Chapter 7: Cryptography and the PKI

Key Phrase: "encrypted message using an a symmetric encryption algorithm"

Explanation:
Correct Answer (D): In symmetric encryption algorithms, both the sender and the receiver use a shared secret key to encrypt and decrypt the message.
Why others are wrong:

• A: Mike’s public key would not be used by Mike himself for encryption.

• B: Mike’s private key would be used for signing, not encryption.

C: Encrypting with the David’s public key is a asymmetric encryption, where only the David can decrypt it using his private key.

Key Phrase: "force a network user to use weak encryption"

Explanation:
Correct Answer (A): A downgrade attack forces a system to use weaker encryption than originally intended, making it easier to break the encryption.
Why others are wrong:

• B: A collision occurs when two different inputs produce the same hash value, not relevant in this scenario.

• C: Homomorphic encryption is a technique that allows computation on encrypted data, not an attack.

• D: A birthday attack is a type of attack on hash functions, unrelated to encryption strength.

Key Phrase: "full-disk encryption technology"

Explanation:
Correct Answer (D): Full-disk encryption is designed to protect the confidentiality of the data by ensuring that unauthorized users cannot access it.
Why others are wrong:

• A: Integrity ensures that data hasn’t been altered.

• B: Non-repudiation prevents someone from denying their actions, unrelated to encryption.

• C: Authentication verifies the identity of users but is not the main goal here.

Key Phrase: "hiding sensitive information in those images"

Explanation:
Correct Answer (A): Steganography is the practice of hiding information within other non-suspicious content, like images.
Why others are wrong:

• B: Homomorphic encryption protects data while allowing computations but doesn't hide it in files.

• C: A replay attack involves capturing and reusing data; it doesn’t hide data in files.

• D: A birthday attack is related to hash collisions, not hiding information.

Key Phrase: "incorrect statement about cryptographic keys"

Explanation:
Correct Answer (A): Not all cryptographic keys need to be secret. Public keys, used in asymmetric encryption, should be freely shared.
Why others are wrong:

• B: Longer keys are generally more secure in the same algorithm.

• C: Asymmetric algorithms use longer keys than symmetric ones.

• D: Digital certificates are used to share public keys securely.

Key Phrase: "operates on one character of text at a time"

Explanation:
Correct Answer (C): A stream cipher encrypts one bit or character at a time.
Why others are wrong:

• A: A block cipher encrypts chunks of data at a time, not one character.

• B: Bit ciphers are a type of stream cipher but focus on bits, not characters.

• D: There is no such thing as a "balanced cipher."

Key Phrase: "strongest a symmetric encryption algorithm"

Explanation:
Correct Answer (D): AES is strongest for symmetric encryption tasks.
Why others are wrong:

• A: DES is outdated and considered insecure.

• B: 3DES is stronger than DES but weaker than AES.

• C: RSA is a strong asymmetric algorithm, but it’s typically slower than AES.

Key Phrase: "verify the status of certificates without contacting a remote server"

Explanation:
Correct Answer (C): Certificate stapling allows the server to send a recent OCSP response with the certificate, allowing clients to verify the certificate status without contacting a remote server.
Why others are wrong:

• A: Certificate revocation lists (CRLs) are a slower, outdated approach to managing certificate status.

• B: The Online Certificate Status Protocol(OCSP) provides real- time checking of a digital certificate's status using a remote server.

• D: Certificate pinning is used to provide an expected key, not to manage certificate status.

Key Phrase: "symmetric encryption system"

Explanation:
Correct Answer (C): In symmetric encryption, each pair of employees needs a unique shared key. With 10 employees, there are 10 pairs, and adding an 11th employee requires 10 new keys.
Why others are wrong:

• A: Only 1 key is needed to add the 11th employee, but symmetric encryption requires more.

• B: 2 keys are required for the pair, not for everyone.

• D: 11 keys are too many; only 10 are needed.

Key Phrase: "asymmetric encryption algorithm"

Explanation:
Correct Answer (B): In asymmetric encryption, each user needs two keys: a public and a private key. Adding an 11th employee requires only 2 new keys (one pair).
Why others are wrong:

• A: Only 1 key is needed, but asymmetric encryption needs both public and private keys.

• C: 10 keys are already present, but only 2 are needed for the new employee.

• D: 11 keys are excessive.