2. 计算机
  3. The following scenario will be used for questions 28 and 29. Jack has been told that successful attacks have been taking place a

The following scenario will be used for questions 28 and 29. Jack has been told that successful attacks have been taking place a

admin2013-12-19  27
问题 The following scenario will be used for questions 28 and 29.
Jack has been told that successful attacks have been taking place and data that have been encrypted by his company’s software systems have leaked to the company’s competitors. Through Jack’s investigation he has discovered that the lack of randomness in the seeding values used by the encryption algorithms in the company’s software uncovered patterns and allowed for successful reverse engineering.
Which of the following best describes the role of the values that is allowing for patterns as described in the scenario?
选项 A、Initialization vector
B、One-time password
C、Master symmetric key
D、Subkey
答案A
解析 A正确。初始化向量(Initialization Vector,IV)是算法用来确保加密过程中不会产生模式的随机值。它与密钥一起使用,并且在被发送到目的地时无须被加密。如果没有使用Ⅳ,使用相同密钥对相同的明文进行加密,将得到相同的密文。攻击者利用这些类型的模式可以更容易地破解加密方法,发现密钥。
B不正确。因为一次性填充是由Gilbert Vernam创造的加密方法,如果合理实施,则可以将其看成无法破解的。一次性填充使用随机值作为填充值,并与消息进行XOR操作,生成密文。一次性填充至少与消息本身一样长,并且仅使用一次便被丢弃。这个场景并没有说明这种技术。
C不正确。因为为了生成复杂的密钥,通常会创建一个主密钥,然后利用该主密钥生成对称密钥。例如,如果某个应用程序负责为每个请求会话密钥的主体都创建一个会话密钥,则它不能给出该密钥的相同实例。不同的主体需要拥有不用的对称密码,从而确保攻击者获取并发现密钥的窗口比重复使用相同密钥的要小。从一个主密钥创建的两个或多个密钥都叫子密钥。这并不是本场景中描述的随机性组件。
D不正确。因为从一个主密钥创建的两个或多个密钥才叫子密钥。这并不是本场景中描述的随机性组件。
转载请注明原文地址:https://kaotiyun.com/show/0yhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)