Deck 21: Public-Key Cryptography and Message Authentication

Cryptographic hash functions generally execute faster in software
than conventional encryption algorithms such as DES.

The operations performed during a round consist of circular
shifts,and primitive Boolean functions based on DSS,MD5,SHA,and RSA.

SHA-3 algorithms must be designed to resist any potentially
successful attack on SHA-2 functions.

SHA is perhaps the most widely used family of hash functions.

SHA-1 is considered to be very secure.

The Diffie-Hellman algorithm depends for its effectiveness on the
difficulty of computing discrete logarithms.

HMAC can be proven secure provided that the embedded hash function
has some reasonable cryptographic strengths.

A hash function such as SHA-1 was not designed for use as a MAC
and cannot be used directly for that purpose because it does not rely on a secret key.

The appeal of HMAC is that its designers have been able to prove an
exact relationship between the strength of the embedded hash function and the strength of HMAC.

Unlike RSA,DSS cannot be used for encryption or key exchange.

The one-way hash function is important not only in message
authentication but also in digital signatures.

The key exchange protocol is vulnerable to a man-in-the-middle
attack because it does not authenticate the participants.

Timing attacks are only applicable to RSA.

SHA-2 shares the same structure and mathematical operations as its
predecessors and this is a cause for concern.

The purpose of the __________ algorithm is to enable two users to exchange a secret key securely that can then be used for subsequent encryption of messages.

One of the first public-key schemes,_______,was developed in 1977 by Ron Rivest,Adi Shamir,and Len Adleman.

The evaluation criteria for the new hash function are: security,_______,and algorithm and implementation characteristics.

One of the simplest hash functions is the ________ of every block.

The Secure Hash Algorithm (SHA)was developed by the _________ and published as a federal information processing standard (FIPS 180)in 1993.

______ has been issued as RFC 2014,has been chosen as the mandatory-to-implement MAC for IP Security,and is used in other Internet protocols,such as Transport Layer Security.

__________ are alarming for two reasons: they come from a completely unexpected direction and they are a ciphertext-only attack.

NIST has published FIPS PUB 186,which is known as the ___________.

Four possible approaches to attacking the RSA algorithm are: brute force,timing attacks,_________ attacks,and chosen ciphertext attacks.

Versions of SHA,with hash value lengths of 256,384,and 512 bits, (SHA-256,SHA-384,and SHA 512)are collectively known as _________.

The security of any MAC function based on an embedded hash function depends in some way on the _________ strength of the underlying hash function.

"Must support hash value lengths of 224,256,384,and 512 bits" and "algorithm must process small blocks at a time instead of requiring the entire message to be buffered in memory before processing it" are requirements for ________.

Perhaps the most widely used public-key algorithms are _________ and Diffie-Hellman.

If speed is a concern,it is fully acceptable to use _________ rather than SHA as the embedded hash function for HMAC.

The purpose of the algorithm is to enable two users to exchange a __________ securely that can then be used for subsequent encryption of messages.