PrepAway - Latest Free Exam Questions & Answers

Which of the following is often considered a good prote…

Brute force attacks against encryption keys have increased in potency because of increased computing power.
Which of the following is often considered a good protection against the brute force cryptography attack?

PrepAway - Latest Free Exam Questions & Answers

A.
The use of good key generators.

B.
The use of session keys.

C.
Nothing can defend you against a brute force crypto key attack.

D.
Algorithms that are immune to brute force key attacks.

Explanation:
A session key is a single-use symmetric key that is used to encrypt messages between two users during a
communication session.
If Tanya has a symmetric key she uses to always encrypt messages between Lance and herself, then this
symmetric key would not be regenerated or changed. They would use the same key every time they
communicated using encryption. However, using the same key repeatedly increases the chances of the key
being captured and the secure communication being compromised. If, on the other hand, a new symmetric key
were generated each time Lance and Tanya wanted to communicate, it would be used only during their one
dialogue and then destroyed. If they wanted to communicate an hour later, a new session key would be created
and shared.
A session key provides more protection than static symmetric keys because it is valid for only one session
between two computers. If an attacker were able to capture the session key, she would have a very small
window of time to use it to try to decrypt messages being passed back and forth.
Incorrect Answers:
A: A strong encryption key offers no protection against brute force attacks. If the same key is always used, once
an attacker obtains the key, he would be able to decrypt the data.
C: It is not true that nothing can defend you against a brute force crypto key attack. Using a different key every
time is a good defense.
D: There are no algorithms that are immune to brute force key attacks. This is why it is a good idea to use a
different key every time.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 798-799


Leave a Reply