Midterm review questions cns06 Fall 2006 Reponsible for required readings plus text chapters: 1-4, 5-7, 11-12, 18.1, 18.3, 19.1, 19.2 text: "Key Terms" and "Review Questions" plus material discussed in class Class lecture questions: Can computer software generate crypto-strength random numbers? Can you trust email? Does encryption insure message integrity? Can you write self-protecting software? (see 8.14 below) Other questions: How can an encryption function be used as a hash function? How can you encrypt with a hash function? What is a probable-word attack? What properties should a hash function have? How is padding/length encoding done in MD5? Why is prepending the key to the message and hashing an ineffective HMAC? What is a trojan horse? Military ciphers: what was used by Caesar? Civil war? World War I? World War II? What things can be varied on the Enigma machine to create a key? What things might you do in a password-generation program to force the user to select a "strong" password? What are two examples of one-time password systems? Why break in to your own computer system? What is effect of (decrypted) plaintext when Mallory changes one bit of the ciphertext for ECB/CBC/OFB/CFB/CTR? What/how is padding done for block cipher? Show why the initial and final permutation provide no additional strength to DES. Do the following modular additions and multiplications.... Perform the following polynomial addition, division, and multiplication Does deleting a file mean the information in the file is gone? What is an HMAC? Linear cryptanalysis of DES takes less steps than a brute force key search -- why is it not a practical threat? Since the passwords in /etc/passwd are one-way hashed, why does one care if the hacker can get a copy of /etc/passwd? What is the avalanche effect? How does virus detection software work? What's the difference between a worm and a virus? Explain a buffer overflow attack. How does /dev/random work? Does the subkey generation algorithm contribute to a cipher's strength? If you DES encrypt first with key k1, then encrypt that cipher text with k2, is there a single DES encryption with a key k3 that would give you the same result? How about for the simple shift-cipher? (first with a shift of k1 and then with a shift of k2) In what ways is the book's "simplified DES" (S-DES) cryptographically weak? What are the characteristics of a Feistel cipher? Which of the AES finalists were Feistel ciphers? Given the following LFSR with intial seed 0111, what is the next output bit? Is Rijndael a provably-secure cipher? What is the distinguishing cryptographic feature for each of the following ciphers: Blowfish, CAST, Rijndael/AES, DES-X Describe various ways values are chosen for S-boxes. (DES, CAST, Blowfish, Rijndael) These are from http://www.faqs.org/faqs/cryptography-faq/ 3. Basic Cryptology 3.1. What is cryptology? Cryptography? Plaintext? Ciphertext? Encryption? Key? 3.3. How does one go about cryptanalysis? 3.4. What is a brute-force search and what is its cryptographic relevance? 3.5. What are some properties satisfied by every strong cryptosystem? 3.6. If a cryptosystem is theoretically unbreakable, then is it guaranteed analysis-proof in practice? 3.7. Why are many people still using cryptosystems that are relatively easy to break? 3.8. What are the basic types of cryptanalytic `attacks'? 4. Mathematical Cryptology 4.1. In mathematical terms, what is a symmetric-key cryptosystem? 4.4. Why is the one-time pad secure? 4.5. What's a ciphertext-only attack? 4.6. What's a known-plaintext attack? 4.7. What's a chosen-plaintext attack? 4.8. In mathematical terms, what can you say about brute-force attacks? 4.9. What's a key-guessing attack? 5. Product Ciphers 5.1. What is a product cipher? 5.2. What makes a product cipher secure? 5.3. What are some group-theoretic properties of product ciphers? 5.4. What can be proven about the security of a product cipher? 5.5. How are block ciphers used to encrypt data longer than the block size? 5.6. Can symmetric block ciphers be used for message authentication? 5.7. What exactly is DES? 5.8. What is triple DES? 5.9. What is differential cryptanalysis? 5.10. How was NSA involved in the design of DES? 5.11. Is DES available in software? 5.12. Is DES available in hardware? 5.14. What are ECB, CBC, CFB, and OFB encryption? 7.1. What is a one-way hash function? 7.3. What are MD4 and MD5? 8. Technical Miscellany 8.2. How do I break a Vigenere (repeated-key) cipher? 8.3. How do I send encrypted mail under UNIX? 8.4. Is the UNIX crypt command secure? 8.5. How do I use compression with encryption? 8.6. Is there an unbreakable cipher? 8.7. What does ``random'' mean in cryptography? 8.9. What is key management and why is it important? 8.10. Can I use pseudo-random or chaotic numbers as a key stream? 8.11. What is the correct frequency list for English letters? 8.12. What is the Enigma? 8.14. Can I foil S/W pirates by encrypting my CD-ROM? 8.15. Can you do automatic cryptanalysis of simple ciphers?