module 2

Question 1

Cryptography: Hashing

Answer 1

one-way (irreversible) function that produces a unique ‘hash digest’. ensures data integrity

Question 2

Cryptography: 2 sides of cryptography

What does it ensure?

Answer 2

2 way street (encryption & decryption); ensures CONFIDENTIALITY

Question 3

Cryptography: Salting

Answer 3

adding additional random characters to a pw so that no 2 passwords will produce the same hash digest, even if the initial passwords are the same

Question 4

Cryptography: Collision

Answer 4

When different inputs produce the same hashed output, indicating weakness.

Question 5

Cryptography: Hashing Algorithms (3)

Answer 5

Common hashing functions. Produce a hash digest. MD5 (old), SHA-256, and SHA-512

Question 6

Cryptography: Symmetric encryption

Answer 6

same key used to both encrypt & decrypt, therefore easily broken

Question 7

Cryptography: Asymmetric Encryption

Answer 7

uses different keys for encryption and decryption

Question 8

Cryptography: PKI

Answer 8

public key infrastructure

ensures a public key corresponds to only ONE person/entity, to avoid private key/info sharing

Question 9

Cryptography: Certificate definition
- 2 types

Answer 9

a unique key-pair assignment from a certificate authority. types: third-party and self-signed (for use within org)

Question 10

Cryptography: Certificate Authority

Answer 10

a trusted org that assigns certs to applicants, maintains records

Question 11

Cryptography: Intermediate CA

Answer 11

different levels of CAs (certificate authority) help segment certificate management. if one goes down, fewer people have to recertify. lower ones must be certified by a higher-authority CA. trace chain of trust back to a root ca.

Question 12

Cryptography: OCSP

Answer 12

online certification status protocol: lets a host query the status of a cert

• faster alternative to CRL that checks a cert’s validity in real time

Question 13

Cryptography: certificate duration — & is longer or shorter most secure?

Answer 13

-usually 3 mo-1 year
- shorter cert durations are more secure bc if one is compromised, it won’t stay valid for long—limiting exposure

Question 14

Cryptography Applications: Code Signing

Answer 14

done via hashing the file & signing the hash with the developer’s private key to provide a certificate-based digital signature. signature = encrypted hash + timestamp ensures INTEGRITY

Question 15

Cryptography Applications: Digital Signatures definition

Answer 15

a digital signature is a cryptographic way to prove:
1 INTEGRITY
2 AUTHENTICITY
3 NON-REPUDIATION

comprised of a hash digest of the message, which is then encrypted with the sender’s private key

NOTE: digital signatures are NOT encryption of the message itself; they do NOT offer confidentiality. just authenticity (not in CIA) and integrity.

Question 16

Cryptography Applications: Blockchain

Answer 16

• decentralized & distributed public transaxn ledger
• usually managed by peer-to-peer network
• secure bc an attacker would have to take over a majority of the network to successfully add falsified info
• most popular = bitcoin (cryptographic coin)

Question 17

Cryptographic Tools: Key management (Curtain Soon Drops—Raise, Revoke, Destroy)

Answer 17

full lifecycle handling of cryptographic keys:

creation, storage, distribution, rotation/rollover, revocation, and destruction

during key ro

Question 18

Cryptographic Tools: Secure Enclave

Answer 18

encrypted, physically + logically isolated portion of a device. use dfor storing keys, cryptographic calculations, DRM. only specific apps/processes can interact with it.

