Identification should include
- key strength
- stream vs. block
- diffusion
- confusion
- random/pseudo-random number generation
- session keys and perfect forward secrecy
- ephemeral key
- collision
- steganography
- salt, IV, nonce
- weak/deprecated algorithms
- key exchange
- digital signatures
- obfuscation
- key stretching
- implementation vs. algorithm selection
- security through obscurity.
Process/Skill Questions:
- How can one prevent two passwords from hashing to the same value?
- What are the factors that make a strong key?
- What is the difference between confusion and obfuscation?
- What are the different methods to exchange a secret key?