• Add To Cart Try Demo Learn More
  • CertGear Product Features
  • Sign Up Today

 


Free CISSP Certification Practice Questions:


Which of the following best describes an attack against an one-way hash function by attempting to achieve a collision after 2^(m/2) possible trial inputs?

A) Birthday attack

B) Man in the middle attack

C) Meet in the middle attack

D) Differential cryptanalysis

E) Differential linear cryptanalysis

  • [Ans: A]


  • The Birthday attack is based upon the birthday paradox: If you have 23 people in a room, the probability of duplicate birthdays is above 50%. The Birthday attack relies on the idea of producing duplicates, or collisions, at a rate that exceeds expectations. "Birthday attacks are a class of brute-force techniques used in an attempt to solve a class of cryptographic hash function problems. These methods take advantage of functions which, when supplied with a random input, return one of equally likely values. By repeatedly evaluating the function for different inputs, the same output is expected to be obtained after about 2^ (m/2) evaluations."

    On the other hand, a Man In The Middle attack (MITM) is an attack in which an attacker is able to read, insert and modify messages between two parties without either party knowing that the communication channel between them has been compromised. In a MITM attack, an attacker sniffs packets from a network, modifies them and then inserts them back into the network. Once the attacker intercepts network transmissions between two hosts, the attacker then masquerades as one of the hosts.

    On the other hand, the Meet-In-The-Middle attack is an attack in which an attacker encrypts the plaintext from one end and decrypts the cipher text from the other end, thus meeting in the middle. This type of attack is applied to double encryption schemes. Specifically, if you encrypt data twice, with two different keys, you usually find yourself susceptible to a meet-in-the-middle attack. That is why Triple-DES is used instead of double encryption, despite the three factor performance penalty.

    Lastly, Differential cryptanalysis is a chosen plaintext attack where the attacker is able to select inputs and examine outputs in an attempt to derive the encryption key. Differential cryptanalysis exploits the high probability of certain occurrences of plaintext differences and differences into the last round of the cipher.

    References: http://mathworld.wolfram.com/BirthdayAttack.html
    References: http://www.vandyke.com/solutions/ssh_overview/ssh_overview_threats.html
    References: http://en.wikipedia.org/wiki/Differential_cryptanalysis





BACK    |    NEXT