CompTIA Security Plus Mock Test Q1021

Matt, a security analyst, needs to select an asymmetric encryption method that allows for the same level of encryption strength with a lower key length than is typically necessary. Which of the following encryption methods offers this capability?

A. Twofish
B. Diffie-Hellman

Correct Answer: C
Section: Cryptography

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison
with non-ECC cryptography (with plain Galois fields as a basis) is the same level of security provided by keys of smaller size.

Incorrect Answers:
A: Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).
Twofish is quite similar and works on 128-bit blocks.
B: Diffie-Hellman would require longer keys.
D: Elliptic Curve Cryptography (ECC) provides similar functionality to RSA but uses smaller key sizes to obtain the same level of security.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 251, 252, 253, 254