ECES-Certified-Encryption-Specialist
UPDATED ACTUAL Exam Questions and
CORRECT Answers
.cer/.crt/.der - CORRECT ANSWER - x.509 Digital Certificates extensions - Typically binary
encoded. (.cer is Microsoft convention)
AES Phases - CORRECT ANSWER - 1. SubBytes - non-linear substitution - uses Rijndael S-
box
2. Shiftrows - transposition
3. MixColumns - mixing
4. AddRoundKey
IKE - CORRECT ANSWER - Internet Key Exchange - Used by IPSec for Key exchange.
EC Formula - CORRECT ANSWER - (y2 = x3 + Ax + B) - Developed by Victor Miller and
Neil Koblitz in 1985
Rijndael Algorithm - CORRECT ANSWER - Symmetric Algorithm used for AES
3 Cryptanalysis Resources - CORRECT ANSWER - • Time (amount of time needed to
perform the number of calculations to crack encryption)
• Memory (the amount of storage required to perform the attack)
• Data (the amount of plaintext/ciphertext required for the attack)
Birthday Problem - CORRECT ANSWER - How likely would it be for any two people in a
room of 23 to share the same birthday?
22+21+20+19+18+17+16+15+14+13+12+11+10+9+8+7+6+5+4+3+2+1 = 253, the total number
of combinations with 23 people. This is approximately a 50% chance for a match(square root of
,365 is approximately 23). The probability reaches 100% at 367 people (since there's 366 days in
leap years), but with just 70 people, you are at over a 99.9% chance for a match.
Block cipher - CORRECT ANSWER - Encryption function for fixed-size blocks of data
(typically 64 or 128 bits) - If you want to encrypt something that isn't exactly one block long,
you have to use a block cipher mode. Slower than stream ciphers
• Larger block sizes increase security
• Larger key sizes increase security
• If the round is secure, then more rounds increase security
Blowfish - CORRECT ANSWER - Fastest Symmetric algorithm. Designed in 1993 by Bruce
Schneier.
• Feistel cipher
• 16 rounds
• 64 bit blocks.
• Key size ranges from 32 to 448 bits.
• Designed as a replacement for DES.
Classes of Digital Certificates - CORRECT ANSWER - • Class 1 - general certificate meant
for individuals, usually used for digitally signing/securing e-mail.
• Class 2 - for organizations where you have to prove identities.
• Class 3 - for server and software signing identification.
• Class 4 - Online business transactions between companies.
• Class 5 - Private organizations or governmental agencies. Used between governmental
agencies.
Criteria for Quality of Random Number Generators - CORRECT ANSWER - Established by
The German Office for Information Security (BSI)
• K1: A sequence of random numbers with a low probability of containing identical numbers.
• K2: A sequence of numbers which is indistinguishable from ""true random"" numbers
according to statistical tests.
, • K3: It should be impossible for any attacker to calculate, or otherwise guess, from any given
subsequence, any previous or future values in the sequence.
• K4: It should be impossible for any attacker to calculate, or otherwise guess from the inner
state of the generator, any previous values in the sequence or any previous inner generator states.
• To be suitable for cryptography, any PRNG should meet K3 or K4 standards.
DES - CORRECT ANSWER - Symmetric algorithm - Block Cipher - Based on Lucifer
Algorithm
• One of the most widely deployed algorithms in the world, even though it is no longer
recommended or considered secure.
• Restricted key size of 56 bits and small block size of 64 bits (has a 64-bit plaintext, which is
split into two 32-bit halves L and R).
• Consists of 16 rounds numbered 1 through 16. Each round i uses a separate 48-bit round key
Ki. Each round key is formed by selecting 48 bits from the 56-bit key, and this selection is
different for each round key.
• The algorithm that derives these round keys from the main block cipher key is called the key
schedule.
Digital Certificate - DC - CORRECT ANSWER - Standard template is x.509 V3. It's been
around since 1988 and it's the most commonly used format today. Used to identify the certificate
holder when conducting electronic transactions. When modified, they typically become
invalidated. The can expire as well or be revoked for a number of reasons (private key
compromised, etc). They are used for web servers, authentication of Cisco Secure phones, E-
Commerce. This is one of the most common methods to distribute public keys.
• Common Digital Certificate Fields - Certificate Information Statement, Issued to, Issued by,
Valid from
• Digital Certificate Details Fields - Version, Serial Number, Signature Algorithm, Hash
Algorithm, Issuer, Valid From, Valid To, Subject, Public Key, Key Usage Statement, Friendly
Name
Elliptic Curve Cryptography (EC or ECC) - CORRECT ANSWER - Asymmetric Key
Algorithm, provides encryption, digital signatures, key exchange, based on the idea of using
points on a curve to define the public/private key, used in wireless devices and smart cards. The
security of the Elliptic Curve cryptography is based on the fact that finding the discrete logarithm
UPDATED ACTUAL Exam Questions and
CORRECT Answers
.cer/.crt/.der - CORRECT ANSWER - x.509 Digital Certificates extensions - Typically binary
encoded. (.cer is Microsoft convention)
AES Phases - CORRECT ANSWER - 1. SubBytes - non-linear substitution - uses Rijndael S-
box
2. Shiftrows - transposition
3. MixColumns - mixing
4. AddRoundKey
IKE - CORRECT ANSWER - Internet Key Exchange - Used by IPSec for Key exchange.
