Which of the following concepts describes the use of a one way transformation in order to validate the integrity of a program?
B. Key escrow
Correct Answer: A
Section: Compliance and Operational Security
Hashing refers to the hash algorithms used in cryptography. It is used to store data, such as hash tables and its main characteristics are: It must be one-way – it is not reversible. Variable-length input produces fixed-length output – whether you have two characters or 2 million, the hash size is the same. The algorithm must have few or no collisions – in hashing two different inputs does not give the same output.
B: Key escrow is used with nonrepudiation in that the third party in the two-key system may also need access keys. Under the conditions of key escrow, the keys needed to decrypt/ encrypt data are held in an escrow account and made available if that third party requests it. The opposite of key escrow is a key recovery agent.
C: Nonrepudiation prevents one party from denying actions that they carried out and in the electronic world nonrepudiation measures can be a two-key cryptographic system and the involvement of a third party to verify the validity. This respected third party ‘vouches’ for the individuals in the two-key system.
D: Steganography is the process of hiding a message in a medium such as a digital image, audio fi le, or other file. In theory, doing this prevents analysts from detecting the real message. You could encode your message in another fi le or message and use that fi le to hide your message.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 248, 255, 262, 291