ECES-Certified-Encryption-Specialist: Questions And
Analytical Responses
.cer/.crt/.der Correct Answer - x.509 Digital Certificates extensions -
Typically binary encoded. (.cer is Microsoft convention)
AES Phases Correct Answer - 1. SubBytes - non-linear substitution - uses
Rijndael S-box
2. Shiftrows - transposition
3. MixColumns - mixing
4. AddRoundKey
IKE Correct Answer - Internet Key Exchange - Used by IPSec for Key
exchange.
EC Formula Correct Answer - (y2 = x3 + Ax + B) - Developed by Victor
Miller and Neil Koblitz in 1985
Rijndael Algorithm Correct Answer - Symmetric Algorithm used for AES
3 Cryptanalysis Resources Correct Answer - • Time (amount of time
needed to perform the number of calculations to crack encryption)
• Memory (the amount of storage required to perform the attack)
• Data (the amount of plaintext/ciphertext required for the attack)
Birthday Problem Correct Answer - How likely would it be for any two
people in a room of 23 to share the same birthday?
22+21+20+19+18+17+16+15+14+13+12+11+10+9+8+7+6+5+4+3+2+1 =
253, the total number of combinations with 23 people. This is approximately a
50% chance for a match(square root of 365 is approximately 23). The
probability reaches 100% at 367 people (since there's 366 days in leap years),
but with just 70 people, you are at over a 99.9% chance for a match.
Block cipher Correct Answer - Encryption function for fixed-size blocks
of data (typically 64 or 128 bits) - If you want to encrypt something that isn't
exactly one block long, you have to use a block cipher mode. Slower than
stream ciphers
• Larger block sizes increase security
,• Larger key sizes increase security
• If the round is secure, then more rounds increase security
Blowfish Correct Answer - Fastest Symmetric algorithm. Designed in
1993 by Bruce Schneier.
• Feistel cipher
• 16 rounds
• 64 bit blocks.
• Key size ranges from 32 to 448 bits.
• Designed as a replacement for DES.
Classes of Digital Certificates Correct Answer - • Class 1 - general
certificate meant for individuals, usually used for digitally signing/securing e-
mail.
• Class 2 - for organizations where you have to prove identities.
• Class 3 - for server and software signing identification.
• Class 4 - Online business transactions between companies.
• Class 5 - Private organizations or governmental agencies. Used between
governmental agencies.
Criteria for Quality of Random Number Generators Correct Answer -
Established by The German Office for Information Security (BSI)
• K1: A sequence of random numbers with a low probability of containing
identical numbers.
• K2: A sequence of numbers which is indistinguishable from ""true random""
numbers according to statistical tests.
• K3: It should be impossible for any attacker to calculate, or otherwise guess,
from any given subsequence, any previous or future values in the sequence.
• K4: It should be impossible for any attacker to calculate, or otherwise guess
from the inner state of the generator, any previous values in the sequence or
any previous inner generator states.
• To be suitable for cryptography, any PRNG should meet K3 or K4 standards.
DES Correct Answer - Symmetric algorithm - Block Cipher - Based on
Lucifer Algorithm
• One of the most widely deployed algorithms in the world, even though it is
no longer recommended or considered secure.
• Restricted key size of 56 bits and small block size of 64 bits (has a 64-bit
plaintext, which is split into two 32-bit halves L and R).
, • Consists of 16 rounds numbered 1 through 16. Each round i uses a separate
48-bit round key Ki. Each round key is formed by selecting 48 bits from the
56-bit key, and this selection is different for each round key.
• The algorithm that derives these round keys from the main block cipher key
is called the key schedule.
Digital Certificate - DC Correct Answer - Standard template is x.509 V3.
It's been around since 1988 and it's the most commonly used format today.
Used to identify the certificate holder when conducting electronic
transactions. When modified, they typically become invalidated. The can
expire as well or be revoked for a number of reasons (private key
compromised, etc). They are used for web servers, authentication of Cisco
Secure phones, E-Commerce. This is one of the most common methods to
distribute public keys.
• Common Digital Certificate Fields - Certificate Information Statement, Issued
to, Issued by, Valid from
• Digital Certificate Details Fields - Version, Serial Number, Signature
Algorithm, Hash Algorithm, Issuer, Valid From, Valid To, Subject, Public Key,
Key Usage Statement, Friendly Name
Elliptic Curve Cryptography (EC or ECC) Correct Answer - Asymmetric
Key Algorithm, provides encryption, digital signatures, key exchange, based
on the idea of using points on a curve to define the public/private key, used in
wireless devices and smart cards. The security of the Elliptic Curve
cryptography is based on the fact that finding the discrete logarithm of a
random elliptic curve element with respect to a publicly known base point is
difficult to the point of being impractical to do so.
(y2 = x3 + Ax + B) - Developed by Victor Miller and Neil Koblitz in 1985
• Elliptic Curve Diffie-Helmann (used for key exchange)
• Elliptic Curve Digital Signature Algorithm (ECDSA)
• Elliptic Curve MQV key agreement protocol
Feistel Function Correct Answer - Named after German born physicist.
• Basis for most block ciphers.
• Split plaintext into 2 blocks, usually equal sizes.
• Each round consists of XORing L with F(Ki, R)
• As long as these are even, it is considered a traditional/normal Feistel
Cipher. An unbalanced Feistel Cipher is when the basket does not split evenly.
