Exam 3 Sample Questions

Exam 3 Sample Questions

For their private communications, Bill and Joe use a 10-bit key for symmetric encryption. A cryptanalyst has captured a large amount of ciphertext being sent to Joe.

1)What is the maximum number of keys that the cryptanalyst using the correct algorithm will have to try in order to decrypt the ciphertext and crack the key?

Answer: ______

2)Would it be possible for the cryptanalyst to crack the key after 768 tries? Explain

3)Imagine that the MD5 hash function is to be used to hash a file which size is 1024 bytes. What would be the size,in bits, of the checksum?

Answer: ______

4)Computers’ processing power is used to crack encryption keys. Today, the maximum processing speed of microprocessors (based on clock rate and number of circuits) is about 3.5 GHz, and it is increasing by 30% roughly every year. A symmetric session key needs to be, at least, 100 bits long to be considered strong today. It will take processors that have 9 GHz speed to crack such a key. How long, in terms of years, it will take until microcomputers are capable of cracking a 100 bit symmetric key. Explain your answer.

5)A friend of yours who is running a small business wants to use symmetric encryption for confidentiality to protect communications with his business partners. As a security expert you told him that, given the nature of the transactions and the kind of risk involved, a 100-bit encryption key may be enough to protect the communications. But because he is an individual with a high risk aversion, he wants to use a 200-bit key. Explain what could be a downside of using a 200-bit key for symmetric encryption where a 100-bit is strong enough to provide protection.Use a checkmark (√) to indicate which of the following statement is true.

6)Which of the following is a hashing function or hashing protocol? (Choose all that apply)

a)DES

b)AES

c)MD5

d)Secure Hash Algorithm

e)MS-CHAP

7)You discovered that ABC Inc. is using Microsoft’s IIS 5.0 web server software to provide Internet printing service to its employees so they can send their print jobs to the company’s printers over the Internet using a web browser. What tool may attackers use to launch a buffer overflow attack again the server?

Answer: ______

8)A programmer has developed an application that allows users to use a web interface in order to type in input data that consist in alphabetic and numeric characters. Some users discovered that they can type in special characters and very long SQL requests. What kind of attack the application may be subject to. Explain.

9) When the Hide Extension For Known File Types is set in Windows, malicious.txt.exe will appear to be a …

a)text (txt) file

b)executable (exe) file

c)word processing (doc) file

d)image (jpg) file

e)None of the above

10)Hash sum is another term used to refer to the hash generated using a hash

function.TF