CISSP 5 Cryptography

Let's see how well you did on this test ...
1. What is a valid PKCS-standard?
Answer: PKCS#1 for RSA encryption
Sorry - you had a wrong answer, please review details below.
Reference: RSA Laboratories, Public-Key Cryptography Standards - Homepage.
A very special thanks to Claus Stark and his wife Shubhangi for submitting this
question.
2. Which of the following is not an example of a block cipher?
Answer: RC4
RC4 is a proprietary, variable-key-length stream cipher invented by Ron Rivest

for RSA Data Security, Inc. Skipjack, IDEA and Blowfish are examples of block
ciphers.
Source: SHIREY, Robert W., RFC2828: Internet Security Glossary, may 2000.
Thanks to Christian Vezina for providing this question.
3. Cryptography does not concern itself with:
Answer: Availability
Cryptography addresses the principles, means and methods of disguising

information to ensure its integrity, confidentiality, and authenticity. It does not
support the standard of availability.
Source: PELTIER, Thomas R. & HOWARD, Patrick D., The Total CISSP Exam
Prep Book, 2002, CRC Press, Chapter 5: Cryptography (page 59).
4. Which of the following statements is true about data encryption as a method of

protecting data?
Answer: It requires careful key management.
Because keys are at risk of being lost, destroyed of corrupted, careful key
management is always required. Backup copies should be available and easily
accessible should the need arise. If a key to encrypted data is accidentally lost,
this information would be lost forever.
Source: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, McGraw-
Hill/Osborne, 2002, chapter 8: Cryptography (page 557).
Thanks to Christian Vezina for providing details and a reference to this question.
5. Which of the following encryption algorithms does not deal with discrete
logarithms?
Answer: RSA
RSA encryption algorithm is based on the difficulty of factoring the product of

large prime numbers.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide:
Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001,
Chapter 4: Cryptography (page 159).
6. Microsoft and Netscape offer two version of Web browser, export and domestic.
Which of the following differentiates the versions?
Answer: The browser for domestic market uses 128-bit encryption and the
browser for international market uses 40-bit encryption.
Source: Building E-Commerce Infrastructure, White Paper from Verisign, Page 11

section - SSL Strength 40-bit and 128-bit SSL.
Thanks to Jamil Siddique for providing this question.

7. Which of the following encryption methods is unbreakable?
Answer: One-time pads
The only cryptographic method that is unbreakable is a one-time pad. Elliptic

curves are new and have not undergone the same level of peer review as other
methods. Single DES is so weak that the US government has sponsored a search
for an algorithm for a new standard.
Source: RUSSEL, Deborah & GANGEMI, G.T. Sr., Computer Security Basics,
O'Reilly, 1991, pg. 178.
8. In a Public Key Infrastructure (PKI) context, which of the following is a primary

concern with LDAP servers?
Answer: Availability
The primary security concerns relative to LDAP servers are availability and
integrity. For example, denial of service attacks on an LDAP server could prevent
access to the Certificate Revocation List and, thus, permit the use of a revoked
certificate.
9. A message is said to be digitally signed if sent with which of following?
Answer: Message Digest Encrypted with Sender's Private Key
The Message Digest or Hash is computed from original message using one of the
Hashing algorithms like MD-5 and SHA. A message is said to be digitally signed,
if it is sent with Message Digest encrypted with sender's Private Key.
Source: Building E-Commerce Infrastructure, White Paper from Verisign, Page 5
section 5 - Digital Signatures.
Also check out: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide:
Thanks to Jamil Siddique for providing this question and to Brian Kang for
providing an extra reference to this question.
10. What is called a mathematical encryption operations that can not be reversed?
Answer: One-way hash
The one-way hash function performs a mathematical encryption operation on the

password that cannot be reversed.
Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons,
Pages 40-41.
Thanks to Rakesh Sud for providing this question and to Christian Vezina for
improving it.
11. Which of the following is not provided by a public key infrastructure (PKI)?
Answer: Reliability
A Public Key Infrastructure (PKI) provides confidentiality, access control,

