312-50V12 · Question #178
312-50V12 Question #178: Real Exam Question with Answer & Explanation
The correct answer is B: Data encryption with AES-256: Provides high security with better performance than 3DES, but not. This question tests the ability to evaluate cryptographic algorithm trade-offs in a post-quantum threat environment, balancing security strength and operational performance across symmetric encryption options.
Question
You are a cybersecurity professional managing cryptographic systems for a global corporation. The company uses a mix of Elliptic Curve Cryptography (ECC) for key exchange and symmetric encryption algorithms for data encryption. The time complexity of ECC key pair generation is O(n^3), where 'n' is the size of the key. An advanced threat actor group has a quantum computer that can potentially break ECC with a time complexity of O((log n)^2). Given that the ECC key size is 'n=512' and varying symmetric encryption algorithms and key sizes, which scenario would provide the best balance of security and performance?
Options
- AData encryption with AES-128: Provides moderate security and fast encryption, offering a balance
- BData encryption with AES-256: Provides high security with better performance than 3DES, but not
- CData encryption with 3DES using a 168-bit key: Offers high security but slower performance due
- DData encryption with Blowfish using a 448-bit key: Offers high security but potential compatibility
Explanation
This question tests the ability to evaluate cryptographic algorithm trade-offs in a post-quantum threat environment, balancing security strength and operational performance across symmetric encryption options.
Common mistakes.
- A. AES-128 provides only 128-bit security, which under Grover's quantum algorithm is effectively reduced to 64-bit security, making it insufficient against the quantum threat actor described in the scenario.
- C. 3DES with a 168-bit key is considered legacy and deprecated by NIST due to its vulnerability to Sweet32 birthday attacks, and its triple-pass design results in significantly slower performance compared to AES, making it a poor choice for both security and performance.
- D. Blowfish with a 448-bit key, while offering a large key size, has known weaknesses including a 64-bit block size vulnerable to birthday attacks and poor industry support, leading to significant compatibility issues in enterprise environments.
Concept tested. Post-quantum symmetric encryption algorithm selection and trade-offs
Reference. https://csrc.nist.gov/projects/post-quantum-cryptography
Topics
Community Discussion
No community discussion yet for this question.