1.
2.
What are the four protections offered by cryptographic systems?
Confidentiality, authentication, integrity, and replay.
Distinguish between plaintext and ciphertext.
Plaintext is the message to be delivered to the receiver. Encryption changes this to ciphertext, which attackers in the middle cannot read.
3. Do encryption methods and keys both have to be kept secret?
Only encryption keys must be kept secret.
<There are few encryption methods, so it is not practical to keep them secret.>
Explain how an attacker uses exhaustive searching to crack keys.
A key is merely a string of bits.
By trying all possible bit combinations and applying each to decrypt the ciphertext, the attacker will eventually find the right key and decrypt the ciphertext successfully.
4. How does a long key length make cracking difficult?
Every bit added to the length doubles exhaustive cracking time, so longer keys are much safer than shorter keys.
5.
What does increasing the key size by one bit do to exhaustive search time?
It doubles the search time.
<So adding two bits quadruples it, etc.>
What else can be done to thwart key cracking?
In addition to using long keys, it is important to change keys frequently.
Cryptanalysts (professionals who specialize in the breaking of encryption) often use attacks that require the capture of a large amount of ciphertext. If keys are changed frequently, such attacks become extremely difficult and perhaps impossible because not enough ciphertext is encrypted with each key to permit cryptanalysis.
Is encryption used for confidentiality, authentication, or both?
Both.
How many keys are used in symmetric key encryption in two-way conversations between two parties?

6.
7.
One.
What is the most popular symmetric key encryption method?
DES, the Data Encryption Standard.
How long is its key?
56 bits long (64 bits, but 8 are redundant parity bits).
How does DES-CBC differ from simple DES?
The ciphertext for a block of plaintext is created by encrypting the plaintext block with the key and the contents of the previous ciphertext block.
For the first ciphertext block, an initialization vector value is used instead of the previous ciphertext block.
Is the DES key strong or weak? Explain.
At only 56 bits, it is weak for a symmetric key.
How long is a strong symmetric key today?
For symmetric keys, more than 100 bits.
Under what circumstances must even longer symmetric key lengths be used?
For high-value transactions or when information must be kept secret for many years (cracking power will increase).
Why can the use of passwords and pass phrases make key strength meaningless?
Sometimes, keys are generated from passwords or pass phrases.
If users employ easy-to-guess passwords or pass phrases, the key can be found more easily than if exhaustive cracking is used.
Triple DES, like simple DES, uses 56-bit keys. How does 3DES provide longer effective key length? Give a simple answer. Do not go into the detailed process.
It applies DES three times in sequence. a) Compare DES, 3DES, and AES in terms of key lengths.
DES only offers 56 bits.
3DES can increase this to 112 or 168 bits.
AES offers three optional key lengths: 128 bits, 192 bits, and 256 bits.
Page 2

<Although the lengths overlap, each bit doubles the time needed to crack the key, so even the difference between 168 bits and 192 bits (24 bits) increased the processing time needed to crack the key by a factor of over
16 million.>
Compare DES, 3DES, and AES in terms of CPU speed and RAM requirements.
AES uses many fewer CPU cycles and requires much less RAM.
This allows AES to be used on PDAs and other small devices.
8. How strong are the IDEA keys used traditionally in PGP?
IDEA has a key length of 128 bits. This is a strong symmetric key.
9. How strong are the RC4 keys used traditionally in WEP?
RC4 has a key length of 40 bits. This made it legal for export when WEP was created, but this is a very weak key.
10. There are two forms of encryption—symmetric key encryption and public key encryption. a) Which is almost always used for confidentiality for e-mail messages?
Symmetric. Public key encryption would be too slow and can only be used for very short messages. b) For World Wide Web downloads?
Symmetric. Public key encryption would be too slow and can only be used for very short messages. c) For instant messaging?
Symmetric. Even IM messages are too long for public key encryption.
<Even if using public key encryption for confidentiality were possible, symmetric key encryption would be much more efficient.>
11. Jason sends a message to Kristin using public key encryption for confidentiality. a) What key will Jason use to encrypt the message?
Kristin’s public key b) What key will Kristin use to decrypt the message?
Kristin’s private key. c) What key will Kristin use to encrypt the reply?
Jason’s public key.
Page 3

d) What key will Jason use to decrypt the reply?
Jason’s private key. e) Can the message and reply be long messages? Explain.
No. Public key is limited to encrypting very small messages.
12. Does public key encryption have a problem with secure key exchange for the public key? Explain.
No. The public key can be distributed without security.
<However, the private key must be distributed securely.> a) What are the two most popular public key encryption methods?
RSA and ECC (Elliptic Curve Cryptography). b) Which is in the public domain?
RSA. c) Which allows smaller keys to be used for a given level of security?
ECC.
13. What is a common key length for RSA?
Most commercial implementations use a key length of only 512 bits.
<This is now considered too small for safety.> e) What RSA key lengths are recommended?
Companies are now advised to use 1,024 bit keys for normal encryption and 2,048 bit keys for highly sensitive applications. f) What is a common ECC key length?
A common key length in ECC is 160 bits, <although this is now considered too small.> g) What ECC key length is recommended?
A strong ECC key is now considered to be at least 512 bits.
14. a) What is authentication?
Authentication is verifying the other party’s identity.
For what type of authentication is MS-CHAP used?
Initial authentication in client/server communication.
Page 4

