Chapter 08: Cryptography

TRUE/FALSE

1. In 1953, Giovan Batista Belaso introduced the idea of the passphrase

(password) as a key for encryption.

ANS: F PTS: 1 REF: 352

2. In 1917, Gilbert S.Vernam, an AT&T employee, invented a polyalphabetic

cipher machine that used a non-repeating random key.

ANS: T PTS: 1 REF: 352

3. Sequence encryption is a series of encryptions and decryptions between a

number of systems, wherein each system in a network decrypts the message sent to it and
then reencrypts it using different keys and sends it to the next neighbor, and this process
continues until the message reaches the final destination.

ANS: F PTS: 1 REF: 354

4. The permutation cipher simply rearranges the values within a block to create
the ciphertext.

ANS: T PTS: 1 REF: 357

5. Julius Caesar was associated with an early version of the transposition cipher.

ANS: T PTS: 1 REF: 359

6. You cannot combine the XOR operation with a block cipher operation.

ANS: F PTS: 1 REF: 360

7. To perform the Caesar cipher encryption operation, the pad values are added
to numeric values that represent the plaintext that needs to be encrypted.

ANS: F PTS: 1 REF: 360

8. One encryption method made popular by spy movies involves using the text
in a book as the key to decrypt a message.

ANS: T PTS: 1 REF: 361

9. Hashing functions require the use of keys.

ANS: F PTS: 1 REF: 362

10. Popular cryptosystems use a hybrid combination of symmetric and

asymmetric algorithms.

ANS: T PTS: 1 REF: 363

11. DES uses a 64-bit key.

ANS: F PTS: 1 REF: 364

 12. The 3DES implements a block cipher with a variable block length and a key
length of 128, 192, or 256 bits.

ANS: F PTS: 1 REF: 365

13. The asymmetric encryption systems use a single key to both encrypt and
decrypt a message.

ANS: F PTS: 1 REF: 366

14. The AES algorithm was the first public key encryption algorithm.

ANS: F PTS: 1 REF: 372

15. Two hundred and eighty five computers can crack a 56-bit key in one year;
ten times as many would do it in a little over a month.

ANS: T PTS: 1 REF: 373

16. PKI systems are based on public key cryptosystems and include digital
certificates and certificate authorities.

ANS: T PTS: 1 REF: 375

17. Nonrepudiation means that customers or partners can be held accountable for
transactions, such as online purchases, which they cannot later deny.

ANS: T PTS: 1 REF: 375

18. Common implementations of RA include systems that issue digital

certificates to users and servers; directory enrollment; key issuing systems; tools for
managing the key issuance; and verification and return of certificates.

ANS: F PTS: 1 REF: 376

19. When an asymmetric cryptographic process uses the sender’s private key to
encrypt a message, the sender’s public key must be used to decrypt the message.

ANS: T PTS: 1 REF: 376

20. The most common hybrid system is based on the Diffie-Hellman key
exchange, which is a method for exchanging private keys using public key encryption.

ANS: T PTS: 1 REF: 379

21. Standard-HTTP (S-HTTP) is an extended version of the Hypertext Transfer

Protocol that provides for the encryption of individual messages transmitted via the Internet
between a client and server.

ANS: F PTS: 1 REF: 382

22. SSL builds on the encoding format of the Multipurpose Internet Mail
Extensions protocol and uses digital signatures based on public key cryptosystems to secure
e-mail.

ANS: F PTS: 1 REF: 382

23. Secure Electronic Transactions was developed by MasterCard and VISA in

1997 to protect against electronic payment fraud.

ANS: T PTS: 1 REF: 384

24. The application header protocol provides secrecy for the content of a network
communication.

ANS: F PTS: 1 REF: 387

25. The encapsulating security payload protocol provides secrecy for the contents
of network communications as well as system-to-system authentication and data integrity
verification.

ANS: T PTS: 1 REF: 387

26. The SHTTP security solution provides six services: authentication by digital
signatures, message encryption, compression, e-mail compatibility, segmentation, and key
management.

ANS: F PTS: 1 REF: 389

27. Attackers may conduct an encrypted-plaintext attack by sending potential

victims a specific text that they are sure the victims will forward on to others.

