Читаем CISSP Practice полностью

The other three choices are incorrect because they do not use block ciphers. Codebook attacks are a type of attack where the intruder attempts to create a codebook of all possible transformations between plaintext and ciphertext under a single key. Man-in-the-middle (MitM) attacks are a type of attack that takes advantage of the store-and-forward mechanism used by insecure networks, such as the Internet. MitM attacks are also called bucket brigade attacks.

196. Which of the following statements about digital signatures is not true?

a. It enhances authentication.

b. It makes repudiation by the sender possible.

c. It prevents nonrepudiation by the receiver.

d. It makes repudiation by the sender impossible.

196. b. Digital signatures use Rivest, Shamir, and Adelman (RSA), a public-key (two-key) cryptographic algorithm. RSA enhances authentication and confidentiality due to the use of a two-key system; one key is public and the other one is private. The use of RSA in digital signatures prevents repudiation by the sender as well as by the receiver. Nonrepudiation means the sender cannot say that he never sent the message, and the receiver cannot say that he never received the message. Nonrepudiation is possible due to the use of a two-key system where the private key of the sender and the receiver is kept secret while their public key is known only to each party. Both the sender and the receiver cannot deny having participated in the message transmission.

197. Which of the following statements is true? Rivest, Shamir, and Adelman (RSA) algorithm has a:

a. Slower signature generation and slower verification than DSA

b. Slower signature generation and faster verification than DSA

c. Faster signature generation and faster verification than DSA

d. Faster signature generation and slower verification than DSA

197. b. It has been tested and proven that the RSA algorithm has a slower signature generation capability and faster verification than the digital signature algorithm (DSA). On the other hand, the DSA has faster signature generation and slower verification than the RSA.

RSA is much slower to compute than popular secret key algorithms like data encryption standard (DES) and international data encryption algorithm (IDEA). RSA algorithm uses a variable length public key—a long key for enhanced security or a short key for efficiency.

RSA encryption algorithm requires greater computing power (i.e., memory or disk storage space) necessary to generate keys. The keys for RSA algorithm are large numbers generated mathematically by combining prime numbers. The algorithm is powerful and has resisted all attempts to break it to date, except for 40-bit RSA.

198. Cryptography provides all the following services except:

a. Authentication

b. Confidentiality

c. Integrity

d. Availability

198. d. Availability is the property of a given resource that is usable during a given time period; it is not provided by cryptography. Data communications channels are often insecure, subjecting messages transmitted over the channels to various passive and active attacks (threats). Cryptography is the solution to counteract such threats. Cryptography is the science of mapping readable text, called plain text, into an unreadable format, called ciphertext, and vice versa. The mapping process is a sequence of mathematical computations. The computations affect the appearance of the data, without changing its meaning.

To protect a message, an originator transforms a plain text message into ciphertext. This process is called encryption or encipherment. The ciphertext is transmitted over the data communications channel. If the message is intercepted, the intruder has access to only the unintelligible ciphertext. Upon receipt, the message recipient transforms the ciphertext into its original plain text format. This process is called decryption or decipherment.

The mathematical operations used to map between plain text and ciphertext are identified by cryptographic algorithms. Cryptographic algorithms require the text to be mapped and, at a minimum, require some value that controls the mapping process. This value is called a key. Given the same text and the same algorithm, different keys produce different mappings.