CISSP PRACTICE QUESTIONS – 20200716

Effective CISSP Questions

You are evaluating the one-time password (OTP) solutions and a vendor proposed two models of OTP tokens. One solution is synchronous; the other is asynchronous. Which of the following is the primary cryptographic algorithm used in the synchronous solution to generate passwords? (Source: Wentz QOTD)
A. Lucifer
B. Rijndael
C. HMAC
D. Clock timer


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. HMAC.

HMAC is the primary “cryptographic algorithm” used in OTP to generate passwords. Clock timer is one of the input parameters to HMAC for synchronous OTP to generate passwords. However, the clock timer is a parameter, not a “cryptographic algorithm.”

An OTP token generates a password dynamically for one-time use based on either time (synchronous) or sequence/counter (asynchronous). A clock reports the time to the OTP generator while the counter is stored in non-volatile memory (e.g., ) for the generation of the next password. Both the time-based OTP (TOTP) and counter-based OTP (HOTP) generators use the HMAC-SHA1 algorithm.

  • HOTP(K,C) = Truncate(HMAC-SHA-1(K,C)), K for Key and C for Counter
  • TOTP(K,T) = Truncate(HMAC-SHA-1(K,T)), K for Key and T for Time

Source: CISSP PRACTICE QUESTIONS – 20200703

In cryptography, Lucifer was a direct precursor to the Data Encryption Standard (DES).

Rijndael is a block cipher developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen. It is the winner of the AES (Advanced Encryption Standard) selection process and becomes the US cryptographic standard.

Reference


A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.

20200626-Get Your Copy Right Now

Leave a Reply