Exam Objectives Frequently Asked Questions | SSCP Study Guide and DVD Training System

The following Frequently Asked Questions, answered by the authors of this book, are designed to both measure your understanding of the Exam Objectives presented in this chapter, and to assist you with real-life implementation of these concepts.

Q.		What is "CIA" in reference to cryptography?
A.		CIA stands for Confidentiality, Integrity, and Availability, which are the three major goals of a crypto system.
Q.		What is cryptanalysis?
A.		Cryptanalysis is the study of cryptographic systems and the attempt to recover plaintext without knowledge of the secret key. This is also called "attacking" or "breaking" an algorithm or function.
Q.		What are encipherment and ciphertext?
A.		Encipherment is the process of creating unintelligible data from a plaintext message and a "key," or cryptovariable. The resulting data that is unreadable by persons that do not possess the key is called ciphertext.
Q.		How do public and private key cryptography differ?
A.		In private key cryptography, the endpoints of communication share the same key. For every user wishing to communicate securely with all other users there must be a unique key. In public key cryptography a certificat authority (CA) creates a key pair. One key is kept secret; only the user possesses it. The other key is a public key and is distributed to any other user wishing to communicate. If a message is encrypted with a user's public key, only that user's private key can decrypt it.
Q.		Why are new encryption standards being implemented?
A.		The increase in available computing power and distributed computing available over the Internet has made it feasible to crack keys for algorithms previously thought secure.
Q.		What is key management and why is it important?
A.		Whether dealing with a private or public key system, initializing secure communication requires users to receive keys from the other party. Some means of assurance or verification must exist so that users are certain that the keys they receive are actually from the desired party. Public key systems avoid the need for a separate secure channel for key distribution.