1. Hashes are slower than digital signature algorithms.
Explanation: Since hash functions
are generally faster than encryption or digital signature algorithms,
it is typical to compute the digital signature or integrity check to
some document by applying cryptographic processing to the document's
hash value, which is small compared to the document itself.
Hash functions do not require 128bit
computing. Also, they are not typically more secure than the public
key encryption used for digital signatures, although digital signatures
may use an encrypted hash value. Hash functions are standardized, rather
than proprietary. Common hash functions include MD-5 and SHA-1.
2. DES is considered to be
Explanation: While the 56-bit
key encryption in DES now only offers a few hours of protection against
exhaustive search by a modern dedicated machine [Wie94], the current
rate of increase in computing power is such that an 80-bit key as used
by Skipjack can be expected to offer the same level of protection against
exhaustive key search in 18 years time as DES does today [BDK93].
Typically, as computer power increases,
encryption algorithms once considered secure become insecure due to
the reduced amount of time and resources necessary to break them.
3. A certificate
is used to allow verification of the claim that a specific public key
does in fact belong to a specific individual.
are issued by the certificate authority. Certificates are digital documents
attesting to the binding of a public key to an individual or other entity.
They allow verification of the claim that a specific public key does
in fact belong to a specific individual. Certificates help prevent someone
from using a phony key to impersonate someone else. In some cases it
may be necessary to create a chain of certificates, each one certifying
the previous one until the parties involved are confident in the identity
4. A typical certificate contains
a number of data entries. One entry NOT included in a typical certificate
is the type of server .
Explanation: In their simplest
form, certificates contain a public key and a name. As commonly used,
a certificate also contains an expiration date, the name of the certifying
authority that issued the certificate, a serial number, and perhaps
other information. Most importantly, it contains the digital signature
of the certificate issuer. The most widely accepted format for certificates
is defined by the ITU-T X.509 international standard.
5. Digital Certificates can provide:
D. Token verification
E. No choice is correct
Explanation: (from http://www.enteract.com/~lspitz/digcerts.html):
is digital verification of who you are, much in the same way your driver's
license proves your identity. It is very easy to send spoofed email.
I can email anyone in the world pretending I am the President of the
United States. Using standard email, there is no way to verify who the
sender is, i.e. if it is actually the President. With digital signatures
and certificates, you digitally encode verifiable proof of your identity
into the email.
- Integrity: This is the verification that
the data you sent has not been altered. When email or other data travels
across the Internet, it routes through various gateways (way stations).
It is possible for people to capture, alter, and then resend the message.
Example, your boss emails the company president stating that you should
be fired. It is possible for you to intercept that email and change
it saying you deserve a $10,000 raise. With digital certificates, your
email cannot be altered without the recipient knowing.
- Encryption: This ensures that your data
was unable to be read or utilized by any party while in transit. Your
message is encrypted into incomprehensible gibberish before it leaves
your computer. It maintains it encrypted (gibberish) state during its
travel through the Internet. It is not de-crypt until the recipient
receives it. Because of the public-key cryptography used (discussed
later) only the recipient can decipher the received message, no one
Token Verification: Digital
tokens replace your password that can be easily guessed. Tokens offer
a more secure way of access to sensitive data. The most common way to
secure data or a web site is with passwords. Before anyone accesses
the data, they are prompted with their user login id and password. However,
this is easily cracked using various types of security software (such
as Crack 5.0, etc.). Also, passwords can be found with other means,
such as social engineering. Passwords are not secure. Token verification
is more secure. Your digital certificate is an encrypted file that sits
on your hard drive. When you need access to a system, that system asks
you for your digital certificate instead of a password. Your computer
would then send the certificate, in encrypted format, through the Internet,
authorizing you for access. For this to be compromised, someone would
have to copy this file from your computer, AND know your password to
de-crypt the file."