9.5.4 Security Pro Practice Questions

Is used in IPSec Uses a 168bit key EXPLANATION Triple DES: - Applies DES three times - Uses a 168-bit key - Used in IPsec as its strongest and slowest encipherment Advanced Encryption Standard (AES) uses the Rijndael block cipher. DES can easily be broken. International Data Encryption Algorithm (IDEA) uses 64-bit blocks with 128-bit keys. REFERENCES LabSim for Security Pro, Section 9.5.

Ron's Cipher v4 (RC4) EXPLANATION RC4 is the most frequently used symmetric key stream cipher. RC4 is commonly used with WEP and SSL. AES, RC2, and Blowfish are all symmetric block ciphers. REFERENCES LabSim for Security Pro, Section 9.5.

Symmetric stream EXPLANATION Symmetric stream cryptography is best implemented in hardware because the data size makes it infeasible to have enough RAM or CPU cycles to process the data. Symmetric block cryptography is primarily implemented in software. Asymmetric cryptography, also known as public key cryptography, is mainly used for key distribution, digital signatures, and data encryption for small amounts of data. REFERENCES LabSim for Security Pro, Section 9.5.

International Data Encryption Algorithm (IDEA) EXPLANATION International Data Encryption Algorithm (IDEA) does not use variable block lengths. In addition to IDEA, the following symmetric block ciphers also do not use variable block lengths: - Data Encryption Standard (DES) - Ron's Cipher v2 or Ron's Code v2 (RC2) - Blowfish - Twofish - SkipJack AES uses variable block lengths. RC5 uses 32-, 64- or 128-bit block lengths. Elliptic Curve (EC) is an asymmetric cipher. REFERENCES LabSim for Security Pro, Section 9.5.

DES EXPLANATION DES offers the least encryption security from the cryptography systems in this list. DES has a limitation of 56-bit keys, the weakest of those listed here. The strength of a cryptosystem lies not only in long keys but in the algorithm, initialization vector or method, the proper use of the keyspace, and the protection and management of keys. AES (128, 192, 256 bit keys), TwoFish (up to 256 bit keys), and IDEA (128 bit keys) all support stronger keys than DES. REFERENCES LabSim for Security Pro, Section 9.5.

RC5 EXPLANATION RC5 is a block cipher that supports variable bit length keys and variable bit block sizes. RC4 is a stream cipher. RC2 is limited to 64 bit blocks. RSA is not a Rivest cipher; rather, it is an asymmetric cryptography system developed by the same organization. REFERENCES LabSim for Security Pro, Section 9.5.

IDEA EXPLANATION IDEA is a symmetric cryptography system that does not support a variable block size. IDEA only supports a 64-bit block size. RC5, AES, and AES's algorithm Rijndael all support variable block sizes. RC5's supported block sizes are 32, 64, and 128. AES (Rijndael) supports any block size. REFERENCES LabSim for Security Pro, Section 9.5.

AES EXPLANATION AES is stronger and faster than 3DES when implemented with a large key size (256-bits). DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption). 3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES. RSA is an asymmetric encryption algorithm. Asymmetric encryption is not typically used for bulk encryption of data. SHA-1 is a hashing algorithm, not an encryption algorithm. REFERENCES LabSim for Security Pro, Section 9.5.

DES EXPLANATION DES was one of the first symmetric encryption methods and is now obsolete (known weaknesses can be used to break the encryption). 3DES improves upon DES by applying the encryption three times. It is an acceptable alternative to DES. AES is stronger and faster than 3DES when implemented with a large key size (256-bits). Blowfish and Twofish were alternatives to DES, but AES was chosen to replace DES. REFERENCES LabSim for Security Pro, Section 9.5.

A shared private key EXPLANATION Symmetric cryptography uses a shared private key. Both communication partners must be in possession of the same key in order to exchanged encrypted data. Asymmetric cryptography uses a unique key pair for each participant. This key pair consists of a public key and a private key. REFERENCES LabSim for Security Pro, Section 9.5.

Symmetric key cryptography EXPLANATION Symmetric cryptography is best suited for bulk encryption because it is much faster than asymmetric cryptography. Hashing is not used for encryption; it is only used to verify the integrity of data. Public key cryptography, also known as asymmetric cryptography, is best suited for small amounts of data. Often, asymmetric cryptography is used to exchange symmetric cryptography keys, and then the symmetric cryptography keys are used to encrypt communication traffic. REFERENCES LabSim for Security Pro, Section 9.5

One EXPLANATION Private key, or symmetric, cryptography uses a single shared key. Both communicating parties must possess the shared key to encrypt and decrypt messages. The biggest challenge to symmetric cryptography is the constant need to protect the shared private key. This protection must be applied at all times, including during the initial transmission of the shared key between the parties. REFERENCES LabSim for Security Pro, Section 9.5.

RC4 EXPLANATION The most frequently used implementation of symmetric key stream ciphers is Ron's code (or Ron's cipher) v4, known as RC4. RC4 uses a variable key up to 256 bits and is commonly used with WEP and SSL. It uses the Key Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA). Blowfish, Twofish, and AES are all block ciphers. REFERENCES LabSim for Security Pro, Section 9.5.

Copying the key to a USB drive EXPLANATION Out-of-band distribution involves manually distributing the key (for example, as copying the key to a USB drive and sending it to the other party). Sending an email, using a key distribution algorithm, or using a private fiber network are all considered in-band distribution methods. REFERENCES LabSim for Security Pro, Section 9.5.

The sender's key is sent to a recipient using a Diffie-Hellman key exchange. In-band distribution The sender's key is copied to a USB drive and handed to the recipient Out-of-band distribution The sender's key is sent to the recipient using public key cryptography. In-band distribution The sender's key is burned to a CD and handed to the recipient. Out-of-band distribution EXPLANATION Before communications can begin using symmetric encryption, both parties must exchange the shared secret key using a secure channel. Symmetric key encryption can use the following key distribution methods: - Out-of-band distribution involves manually distributing the key, such as copying the key to a USB drive and sending it to the other party. - In-band distribution can use a key distribution algorithm, such as Diffie-Hellman, to send the key to the recipient. It can also use asymmetric encryption technology to encrypt the key for distribution. REFERENCES LabSim for Security Pro, Section 9.5.