ANS: F PTS: 1 REF: 390

28. Dictionary attacks are a collection of brute-force methods that attempt to

deduce statistical relationships between the structure of the unknown key and the ciphertext
generated by the cryptosystem.

ANS: F PTS: 1 REF: 391

29. Encryption is a process of hiding the true meaning of information.

ANS: T PTS: 1 REF: 391

30. Once the attacker has successfully broken an encryption, he or she may
launch a replay attack, which is an attempt to resubmit a recording of the deciphered
authentication to gain entry into a secure source.

ANS: T PTS: 1 REF: 391

MODIFIED TRUE/FALSE

1. Encryption is the process of converting the ciphertext message back into

plaintext so that it can be readily understood. _________________________

ANS: F, Decryption

PTS: 1 REF: 351

2. A(n) key is the programmatic steps used to convert an unencrypted message

into an encrypted sequence of bits that represent the message. _________________________

ANS: F, algorithm

PTS: 1 REF: 353

 3. To translate means to decrypt, decode, or convert, ciphertext into the
equivalent plaintext. _________________________

ANS: F, decipher

PTS: 1 REF: 353

4. Plaintext or cleartext is the original unencrypted message, or a message that

has been successfully decrypted. _________________________

ANS: T PTS: 1 REF: 354

5. Hash algorithms are public functions that create a hash value by converting
variable-length messages into a single fixed-length value. _________________________

ANS: T PTS: 1 REF: 362

6. Encryption methodologies that require the same secret key to encipher and
decipher the message are using what is called public key encryption.
_________________________

ANS: F, private

PTS: 1 REF: 364

7. As DES became known as being too weak for highly classified

communications, Double DES was created to provide a level of security far beyond that of
DES. _________________________

ANS: F, Triple

PTS: 1 REF: 365

8. AES implements a block cipher called the Rijndael Block Cipher.

_________________________

ANS: T PTS: 1 REF: 365

9. Symmetric encryption uses two different but related keys, and either key can
be used to encrypt or decrypt the message. _________________________

ANS: F, Asymmetric

PTS: 1 REF: 366

10. A(n) registration authority issues, manages, authenticates, signs, and revokes
users’ digital certificates, which typically contain the user name, public key, and other
identifying information. _________________________

ANS: F, certificate

PTS: 1 REF: 375

11. Diffie-Hellman key exchange uses asymmetric encryption to exchange

session keys. _________________________

ANS: T PTS: 1 REF: 379

 12. A(n) distinguished name uniquely identifies a certificate entity, to a user’s
public key. _________________________

ANS: T PTS: 1 REF: 378

13. The number of horizontal and vertical pixels captured and recorded is known
as the image’s depth. _________________________

ANS: F, resolution

PTS: 1 REF: 380-381

14. The most popular modern version of steganography involves hiding

information within files that contain digital pictures or other images.
_________________________

ANS: T PTS: 1 REF: 380

15. Privacy Enhanced Mail was proposed by the Internet Engineering Task Force
and is a standard that uses 3DES symmetric key encryption and RSA for key exchanges and
digital signatures. _________________________

ANS: T PTS: 1 REF: 382

16. Secure Multipurpose Internet Mail Extensions builds on the encoding format
of the Multipurpose Internet Mail Extensions protocol and uses digital signatures based on
public key cryptosystems to secure e-mail. _________________________

ANS: T PTS: 1 REF: 382

17. Secure HTTP provides the Internet communication services between client
and host without consideration for encryption of the data that is transmitted between client
and server. _________________________

ANS: F, Standard

PTS: 1 REF: 382

18. Internet Protocol Security is designed to protect data integrity, user

confidentiality, and authenticity at the IP packet level. _________________________

ANS: T PTS: 1 REF: 386

19. In transport mode the entire IP packet is encrypted and is then placed as the
content portion of another IP packet. _________________________

ANS: F, tunnel

PTS: 1 REF: 387

20. ESP in transport mode can be used to establish a virtual private network,
assuring encryption and authentication between networks communicating via the Internet.
_________________________

ANS: F, tunnel

PTS: 1 REF: 387-388

 21. PGP uses the freeware ZIP algorithm to compress the message after it has
been digitally signed but before it is encrypted. _________________________

