Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

CCNA CRYPTO QUESTIONS

Status
Not open for further replies.
maczen

maczen

Instructor
Apr 12, 2008
1,016
US
I will break these questions up by categories. Categories will be in CAPS. These are some questions from Chapters 12 and 13 of the CCNA Security: Official Exam Certification Guide.

TYPES OF ATTACKS:
1.text Chosen plain-text attack: Attacker chooses what data the encryption device encrypts and then observes the cyphertext output... attacker gets to choose the plain-text blocks to encrypt..

1.question This just doesn't make sense to me. If the attacker chooses the text to be encrypted.. well then he has access to the unencrypted data right? What's the point? I am missing something.. LoL

2.t Chosen cyphertext attack: Attacker may choose different cyphertexts to be decrypted. Attacker also has access to the decrypted plain-text. Attacker can then search through keyspace and determine which key decrypts cyphertext...

2.q Again.. Attacker has access to decrypted plain text.. I believe that I have missed some pertinent info here but can not locate anything in the book regarding this.. The goal is to access the decrypted plain text so if you have it then why all of the extra work?

3. Would someone describe a Birthday attack in layman's terms?

I have a pretty solid grasp on the rest of the attacks listed.. These are from pages 438 and 439 of the aforementioned text.

Also, I am looking for a good introductory book on encryption, hashing and basically crypto in general. Would like something newer as most of the recommended books I have found date back about 8 to 10 years but that is ok so long as it provides a solid understanding.. Other digital sources (websites) would be appreciated as well.

I think the problem with the CCNA Security intro into crypto is that they have SO MUCH INFO to fit into three chapters.. (5 but two are very short)..

B Haines
CCNA R&S, ETA FOI
 
Sort by date Sort by votes
1. There are two different scenarios.

First is the password has that we discussed yesterday. The attacker has the cyphertext, but wants the cleartext. So he tests different cleartext values by running them through the hash algorithm until he gets a match on the hash.

The second is the testing of various encryption keys. For this the attacker needs both cleartext and cyphertext. The attacker tries different values of encryption keys until he discovers which key will encrypt the cleartext giving the same cyphertext. Or which key will decrypt the cyphertext giving the clear text value.

2. The answer to 2 is the same as the second scenario in 1. To expand on this, consider the attack on PIN blocks in debit transactions. An attacker buys goods and pays with a debit card (real or otherwise). He enters a known PIN value into the merchant's PIN pad where it is encrypted. The attacker tries this several times while intercepting the transaction by compromising the merchant POS system or tapping a phone line at a POS concentrator (saw this kind of tap in Borneo!). Attacker gets the transaction, has the cyphertext and knows what he entered. He can then attack the key by trying different key values using the same encryption algorithm to encrypt the cleartext PIN block until he creates the same value as the encrypted PIN block in the captured transaction.

3. What are the odd of having two people in the same room with the same birthday? Is it 1 in 365? 1 in 183? Actually its one in 11 (IIRC). So the birthday attack is actually lowering the odds of two matching values out of a larger sampling.

Hope this helps.

[the other] Bill



 
Upvote 0 Downvote
Thanks a million. That helped a lot. If I wanted to start playing with crypto (legally) and create a lab type environment then what would you recommend? I don't believe that I have seen any crypto lab material. I think that to gain a better understanding of these various hashing algorithms etc. I should start playing with it. What would you recommend to "test different cleartext values by running them through the hash algorithm until he gets a match on the hash"

Not looking for software that does everything for you.. I am 'somewhat' familiar with Cain and John the Ripper... I am looking to gain an understanding of how it all works! Delve a little deeper!

Also, I still have a few math classes to go on the college level.. Is there a certain direction that you would recommend there regarding crypto? I admit that I am unfamiliar with some of the mathematics used in the various hashing/crypto algorithms (such as RSA) but figure it out quickly enough (like DH)! I can't stand to semi/quazi-grasp a concept!

