INTRODUCTION TO CRYPTOGRAPHY - D334 FINAL EXAM
NEWEST ACTUAL 2025/2026 WITH COMPLETE QUESTIONS
AND ANSWERS(REVISED).VERIFIED/GRADED A+
Diffie-Hellman methods have been used extensively to create
a shared secret key but suffers from - --Answers--man-in-
the-middle attacks, where an attacker sits in-between and
passes the values back and forward and negotiates two keys:
one between a sender and the attacker, and the other between
the receiver and the attacker. An improved method is to use
public key encryption
With ephemeral key methods - --Answers--a different key is
used for each connection, and, again, the leakage of any long-
term key would not cause all the associated session keys to
be breached.
Diffie-Hellman is a widely used key exchange algorithm - --
Answers--used to exchange the secret key in symmetric
cryptography.
A weakness discovered in Diffie Hellman is that - --Answers-
-it is fairly easy to precompute values for two popular Diffie-
Hellman parameters (and which use the DHE_EXPORT cipher
set).
DHE_EXPORT Downgrade Attack - --Answers--involves
forcing the key negotiation process to default to 512-bit prime
numbers. For this the client only offers DHE_EXPORT for the
key negotiation, and the server, if it is setup for this, will
,accept it. The precomputation of 512-bit keys with g values of 2
and 5 (which are common) are within a reasonable time limits.
Methods to combat DHE_EXPORT Downgrade attacks on Diffie
Hellman include: - --Answers--(1) Disabling Export Cipher
Suites
(2) Using (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE)
(3) Use a strong group.
Diffie Hellman has three groups (bases): - --Answers--Group
1
Group 3 or
Group 5, which vary in the size of the prime number used.
The strength of Diffie-Hellman relates to - --Answers--the
size of the prime number bases which are used in the key
exchange.
4 Basic steps for obtaining a digital certificate signed by a
trusted Certificate Authority (CA): - --Answers--▪ Step 1:
Requester generates a key-pair (one public, one private).
Public key is provided to the CA.
▪ Step 2: Requester creates and submits a Certificate Signing
Request (CSR), along with requester's public key to the CA.
▪ Step 3: CA generates the digital certificate for the requester.
,▪ Step 4: CA signs the requester's digital certificate with the
CA's own private key, and issues certificate to requester.
Common Certificate Types - --Answers--IKE
PKCS #7
PKCS #10
RSA signatures
X.509v3
Common Certificate Applications: - --Answers--Server
authentication,
Client authentication,
Code signing,
Email signing,
Time stamping,
IP security,
Windows hardware driver verification,
Smart card logon,
Document signing,
Public key transport
Example Use: Passing PKI public keys in a verifiable way. - --
Answers--When a digital certificate is created, (whether self-
generated/signed or by a trusted well-known Certificate
Authority (CA) such as Verisign or Entrust, the certificate will
, contain the public key of the certificate owner. So, generating
and securely sharing a certificate that can be validated by a
trusted source is a viable option for public key transport in
PKI.
Two major encoding schemes for X.509 certificates - --
Answers--PEM (Base64 ASCII text) format, and DER (binary)
format
Common X.509 Certificate file types - --Answers--.cer (used
with both PEM and DER formats), others - .crt, .pem, .key
(common with PEM formats) and .der (common with DER
formats)
With end-to-end authentication - --Answers--the user
authenticates themselves to the end service
with intermediate authentication - --Answers--only part of the
conversation between the entities is authenticated
The main stages of key/certificate management include: - --
Answers--▪ Initialization. This includes registration, key pair
generation, certificate creation and certificate/key distribution,
certificate dissemination, and key backup.
▪ Issued. This includes certificate retrieval, certificate
validation, key recovery and key update.
NEWEST ACTUAL 2025/2026 WITH COMPLETE QUESTIONS
AND ANSWERS(REVISED).VERIFIED/GRADED A+
Diffie-Hellman methods have been used extensively to create
a shared secret key but suffers from - --Answers--man-in-
the-middle attacks, where an attacker sits in-between and
passes the values back and forward and negotiates two keys:
one between a sender and the attacker, and the other between
the receiver and the attacker. An improved method is to use
public key encryption
With ephemeral key methods - --Answers--a different key is
used for each connection, and, again, the leakage of any long-
term key would not cause all the associated session keys to
be breached.
Diffie-Hellman is a widely used key exchange algorithm - --
Answers--used to exchange the secret key in symmetric
cryptography.
A weakness discovered in Diffie Hellman is that - --Answers-
-it is fairly easy to precompute values for two popular Diffie-
Hellman parameters (and which use the DHE_EXPORT cipher
set).
DHE_EXPORT Downgrade Attack - --Answers--involves
forcing the key negotiation process to default to 512-bit prime
numbers. For this the client only offers DHE_EXPORT for the
key negotiation, and the server, if it is setup for this, will
,accept it. The precomputation of 512-bit keys with g values of 2
and 5 (which are common) are within a reasonable time limits.
Methods to combat DHE_EXPORT Downgrade attacks on Diffie
Hellman include: - --Answers--(1) Disabling Export Cipher
Suites
(2) Using (Ephemeral) Elliptic-Curve Diffie-Hellman (ECDHE)
(3) Use a strong group.
Diffie Hellman has three groups (bases): - --Answers--Group
1
Group 3 or
Group 5, which vary in the size of the prime number used.
The strength of Diffie-Hellman relates to - --Answers--the
size of the prime number bases which are used in the key
exchange.
4 Basic steps for obtaining a digital certificate signed by a
trusted Certificate Authority (CA): - --Answers--▪ Step 1:
Requester generates a key-pair (one public, one private).
Public key is provided to the CA.
▪ Step 2: Requester creates and submits a Certificate Signing
Request (CSR), along with requester's public key to the CA.
▪ Step 3: CA generates the digital certificate for the requester.
,▪ Step 4: CA signs the requester's digital certificate with the
CA's own private key, and issues certificate to requester.
Common Certificate Types - --Answers--IKE
PKCS #7
PKCS #10
RSA signatures
X.509v3
Common Certificate Applications: - --Answers--Server
authentication,
Client authentication,
Code signing,
Email signing,
Time stamping,
IP security,
Windows hardware driver verification,
Smart card logon,
Document signing,
Public key transport
Example Use: Passing PKI public keys in a verifiable way. - --
Answers--When a digital certificate is created, (whether self-
generated/signed or by a trusted well-known Certificate
Authority (CA) such as Verisign or Entrust, the certificate will
, contain the public key of the certificate owner. So, generating
and securely sharing a certificate that can be validated by a
trusted source is a viable option for public key transport in
PKI.
Two major encoding schemes for X.509 certificates - --
Answers--PEM (Base64 ASCII text) format, and DER (binary)
format
Common X.509 Certificate file types - --Answers--.cer (used
with both PEM and DER formats), others - .crt, .pem, .key
(common with PEM formats) and .der (common with DER
formats)
With end-to-end authentication - --Answers--the user
authenticates themselves to the end service
with intermediate authentication - --Answers--only part of the
conversation between the entities is authenticated
The main stages of key/certificate management include: - --
Answers--▪ Initialization. This includes registration, key pair
generation, certificate creation and certificate/key distribution,
certificate dissemination, and key backup.
▪ Issued. This includes certificate retrieval, certificate
validation, key recovery and key update.
