A security technician would like an application to use random salts to generate short lived
encryption leys during the secure communication handshake process to increase communication
security. Which of the following concepts would BEST meet this goal?
A.
Ephemeral keys
B.
Symmetric Encryption Keys
C.
AES Encryption Keys
D.
Key Escrow
A.
0
0
Leanne is correct
If no salt is used within the key derivation then the session keys … key agreement should generate sufficiently random ephemeral key material.
0
0
I pick A. Ephemeral keys
https://en.wikipedia.org/wiki/Ephemeral_key
0
0
Usually asymmetric encryption is used for session creation, which rule out B and C.
0
0
The key words in here are: SHORT LIVED.
So let’s start with a little bit of grammar in here, which is something this exam is not known for:
** Definition of EPHEMERAL: lasting for a very short time, short-lived
** Hence: Definition of EPHEMERAL KEY: lasting for a very short time, short-lived
With that, I can rest my case.
Ephemeral keys are not a specific form of keys, they are just short lived keys within a key establishment protocol. Usually they are not directly trusted as they are generated on the fly. They are the opposite to FIXED keys
B & C are fixed keys
D has nothing to do with it
So the best answer is : A- Ephemeral keys
0
0