B Haines
CCNA R&S, ETA FOI
 
Upvote 0 Downvote
See if the OpenCA project is still active. It might provide a basic CA for creating digital certificates. Key generation and certificate requests can be created using SSL. Runs on a Linux platform. Visited the guy heading development in Berlin a few years ago, but can't recall his name. Was casually involved in the project on a personal (not professional) level.

I tried to put together some recommended study material, but the zinfandel has taken control.

More tomorrow.

[the other] Bill
 
Upvote 0 Downvote
Thanks.. Looking forward to it! Remember to drink a glass of water before bed to alleviate that early morning hangover! LoL

B Haines
CCNA R&S, ETA FOI
 
Upvote 0 Downvote
The Handbok of Applied Cryptography by Scott Vanstone, Alfred Menezes and somebody else is good material for gaining an understanding of how the math works. The authors are Ph.D.'s in math (Alfred was one of Scott's students) so you can guess the emphasis of the book: more math and less practical application.

Bruce Schneier used to have a blog/forum. I haven't looked for a long time. I also didn't always agree with him. But he does seems to be pretty good at taking the complexities of crypto and breaking them down so that they are more easily understood. He's got a few books out there.

Maybe a quick trip to Border's to look at what's there might be helpful. Go through a couple of books to see what works for you. IIRC, there's even a "Dummies" crypto primer (no offense meant, I use the Dummies books all the time).

 
Upvote 0 Downvote
I broke down and bought this Bruce Schneier book..

I bookmarked the book you referenced above for purchase when I find a less expensive copy than what is offered at the moment. Thanks again for the info!

B Haines
CCNA R&S, ETA FOI
 
Upvote 0 Downvote
I bookmarked the book you referenced above for purchase when I find a less expensive copy than what is offered at the moment."

If you're talking about the HAC, I doubt it will come down in price. Its been out for a while. I'd loan you mine, but it was given to me as a gift from Scott Vanstone and carries some sentimental value.

The Schneier sites are funny.

[the other] Bill
 
Upvote 0 Downvote
That is what I figured. I have three Crypto books on order at the moment (should be here between Jan24 and Feb3) I hate media mail but you get what you pay for!

Including your other recommendation I have two more crypto books to buy:

The Handbook of Applied Cryptography

AND
Elliptic Curves and their Application to Cryptography

The first, the one you recommended is actually the less expensive as the least I could find the second for was $150.. LoL But I have three coming and considering the topic it will take some time for me to work through those (While working on CCNA Security).

I will buy them both.. Will just keep my eyes open for a deal just in case! I usually find one!

B Haines
CCNA R&S, ETA FOI
 
Upvote 0 Downvote
I would not recommend the ECC book. There's plenty out there on the topic. IIRC, everything is covered in the HAC.

From an application standpoint, ECC another set of public key algorithms with shorter keys than RSA. IIRC, the best one of the bunch is the zero-based one developed by Vanstone. Many of the others had problems. I think the NSA said that a 160-bit ECC key was roughly the same strength as a 1028-bit RSA key.

Not sure if there's much more to say. The rest is in the standards.

Have you looked at the IETF work on crypto? Russ Housley (chair) is a very good crypto guy and has a couple of books that might be of interest. You might try googling him and also looking over some of the info on the IETF site.


[the other] Bill
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

djtech2k
  • Locked
  • Question
Study Questions for Comptia A+
Replies
0
Views
226
djtech2k
djtech2k
Mogles49
  • Locked
  • Question
CCNA 200-125 exam
Replies
0
Views
321
Mogles49
Mogles49
satian
  • Locked
  • Helpful tip
Best CCNA practice paper for CISCO certification
Replies
1
Views
228
jabbo99
jabbo99
MrOyvind
  • Locked
  • Question
The best CCNA books
Replies
0
Views
130
MrOyvind
MrOyvind
NXSIM
  • Locked
  • Helpful tip
Cisco IOS Simulator with CCNA Labs - on Android!
Replies
0
Views
177
NXSIM
NXSIM

Part and Inventory Search

Sponsor

Back
Top