Exam Objectives Fast Track | SSCP Study Guide and DVD Training System

A good crypto system should rely on the strength of the algorithm(s) used (not their secrecy), be strong based on the size of the key(s) used (larger key sizes should confer greater resistance to cryptanalysis), and be equally efficient for all keys in a given key space.
Cryptography conceals information, ensures the privacy of information, and can guarantee the integrity of information.
Public key cryptography and digital certificates permit the authentication and verification of a sender.
Non-repudiation is also possible with signed messages; a sender cannot deny sending a particular message at a particular time, or deny the validity of the content.

Examples of symmetric encryption algorithms include DES, DESX, 3DES, AES, SkipJack, and IDEA.
Examples of asymmetric encryption algorithms include RSA, DSA, and the Diffie-Hellman algorithm.
Examples of hash functions include MD2, MD4, MD5, HAVAL, and SHA-1.

Ciphers fall into three main categories: stream ciphers, block ciphers, and hashing or digest functions.
Modern cryptographic methods can use either symmetric or private keys, or use asymmetric or public and private keys.
Stream ciphers are symmetric algorithms that operate on plaintext bit-by-bit.
Hash and digest functions are one-way operations. They create a fixed-size cipher from an arbitrary plaintext input.
Block ciphers operate on data in fixed-size chunks. Often the encrypted output of one block is involved in the processing of subsequent blocks. The various processes of block manipulation are called modes.
Block cipher modes include CBC, CFB, ECB, and OFB.

PKI systems are useful for secure communication and commerce across untrusted networks.
Asymmetric cryptography techniques are used to create digital certificates, most often based on the X.509 standard.
Certificates are issued that bind the identity of a user or entity to a key pair.
A CA is a repository that generates certificates, revokes them, and distributes them.
An Organizational Registration Authority (ORA) works to authenticate and validate users.
Repositories archive all existing certificates in the system and contain CRLs.
Certificate holders are users of the system and can sign documents and verify their identity with their certificates.
Clients of the system validate signatures using the public key issued by a CA.

A search of all keys possible for a particular key size to find a match is a brute force attack.
If an attacker intercepts messages and can pose as either sender or recipient without either being aware this is called the MITM attack.
Opportunity to view corresponding plaintext and ciphertext, or to test particular plaintext is called a known-plaintext attack.
Even the most secure system is vulnerable if the secrecy of the keys is not protected by physical and logical access controls.