integrity, authentication and non-repudiation. It does not provide reliability.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
Available at http://www.cccure.org.
12. Which of the following can best be defined as a key distribution protocol that
uses hybrid encryption to convey session keys that are used to encrypt data in IP
packets?
Answer: Simple Key-management for Internet Protocols (SKIP)
RFC 2828 (Internet Security Glossary) defines SKIP as a key distribution

protocol that uses hybrid encryption to convey session keys that are used to
encrypt data in IP packets. ISAKMP is an Internet IPsec protocol to negotiate,
establish, modify, and delete security associations, and to exchange key
generation and authentication data, independent of the details of any specific key
generation technique, key establishment protocol, encryption algorithm, or
authentication mechanism. IKE is an Internet, IPsec, key-establishment protocol
(partly based on OAKLEY) that is intended for putting in place authenticated
keying material for use with ISAKMP and for other security associations, such as
in AH and ESP.
13. Which of the following statements pertaining to link encryption is false?
Answer: Information stays encrypted from one end of its journey to the other.
When using link encryption, packets have to be decrypted at each hop and
encrypted again. Information staying encrypted from one end of its journey to the
other is a characteristic of end-to-end encryption, not link encryption.
Source: WALLHOFF, John, CBK#5 Cryptography (CISSP Study Guide), April
2002 (page 6). Available at http://www.cccure.org.
14. What level of assurance for a digital certificate verifies a user's name, address,
social security number, and other information against a credit bureau database?
Answer: Level 2
Users can obtain certificates with various levels of assurance. For example, level
1 certificates verify electronic mail addresses. This is done through the use of a
personal information number that a user would supply when asked to register.
This level of certificate may also provide a name as well as an electronic mail
address; however, it may or may not be a genuine name (i.e., it could be an alias).
Level 2 certificates verify a user's name, address, social security number, and
other information against a credit bureau database. Level 3 certificates are
available to companies. This level of certificate provides photo identification to
accompany the other items of information provided by a level 2 certificate. A
level 4 certificate is not defined yet.
Source: TIPTON, Harold F. & KRAUSE, Micki, Information Security
Management Handbook, 4th edition (volume 1), 2000, CRC Press, Chapter 3,
Secured Connections to External Networks (page 54).
15. What encryption algorithm is best suited for communication with handheld
wireless devices?
Answer: ECC
The Elliptic Curve Cryptosystems (ECC) are used as asymmetric algorithms and
can provide signature, key distribution and encryption functionality. The fact that
it uses less resource makes it appropriate for small handheld devices.
Hill/Osborne, 2002, Chapter 8: Cryptography (page 531).
16. "Strong" encryption means which of the following?
Answer: a 128-bit or longer key.
Strong encryption refers to an encryption process that uses at least a 128-bit key.
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, page 100.
Thanks to George Wood for providing this question.
17. Which of the following algorithms does *NOT* provide hashing?
Answer: RC4
Ron's Code 4 (RC4) is an algorithm used for encryption and does not provide
hashing functions.
18. What kind of Encryption technoloy VeriSIGN's SSL utilize?
Answer: Hybrid: Symmetric and asymmetric cryptography
VeriSign's SSL use public-key cryptography to secure session key, while session
key (private key) to secure communication between both parties.
19. Which DES mode of operation is best suited for database encryption?
Answer: Electronic Code Book (ECB) mode
Electronic Code Book (ECB), as opposed to other modes, does not depend on the
results of a previous operation. ECB mode works with blocks of data
independently, thus data within the file does not have to be encrypted in a certain
order, making it appropriate for encrypting databases containing different pieces
of data accessed in random order. Choice B (CRC) is not a DES mode.
20. Which of the following would best define a digital envelope?
Answer: A message that is encrypted with a secret key and accompanied with that
key, encrypted with a public key.
A digital envelope for a recipient is a combination of encrypted data and its

encryption key in an encrypted form that has been prepared for use of the
recipient. It consists of a hybrid encryption scheme in sealing a message, by
encrypting the data and sending both it and a protected form of the key to the
intended recipient, so that one else can open the message. In PKCS #7, it means
first encrypting the data using a symmetric encryption algorithm and a secret key,
and then encrypting the secret key using an asymmetric encryption algorithm and
the public key of the intended recipient.
21. Which is NOT a suitable method for distributing certificate revocation

