9. Exam Essentials for Cryptography and Symmetric Key Algorithms

Understand the role that confidentiality, integrity, and nonrepudiation play in cryptosystems.

Know how cryptosystems can be used to achieve authentication goals by providing assurances as to the identity of the user. one possible scheme that uses authentication is the challenge-response protocol, in which the remote user is asked to encrypted a message using a key known only to the both of them communicating parties. using either symmetric or asymmetric cryptosystems.

The basic terminology of cryptography.
Plaintext
Ciphertext
etc

Understand the difference between a code and a cipher and explain the basic types of ciphers. Codes are cryptographic systems of symbols that operate on word or phrases and are sometimes secret but don’t always provide confidentiality. ciphers, however are always meant to hide the true meaning of a message. know how the following types of ciphers work;
transposition ciphers, substitution ciphers (include 1 time pads), stream ciphers and block ciphers.

Know the requirements for successful use of a one-time pad.
The key must be randomly generated, at least be as long as the message to be encrypted, must be protected against physical disclosure and must be only one time used then discarded.

The concept of zero knowledge proof.

Understand split knowledge: It ensures that no single person has sufficient privileges to compromise the security of the environment.

Understand work function. (or work factor). It’s a way to measure the strength of a cryptography system by measuring the effort in terms of cost and/or time to decrypt messages. usually the time and effort required to perform a complete brute-force attack against an encryption system is what a work function rating represents.

The importance of key security: The cryptographic keys provide the necessary elements of secrecy to a cryptosystem. modern cryptosystems utilize keys that are at least 128 bits long to provide adequate security.It’s generally agreed that the 56-bit key of the des is no longer sufficiently long enough to provide security.

Know the difference between symmetric and asymmetric cryptosystems.
Symmetric key cryptosystems are fast, rely on a shared secret key but lack support for scalability, easy key distribution, and nonrepudiation. Asymmetric cryptosystems use public-private key pairs for communication between parties but operate much more slowly than symmetric algorithms.

Be able to explain basic operational modes of DES and 3DES.
ECB: Electronic Code Book
CBC: Cipher Block Chaining
CFB: Cipher Feedback Mode,
OFB: Output Feedback Mode (least secure)

3DES uses three iterations of DES with two or three different keys to increase the effective key strength to 112 or 168 bits, respectively.

AES is the Advanced Encryption Standard and is the US government standard for the secure exchange of sensitive but unclassified data. AES uses key lengths of 128, 192, and 256 bits and a fixed block size of 128 bits to achieve a much higher level of security than that provided by the older DES algorithm.

This entry was posted in CISSP-Study and tagged , , . Bookmark the permalink.