Cryptography Basics Bonus Content
30 questions on Cryptography Basics.
Question 1: What is the difference between symmetric and asymmetric encryption?
- A. Symmetric encryption uses the same key for encryption and decryption, while Asymmetric encryption uses a public-private key pair. β (correct answer)
- B. Symmetric encryption is used only for text, while Asymmetric is used only for images.
- C. Asymmetric encryption is faster and used for massive file backups.
- D. Symmetric encryption does not require keys.
Explanation: Symmetric (e.g., AES) is fast and shares a single key. Asymmetric (e.g., RSA) uses a public key to encrypt and private key to decrypt.
Question 2: In public-key cryptography, if Alice wants to send an encrypted message to Bob that only Bob can read, whose key should she use to encrypt?
- A. Alice's Private Key
- B. Alice's Public Key
- C. Bob's Public Key β (correct answer)
- D. Bob's Private Key
Explanation: Bob's public key encrypts data. Only Bob's matching private key (which only Bob possesses) can decrypt it.
Question 3: What cryptographic properties define a secure hash function?
- A. Reversibility, speed, and variable output length.
- B. Pre-image resistance, second pre-image resistance, and collision resistance. β (correct answer)
- C. Symmetric keys, block sizing, and padding vectors.
- D. Dual signatures, compression rates, and parity checking.
Explanation: Secure hashes must be one-way (pre-image), resistant to finding another input with the same hash (second pre-image), and resistant to finding any two inputs with identical hashes (collision).
Question 4: How does the Diffie-Hellman Key Exchange algorithm establish a shared secret over an insecure channel?
- A. By sending the private key across the network in encrypted packets.
- B. By utilizing modular exponentiation math where public values are combined with private exponents to compute a matching final key. β (correct answer)
- C. By relying on a trusted third-party certificate authority to assign keys.
- D. By cycling through a list of pre-shared keys.
Explanation: Diffie-Hellman allows two parties to generate a shared secret key without ever exposing it over the wire, utilizing discrete logarithm math.
Question 5: What two core features do Digital Signatures provide for electronic files?
- A. High compression and metadata stripping.
- B. Database indexing and faster network routing.
- C. Authentication of source integrity and Non-repudiation (the sender cannot deny signing it). β (correct answer)
- D. Symmetric encryption and payload hashing.
Explanation: Digital signatures are created using the sender's private key, verifying origin integrity and preventing denial of authorship.
Question 6: What is Cryptography?
- A. The study of map layout coordinates.
- B. The practice and study of techniques for secure communication in the presence of adversarial third parties. β (correct answer)
- C. Writing code scripts in Python.
- D. Managing database servers.
Explanation: Cryptography hides information structure, ensuring data confidentiality and integrity.
Question 7: What does a block cipher do?
- A. Encrypts data bit-by-bit in real-time.
- B. Encrypts fixed-size groups of bits (blocks), like 128-bit chunks in AES, using a symmetric key. β (correct answer)
- C. Blocks access to target websites.
- D. Deletes database transaction files.
Explanation: Block ciphers process data in blocks, using padding to fit arbitrary file lengths.
Question 8: What is the purpose of an Initialization Vector (IV) in cipher block chaining (CBC)?
- A. To speed up compile time.
- B. To introduce randomness into the first block of ciphertext, ensuring identical plaintexts yield unique ciphertexts when encrypted. β (correct answer)
- C. To store the decryption password.
- D. To define the block sizing limit.
Explanation: IVs prevent patterns from leaking, stopping attackers from deducing repeated blocks.
Question 9: Which symmetric algorithm is the modern global industry standard for secure data encryption?
- A. DES
- B. AES (Advanced Encryption Standard) β (correct answer)
- C. RSA
- D. MD5
Explanation: AES is secure, efficient, and implemented in hardware acceleration globally.
Question 10: In asymmetric cryptography, if Bob wants to prove to Alice that he authored a message, how does he sign it?
- A. Bob encrypts Bob's public key.
- B. Bob signs the message hash using Bob's private key. β (correct answer)
- C. Bob signs using Alice's public key.
- D. Bob hashes the message using SHA-256.
Explanation: Anyone can decrypt Bob's signature using Bob's public key, verifying only Bob could have signed it.
Question 11: What is the purpose of PKI (Public Key Infrastructure)?
- A. It provides high-speed databases.
- B. A framework of roles, policies, and certificates managing public keys and binding them to entities using Certificate Authorities (CAs). β (correct answer)
- C. It routes network traffic.
- D. It compiles CSS layouts.
Explanation: PKI establishes trust, verifying that public keys belong to the correct web domains.
Question 12: What is the main limitation of symmetric encryption?
- A. It is mathematically weak.
- B. The secure distribution of the single shared key to both parties without interception. β (correct answer)
- C. It only works on Linux machines.
- D. It does not support block ciphers.
Explanation: If the shared key is intercepted during exchange, the system security is compromised.
Question 13: What does it mean if a hash function is 'one-way'?
- A. It runs in one direction, meaning it is mathematically impossible to reverse the hash output back into the original input. β (correct answer)
- B. It can only process one file at a time.
- C. It operates only on network layers.
- D. It is deprecated.
Explanation: One-way functions are easy to compute forward but practically impossible to reverse (NP-hard).
Question 14: What is a 'Collision' in cryptographic hashing?
- A. A hardware crash on the server.
- B. When two different inputs produce the exact same output hash value. β (correct answer)
- C. Two users connecting at the same time.
- D. A database transaction timeout.
