A company must send sensitive data over a non-secure network via web services. The company suspects
that competitors are actively trying to intercept all transmissions. Some of the information may bevaluable to competitors, even years after it has been sent. Which of the following will help mitigate the
risk in the scenario?
A.
Digitally sign the data before transmission
B.
Choose steam ciphers over block ciphers
C.
Use algorithms that allow for PFS
D.
Enable TLS instead of SSL
E.
Use a third party for key escrow
How does signing the data keep it from being intercepted?
I agree, digital signatures do not provide confidentiality. I picked D.
The correct answer to this is C. Perfect forward secrecy means that if the bad guys crack an encryption scheme, they cannot use that knowledge to crack past encryption schemes (or the old stuff). This question seems directly geared to this answer.
Good point. I withdraw my original selection and go with C.
C
Forward secrecy, ensures that if one key is compromised, subsequent keys will not also be compromised. Perfect forward secrecy occurs when this process is unbreakable.