Pingback: Symmetric Key Algorithm – mrcissp

Pingback: Domain 3: Security Architecture and Engineering – mrcissp