EC Formula - CORRECT ANSWER - (y2 = x3 + Ax + B) - Developed by Victor Miller and
Neil Koblitz in 1985
Rijndael Algorithm - CORRECT ANSWER - Symmetric Algorithm used for AES
3 Cryptanalysis Resources - CORRECT ANSWER - • Time (amount of time needed to
perform the number of calculations to crack encryption)
• Memory (the amount of storage required to perform the attack)
• Data (the amount of plaintext/ciphertext required for the attack)
Birthday Problem - CORRECT ANSWER - How likely would it be for any two people in a
room of 23 to share the same birthday?
22+21+20+19+18+17+16+15+14+13+12+11+10+9+8+7+6+5+4+3+2+1 = 253, the total number
of combinations with 23 people. This is approximately a 50% chance for a match(square root of
,365 is approximately 23). The probability reaches 100% at 367 people (since there's 366 days in
leap years), but with just 70 people, you are at over a 99.9% chance for a match.
Block cipher - CORRECT ANSWER - Encryption function for fixed-size blocks of data
(typically 64 or 128 bits) - If you want to encrypt something that isn't exactly one block long,
you have to use a block cipher mode. Slower than stream ciphers
• Larger block sizes increase security
• Larger key sizes increase security
• If the round is secure, then more rounds increase security
Blowfish - CORRECT ANSWER - Fastest Symmetric algorithm. Designed in 1993 by Bruce
Schneier.
• Feistel cipher
• 16 rounds
• 64 bit blocks.
• Key size ranges from 32 to 448 bits.
• Designed as a replacement for DES.
Classes of Digital Certificates - CORRECT ANSWER - • Class 1 - general certificate meant
for individuals, usually used for digitally signing/securing e-mail.
• Class 2 - for organizations where you have to prove identities.
• Class 3 - for server and software signing identification.
• Class 4 - Online business transactions between companies.
• Class 5 - Private organizations or governmental agencies. Used between governmental
agencies.
Criteria for Quality of Random Number Generators - CORRECT ANSWER - Established by
The German Office for Information Security (BSI)
• K1: A sequence of random numbers with a low probability of containing identical numbers.
• K2: A sequence of numbers which is indistinguishable from ""true random"" numbers
according to statistical tests.
, • K3: It should be impossible for any attacker to calculate, or otherwise guess, from any given
subsequence, any previous or future values in the sequence.
• K4: It should be impossible for any attacker to calculate, or otherwise guess from the inner
state of the generator, any previous values in the sequence or any previous inner generator states.
• To be suitable for cryptography, any PRNG should meet K3 or K4 standards.
DES - CORRECT ANSWER - Symmetric algorithm - Block Cipher - Based on Lucifer
Algorithm
• One of the most widely deployed algorithms in the world, even though it is no longer
recommended or considered secure.
• Restricted key size of 56 bits and small block size of 64 bits (has a 64-bit plaintext, which is
split into two 32-bit halves L and R).
• Consists of 16 rounds numbered 1 through 16. Each round i uses a separate 48-bit round key
Ki. Each round key is formed by selecting 48 bits from the 56-bit key, and this selection is
different for each round key.
• The algorithm that derives these round keys from the main block cipher key is called the key
schedule.
Digital Certificate - DC - CORRECT ANSWER - Standard template is x.509 V3. It's been
around since 1988 and it's the most commonly used format today. Used to identify the certificate
holder when conducting electronic transactions. When modified, they typically become
invalidated. The can expire as well or be revoked for a number of reasons (private key
compromised, etc). They are used for web servers, authentication of Cisco Secure phones, E-
Commerce. This is one of the most common methods to distribute public keys.
• Common Digital Certificate Fields - Certificate Information Statement, Issued to, Issued by,
Valid from
• Digital Certificate Details Fields - Version, Serial Number, Signature Algorithm, Hash
Algorithm, Issuer, Valid From, Valid To, Subject, Public Key, Key Usage Statement, Friendly
Name
Elliptic Curve Cryptography (EC or ECC) - CORRECT ANSWER - Asymmetric Key
Algorithm, provides encryption, digital signatures, key exchange, based on the idea of using
points on a curve to define the public/private key, used in wireless devices and smart cards. The
security of the Elliptic Curve cryptography is based on the fact that finding the discrete logarithm
