CompTIA Security Plus Mock Test Q1043

Which of the following ciphers would be BEST used to encrypt streaming video?

B. RC4

Correct Answer: B
Section: Cryptography

In cryptography, RC4 is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). While remarkable for its
simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not
discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP.
Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable
to a bit-flipping attack. The cipher is also vulnerable to a stream cipher attack if not implemented correctly. Furthermore, inadvertent double encryption of a message with the same key
may accidentally output plaintext rather than ciphertext because the involutory nature of the XOR function would result in the second operation reversing the first.
It is noteworthy, however, that RC4, being a stream cipher, was for a period of time the only common cipher that was immune to the 2011 BEAST attack on TLS 1.0. The attack
exploits a known weakness in the way cipher block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers.

Incorrect Answers:
A: RSA encryption is used for encrypting data in transit. RSA involves a public key and a private key. The public key can be known by everyone and is used for encrypting messages.
Messages encrypted with the public key can only be decrypted in a reasonable amount of time using the private key. However, RSA is not used to encrypt streaming video.
C: SHA stands for “secure hash algorithm”. SHA-1 is the most widely used of the existing SHA hash functions, and is employed in several widely used applications and protocols
including TLS and SSL, PGP, SSH, S/MIME, and IPsec. It is used to ensure data integrity. However, it is not used to encrypt streaming video.
D: In cryptography, Triple DES (3DES) is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) symmetric-key block cipher, which applies the Data
Encryption Standard (DES) cipher algorithm three times to each data block. The electronic payment industry uses Triple DES and continues to develop and promulgate standards
based upon it (e.g. EMV). Microsoft OneNote, Microsoft Outlook 2007, and Microsoft System Center Configuration Manager 2012, use Triple DES to password protect user content
and system data. However, it is not used to encrypt streaming video.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 250, 251, 255-256