CompTIA Security Plus Mock Test Q1021

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?

A. Twofish
B. Diffie-Hellman
C. ECC
D. RSA


Correct Answer: C
Section: Cryptography

Explanation:
Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison
with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size.

Incorrect Answers:
A: Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).
Twofish is quite similar and works on 128-bit blocks.
B: Diffie-Hellman would require longer keys.
D: Elliptic Curve Cryptography (ECC) provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 251, 252, 253, 254
http://www.studymode.com/essays/Elliptic-Curve-Cryptography-And-Its-Applications-1560318.html
http://en.wikipedia.org/wiki/Elliptic_curve_cryptography