information?
Answer: CA revocation mailing list
Reference: RFC 2459: Internet X.509 Public Key Infrastructure Certificate and
CRL Profile.
question.
22. Which of the following would best describe a Concealment cipher?
Answer: Every X number of words within a text, is a part of the real message.
When using concealment cipher is used, every X number of words within a text,
is a part of the real message. A transposition cipher uses permutations. A
substitution cipher replaces bits, characters, or blocks of characters with different
bits, characters or blocks. Steganography refers to hiding the very existence of the
message.
23. What is the main problem of the renewal of a root CA certificate?
Answer: The authentic distribution of the new root CA certificate to all PKI
participants
The main task here is the authentic distribution of the new root CA certificate as
new trust anchor to all the PKI participants (e.g. the users). In some of the
rollover-scenarios there is no automatic way, often explicite assignment of trust
from each user is needed, which could be very costly. Other methods make use
the old root CA certificate for automatic trust establishment (see PKIX-reference),
but these solutions works only well for scenarios with currently valid root CA
certificates (and not for emergency cases e.g. compromitation of the current root
CA certificate). The rollover of the root CA certificate is a specific and delicate
problem and therefore are often ignored during PKI deployment.
Reference: Camphausen, I.; Petersen, H.; Stark, C.: Konzepte zum Root CA
Zertifikatswechsel, conference Enterprise Security 2002, March 26-27, 2002,
Paderborn; RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and
CRL Profile.
question.
24. Which of the following is NOT true of SSL?
Answer: By convention it uses 's-http://' instead of 'http://'.

Web pages that use SSL use 'https://' instead of 'http://'.
Documents that use Secure-http start with s-http://.
25. Virus scanning and content filtering of encrypted e-mail is:
Answer: is possible with several key management methods
Content security measures presumes that the content is available in cleartext on

the central mail server. Encrpted mails have to be decrypted before it can be
filtered (e.g. on viruses), so You need the decryption key on the central "crypto
mail server". There are several ways for such key management, e.g. by message
or key recovery methods.
question.
26. What is called the substitution cipher that shifts the alphabet by 13 places?
Answer: ROT13 cipher
The Cesar cipher is a simple substitution cipher that involves shifting the alphabet
three positions to the right. ROT13 is a substitution cipher that shifts the alphabet
by 13 places. Polyalphabetic cipher refers to using multiple alphabets at a time.
Transposition cipher is a different type of cipher.
27. Which of the following statements pertaining to block ciphers is incorrect?
Answer: Plain text is encrypted with a public key and decrypted with a private
key.
Block ciphers do not use public cryptography (private and public keys). Block
ciphers is a type of symmetric-key encryption algorithm that transforms a fixed-
size block of plaintext (unencrypted text) data into a block of ciphertext
(encrypted text) data of the same length. They are appropriate for software
implementations and can be operated as stream.
Source: DUPUIS, Clément, CISSP Open Study Guide on domain 5,
cryptography, April 1999. Available at http://www.cccure.org.
28. Which of the following is not a known type of Message Authentication Code
(MAC)?
Answer: Signature-based MAC
A Message Authentication Code (MAC) is an authentication checksum derived by

applying an authentication scheme, together with a secret key, to a message.
Unlike digital signatures, MACs are computed and verified with the same key, so
that they can only be verified by the intended recipient. There are four types of
MACs: (1) unconditionally secure, (2) hash function based, (3) stream cipher-
based and (4) block cipher-based.
Source: DUPUIS, Clément, CISSP Open Study Guide on domain 5,
cryptography, April 1999. Available at http://www.cccure.org.
29. In a SSL session between a client and a server, who is responsible for generating
the master secret that will be used as a seed to generate the symmetric keys that
will be used during the session?
Answer: The client's browser
Once the merchant server has been authenticated by the browser client, the
browser generates a master secret that is to be shared only between the server and
client. This secret serves as a seed to generate the session (private) keys. The
master secret is then encrypted with the merchant's public key and sent to the
server. The fact that the master secret is generated by the client's browser provides
the client assurance that the server is not reusing keys that would have been used
in a previous session with another client.
Source: ANDRESS, Mandy, Exam Cram CISSP, Coriolis, 2001, Chapter 6:
Cryptography (page 112).
30. FIPS-140 is a standard for the security of which of the following?
Answer: Hardware and software cryptographic modules