Explanation: Collisions break hash integrity. Secure hashes must be collision-resistant.
Question 15: What is 'Ciphertext'?
- A. The source code of the webpage.
- B. The encrypted, unreadable representation of data produced by an encryption algorithm. β (correct answer)
- C. The plain text database file.
- D. A CSS font family.
Explanation: Ciphertext protects data during transit or storage, requiring keys to decrypt.
Question 16: What is the difference between block ciphers and stream ciphers?
- A. Block ciphers encrypt in chunks, while Stream ciphers encrypt continuous bit streams dynamically. β (correct answer)
- B. Stream ciphers are only used in database transactions.
- C. Block ciphers are slower and deprecated.
- D. Stream ciphers do not use keys.
Explanation: Block ciphers use fixed blocks (e.g. AES); stream ciphers process bits sequentially (e.g. RC4).
Question 17: What is Perfect Forward Secrecy (PFS)?
- A. Backing up keys to multiple servers.
- B. A feature of key-agreement protocols guaranteeing that compromise of long-term keys does not compromise past session keys. β (correct answer)
- C. Restricting keys to read-only access.
- D. Automatically updating passwords weekly.
Explanation: PFS uses ephemeral keys for each session, protecting past recordings from future leaks.
Question 18: Which key is shared publicly with anyone in asymmetric systems?
- A. Private Key
- B. Public Key β (correct answer)
- C. Session Key
- D. Master Key
Explanation: Public keys are freely shared, used by others to encrypt data or verify signatures.
Question 19: What does standard 'Salting' solve in password storage?
- A. Slow database queries.
- B. Rainbow table attacks by appending unique random values to inputs, ensuring identical passwords yield unique hashes. β (correct answer)
- C. Code compilation bugs.
- D. Network sniffing threats.
Explanation: Salts ensure that if two users use 'password123', their database hash strings are different.
Question 20: How does RSA encryption derive its mathematical security?
- A. Discrete logarithm equations.
- B. The practical difficulty of factoring the product of two very large prime numbers. β (correct answer)
- C. XOR bitwise operations.
- D. Modular addition loops.
Explanation: Factoring huge prime products is computationally hard, forming the basis of RSA security.
Question 21: What is the role of a Certificate Authority (CA)?
- A. Running server firewalls.
- B. A trusted third party that issues digital certificates verifying the ownership of public keys. β (correct answer)
- C. Caching web files.
- D. Authenticating database users.
Explanation: CAs vouch for identity boundaries, securing HTTPS connections globally.
Question 22: What is the opposite of encryption?
- A. Hashing
- B. Decryption β (correct answer)
- C. Obfuscation
- D. Salting
Explanation: Decryption restores ciphertext back into readable plaintext using keys.
Question 23: What is the difference between HMAC and standard hash functions?
- A. HMAC is faster and runs on GPUs.
- B. HMAC combines a cryptographic hash function with a secret key, providing message authentication and integrity checks. β (correct answer)
- C. HMAC is unsupervised.
- D. HMAC does not support SHA-256.
Explanation: Hash Message Authentication Code (HMAC) protects against length-extension attacks by adding keys.
Question 24: What is the purpose of padding in cryptography?
- A. Adding styling borders to web pages.
- B. Formatting input data so its length fits the fixed block size requirements of block ciphers (e.g. PKCS#7). β (correct answer)
- C. Compressing file sizes.
- D. Encrypting data streams.
Explanation: Block ciphers require inputs to be multiples of block sizes (e.g., 16 bytes for AES).
Question 25: What is the security threat of a 'Man-in-the-Middle' (MitM) attack in public key exchanges?
- A. The attacker crashes the database server.
- B. The attacker intercepts the key exchange, substituting their own public key to decrypt and re-encrypt data between victims undetected. β (correct answer)
- C. The attacker deletes files on host servers.
- D. The attacker modifies CSS files.
Explanation: MitM hijacks exchanges, requiring PKI certificates to verify public key origins.
Question 26: What is 'Plaintext'?
- A. The compiled database tables.
- B. Unencrypted, readable data in its original raw representation. β (correct answer)
- C. The styling file.
- D. The folder structure.
Explanation: Plaintext is data before it is run through encryption ciphers.
Question 27: Which hashing algorithm is standard for checking file download integrity?
- A. RSA
- B. SHA-256 (or MD5/SHA-1 historically) β (correct answer)
- C. AES-128
- D. Diffie-Hellman
Explanation: SHA-256 produces a unique 256-bit signature, verifying files haven't been tampered with.
Question 28: What does the 'Kerckhoffs's Principle' state?
- A. Cryptographic systems must be kept secret.
- B. A cryptographic system should be secure even if everything about it is public, except for the key. β (correct answer)
- C. Keys must be rotated every 24 hours.
- D. Symmetric ciphers are stronger than asymmetric ones.
Explanation: Relying on 'security by obscurity' is a flaw. Algorithms must withstand public scrutiny.
Question 29: What is the role of a 'Key Derivation Function' (KDF)?
- A. Exchanging public keys over networks.
- B. Deriving one or more secure keys from a master key or password (e.g. PBKDF2). β (correct answer)
- C. Compacting database tables.
- D. Checking file checksums.
Explanation: KDFs stretch keys, making password-derived keys robust against dictionary attacks.
Question 30: Which key is kept strictly confidential by the owner in asymmetric cryptography?
- A. Public Key
- B. Private Key β (correct answer)
- C. Session Key
- D. Master Key
Explanation: Private keys must never be shared, used to decrypt data or sign messages.