Question 19

Cryptographic Tools: TPM

Answer 19

trusted platform module
- chip for identifying a specific sysem motherboard. either on it or add-on. protects small amounts of sensitive info

Question 20

Cryptographic Tools: HSM

Answer 20

hardware security module
basically a GPU. handles intense encryption/decryption computations offloaded from main CPU

Question 21

Levels of encryption (6): First Position Very Firm Demi Rond

Answer 21

1. FDE, full disc encryption
2. Partition-level encryption
3. Volume level encryption
4. File-level encryption.
5. Database-level encryption.
6. Record-level encryption

Question 22

Cryptography: ROT

Answer 22

rotated [meaning alphabet has been rotated from its original position, eg ROT13 = alphabet rotated 13 spaces]

Question 23

Asymmetric Encryption: Diffe-Hellman Key Exchange

Answer 23

Each party calculates S using their private key and the other’s public key: S = (other public key)^(own private key) mod p. They end up with the same S, which is never transmitted.

Question 24

Cryptography: Encryption: In-band and out-of-band exchanges

Answer 24

in-band: keys exchanged over same primary channel used for communication
out-of-band: keys sent over unrelated channel eg verbally or mail

Question 25

Cryptography: key length & strength

Answer 25

the longer the better, but must still be usable

Question 26

Cryptography Applications: Blockchain: peer-to-peer network

Answer 26

a decentralized network where each node (peer) stores a copy of the blockchain and can validate, share, and relay transactions without a central server

Question 27

Cryptographic Tools: TEE

Answer 27

trusted execution environment

Question 28

Cryptographic Tools: Key management: what happens during key rotation?

Answer 28

1 new key generated 2 cert reissued if it’s a cert key 3 old key retired & maybe archived 4 key distribution (to stystems & users) updated

Question 29

Cryptography Applications: Digital Signatures: How do they work?

Answer 29

THE SENDER: 1. Hashes the message 2. encrypts that hash digest with their private key. these two together = DIGITAL SIGNATURE 3. sends th original message, digital signature, and often a digital cert w their public key THE RECIPIENT: 1. hashes the message themselves 2. decrypts the signature using the sender’s public key 3. if decrypted digest matches the one they just computed

Question 30

Cryptography: when is a certificate added to the CRL?

Answer 30

when it’s been revoked prematurely for some reason—compromised, misused, or is no longer valid (eg domain ownership changed) note: expired certs are NOT added to the CRL.

Question 31

Cryptography: how does a system use a CRL?

Answer 31

downloads the CRL and checks whether a cert is on the list before trusting it

Question 32

Cryptography: why is OCSP faster than CRL?

Answer 32

bc it doesn’t download the full CRL. it sends a query to the CA asking “is this cert still valid?” and gets a direct answer

Question 33

Levels of encryption: FDE Examples 2

Answer 33

Encrypts the entire drive, including OS and bootloader ex: BitLocker, FileVault Analogy: like locking down the entire stage—no one performs until the curtain rises with the key.

Question 34

Levels of encryption: Partition-Level Encryption When useful?

Answer 34

Encrypts just one section (partition) of a drive. Useful in dual-boot systems. Or when storing private data separately

Question 35

Levels of encryption: Volume-Level Encryption What is it often used with?

Answer 35

Encrypts an entire volume (group of partitions or a logical drive). Often used w. virtual or logical disk structures.

Question 36

Levels of encryption: File-Level Encryption What 2 rhings are used for this?

Answer 36

Encrypts one file at a time. EFS (encrypting File System), GPG for files. Analogy: Like locking up a dance’s diary, while the rest of the room is open

Question 37

Levels of encryption: Database-Level Encryption Ex?

Answer 37

Encrypts the full database or a major chunk like tables or schemas. Ex: Transparent Data Encryption (TDE) Analogy: The casting list is kept under lock and key.

Question 38

Levels of encryption: Record-Level Encryption

Answer 38

Encrypts individual rows (records) within a database. Ideal for multitenant databases or fine-grained access control Analogy: Each dancer’s contract is sealed in their own envelope; each dancer only has they envelope key to their own. Director has the master key.

Question 39

pci dss

Answer 39

payment card industry data security standard

Question 40

cipher

Answer 40

an algorithm to convert plaintext into ciphertext and vice versa To recover the plaintext, we must pass the ciphertext along with the proper key via the decryption function, which would give us the original plaintext.