ANS: T PTS: 1 REF: 389

22. A(n) man-in-the-middle attack attempts to intercept a public key or even to

insert a known key structure in place of the requested public key.
_________________________

ANS: T PTS: 1 REF: 390

23. An attacker may obtain duplicate texts, one in ciphertext and one in plaintext,
and thus reverse-engineer the encryption algorithm in a known-plaintext attack scheme.
_________________________

ANS: T PTS: 1 REF: 390

24. In a(n) word attack, the attacker encrypts every word in a dictionary using the
same cryptosystem as used by the target. _________________________

ANS: F, dictionary

PTS: 1 REF: 391

25. A(n) response attack is an attempt to resubmit a recording of the deciphered

authentication to gain entry into a secure source. _________________________

ANS: F, replay

PTS: 1 REF: 391

MULTIPLE CHOICE

1. ____ is the process of converting an original message into a form that is

unreadable to unauthorized individuals.
a. Encryption c. Cryptology
b. Decryption d. Cryptography
ANS: A PTS: 1 REF: 350-351

2. ____ is the entire range of values that can possibly be used to construct an
individual key.
a. Code c. Algorithm
b. Keyspace d. Cryptogram
ANS: B PTS: 1 REF: 354

3. ____ is the information used in conjunction with an algorithm to create the

ciphertext from the plaintext or derive the plaintext from the ciphertext.
a. Password c. Key
b. Cipher d. Passphrase
ANS: C PTS: 1 REF: 354

4. ____ is the amount of effort (usually in hours) required to perform

cryptanalysis to decode an encrypted message when the key or algorithm (or both) are
unknown.
a. Code c. Key
b. Algorithm d. Work factor
ANS: D PTS: 1 REF: 354

5. Bit stream methods commonly use algorithm functions like the exclusive OR
operation (____).
a. XOR c. NOR
b. EOR d. OR
ANS: A PTS: 1 REF: 354

6. More advanced substitution ciphers use two or more alphabets, and are
referred to as ____ substitutions.
a. multialphabetic c. polyalphabetic
b. monoalphabetic d. polynomic
ANS: C PTS: 1 REF: 354

7. ____ functions are mathematical algorithms that generate a message

summary or digest to confirm the identity of a specific message and to confirm that there have
not been any changes to the content.
a. Hash c. Key
b. Map d. Encryption
ANS: A PTS: 1 REF: 362

8. A ____ is a key-dependent, one-way hash function that allows only specific

recipients (symmetric key holders) to access the message digest.
a. signature c. fingerprint
b. MAC d. digest
ANS: B PTS: 1 REF: 362

9. SHA-1 produces a(n) ____-bit message digest, which can then be used as an
input to a digital signature algorithm.
a. 48 c. 160
b. 56 d. 256
ANS: C PTS: 1 REF: 362

10. A method of encryption that requires the same secret key to encipher and
decipher the message is known as ____ encryption.
a. asymmetric c. public
b. symmetric d. private
ANS: B PTS: 1 REF: 364

11. DES uses a(n) ____-bit block size.

a. 32 c. 128
b. 64 d. 256
ANS: B PTS: 1 REF: 364

12. ____ is a federal information processing standard that specifies a

cryptographic algorithm used within the U.S. government to protect information in federal
agencies that are not a part of the national defense infrastructure.
a. DES c. AES
b. 2DES d. 3DES
 a. DES c. AES
b. 2DES d. 3DES
ANS: C PTS: 1 REF: 365

13. The ____ algorithm was the first public key encryption algorithm developed
(in 1977) and published for commercial use.
a. DES c. MAC
b. RSA d. AES
ANS: B PTS: 1 REF: 372

14. ____ is an integrated system of software, encryption methodologies,

protocols, legal agreements, and third-party services that enables users to communicate
securely.
a. MAC c. DES
b. PKI d. AES
ANS: B PTS: 1 REF: 375

15. The CA periodically distributes a(n) ____ to all users that identifies all
revoked certificates.
a. CRL c. MAC
b. RA d. AES
ANS: A PTS: 1 REF: 376

16. ____ are encrypted messages that can be mathematically proven to be

authentic.
a. Digital signatures c. Message certificates
b. MAC d. Message digests
ANS: A PTS: 1 REF: 376

