Midterm

Question 1

Symmetric vs asymmetric cryptography

Answer 1

Symmetric - Same key is used to encrypt and decrypt the message
Asymmetric - Different keys are used to encrypt and decryption

Question 2

Caesar cipher - other names

Answer 2

Shift cipher and mono alphabetic cipher

Question 3

Mini alphabetical vs multi alphabetic cipher

Answer 3

Same shift (number of words and direction) used for all the characters like Caesar cipher 
Multiple shits are used for each characters like +2 , +3 and +4

Question 4

Vigenere Cipher’s strength

Answer 4

• same letter can be encrypted in different ways

Question 5

Build a string vigenere cipher

Answer 5

• Key is as long as plaintext
• build the key from random characters
• don’t use the same key again and again
• don’t use text decorations like punctuation, spaces
• protect the key (obviously)

Question 6

DES

Answer 6

Data description standard - process of splitting data into blocks and encrypt then transport.

Question 7

Step by step process of DES

Answer 7

1. divide the data in to 64-bit blocks and transport
2. encrypt the transported data by 16 separation steps using 56-bit key
3. scrambled using swapping algorithm
4. transport

Question 8

Public Key Encryption depends on ?

Answer 8

large prime numbers , factoring and number theory

Question 9

Find the intermediate number for symmetric key (private key)

Answer 9

1. ia = g to the power of ka MOD p

ib = g to the power of kb MOD p

Question 10

Find the symmetric key for Alice and Bob

Answer 10

Alice
k = ib to the power of ka MOD p

Bob
k = ia to the power of kb MOD p

Question 11

Acceptable Cryptographic hash functions

Answer 11

SHA256 or SHA512
RipeMD and WHIRLPOOL
(don’t use SHA1 and MD5)

Question 12

what should be the appropriate length for a SALT ?

Answer 12

same size as the output of the hash function

for eg. SHA256 hash output 256 bits (32 byte) so the hash should be 256 bits too

Question 13

Hashing on server vs hashing on client and problems of hashing on client’s end

Answer 13

disabled javascript, man in the middle, stolen hash dataabase to authenticate

Question 14

Is it okay if I send SALT to the client to hash the username ?

Answer 14

No. Use the domain name as hash in the client side, anyway you going to hash the username in the server side too.

Question 15

Name 2 DOS attack tools available online

Answer 15

TKN and TKN2k

Question 16

how to avoid DOS attacks ?

Answer 16

1. Micro blocks - allocate small amount of resources during the SYN + ACK stage.
2. SYN cookie - sent cookie with all the client info plus allocate resources only when the client confirms it (takes lot of resources, not recommended)
3. RST cookies - send wrong data to the client, if the client replies with the error then it’s legitimate else close the connection