Reference: FIPS PUB 140-1 Security Requirements for Cryptographic Modules.
question.
31. Windows 98 includes the ability to check the digitally signed hardware drivers.
Which of the following are true?
Answer: Drivers are the only files supplied with W98 that can be checked for
digital signatures and all drivers included with W98 have been digitally signed
Explanation: Reference: MOC 955 Module 3 "Configuring the Windows 98

Environment" about page 78 All drivers included with Windows 98 are digitally
signed to indicate that they have been tested by the Windows Hardware Quality
Labs. It is used to determine whether or not a driver you are installing may be a
future source of errors. It is disabled for the end user. Web site
www.brainbuzz.com
32. Which of the following is best defined as a cryptographic key that is used to
encipher application data?
Answer: Data encryption key
A data encryption key is a cryptographic key that is used to encipher application

data. A key-encrypting key is a cryptographic key that is used to encrypt other
keys and is not usually used for encrypting application data. A cryptographic
token is a portable, user-controlled, physical device used to store cryptographic
information and possibly perform cryptographic functions.
33. What are two types of ciphers?
Answer: Transposition and Substitution
Transposition (a.k.a permutation) ciphers rearrange the contents of the plaintext to

create the ciphertext. Substitution ciphers replace the contents of the plaintext
with other values to create the ciphertext.
O'Reilly, 1991, pg. 172.
34. A X.509 public key certificate with the key usage attribute "non repudiation" can
be used for which of the following?
Answer: verifying signed messages
References: RFC 2459 : Internet X.509 Public Key Infrastructure Certificate and
CRL Profile; GUTMANN, P., X.509 style guide.
question.
35. Which of the following layers is not used by the Rijndael algorithm?
Answer: Transposition layer
The Rijndael algorithm was chosen by NIST as a replacement standard for DES.
It is a block cipher with a variable block length and key length. It employs a
round transformation that is comprised of three layers of distinct and invertible
transformations: The non-linear layer, the linear mixing layer and the key addition
layer. It is suited for high speed chips with no area restrictions or a compact co-
processor on a smart card.
36. Which of the following is more suitable for a hardware implementation?
Answer: Stream ciphers
A stream cipher treats the message as a stream of bits or bytes and performs
mathematical functions on them individually. The key is a random value input
into the stream cipher, which it uses to ensure the randomness of the keystream
data. They are more suitable for hardware implementations, because they encrypt
and decrypt one bit at a time. They are intensive because each bit must be
manipulated, which works better at the silicon level. Block ciphers operate a the
block level, dividing the message into blocks of bits. Cipher Block chaining
(CBC) and Electronic Code Book (ECB) are operation modes of DES, a block
encryption algorithm.
37. Which protocol makes use of an electronic wallet on a customer's PC and sends
encrypted credit card information to merchant's Web server, which digitally signs
it and sends it on to its processing bank?
Answer: SET
The Secure Electronic Transaction (SET) protocol was introduced by Visa and
Mastercard to allow for more credit card transaction possibilities. It is comprised
of three different pieces of software, running on the customer's PC (an electronic
wallet), on the merchant's Web server and on the payment server of the merchant's
bank. The credit card information is sent by the customer to the merchant's Web
server, but it does not open it and instead digitally signs it and sends it to its
bank's payment server for processing.
Reference: SET Specification.
38. In the mid-1970's, what encryption method was chosen as a national standard to
be incorporated into software-based encryption products?
Answer: No standard was chosen.
There is no standard. The NSA chose DES as a national standard for hardware-
based encryption, but no corresponding method was chosen as a standard for
software-based encryption.
O'Reilly, 1991, pg. 182.
39. Public Key algorithms are:
Answer: 1,000 to 10,000 times slower than secret key algorithms

