Chapter 9: Encrypting Volumes

Ron Rivest developed the RC4 algorithm in the late 1990s.

Changing a single bit of a block cipher's input affects the entire output block.

When encrypting data with a block cipher, each repetition is called: A. a key expansion B. a key schedule C. a run D. a round

AES supports exactly which three key sizes? A. 8 bits, 16 bits, 32 bits, B. 64 bits, 128 bits, and 256 bits. C. 32 bits, 64 bits, 128 bits D. 128 bits, 192 bits, and 256 bits.

After the volume encryption product implements its protections. What are some the risks remaining? A. All of the answers B. Intercepted keys C. Intercepted passphrase D. Recycled CEK attack

Volume encryption can provide strong protection but, like all security measures. What are the residual risks? A. Data integrity B. Encryption integrity C. Untrustworthy encryption D. All of the answers

Apple Mac OS-X and all editions of Microsoft Windows provide full-disk encryption.

The counter value must be unique for every 128-bit block on the device. To do this, the counter incorporates the sector number and the block's index number within the sector. What are they? A. The counter's low-order digits select a single block within the sector. There are 32 blocks of 128 bits each in a standard sector containing 512 bytes. We assign the five lowest bits in the counter to select a block within the sector. B. The remaining high-order digits in the counter will contain a nonce that remains constant for all sectors on the hard drive. C. All of the answers D. The middle digits in the counter select the sector on the hard drive

The underlying code of the Rijndael algorithm was leaked to the public in 1994, allowing for successful attacks against data encrypted with Rijndael.

The following are best practices or proper recommendations for choosing an encryption algorithm except: A. use evaluated cryptographic products if using a certified algorithm B. do not use "private label" algorithms that have not been published and reviewed by the cryptographic community C. check recent news and research results in the crypto community D. use DES if at all possible

The following are properties of persistent key storage except: A. it uses volatile storage B. it can wrap the key using a passphrase C. it can store the key on a removable storage device D. it uses nonvolatile storage

A shortcoming of block ciphers is: A. inability to produce ciphertext B. encrypting data that has block-sized patterns C. difficulty of use D. inability to encrypt data with block-sized patterns

In some algorithms, decryption simply applies the key schedule, the permutations, and the S-boxes in the reverse order. What procedure highlights the important features of block ciphers? A. Key sizes, block sizes, and the number of rounds performed are built into the Procedure. We can't arbitrarily change any of these without redesigning the Procedure. B. The number of rounds reflects a trade-off between speed and security. More rounds may scramble the data more thoroughly, but each round takes time to execute. C. All the Answers D. It takes time to change keys, because the procedure must generate a new key schedule for each key.

T or F: Cipher block chaining (CBC) is a widely used cipher mode that requires plaintext to be a multiple of the cipher's block size.

A tweakable cipher includes a third input, a nonce-like value that modifies the encryption without the cost of changing the encryption key.

File encryption protects data on a computer against the following except: A. Trojan crypto B. hostile users C. theft D. Trojans

We reduce the risk of untrustworthy encryption by using certified products. In the United States, the recognized certification is FIPS A. 142-1 B. 140-2 C. 160-8 D. 140-4

A block cipher encrypts data in fixed-sized blocks.

Encryption can help protect volumes in the following situations except: A. when an eavesdropper looks at the volume without the operating system in place B. when a storage device is lost or stolen C. to prevent physical damage to a hard drive D. when discarding a hard drive or other device without wiping it

S-boxes are special data structures that control substitutions in block ciphers.

There are four strategies for cleaning a hard drive of personal date. Which one will actually make the data un-recoverable? A. Run a "disk wipe" program. B. Delete personal files and "empty the trash." C. Reinstall the Operating system. D. Reformat the hard drive.

Counter mode and cipher block chaining (CBC) produce tweakable cipher modes.

A self-encrypting drive locks data on the hard disk by: A. prompting for the encryption key whenever data is accessed B. erasing the encryption key when the drive is unplugged or reset C. none of the answers D. changing the encryption algorithm after encrypting data

Volume encryption protects data on a computer against: A. theft B. Trojans C. hostile users D. Trojan crypto

Access control protects data on a computer against: A. hostile users B. Trojans C. theft D. recycling