Search
Create
Log in
Sign up
Log in
Sign up
security past exam 2
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (36)
what are the three (3) most appropriate techniques that can directly contribute to the prevention of MITM attacks?
Digital Signatures
Certificate Authorities
Asymmetric Encryption
Merkle's puzzles provide an efficient mechanism for key exchange?
false
what are the attacks which specifically apply to authentication protocols.
Forced Delay
Password Sniffing
Reflection
Chosen Text
If an efficient algorithm for integer factorisation is found, RSA would be insecure.
true
What is an appropriate AES key size for achieving medium-term protection against a very powerful attacker?
128
Asymmetric cryptography is useful for encrypting data on-the-fly.
false
Symmetric cryptography is very useful for encrypting large quantities of data efficiently
true
Fill in the blank:
"Zero Knowledge Proofs are designed to ___________________"
allow a prover to demonstrate knowledge of a secret while revelaing no information about the secret.
What is the goal behind ensuring the "freshness" of a message?
To prevent pre-computation attacks and/or a brute force on the message space
Symmetric crypto is very useful when creating digital signature protocols
false
Whatcan be used to achieve certificate revocation?
OCSP
Symmetric cryptography is very useful when performing key distribution.
false
In general, asymmetric ciphers provide greater strength than symmetric ciphers for the same key length.
false
If an efficient algorithm for integer factorisation is found, Diffie Hellman would be insecure.
false
High levels of correlation between the input bits and output bits of S-boxes is good for security in symmetric ciphers.
false
The design goals of SSL were to first minimise load on the browser, then on the server.
false
What method is often used to ensure "freshness"?
a nonce
Explain why it is necessary to use modern password hashing algorithms when securing passwords in a database. In your answer identify one such algorithm. (no more than 4 sentences)
Standard hashing algorithms (MD5, SHA1, SHA256) are not good enough for passwords:
- Hashing algorithms were designed to run fast
- Password hashes should ideally be slow to slow down brute-force attacks
- Brute forcing these algorithms is trivial even with a salt
bcrypt aims to make hashing more expensive by using more time. It is still vulnerable to hardware attacks, since iterated hashes are relatively easy to implement in hardware.
scrypt aims to make password hashing harder by using more space. It makes hardware implementations difficult by using vast amounts of memory
All digital signature protocols require the use of asymmetric cryptography
true
If an efficient algorithm for integer factorisation is found, AES would be insecure.
false
hat is an appropriate RSA key size for achieving medium-term protection against a very powerful attacker?
2048
In order to achieve smallest file size, it's better to encrypt then compress, rather than compress then encrypt.
false
Provide a high level overview of the steps to acquire a valid SSL certificate. (4-5 steps)
1. Alice generates a public/private keypair.
2. Alice sends the public key to the CA.
3. The CA challenges Alice to see if she knows the private key.
4. The CA generates a certificate and sends it to Alice.
1024-bit ciphers are always stronger than 512-bit ciphers
false
Which of the following contributes to achieving Perfect Forward Secrecy in protocols such as SSL/TLS?
diffie-hellman
The homomorphic property of RSA enables it's use for achieving Perfect Forward Secrecy.
false
Which statement best describes a buffer overflow?
A software coding error which leads to an unexpected overwriting of memory
If an efficient algorithm for calculating discrete log is found, AES will not be secure.
false
If an efficient algorithm for calculating discrete log is found, Diffie Hellman will not be secure.
true
If an efficient algorithm for calculating discrete log is found, RSA will not be secure.
false
What can a system designer do to reduce the effectiveness of precomputation attacks when attempting to crack all passwords in the system?
salt the passwords
Was the "Heartbleed" OpenSSL security vulnerability an oversight in the design of the SSL protocol? What caused the vulnerability and how could it have been prevented?
Heartbleed is not an oversight on the actual SSL protocol or the design but rather on the implementation of the SSL protocol.
OpenSSL had an issue where the actual size of the payload of the message was not checked against the claimed size of the payload and hence an attacker would be able to request other pieces of information from the RAM in the midst of keeping an SSL connection alive.
This could have been prevented if the actual size of the payload was verified alongside the claimed size of the payload. This was patched in TLS 1.2
It would take roughly 40 quadrillion years to crack RSA-125
false
You connect to a website over HTTPS. It is using a valid TLS certificate which has been signed by a trusted CA and uses a sufficiently large public key.
We can be sure that the website is secure.
false
The Needham-Schroeder protocol solves the issue of key revocation
false
Asymmetric cryptography is more efficient than symmetric cryptography for key management in large systems.
true
;