The CISSP Prep Guide states, "Because there are more calculations associated
with public key cryptography, it is 1,000 to 10,000 times slower than secret key
cryptography."
page 156.
Thanks to Mark Radulovich for providing this question.
40. Which of the following cryptographic attacks describes when the attacker has a
copy of the plaintext corresponding to the ciphertext?
Answer: known plaintext
Mastering the Ten Domains of Computer Security, page 163.
Thanks to Eric Yandell for providing this question.
41. Which of the following is best provided by symmetric cryptography?
Answer: Confidentiality
When using symmetric cryptography, both parties will be using the same key for
encryption and decryption. Symmetric cryptography is generally fast and can be
hard to break, but it offers limited overall security in the fact that it can only
provide confidentiality.
42. Which of the following is true about link encryption?
Answer: This mode does not provide protection if the nodes along the
transmission path can be compromised.

In link encryption, each entity has keys in common with its two neighboring
nodes in the transmission chain. Thus, a node receives the encrypted message
from its predecessor, decrypts it, and then re-encrypts it with a new key, common
to the successor node. Obviously, this mode does not provide protection if the
nodes along the transmission path can be compromised.
Hill/Osborne, 2002, chapter 8: Cryptography (page 560 to 562).
And: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering
the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 4:
Cryptography (page 132).
Thanks to Christian Vezina for providing this question and to Don Murdoch for
providing an extra reference.
43. What is NOT true with pre shared key authentication within IKE / IPsec protocol?
Answer: needs a PKI to work
Reference: DORASWAMY, Naganand & HARKINS, Dan, Ipsec: The New

Security Standard for the Internet, Intranets, and Virtual Private Networks, 1999,
Prentice Hall PTR.
question.
44. Which of the following offers confidentiality to an e-mail message?
Answer: The sender encrypting it with the receiver's public key.
An e-mail message's confidentiality is protected when encrypted with the

receiver's public key, because he is the only one able to decrypt the message. The
sender is not supposed to have the receiver's private key. By encrypting a message
with its private key, anybody possessing the corresponding public key would be
able to read the message. By encrypting the message with its public key, not even
the receiver would be able to read the message.
45. Which of the following protects Kerberos against replay attacks?

Answer: Time stamps
A replay attack refers to the recording and retransmission of packets on the

network. Kerberos uses time stamps, which protect against this type of attack.
46. What is the role of IKE within the IPsec protocol?
Answer: peer authentication and key exchange
Reference: RFC 2409: The Internet Key Exchange (IKE); DORASWAMY,

Naganand & HARKINS, Dan, Ipsec: The New Security Standard for the Internet,
Intranets, and Virtual Private Networks, 1999, Prentice Hall PTR; SMITH,
Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.
question.
47. How many rounds are used by DES?
Answer: 16
DES is a block encryption algorithm using 56-bit keys and 64-bit blocks that are
divided in half and each character is encrypted one at a time. The characters are
put through 16 rounds of transposition and substitution functions. Triple DES uses
48 rounds.
48. Which of the following can best be defined as a cryptanalysis technique in which
the analyst tries to determine the key from knowledge of some plaintext-
ciphertext pairs?
Answer: A known-plaintext attack

RFC2828 (Internet Security Glossary) defines a known-plaintext attack as a

cryptanalysis technique in which the analyst tries to determine the key from
knowledge of some plaintext-ciphertext pairs (although the analyst may also have
other clues, such as the knowing the cryptographic algorithm). A chosen-
ciphertext attack is defined as a cryptanalysis technique in which the analyst tries
to determine the key from knowledge of plaintext that corresponds to ciphertext
selected (i.e., dictated) by the analyst. A chosen-plaintext attack is a cryptanalysis
technique in which the analyst tries to determine the key from knowledge of
ciphertext that corresponds to plaintext selected (i.e., dictated) by the analyst. The
other choice is a distracter.
49. What does the directive of the European Union on Electronic Signatures deal
with?
Answer: Non repudiation
Reference: FORD, Warwick & BAUM, Michael S., Secure Electronic Commerce:
Building the Infrastructure for Digital Signatures and Encryption (2nd Edition),
2000, Prentice Hall PTR, Page 589; Directive 1999/93/EC of 13 December 1999
on a Community framework for electronic signatures.
question.
50. What is the primary role of smartcards in a PKI?
Answer: Tamperproof, mobile storage and application of private keys of the users
Reference: HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001,

McGraw-Hill/Osborne, page 139; SNYDER, J., What is a SMART CARD?.
question.
You scored 0 out of 50 (0 %).