Analytical Responses
.cer/.crt/.der Correct Answer - x.509 Digital Certificates extensions -
Typically binary encoded. (.cer is Microsoft convention)
AES Phases Correct Answer - 1. SubBytes - non-linear substitution - uses
Rijndael S-box
2. Shiftrows - transposition
3. MixColumns - mixing
4. AddRoundKey
IKE Correct Answer - Internet Key Exchange - Used by IPSec for Key
exchange.
EC Formula Correct Answer - (y2 = x3 + Ax + B) - Developed by Victor
Miller and Neil Koblitz in 1985
Rijndael Algorithm Correct Answer - Symmetric Algorithm used for AES
3 Cryptanalysis Resources Correct Answer - • Time (amount of time
needed to perform the number of calculations to crack encryption)
• Memory (the amount of storage required to perform the attack)
• Data (the amount of plaintext/ciphertext required for the attack)
Birthday Problem Correct Answer - How likely would it be for any two
people in a room of 23 to share the same birthday?
22+21+20+19+18+17+16+15+14+13+12+11+10+9+8+7+6+5+4+3+2+1 =
253, the total number of combinations with 23 people. This is approximately a
50% chance for a match(square root of 365 is approximately 23). The
probability reaches 100% at 367 people (since there's 366 days in leap years),
but with just 70 people, you are at over a 99.9% chance for a match.
Block cipher Correct Answer - Encryption function for fixed-size blocks
of data (typically 64 or 128 bits) - If you want to encrypt something that isn't
exactly one block long, you have to use a block cipher mode. Slower than
stream ciphers
• Larger block sizes increase security
,• Larger key sizes increase security
• If the round is secure, then more rounds increase security
Blowfish Correct Answer - Fastest Symmetric algorithm. Designed in
1993 by Bruce Schneier.
• Feistel cipher
• 16 rounds
• 64 bit blocks.
• Key size ranges from 32 to 448 bits.
• Designed as a replacement for DES.
Classes of Digital Certificates Correct Answer - • Class 1 - general
certificate meant for individuals, usually used for digitally signing/securing e-
mail.
• Class 2 - for organizations where you have to prove identities.
• Class 3 - for server and software signing identification.
• Class 4 - Online business transactions between companies.
• Class 5 - Private organizations or governmental agencies. Used between
governmental agencies.
Criteria for Quality of Random Number Generators Correct Answer -
Established by The German Office for Information Security (BSI)
• K1: A sequence of random numbers with a low probability of containing
identical numbers.
• K2: A sequence of numbers which is indistinguishable from ""true random""
numbers according to statistical tests.
• K3: It should be impossible for any attacker to calculate, or otherwise guess,
from any given subsequence, any previous or future values in the sequence.
• K4: It should be impossible for any attacker to calculate, or otherwise guess
from the inner state of the generator, any previous values in the sequence or
any previous inner generator states.
• To be suitable for cryptography, any PRNG should meet K3 or K4 standards.
DES Correct Answer - Symmetric algorithm - Block Cipher - Based on
Lucifer Algorithm
• One of the most widely deployed algorithms in the world, even though it is
no longer recommended or considered secure.
• Restricted key size of 56 bits and small block size of 64 bits (has a 64-bit
plaintext, which is split into two 32-bit halves L and R).
, • Consists of 16 rounds numbered 1 through 16. Each round i uses a separate
48-bit round key Ki. Each round key is formed by selecting 48 bits from the
56-bit key, and this selection is different for each round key.
• The algorithm that derives these round keys from the main block cipher key
is called the key schedule.
Digital Certificate - DC Correct Answer - Standard template is x.509 V3.
It's been around since 1988 and it's the most commonly used format today.
Used to identify the certificate holder when conducting electronic
transactions. When modified, they typically become invalidated. The can
expire as well or be revoked for a number of reasons (private key
compromised, etc). They are used for web servers, authentication of Cisco
Secure phones, E-Commerce. This is one of the most common methods to
distribute public keys.
• Common Digital Certificate Fields - Certificate Information Statement, Issued
to, Issued by, Valid from
• Digital Certificate Details Fields - Version, Serial Number, Signature
Algorithm, Hash Algorithm, Issuer, Valid From, Valid To, Subject, Public Key,
Key Usage Statement, Friendly Name
Elliptic Curve Cryptography (EC or ECC) Correct Answer - Asymmetric
Key Algorithm, provides encryption, digital signatures, key exchange, based
on the idea of using points on a curve to define the public/private key, used in
wireless devices and smart cards. The security of the Elliptic Curve
cryptography is based on the fact that finding the discrete logarithm of a
random elliptic curve element with respect to a publicly known base point is
difficult to the point of being impractical to do so.
(y2 = x3 + Ax + B) - Developed by Victor Miller and Neil Koblitz in 1985
• Elliptic Curve Diffie-Helmann (used for key exchange)
• Elliptic Curve Digital Signature Algorithm (ECDSA)
• Elliptic Curve MQV key agreement protocol
Feistel Function Correct Answer - Named after German born physicist.
• Basis for most block ciphers.
• Split plaintext into 2 blocks, usually equal sizes.
• Each round consists of XORing L with F(Ki, R)
• As long as these are even, it is considered a traditional/normal Feistel
Cipher. An unbalanced Feistel Cipher is when the basket does not split evenly.