17. Digital signatures should be created using processes and products that are
based on the ____.
a. DSS c. SSL
b. NIST d. HTTPS
ANS: A PTS: 1 REF: 376

18. An X.509 v3 certificate binds a ____, which uniquely identifies a certificate

entity, to a user’s public key.
a. message digest c. distinguished name
b. fingerprint d. digital signature
ANS: C PTS: 1 REF: 378

19. The ____ is responsible for the fragmentation, compression, encryption, and
attachment of an SSL header to the cleartext prior to transmission.
a. Standard HTTP c. S-HTTP
b. SFTP d. SSL Record
Protocol
ANS: D PTS: 1 REF: 382

20. ____ was developed by Phil Zimmermann and uses the IDEA Cipher for
message encoding.
a. PEM c. S/MIME
b. PGP d. SSL
ANS: B PTS: 1 REF: 382

21. The ____ protocol provides system-to-system authentication and data

integrity verification, but does not provide secrecy for the content of a network
communication.
a. ESP c. HA
b. AH d. SEP
ANS: B PTS: 1 REF: 387

22. ____ is a hybrid cryptosystem that combines some of the best available
cryptographic algorithms and has become the open-source de facto standard for encryption
and authentication of e-mail and file storage applications.
a. PGP c. AH
b. DES d. ESP
ANS: A PTS: 1 REF: 388

23. ____ attacks are a collection of brute-force methods that attempt to deduce
statistical relationships between the structure of the unknown key and the ciphertext that is the
output of the cryptosystem.
a. Timing c. Correlation
b. Dictionary d. Man-in-the-middle
ANS: C PTS: 1 REF: 391

24. In a ____ attack, the attacker eavesdrops during the victim’s session and uses
statistical analysis of patterns and inter-keystroke timings to discern sensitive session
information.
a. replay c. correlation
b. timing d. dictionary
ANS: B PTS: 1 REF: 391

25. ____ is the protocol used to secure communications across any IP-based
network such as LANs, WANs, and the Internet.
a. PEM c. IPSec
b. SSH d. SET
ANS: C PTS: 1 REF: 393

COMPLETION

1. The science of encryption is known as ____________________.

ANS: cryptology

PTS: 1 REF: 350

2. ____________________ is the process of making and using codes to secure

the transmission of information.

ANS: Cryptography

PTS: 1 REF: 350

3. ____________________ or cryptosystem is an encryption method or process

encompassing the algorithm, key(s) or cryptovariable(s), and procedures used to perform
encryption and decryption.

ANS: Cipher

PTS: 1 REF: 353

4. To ____________________ means to encrypt, encode, or convert plaintext

into the equivalent ciphertext.

ANS: encipher

PTS: 1 REF: 353

5. The process of hiding messages within the digital encoding of a picture or

graphic is called ____________________.

ANS: steganography

PTS: 1 REF: 354

6. To use a(n) ____________________ cipher, you substitute one value for

another.

ANS: substitution

PTS: 1 REF: 354

7. A(n) ____________________ substitution uses one alphabet.

ANS: monoalphabetic

PTS: 1 REF: 354

8. The ____________________ cipher simply rearranges the values within a

block to create the ciphertext.

ANS:
transposition
permutation

PTS: 1 REF: 357

9. The ____________________ OR operation is a function of Boolean algebra

in which two bits are compared, and if the two bits are identical, the result is a binary 0.

ANS: exclusive

PTS: 1 REF: 359

10. Also known as the one-time pad, the ____________________ cipher, which
was developed at AT&T, uses a set of characters only one time for each encryption process.

ANS: Vernam

PTS: 1 REF: 360

11. A message ____________________ is a fingerprint of the author’s message

that is compared with the recipient’s locally calculated hash of the same message.

ANS: digest

PTS: 1 REF: 362

12. Hashing functions do not require the use of keys, but it is possible to attach a
message ____________________ code.

ANS: authentication

PTS: 1 REF: 362

13. The Secure ____________________ Standard is a standard issued by the

National Institute of Standards and Technology.