Thanks! for using the CISSP OSG test facility
Submit your own questions to improve the test!
Questions and comments can be sent to: cvezina@noos.fr

CISSP 5 Cryptography

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

CISSP 5 Cryptography

Загружено:

Авторское право:

Доступные форматы

Let's see how well you did on this test ...

1. What is a valid PKCS-standard?

Answer: PKCS#1 for RSA encryption

Sorry - you had a wrong answer, please review details below.

Reference: RSA Laboratories, Public-Key Cryptography Standards - Homepage.

2. Which of the following is not an example of a block cipher?

Sorry - you had a wrong answer, please review details below.

RC4 is a proprietary, variable-key-length stream cipher invented by Ron Rivest

Thanks to Christian Vezina for providing this question.

3. Cryptography does not concern itself with:

Sorry - you had a wrong answer, please review details below.

Cryptography addresses the principles, means and methods of disguising

4. Which of the following statements is true about data encryption as a method of

Answer: It requires careful key management.

Sorry - you had a wrong answer, please review details below.

Sorry - you had a wrong answer, please review details below.

RSA encryption algorithm is based on the difficulty of factoring the product of

Thanks to Christian Vezina for providing this question.

Sorry - you had a wrong answer, please review details below.

Source: Building E-Commerce Infrastructure, White Paper from Verisign, Page 11

Thanks to Jamil Siddique for providing this question.

Answer: One-time pads

Sorry - you had a wrong answer, please review details below.

The only cryptographic method that is unbreakable is a one-time pad. Elliptic

8. In a Public Key Infrastructure (PKI) context, which of the following is a primary

Sorry - you had a wrong answer, please review details below.

Thanks to Christian Vezina for providing this question.

9. A message is said to be digitally signed if sent with which of following?

Answer: Message Digest Encrypted with Sender's Private Key

Sorry - you had a wrong answer, please review details below.

Answer: One-way hash

Sorry - you had a wrong answer, please review details below.

The one-way hash function performs a mathematical encryption operation on the

Sorry - you had a wrong answer, please review details below.

A Public Key Infrastructure (PKI) provides confidentiality, access control,

Thanks to Christian Vezina for providing this question.

Answer: Simple Key-management for Internet Protocols (SKIP)

Sorry - you had a wrong answer, please review details below.

RFC 2828 (Internet Security Glossary) defines SKIP as a key distribution

Thanks to Christian Vezina for providing this question.

13. Which of the following statements pertaining to link encryption is false?

Sorry - you had a wrong answer, please review details below.

Thanks to Christian Vezina for providing this question.

Sorry - you had a wrong answer, please review details below.

Thanks to Christian Vezina for providing this question.

Sorry - you had a wrong answer, please review details below.

Thanks to Christian Vezina for providing this question.

16. "Strong" encryption means which of the following?

Answer: a 128-bit or longer key.

Sorry - you had a wrong answer, please review details below.

Thanks to George Wood for providing this question.

17. Which of the following algorithms does *NOT* provide hashing?

Sorry - you had a wrong answer, please review details below.

Thanks to Christian Vezina for providing this question.

18. What kind of Encryption technoloy VeriSIGN's SSL utilize?

Answer: Hybrid: Symmetric and asymmetric cryptography

Sorry - you had a wrong answer, please review details below.

Sorry - you had a wrong answer, please review details below.

Thanks to Christian Vezina for providing this question.

20. Which of the following would best define a digital envelope?

Sorry - you had a wrong answer, please review details below.

A digital envelope for a recipient is a combination of encrypted data and its

Thanks to Christian Vezina for providing this question.

21. Which is NOT a suitable method for distributing certificate revocation

17. Which of the following algorithms does NOT provide hashing?