You are encrypting data using a well-known block cipher in CBC mode with a randomly generated symmetric key, yHj7rXtKd/Q4EdIIEDifQFrid2w=, to communicate with a peer host on an 802.3 Ethernet. A middle man captured the traffic and happened to decrypt the ciphertext using another key, zycATbEloWRKFo5C9MfgrjXeCTk=, during the cryptanalysis process. Which of the following best describes the phenomenon? (Wentz QOTD)
A. Collision detection
B. Server pharming
C. Key clustering
D. Hash collision
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Key clustering.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.
A collision in the hash context typically refers to the situation where a hash function generates the same hash value from two distinct input messages. Some, e.g., Wikipedia, may use clustering in the context of hashing. In CISSP, clustering specifically refers to the situation where a cipher produces the same ciphertext using two distinct secret keys. So, it’s more specific to say hash collision or key clustering.
Server pharming is a distractor that combines two concepts: server farm and pharming attack.
Pharming is a cyberattack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP addresses. Compromised DNS servers are sometimes referred to as “poisoned”. Pharming requires unprotected access to target a computer, such as altering a customer’s home computer, rather than a corporate business server.
Source: Wikipedia
Collision detection can also be used in the network communication context and related to Carrier-sense multiple access with collision detection (CSMA/CD), “a media access control (MAC) method used most notably in early Ethernet technology for local area networking. It uses carrier-sensing to defer transmissions until no other stations are transmitting. This is used in combination with collision detection in which a transmitting station detects collisions by sensing transmissions from other stations while it is transmitting a frame. When this collision condition is detected, the station stops transmitting that frame, transmits a jam signal, and then waits for a random time interval before trying to resend the frame.” (Wikipedia)
Reference
您使用一個知名的區塊型加密器(block cipher),以隨機生成的對稱密鑰, yHj7rXtKd/Q4EdIIEDifQFrid2w=, 在CBC模式下加密數據,在802.3的以太網路上與對等主機進行通信。 一個中間人捕獲了流量,並在破密分析過程中碰巧使用了另一個密鑰, zycATbEloWRKFo5C9MfgrjXeCTk=, 解密了密文。 以下哪一項最能描述這種現象? (Wentz QOTD)
A. Collision detection
B. Server pharming
C. Key clustering
D. Hash collision
I think It should be C. First 2 options has no relevance to the question The hash collision is where the 2 files have the same hash by chance but here Man in the middle has used brute force to crack the hash to make his effort easy.
Pingback: 金鑰叢集(Key clustering) – Choson資安大小事