CompTIA Security Plus Mock Test Q1051

Jane, a VPN administrator, was asked to implement an encryption cipher with a MINIMUM effective security of 128-bits. Which of the following should Jane select for the tunnel encryption?

A. Blowfish
B. DES
C. SHA256
D. HMAC


Correct Answer: A
Section: Cryptography

Explanation:
Blowfish is an encryption system that performs a 64-bit block cipher at very fast speeds. It is a symmetric block cipher that can use variable-length keys (from 32 bits to 448 bits).
Among the alternatives listed above, it is the only cipher that can use a 128-bit key and which does provide additional security through a symmetric key.

Incorrect Answers:
B: DES does not provide 128 bit security. DES uses a 56-bit key.
C: The hash size for the SHA256 algorithm is 256 bits.
D: HMAC (Hash-Based Message Authentication Code) uses a hashing algorithm along with a symmetric key. HMAC with 128 bit would provide more additional security compared to
Blowfish 128 bit as HMAC uses a symmetric key as well.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 139, 250, 251, 255-256, 260