2. 计算机
  3. The following scenario will be used for questions 28 and 29. Jack has been told that successful attacks have been taking place a

The following scenario will be used for questions 28 and 29. Jack has been told that successful attacks have been taking place a

admin2013-12-19  61
问题 The following scenario will be used for questions 28 and 29.
Jack has been told that successful attacks have been taking place and data that have been encrypted by his company’s software systems have leaked to the company’s competitors. Through Jack’s investigation he has discovered that the lack of randomness in the seeding values used by the encryption algorithms in the company’s software uncovered patterns and allowed for successful reverse engineering.
Which of the following is most likely the item that is the root of the problem when it comes to the necessary randomness explained in the scenario?
选项 A、Asymmetric algorithm
B、Out-of-band communication compromise
C、Number generator
D、Symmetric algorithm
答案C
解析 C正确。数字生成器常用于创建一组随机值流,并且需要一个初始值作为种子。该软件从计算机系统内的某个组件(时间、CPU周期等)内获得种子值。尽管计算机系统很复杂,但它也是一个可以预测的环境,所以,如果种子值是以某种方式可预测的,那根据它而生成的结果值也不是真正的随机,而是伪随机的。如果来自数字生成器的值表现出模式。并且这些模式在加密过程中是可识别的,那么这个缺点会允许攻击者对该算法进行反向工程,进而访问机密数据。
A不正确。因为非对称算法通过使用两个不同的密钥类型(公钥和私钥)执行加密功能。这也叫公钥密码学。类似数字生成器中的组件也可以与非对称算法一起使用,但是非对称算法只是一类算法,并不需要包含随机问题。
B不正确。因为带外通信仅仅意味着传输的信道与加密数据传输的信道不同。它与随机性问题没有任何直接的关联。
D不正确。因为对称算法利用相同密钥的两个实例执行加密功能。类似数字生成器中的组件也可以与非对称算法一起使用。
转载请注明原文地址:https://kaotiyun.com/show/cyhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)