Which approach provides confidentiality and integrity when selecting cryptographic modes?

Prepare for the DSAC-11 Annex B Test. Study with our quiz featuring flashcards and multiple-choice questions, each question accompanied by hints and explanations. Get ready to excel!

Multiple Choice

Which approach provides confidentiality and integrity when selecting cryptographic modes?

Explanation:
Authenticated encryption modes provide both confidentiality and integrity. By using an AEAD like AES-GCM or ChaCha20-Poly1305, encryption and message authentication are combined, producing a ciphertext plus an authentication tag that the recipient can verify. This means the data stays confidential and any tampering is detected, all in one operation with a single key. Why this is the best approach: ECB mode leaks patterns in the plaintext, so even if you somehow try to add randomness, it cannot achieve true confidentiality or integrity. PKI certificates by themselves don’t encrypt the message content or guarantee its integrity; they’re about authenticating identities, not protecting data in transit. Ignoring a MAC or authentication tag leaves no reliable way to detect tampering, destroying integrity. So the way that reliably provides both protections is choosing secure modes that include built-in authentication and using proper IV handling, as exemplified by GCM.

Authenticated encryption modes provide both confidentiality and integrity. By using an AEAD like AES-GCM or ChaCha20-Poly1305, encryption and message authentication are combined, producing a ciphertext plus an authentication tag that the recipient can verify. This means the data stays confidential and any tampering is detected, all in one operation with a single key.

Why this is the best approach: ECB mode leaks patterns in the plaintext, so even if you somehow try to add randomness, it cannot achieve true confidentiality or integrity. PKI certificates by themselves don’t encrypt the message content or guarantee its integrity; they’re about authenticating identities, not protecting data in transit. Ignoring a MAC or authentication tag leaves no reliable way to detect tampering, destroying integrity. So the way that reliably provides both protections is choosing secure modes that include built-in authentication and using proper IV handling, as exemplified by GCM.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy