Core Cryptography Concepts
Many Security+ exam questions (and other security certification questions) require you to have a basic understanding of core cryptography concepts.
While these concepts have a lot of depth, the following bullets from the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide summarize the important concepts.
- Integrity provides assurances that data has not been modified. Hashing ensures that data has retained integrity.
- A hash is a number derived from performing a calculation on data, such as a message, patch, or update file.
- Hashing creates a fixed-size string of bits or hexadecimal characters, which cannot be reversed to re-create the original data.
- Common hashing algorithms include MD5 and Secure Hash Algorithm (SHA).
- Confidentiality ensures that data is only viewable by authorized users. Encryption protects the confidentiality of data.
- Encryption scrambles, or ciphers, data to make it unreadable if intercepted. Encryption normally includes an algorithm and a key.
- Symmetric encryption uses the same key to encrypt and decrypt data.
- Asymmetric encryption uses two keys (public and private) created as a matched pair.
- Anything encrypted with the public key can only be decrypted with the matching private key.
- Anything encrypted with the private key can only be decrypted with the matching public key.
- Stream ciphers encrypt data one bit at a time. Block ciphers encrypt data in blocks.
- Steganography provides a level of confidentiality by hiding data within other files. For example, it’s possible to embed data within the white space of a picture file.
- Authentication validates an identity.
- Non-repudiation prevents a party from denying an action.
- Digital signatures provide authentication, non-repudiation, and integrity.
- Users sign emails with a digital signature, which is a hash of an email message encrypted with the sender’s private key.
- Only the sender’s public key can decrypt the hash, providing verification it was encrypted with the sender’s private key.
If you understand these concepts, you’ll find that they go a long way in helping you to correctly interpret Security+ questions.
If you’re looking to improve your understanding of the CompTIA Security+ concepts, check out the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.