WGU Introduction-to-Cryptography - WGU Introduction to Cryptography HNO1

A true random number generator (TRNG) draws randomness from physical phenomena that are inherently unpredictable and not algorithmically reproducible. Because of this, it is nondeterministic: you cannot feed it the same “input” and expect the same output stream. TRNGs are often slower than PRNGs because they depend on collecting entropy from hardware sources and may require conditioning to remove bias. This aligns with option B: slow and nondeterministic, producing different results even under similar or repeated conditions. Option A describes a deterministic PRNG, where identical seeds yield identical sequences. Option C is unrelated; factorization is a hard math problem used in cryptography (e.g., RSA security assumptions), not a randomness generator definition. Option D describes a counter, which is deterministic and not random. In secure systems, TRNG output may seed a cryptographically secure PRNG to provide both unpredictability and high throughput; but the defining characteristic of a TRNG is nondeterminism from physical entropy. Therefore, option B is correct.

ECB (Electronic Codebook) mode encrypts each block independently with the same key, which makes it naturally amenable to parallel processing: multiple blocks can be encrypted or decrypted simultaneously because there is no chaining dependency between blocks. This is in contrast to CBC encryption, where each plaintext block is XORed with the previous ciphertext block, creating a dependency that prevents straightforward parallelization of encryption (though CBC decryption can be parallelized because ciphertext blocks are already known). Feedback modes like CFB and OFB generate keystream material sequentially, where each step depends on the previous state, limiting parallelism. While ECB’s parallelism is an implementation advantage, it is widely discouraged for most real data because it leaks patterns—identical plaintext blocks produce identical ciphertext blocks. Modern systems prefer parallel-friendly and secure modes such as CTR or GCM, but among the listed options, the mode most known for parallel processing is ECB due to block independence. Therefore, the correct answer is Electronic Codebook (ECB).

Digital signing of software typically works by hashing the application (or its manifest) and then using the publisher’s private key to create a digital signature over that digest. The private key is used because it is secret and uniquely controlled by the publisher; only the publisher should be able to produce a valid signature. Verifiers (customers) use the publisher’s public key to validate the signature and confirm that the digest matches the software they received. This yields two key properties: integrity (the software hasn’t been altered; any modification changes the digest and breaks verification) and authenticity (the signature proves it came from the private-key holder). Option A incorrectly describes symmetric stream encryption. Option C incorrectly generalizes private-key behavior as “block encryption.” Option D is wrong because verification uses the public key, not a private key; also, “encrypting with private key” in this context is better understood as signing, not confidentiality encryption. Therefore, the correct rationale is that the asymmetric private key is used to sign the file’s digest so the corresponding public key can verify integrity and authenticity.

A birthday attack targets hash functions by exploiting the birthday paradox: collisions (two different inputs producing the same hash output) can be found much faster than brute-forcing a specific preimage. For an n-bit hash, the expected work t o find any collision is on the order of 2^(n/2), not 2^n. The attack is relevant because many security constructions rely on collision resistance—digital signatures, certificate fingerprints, integrity checks, and some commitment schemes. If an attacker ca n generate two different documents with the same hash, they may trick a signer into signing one version while later presenting the other as “signed,” depending on the protocol. Linear cryptanalysis and differential cryptanalysis are primarily techniques ag ainst block ciphers, analyzing relationships between plaintext/ciphertext differences or linear approximations across rounds. Algebraic attacks treat the cipher as a system of equations. The description “looking for different inputs that generate the same hash” is the hallmark of collision-finding, and the classic framing for that is the birthday attack.

