Day 7: Introduction to Cryptography
From Proprofs
You are here: Home > Schools > Comptia > Security+ Certification > Wiki Home > Study Guide
|
|
|
Introduction to Cryptography
In this Security+ study guide you will notice that we like to jump around from topic to topic. This is intentional! We want you to keep different topics fresh in your mind as some topics in the exam are particularly boring. In this lesson, we will learn about the basics of cryptography, including common terminology, function, and applications. In later lessons, we will take a look at the more technical aspects of cryptography.
What is Cryptography?
Cryptography is the science of hiding the meaning of a message. Even children are familiar with the concept of cryptography as they learn to speak to each other in “code languages” that adults cannot understand. Rap stars employ lyrics that have alternate and more explicit meanings. The British in World War II were able to crack the Enigma Machine, Nazi Germany’s method of ciphering critical data.
For the purposes of the Security+ exam, however, we will usually speak of cryptography in terms of IT information security. Computers are often employed in conjunction with cryptographic services and protocols as many of these require complex calculations that only computers can provide in a timely manner.
How Cryptography Works
The basic concept of cryptography is very simple. In a typical cryptographic exchange, information that is meant to be hidden for whatever reason is encrypted, or ciphered into a difficult-to-interpret form. We call this conversion encryption because it involves the change of clear text, or understandable data, into cipher text, or difficult-to-interpret data. The encryption process is one-half of the entire cryptographic exchange.
At the other end of the process is decryption or the conversion of cipher text into clear text. Decryption is not always a part of encryption, however – some algorithms are called “hashes” as they only apply encryption (that is, from clear to cipher text) and have no means of deciphering the information. We will cover more on this later.
Public Key and Private Key Systems
A key is the password of sorts used to encrypt and decrypt data. Sometimes, the same key is used for encryption and decryption. However, some encryption algorithms utilize a different key for encryption and decryption. Similarly, some encryption algorithms use a shared private key between two communicating hosts or entities that wish to securely (and confidentially) communicate. This is known as a private key or symmetric encryption algorithm. Other, more complex, systems require both a public key and a private key to operate. A public key is an encryption key available to any host. We will go into greater detail regarding these public key systems in later lessons but you should know of their existence.
Cryptanalysis and cracking
Cryptanalysis is the act of breaking the cipher or attempting to understand the cipher text. Cracking is often associated with cryptanalysis as cracking a shared key is often essential to cryptanalysis attempts. Not every cipher is decipherable – for example, some encryption algorithms are mathematically unbreakable (they operate on randomness) and other encryption algorithms are hashes that do not provide one-to-one functionality (that is, more than one input can result in the same output, making reverse-encryption or cryptanalysis impossible). However, most cryptographic algorithms can theoretically be cracked but require extraordinary amounts of computational power to do so. For example, RSA can take millennia to crack, hardly the amount of time that a potential attacker or cryptanalyst has available.
Applications and Functions of Cryptography
The Security+ exam will test you on your ability to recognize situations in which cryptography might be employed. The general rule here is that cryptography is employed in settings in which data confidentiality and integrity are desirable. For example, you would not use cryptography when transferring MP3 files (unless those files were highly sensitive for some reason) but you would certainly employ cryptographic methods when transferring health information. In addition to data confidentiality and integrity, cryptography can provide non-repudiation, which is the idea that a sender of information would not be able to repudiate the fact that he or she did send that information or data. Here is a sample laundry list of some well-known functions of cryptography:
• Tunneling protocols and VPN • Email security (PGP et al.) • Secure file transfer (S-FTP) • Secure access to web pages (SSL) • Kerberos Authentication • Certificates • Document security
Final Thoughts
We will continue to explore more on cryptography in the lessons to come. Cryptography is a heavily-tested portion of the Security+ exam; we will cover the subject accordingly. It is important that as you learn the specifics of cryptography protocols you understand the basic terminology that is employed in any discussion of them.
Quick Review
1. Your manger asks you to employ a system in which the sender of a message would not be able to deny that he sent that message. Your manager is asking for: a. Certificate of authenticity b. Non-repudiation c. Authorization d. SSL over HTTP 2. What is the primary difference between asymmetric and symmetric encryption algorithms? a. The use of a public key b. Symmetric algorithms are one-way functions c. The relative strength of the algorithm d. The ability to perform man-in-the-middle attacks 3. Which of the following protocols does not employ cryptography? a. HTTPS b. SSH c. Telnet d. SFTP e. IPSec
Answers
1. The idea that a sender would not be able to deny that he sent the information is called non-repudiation. The answer is B. 2. The primary difference between asymmetric (public key) and symmetric (private key) algorithms is that asymmetric algorithms use both a public and a private key. The answer is A. 3. All of the listed protocols with the exception of Telnet provide some encryption functionality. Telnet transfers all information in clear text. The answer is C.
Top 5 Contributors to this article
|
|||||
