Create New Article

Wiki Search

# Introduction to Cryptography

Introduction to Cryptography

You are here: Home > Schools > Comptia > Security+ Certification > Wiki Home > Study Guide

 Security+ Study Guide

## [edit section] Introduction to Cryptography

In this Security+ study guide you will notice that we like to jump around from topic to topic. This is intentional! We want you to keep different topics fresh in your mind as some topics in the exam are particularly boring. In this lesson, we will learn about the basics of cryptography, including common terminology, function, and applications. In later lessons, we will take a look at the more technical aspects of cryptography.

## [edit section] What is Cryptography?

Cryptography is the science of hiding the meaning of a message. Even children are familiar with the concept of cryptography as they learn to speak to each other in “code languages” that adults cannot understand. Rap stars employ lyrics that have alternate and more explicit meanings. The British in World War II were able to crack the Enigma Machine, Nazi Germany’s method of ciphering critical data.

For the purposes of the Security+ exam, however, we will usually speak of cryptography in terms of IT information security. Computers are often employed in conjunction with cryptographic services and protocols as many of these require complex calculations that only computers can provide in a timely manner.

AES, one of many cryptographic algorithms

## [edit section] How Cryptography Works

The basic concept of cryptography is very simple. In a typical cryptographic exchange, information that is meant to be hidden for whatever reason is encrypted, or ciphered into a difficult-to-interpret form. We call this conversion encryption because it involves the change of clear text, or understandable data, into cipher text, or difficult-to-interpret data. The encryption process is one-half of the entire cryptographic exchange.

At the other end of the process is decryption, or the conversion of cipher text into clear text. Decryption is not always a part of encryption, however – some algorithms are called “hashes” as they only apply encryption (that is, from clear to cipher text) and have no means of deciphering the information. We will cover more on this later.

## [edit section] Public Key and Private Key Systems

A key is the password of sorts used to encrypt and decrypt data.

When an encryption key is made available to any host, it's known as a public key. In contrast, a private key is confidentially shared between two hosts or entities.

A symmetric encryption algorithm uses the same key for encryption and decryption. When a different key is used for encryption and decryption this is known as asymmetric encryption.

More complex systems require both a public key and a private key to operate. We will go into greater detail regarding these public key systems in later lessons but you should know of their existence.

## [edit section] Cryptanalysis and cracking

Cryptanalysis is the act of breaking the cipher or attempting to understand the cipher text. Cracking is often associated with cryptanalysis as cracking a shared key is often essential to cryptanalysis attempts. Not every cipher is decipherable – for example, some encryption algorithms are mathematically unbreakable (they operate on randomness) and other encryption algorithms are hashes that do not provide one-to-one functionality (that is, more than one input can result in the same output, making reverse-encryption or cryptanalysis impossible). However, most cryptographic algorithms can theoretically be cracked but require extraordinary amounts of computational power to do so. For example, RSA can take millennia to crack, hardly the amount of time that a potential attacker or cryptanalyst has available.

## [edit section] Applications and Functions of Cryptography

The Security+ exam will test you on your ability to recognize situations in which cryptography might be employed. The general rule here is that cryptography is employed in settings in which data confidentiality and integrity are desirable. For example, you would not use cryptography when transferring MP3 files (unless those files were highly sensitive for some reason) but you would certainly employ cryptographic methods when transferring health information. In addition to data confidentiality and integrity, cryptography can provide non-repudiation, which is the idea that a sender of information would not be able to refute the fact that he or she did send that information or data. Here is a sample laundry list of some well-known functions of cryptography:

• Tunneling protocols and VPN
• Email security (PGP et al.)
• Secure file transfer (S-FTP)
• Secure access to web pages (SSL)
• Kerberos Authentication
• Certificates
• Document security

## [edit section] Final Thoughts

We will continue to explore more on cryptography in the lessons to come. Cryptography is a heavily-tested portion of the Security+ exam; we will cover the subject accordingly. It is important that as you learn the specifics of cryptography protocols you understand the basic terminology that is employed in any discussion of them.

## [edit section] Quick Review

1. Your manger asks you to employ a system in which the sender of a message would not be able to deny that he sent that message. Your manager is asking for:

a. Certificate of authenticity

b. Non-repudiation

c. Authorization

d. SSL over HTTP

2. What is the primary difference between asymmetric and symmetric encryption algorithms?

a. The use of a public key

b. Symmetric algorithms are one-way functions

c. The relative strength of the algorithm

d. The ability to perform man-in-the-middle attacks

3. Which of the following protocols does not employ cryptography?

a. HTTPS

b. SSH

c. Telnet

d. SFTP

e. IPSec

## [edit section] Answers

1. The idea that a sender would not be able to deny that he sent the information is called non-repudiation. The answer is B.

2. The primary difference between asymmetric (public key) and symmetric (private key) algorithms is that asymmetric algorithms use both a public and a private key. The answer is A.

3. All of the listed protocols with the exception of Telnet provide some encryption functionality. Telnet transfers all information in clear text. The answer is C.

## Top 5 Contributors to this article

UsersArticle Contributions
Proprofs 5 contribs
Ps6155 3 contribs
Jmuldoon 2 contribs
Jbrown 1 contribs

Home  |  Site Map  |  Contact
Copyright © 2005-2014 ProProfs.com - Privacy & Terms