The string format $2a$08$... is a well-known identifier for the bcrypt password hashing scheme. In common password-hash notation, the prefix indicates the algorithm and parameters: “$2a$” denotes bcrypt (version 2a), and “08” indicates the cost factor (work factor) controlling how computationally expensive hashing is. bcrypt is designed specifically for password storage: it includes a built-in salt and is intentionally slow and adaptive, making brute-force and GPU attacks far more expensive than fast general-purpose hashes like MD5 or SHA-512. NTLM and MD5 are obsolete for secure password storage due to speed and known weaknesses. SHA-512, while cryptographically strong as a hash, is still too fast for password hashing unless used in a dedicated password-hashing construction (e.g., PBKDF2, scrypt, Argon2) with appropriate parameters and salts. Since the given hash clearly matches bcrypt’s encoding, the correct algorithm is bcrypt, which incorporates salting and cost-based key stretching as part of its design.

Lightweight cryptography is designed for constrained environments—devices with limited CPU, memory, storage, bandwidth, and power (battery). Examples include IoT sensors, smart locks, RFID tags, embedded controllers, and industrial devices. Administrators choose lightweight algorithms and protocols to maintain reasonable security while fitting strict resource budgets and real-time constraints. The goal is not “weaker security because data is unimportant,” but rather efficient security that can still meet threat models under constraints. Option B captures this: embedded systems often cannot afford the computational cost of heavy cryptographic primitives (large key sizes, complex modes, frequent handshakes) or may struggle with latency and energy consumption. Option A is irrelevant because physical security of a desktop doesn’t remove the need for cryptography in communications or storage. Option C is the opposite of lightweight design. Option D is a poor justification; security design should be based on risk, and lightweight cryptography is not merely for “minimal protection,” but for practical deployability under constraints. Therefore, the correct reason is limited resources on embedded systems.

ISO/IEC 27001 is an international standard for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS). Its focus is not inventing cryptographic algorithms, but managing information security through a structured governance approach: identifying assets, assessing risks, selecting and implementing controls, measuring effectiveness, and continuously improving. The standard emphasizes a risk-based methodology—controls are chosen based on organizational context and threat landscape, and the ISMS is refined over time through audits, management reviews, and corrective actions. While cryptography can be part of the control set (e.g., encryption policies, key management, secure communications), ISO/IEC 27001 addresses a broad range of security domains beyond crypto, including physical security, access control, incident management, supplier relationships, and business continuity. It also does not enforce criminal penalties; it is a certification/management standard. And it is not limited to network security. Therefore, the correct focus is risk management and continuous improvement of information security.

For protecting credit card data, the primary compliance framework is PCI DSS (Payment Card Industry Data Security Standard). PCI DSS is an industry standard created by major card brands and administered through the PCI Security Standards Council. It sets requirements for organizations that store, process, or transmit cardholder data, including controls around network security, access control, monitoring, and cryptography. PCI DSS explicitly addresses encryption and protection of cardholder data (for example, protecting stored cardholder data and encrypting transmission over open, public networks, and using strong cryptography and secure protocols). CCPA and GDPR are privacy regulations focused on personal data rights and governance, and while they may encourage security measures, they are not specifically the card-industry security standard for payment data. HIPAA applies to protected health information, not payment card data. Therefore, the correct answer is PCI DSS.

In the classical definition, a stream cipher encrypts data in very small units—often described as one bit at a time—by combining plaintext with a keystream (commonly via XOR). While many practical stream ciphers operate on bytes or words for efficiency, the conceptual distinction compared to block ciphers is that stream encryption processes data as a continuous stream rather than fixed-size blocks. This is why the standard teaching answer is “1 bit” per application of the keystream. Block ciphers, by contrast, encrypt blocks like 64 bits (DES/3DES) or 128 bits (AES) in each invocation of the block primitive. Options like 40, 192, and 256 are not typical stream cipher “per-step” processing sizes; 40 and 256 are often associated with key sizes, and 192 could be a key size for AES, not an encryption granularity. The essential security requirement for stream ciphers is that the keystream must be unpredictable and never reused with the same key/nonce combination; otherwise XOR properties allow attackers to recover relationships between plaintexts. Thus, the best answer is 1.