Before you start to sweat the thought of learning cryptography for the CISSP exam, it's good to know that you won't need to learn the interworkings of these systems; no advanced math degree is required. The exam expects you to know only a basic understanding of the systems and their strengths and weaknesses. Following are some common terms used in this chapter:
When plain text is converted into cipher text, the transformation can be accomplished in basically two ways:
Symmetric and asymmetric cryptography are the two basic types. Symmetric cryptography uses a single shared key. Asymmetric cryptography uses two keys, one public and one private. Both of these concepts are discussed in more detail later in the chapter. At this point, it is important to understand that, for both symmetric and asymmetric cryptography, data is encrypted by using a key. The key is fed into the encryption algorithm to tell the algorithm what mathematical functions, permutation, substitution, or binary math to perform.
The key size goes a long way in determining the strength of the cryptosystem. As an example, imagine that you're contemplating buying a combination lock for your prized baseball card collection. One lock has three digits, while the other has four, as shown in Figure 11.1.
Figure 11.1. Key size and strength.
Maybe you don't think that just a one-digit increase can make much of a difference. Well, for the three-digit lock, there's a total of 1,000 possible combinations, but the four-digit lock has a total of 10,000 possible combinations. As you can see, the more possible keys or combinations there are, the longer it will take an attacker to guess the right key or combination needed to gain access to your most prized collection. Although key size is important, though, it's also important that the key remain secret. You could buy a seven-digit combination lock, but it would do you little good if everyone knew the combination was your phone number.
Depending on how cryptography is used, it can provide three main items to help ensure security:
The CISSP Cram Sheet
A Note from Series Editor Ed Tittel
About the Author
Acknowledgments
We Want to Hear from You!
Introduction
Self-Assessment
The CISSP Certification Exam
Physical Security
Security-Management Practices
Access-Control Systems and Methodology
System Architecture and Models
Telecommunications and Network Security
Applications and Systems-Development Security
Operations Security
Business Continuity Planning
Law, Investigations, and Ethics
Cryptography
Practice Exam 1
Answers to Practice Exam 1
Practice Exam 2
Answers to Practice Exam 2