1. Главная
  2. Книги
  3. Vallabhaneni S. Rao
  4. CISSP Practice
  5. Страница 168
Выбрать главу

Data checksums are digits or bits summed according to arbitrary rules and used to verify the integrity of data. A cyclic redundancy code (CRC) uses an algorithm for generating error detection bits in a data link protocol. The receiving station performs the same calculation as done by the transmitting station. If the results differ, then one or more bits are in error. Both data checksums and CRC are not based on cryptographic checksums. Instead, they are based on algorithms.

193. Which of the following statements about secret key and message digest algorithms are not true?

1. The drive for message digest algorithms starts with public key cryptography.

2. Message digest algorithms make the RSA much more useful.

3. Secret key algorithm is designed to be irreversible.

4. Message digest algorithm is designed to be reversible.

a. 1 and 2

b. 3 and 4

c. 1 and 3

d. 2 and 4

193. b. The significant difference between a secret key algorithm and a message digest algorithm is that a secret key algorithm is designed to be reversible and a message digest algorithm is designed to be impossible to reverse. It is true that the drive for a message digest algorithm started with public key cryptography. Rivest, Shamir, and Adelman (RSA) is used to perform digital signatures on messages. A cryptographically secure message digest function with high performance would make RSA much more useful. This is because a long message is compressed into a small size by first performing a message digest and then computing an RSA signature on the digest.

194. When compared to the Rivest, Shamir, and Adelman (RSA) algorithm, the Digital Signature Standard (DSS) does not provide:

a. Digital signature

b. Authentication

c. Encryption

d. Data integrity

194. c. Both RSA and DSS provide digital signature, authentication, and data integrity capabilities. RSA provides encryption; DSS does not. The digital signature algorithm (DSA) is specified in the DSS. The DSS contains the DSA to create signatures as well as the secure hash algorithm (SHA) to provide data integrity. SHA is used in electronic mail and electronic funds transfer applications.

195. Which of the following attacks are made on block ciphers?

a. Meet-in-the-middle attacks

b. Codebook attacks

c. Man-in-the-middle attacks

d. Bucket brigade attacks

195. a. Meet-in-the-middle (MIM) attacks occur when one end is encrypted and the other end is decrypted, and the results are matched in the middle. MIM attacks are made on block ciphers. A block cipher algorithm is a (i) symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key and (ii) a family of functions and their inverse functions that is parameterized by a cryptographic key; the functions map bit strings of a fixed length to bit strings of the same length. This means, the length of the input block is the same as the length of the output block.

The other three choices are incorrect because they do not use block ciphers. Codebook attacks are a type of attack where the intruder attempts to create a codebook of all possible transformations between plaintext and ciphertext under a single key. Man-in-the-middle (MitM) attacks are a type of attack that takes advantage of the store-and-forward mechanism used by insecure networks, such as the Internet. MitM attacks are also called bucket brigade attacks.

196. Which of the following statements about digital signatures is not true?

a. It enhances authentication.

b. It makes repudiation by the sender possible.

c. It prevents nonrepudiation by the receiver.

d. It makes repudiation by the sender impossible.

196. b. Digital signatures use Rivest, Shamir, and Adelman (RSA), a public-key (two-key) cryptographic algorithm. RSA enhances authentication and confidentiality due to the use of a two-key system; one key is public and the other one is private. The use of RSA in digital signatures prevents repudiation by the sender as well as by the receiver. Nonrepudiation means the sender cannot say that he never sent the message, and the receiver cannot say that he never received the message. Nonrepudiation is possible due to the use of a two-key system where the private key of the sender and the receiver is kept secret while their public key is known only to each party. Both the sender and the receiver cannot deny having participated in the message transmission.

197. Which of the following statements is true? Rivest, Shamir, and Adelman (RSA) algorithm has a:

a. Slower signature generation and slower verification than DSA

b. Slower signature generation and faster verification than DSA

c. Faster signature generation and faster verification than DSA

d. Faster signature generation and slower verification than DSA

197. b. It has been tested and proven that the RSA algorithm has a slower signature generation capability and faster verification than the digital signature algorithm (DSA). On the other hand, the DSA has faster signature generation and slower verification than the RSA.

RSA is much slower to compute than popular secret key algorithms like data encryption standard (DES) and international data encryption algorithm (IDEA). RSA algorithm uses a variable length public key—a long key for enhanced security or a short key for efficiency.

RSA encryption algorithm requires greater computing power (i.e., memory or disk storage space) necessary to generate keys. The keys for RSA algorithm are large numbers generated mathematically by combining prime numbers. The algorithm is powerful and has resisted all attempts to break it to date, except for 40-bit RSA.

198. Cryptography provides all the following services except:

a. Authentication

b. Confidentiality

c. Integrity

d. Availability

198. d. Availability is the property of a given resource that is usable during a given time period; it is not provided by cryptography. Data communications channels are often insecure, subjecting messages transmitted over the channels to various passive and active attacks (threats). Cryptography is the solution to counteract such threats. Cryptography is the science of mapping readable text, called plain text, into an unreadable format, called ciphertext, and vice versa. The mapping process is a sequence of mathematical computations. The computations affect the appearance of the data, without changing its meaning.

To protect a message, an originator transforms a plain text message into ciphertext. This process is called encryption or encipherment. The ciphertext is transmitted over the data communications channel. If the message is intercepted, the intruder has access to only the unintelligible ciphertext. Upon receipt, the message recipient transforms the ciphertext into its original plain text format. This process is called decryption or decipherment.

~ 168 ~