CASP Exam Questions With Complete Solutions

Key Stretching correct answer: -A cryptographic technique that makes a weak key stronger by increasing the time it takes to test each possible key. In key stretching, the original key is fed into an algorithm to produce an enhanced key, which should be at least 128 bits for effectiveness. -Systems that use key stretching include Pretty Good Privacy (PGP), GNU Privacy Guard (GPG), Wi-Fi Protected Access (WPA), and WPA2. Widely used password key stretching algorithms include Password-Based Key Derivation Function 2 (PBKDF2), bcrypt, and scrypt. Hashing correct answer: -Hashing involves running data through a cryptographic function to produce a one-way message digest. -The message digest represents the data but cannot be reversed in order to determine the original data. -Because the message digest is unique, it can be used to check data integrity. Hash collision correct answer: A collision occurs when a hash function produces the same hash value on different messages. MD2 correct answer: -The MD2 message digest algorithm produces a 128-bit hash value. It performs 18 rounds of computations. Although MD2 is still in use today, it is much slower than MD4, MD5, and MD6. MD4 correct answer: -The MD4 algorithm also produces a 128-bit hash value. However, it performs only three rounds of computations. Although MD4 is faster than MD2, its use has significantly declined because attacks against it have been very successful MD5 correct answer: -Like the other MD algorithms, the MD5 algorithm produces a 128-bit hash value. It performs four rounds of computations. It was originally created because of the issues with MD4, and it is more complex than MD4. However, MD5 is not collision free. MD6 correct answer: -The MD6 algorithm produces a variable hash value, performing a variable number of computations. Although it was originally introduced as a candidate for SHA-3, it was withdrawn because of early issues the algorithm had with differential attacks. SHA correct answer: Secure Hash Algorithm (SHA) is a family of four algorithms published by the U.S. NIST. SHA-0, originally referred to as simply SHA because there were no other "family members," produces a 160-bit hash value after performing 80 rounds of computations on 512-bit blocks. SHA-0 was never very popular because collisions were discovered. SHA-2 correct answer: SHA-2 is actually a family of hash functions, each of which provides different functional limits. The SHA-2 family is as follows: - SHA-224: Produces a 224-bit hash value after performing 64 rounds of computations on 512-bit blocks. - SHA-256: Produces a 256-bit hash value after performing 64 rounds of computations on 512-bit blocks. - SHA-384: Produces a 384-bit hash value after performing 80 rounds of computations on 1,024-bit blocks. - SHA-512: Produces a 512-bit hash value after performing 80 rounds of computations on 1,024-bit blocks. - SHA-512/224: Produces a 224-bit hash value after performing 80 rounds of computations on 1,024-bit blocks. The 512 designation here indicates the internal state size. - SHA-512/256: Produces a 256-bit hash value after performing 80 rounds of computations on 1,024-bit blocks. Once again, the 512 designation indicates the internal state size. SHA-3 correct answer: SHA-3, like SHA-2, is a family of hash functions. This standard was formally adopted in May 2014. The hash value sizes range from 224 to 512 bits. SHA-3 performs 120 rounds of computations by default. HAVAL correct answer: HAVAL is a one-way function that produces variable-length hash values, including 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits, and uses 1,024-bit blocks. The number of rounds of computations can be three, four, or five. Collision issues have been discovered while producing a 128-bit hash value with three rounds of computations. All other variations do not have any discovered issues as of this printing. Code Signing correct answer: Code signing occurs when code creators digitally sign executables and scripts so that the user installing the code can be assured that it comes from the verified author. The code is signed using a cryptographic hash, which in turn ensures that the code has not been altered or corrupted Message Authentication Code correct answer: A message authentication code (MAC) is similar to code signing in that it can provide message integrity and authenticity. You should be familiar with three types of MACs: HMAC, CBC-MAC, and CMAC. A hash MAC (HMAC) is a keyed-hash MAC that involves a hash function with a symmetric key. HMAC provides data integrity and authentication. Any of the previously listed hash functions can be used with HMAC, with HMAC being prepended to the hash function name (for example, HMAC-SHA-1). The strength of HMAC depends on the strength of the hash function, including the hash value size and the key size. HMAC's hash value output size is the same as the underlying hash function. HMAC can help reduce the collision rate of the hash function. Cipher block chaining MAC (CBC-MAC) is a block-cipher MAC that operates in CBC mode. CBC-MAC provides data integrity and authentication. Cipher-based MAC (CMAC) operates in the same manner as CBC-MAC but with much better mathematical functions. CMAC addresses some security issues with CBC-MAC and is approved to work with AES and 3DES. Pseudo-Random Number Generation correct answer: A pseudo-random number generator (PRNG) generates a sequence of numbers that approximates the properties of random numbers using an algorithm. In actuality, the sequence is no