<In this type of communication, passwords traditionally have been used for authentication.>
15. How does hashing work?
When hashing is applied to a bit string, it produces a hash (result) of fixed length.
What are the two most popular hashing algorithms, and what are the lengths of their hashes?
MD5: 128 bits
SHA-1: 160 bits
<Newer forms of SHA allow longer hashes, including SHA-256 and SHA-
384, and SHA-512.>
How does the applicant create the response message?
The applicant adds the password to the challenge message and hashes the combination. This is the response message.
How does the verifier check the response message?
The verifier repeats what the applicant did. It adds the password to the challenge message and hashes the combination. This is the response message.
If the received and computed response messages are the same, the applicant proves that it knows the secret, which only the true party should know.
What type of encryption does MS-CHAP use? (Trick question.)
It does not use encryption at all. Only hashing.
What does it mean that hashing is a one-way function?
It is irreversible. There is no way to compute the original message from the hash.
<You can’t turn ground beef back into a cow.>
For what type of authentication is a digital signature used—challenge-response or message-by-message?
Message-by-message authentication.
How does the applicant create a message digest?
By hashing the original plaintext—the message to be sent.
Page 5

How does the applicant create a digital signature?
By signing the message digest—encrypting the message digest with the applicant’s private key.
What combined message does the applicant send?
The original plaintext plus the digital signature.
How is the combined message encrypted for confidentiality?
With symmetric key encryption. <Note that this is for confidentiality, not authentication.>
How does the verifier check the digital signature?
The verifier reproduces the message digest in two ways.
The verifier hashes the received original plaintext to produce the message digest.
The verifier decrypts the received digital signature with the true party’s public key (not the applicant’s public key).
If these two computed message digests are the same, the applicant must know the true party’s private key and so must be the true party.
Besides authentication, what security benefit does a digital signature provide?
It provides message integrity.
Explain what this benefit means.
If the message has been changed en route, the verification process will fail, so the message will not be accepted.
From what kind of organization does a verifier receive digital certificates?
From a certificate authority (CA).
Are most CAs regulated?
No.
Does a digital certificate mean that the firm named in the certificate is wellbehaved?
No. Reputation warranty is a separate issue.
A cert merely certifies that the true party has a certain public key.
What are the two most critical fields in the certificate?
The subject field gives the name of the party that the certificate describes.
Page 6

The second piece of critical information is the public key, which is stored in the public key field.
What other field is needed to use the information in these two most critical fields?
The public key algorithm field tells which algorithm the subject uses.
Without this knowledge, it is impossible to use the public key to test a digital signature.
What two fields allow the receiver of a certificate to determine if the certificate has been altered?
Signature algorithm identifier and digital signature fields.
What piece of information NOT included in the certificate is needed to test for alterations?
The CA’s public key.
Why is this information not put into the digital certificate?
A fake CA could use this inclusion to send a fake public key, thereby creating a fake digital certificate that will test as genuine when tested with the fake public key.
Why is the version number field important to the receiver?
The version number tells the receiver what fields the cert contains.
Why is the valid period field important?
The cert should not be accepted before the valid start date or the valid end date.
What is the standard for digital certificates?
X.509. <Today, Version 3 is used almost universally.>
Does a digital signature by itself provide authentication? Explain why or why not.
No. Without the public key of the true party, it is impossible to test the digital signature.
Does a digital certificate by itself provide authentication? Explain why or why not.
No. It merely gives the true party’s public key. It does not prove that the certificate holder is true party. Certs are widely distributed, so anyone can hold anyone else’s cert.
Explain how they work together in authentication.
Page 7

The digital certificate gives the true party’s public key.
The true party’s public key is used to test the digital signature.
Why is it important to check CRLs?
The CA may cancel the digital certificate before its expiration date.
<Normally, the entire CRL is sent to the verifier. The verifier checks the digital certificate’s serial number against the list.>
18. What are the functions of a PKI?
Create public key-private key pairs.
Distribute private keys securely.
Distribute public keys through digital certificates.
Maintain a certificate revocation list.
<Authenticate applicants applying for public key-private key pairs.>
What are the three main problems with PKI products today?
They often use incompatible proprietary standards.
They lack functionality.
They are too labor intensive.
What is the prime authentication problem?
How the applicant proves its identity in order to receive a digital certificate. If it can fraudulently obtain a digital certificate, then public key encryption will be worthless.
Distinguish between long-term versus session symmetric keys.
Long-term symmetric keys are used for long periods of time.
Symmetric session keys are used only for a single limited communication period, such as a server login session.
Why is a long period of use bad?
If a large amount of plaintext is encrypted with a symmetric key, a cryptanalyst may be able to crack the key.
Explain how public key encryption can be used to do symmetric key exchange.
One party can generate a symmetric session key randomly, then encrypt the key with the public key of the other party.
The other party will decrypt the symmetric session key with its own private key.
Page 8

Now the two parties have the symmetric session key and can use it to communicate confidentially.
What is the role of Diffie-Hellman key agreement?
To get the two parties to agree securely on a symmetric session key.
In Diffie-Hellman key agreement, is information exchanged with encryption to protect it from eavesdroppers?
No. There is no confidentiality in information exchange.
Why is the word agreement used instead of exchange?
The two parties never exchange a key. Rather, they exchange information that allows them to agree upon a key.
What is a replay attack?
This is when an attacker in the middle captures a message and then replays it later.
Can the attacker understand the replayed message?
Typically not.
Why are replay attacks attempted?
To fool the other side into authenticating the attacker and to do other things.
What are the three ways to thwart replay attacks?
Time stamps require receipt to take place quickly. Replayed message will take too long to be sent and so will be rejected.
Sequence numbers in messages allow the receiver to see if a message received is a replay because both messages will have the same sequence number.
Nonces are sent by one party and must be included in the reply. To prevent replay, nonces are only used once and are only accepted in the first reply received.
What do we call the hiding of messages in graphics images?
Steganography.
For what two reasons is it done?
Page 9

To make it difficult for an eavesdropper to even know that the message is being sent.
To digitally watermark a document so that its source can be identified.
Page 10