189. A message authentication code can protect against which of the following combinations of actions?
1. Authorized, accidental data modification
2. Authorized, intentional data modification
3. Unauthorized, accidental data modification
4. Unauthorized, intentional data modification
a. 2 and 4
b. 2 and 3
c. 3 and 4
d. 1 and 4
189. c. A message authentication code, a type of cryptographic checksum, can protect against both accidental and intentional, but unauthorized, data modification. Ordinary error detecting codes such as cyclic redundancy codes are not adequate because they cannot detect intentional modification. A message authentication code is initially calculated by applying a cryptographic algorithm and a secret value, called the key, to the data. The initial code is retained. The data is later verified by applying the cryptographic algorithm and the same secret key to the data to produce another, second code; this second code is then compared to the initial code. If the two codes are equal, then the data is considered authentic. Otherwise, an unauthorized modification is assumed. Any party trying to modify the data without knowing the key would not know how to calculate the appropriate code corresponding to the altered data.
190. Which of the following encryption algorithms or schemes is absolutely unbreakable?
a. Data encryption standard
b. One-time pad
c. International data encryption algorithm
d. Rivest cipher 2 and 4
190. b. One-time pad is unbreakable given infinite resources. Each random key in the one-time pad is used exactly once, for only one message, and for only a limited time period. The algorithm for a one-time pad requires the generation of many sets of matching encryption keypads. Each pad consists of a number of random key characters, not generated by a cryptographic key generator. Each key character in the pad is used to encrypt one and only one plain text character; then the key character is never used again. The number of random keypads that need to be generated must be at least equal to the volume of plain text messages to be encrypted. Due to the number of random keypads to be generated, this approach is not practical for high-speed communication systems. This is the reason the one-time pad is absolutely unbreakable.
Brute force attack is possible with the data encryption standard (DES) and international data encryption algorithm (IDEA). The key length in Rivest cipher 2 and 4 (RC2 and RC4) is variable, and details of their algorithms are unknown because they are new proprietary algorithms. IDEA is a new algorithm and works as a double-DES (2DES). DES is in the public domain so that anyone can use it. IDEA is patented and requires a license for commercial use. RC2 and RC4 are unpatented but are trade secrets.
191. Which of the following statements is true about one-way hash function and encryption algorithm?
a. They both convert a plain text into an unintelligent text.
b. They both can reverse from output to input.
c. They both do not destroy information.
d. They both operate on a key.
191. a. A hash function can detect modification of a message, independent of any connection with signatures. That is, it can serve as a cryptographic checksum. It is a solution to the problem of signing long messages. A one-way hash function converts an arbitrary-length message into a fixed-length hash. Like an encryption algorithm, a one-way hash function converts a plain text message into an unintelligent text. This is where the similarity stops. However, unlike an encryption algorithm, there is no way to go backward with a one-way hash function. It is impossible to reverse a one-way hash function to get the original input from the output value. An encryption algorithm does not destroy any information. A one-way hash function destroys information and does not have a key. No secrecy is involved in the one-way hash function; the security is in the lack of ability to reverse itself. This property makes it a useful way to identify a message.
192. What do controls to protect against malicious changes to a message include?
a. Data checksums and cyclic redundancy code
b. Message integrity code and message authentication code
c. Message integrity code and cyclic redundancy code
d. Data checksums and message authentication code