ANS: Hash

PTS: 1 REF: 362

14. One of the most widely known cryptographic algorithms is the Data
____________________ Standard, which was developed by IBM and is based on the
company’s Lucifer algorithm.

ANS: Encryption

PTS: 1 REF: 364

15. The successor to 3DES is the ____________________ Encryption Standard.

ANS: Advanced

PTS: 1 REF: 365

16. The more common name for asymmetric encryption is

____________________-key encryption.

ANS: public

PTS: 1 REF: 366

17. A mathematical ____________________ is a “secret mechanism that enables

you to easily accomplish the reverse function in a one-way function.”

ANS: trapdoor

PTS: 1 REF: 368

18. Digital ____________________ are public-key container files that allow

computer programs to validate the key and identify to whom it belongs.

ANS: certificates

PTS: 1 REF: 374

19. A(n) ____________________ authority operates under the trusted

collaboration of the certificate authority and can be delegated day-to-day certification
functions, such as verifying registration information about new registrants, generating end-
user keys, revoking certificates, and validating that users possess a valid certificate.

ANS: registration

PTS: 1 REF: 375

20. Digital ____________________ are encrypted messages that can be

mathematically proven to be authentic.

ANS: signatures

PTS: 1 REF: 376

21. A digital ____________________ is an electronic document or container file

that contains a key value and identifying information about the entity that controls the key.

ANS: certificate

PTS: 1 REF: 377

22. Netscape developed the ____________________ Layer protocol to use

public key encryption to secure a channel over the Internet, thus enabling secure
communications.

ANS:
Secure Socket
Secure Sockets

PTS: 1 REF: 381

23. In IPSEC ____________________ mode, only the IP data is encrypted, not

the IP headers.

ANS: transport

PTS: 1 REF: 387

24. The encapsulating security ____________________ protocol provides

secrecy for the contents of network communications as well as system-to-system
authentication and data integrity verification.

ANS: payload

PTS: 1 REF: 387

25. In a(n) ____________________ attack, the attacker eavesdrops on the

victim’s session and uses statistical analysis of patterns and inter-keystroke timings to discern
sensitive session information.

ANS: timing

PTS: 1 REF: 391

ESSAY

1. Describe how hash functions work and what they are used for.
ANS:
Hash functions are mathematical algorithms that generate a message summary or digest to
confirm the identity of a specific message and to confirm that there have not been any
changes to the content. While they do not create a ciphertext, hash functions confirm message
identity and integrity, both of which are critical functions in e-commerce. Hashing functions
do not require the use of keys, but it is possible to attach a message authentication code
(MAC)—a key-dependent, one-way hash function—that allows only specific recipients
(symmetric key holders) to access the message digest.

PTS: 1 REF: 362

2. Describe symmetric and asymmetric encryptions.

ANS:
Symmetric Encryption - Encryption methodologies that require the same secret key to
encipher and decipher the message are using what is called private key encryption or
symmetric encryption. Symmetric encryption methods use mathematical operations that can
be programmed into extremely fast computing algorithms so that the encryption and
decryption processes are executed quickly by even small computers. The primary challenge of
symmetric key encryption is getting the key to the receiver, a process that must be conducted
out of band (meaning through a channel or band other than the one carrying the ciphertext) to
avoid interception.
Another category of encryption techniques is asymmetric encryption. While symmetric
encryption systems use a single key to both encrypt and decrypt a message, asymmetric
encryption uses two different but related keys, and either key can be used to encrypt or
decrypt the message. Asymmetric encryption can be used to provide elegant solutions to
problems of secrecy and verification. This technique has its highest value when one key is
used as a private key, which means that it is kept secret (much like the key of symmetric
encryption), known only to the owner of the key pair, and the other key serves as a public key,
which means that it is stored in a public location where anyone can use it.

PTS: 1 REF: 364|366

3. Describe digital certificates.

ANS:
Digital certificates are public-key container files that allow computer programs to validate the
key and identify to whom it belongs. The certificate is often issued and certified by a third
party, usually a certificate authority. A digital signature attached to the certificate’s container
file certifies the file’s origin and integrity. A certificate authority (CA) issues, manages,
authenticates, signs, and revokes users’ digital certificates, which typically contain the user
name, public key, and other identifying information.

PTS: 1 REF: 375|377