Test Tips

Previous page
Table of content
Next page

  < Free Open Study > 


Here are the Test Tips for the basics of cryptography chapter. Read them at least twice. A good understanding of algorithms, keys, DSes, CAs, and certificates is necessary for certification success. Furthermore, it’s likely that you’ll be asked some form of the question, “Which keys do what?,” regarding the transfer of encrypted messages. You might also be asked about the key size used by a particular algorithm or how many rounds an algorithm goes through.

Here you go:

  • Private-key (or symmetric) encryption uses a single, secret key. The biggest problem with symmetric encryption is that both parties must possess the secret key before encryption can ensue. Symmetric encryption is faster than asymmetric.

  • Public-key (or asymmetric) uses a combination of a public key and a private key. Asymmetric encryption requires larger keys than symmetric in order to provide the same level of strength.

  • An algorithm provides a blueprint for encryption methods. Know the difference between symmetric and asymmetric algorithms.

  • The more rounds the algorithm goes through, the more encrypted the data gets.

  • A 128-bit symmetric key = strong encryption.

  • The Rijndael symmetric algorithm was selected as the Advanced Encryption Standard (AES), replacing DES.

  • The RSA asymmetric algorithm bases its strength on the difficulty of factoring prime numbers out of very large sums.

  • Hash algorithms create a fingerprint or message digest. They are only used for comparative functions. The data that produces a hash cannot be recovered from the hash.

  • SHA-1 is the U.S. government standard hash algorithm.

  • If you encrypt data for a secure e-mail, the recipient’s public key is used for encryption. When the recipient decrypts the message, only their private key is required. Read this carefully. If you encrypt and sign data for a secure e-mail, signing it requires the use of your private key and encrypting it requires the use of the recipient’s public key. When the recipient decrypts the message, they use their private key but to verify the signature, they need your public key. There is a difference between just encrypting a message and both encrypting and signing one. Know the difference; you will probably be asked about it.

  • Confidentiality is the process of keeping data hidden from unauthorized persons. Confidential = secret. Encryption provides confidentiality.

  • Guarding the integrity of data means keeping it from being altered while in transit or while being stored. Integrity = unaltered. MD5 fingerprints ensure integrity.

  • When we provide non-repudiation, we are ensuring that people can’t back out of electronic dealings. Digital Signatures provide non-repudiation.

  • Digital Signatures (DSes) make use of encryption algorithms and hash algorithms to provide data integrity and non-repudiation. DS is the electronic equivalent to the handwritten signature.

  • At the heart of a public key infrastructure is the Certification Authority (CA). The CA is a trusted third party that centralizes the issuance, management, renewal, and revocation of digital certificates.

  • Certificates follow a standard called X.509 and include a public key, the DS of the CA, and information that pertains to the entity that the certificate was issued to. There are server and personal certificates.

  • SSL servers must have a digital certificate installed that proves the organization’s identity.

  • The certification practice statement (CPS) is documentation that summarizes a CA’s intentions regarding certificate usage.

  • A certificate policy (CP) is a collection of rules that states how an individual certificate pertains to a particular function. CPs protect both certificate users and issuers.

  • Certificates have expiration dates but can be revoked or suspended before their time is up.

  • The Certificate Revocation List (CRL) is the most widely used method for certificate status lookup. Online Certificate Status Protocol (OCSP) is another method.

  • In a hierarchical trust model, the CA makes the decisions about who to trust. CAs can cross-certify each other with this model. Understand the potential dangers associated with cross-certification.

  • In a Web-of-Trust trust model, the users decide whom to trust.

  • The elements of key management include the creation, storage, protection, distribution, status checking, escrow, revocation, suspension, renewal, and destruction of keys and the certificates that contain them.

  • In m of n key recovery, the idea is that m out of a total of n individuals must decide collectively that key recovery is necessary.

  • Keys are destroyed by zeroization, or writing them over with zeros.


  < Free Open Study > 


Previous page
Table of content
Next page
The Security+ Exam Guide. TestTaker's Guide Series
Security + Exam Guide (Charles River Media Networking/Security)
ISBN: 1584502517
EAN: 2147483647
Year: 2003
Pages: 136
Authors: Christopher A. Crayton
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Absolute Beginner[ap]s Guide to Project Management
CISSP Exam Cram 2
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
The Java Tutorial: A Short Course on the Basics, 4th Edition
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy