Cryptography is an important topic related to IT security, especially if you’re studying for Security+, or even other security certifications such as the SSCP. While the basics are straight forward, there is a lot of depth within the concepts. For example, it should be very clear that encryption enforces confidentiality, and hashing enforces integrity. However, how this works behind the scenes has a lot of depth. If you’re preparing for Security+, you should know these concepts:
Encryption enforces confidentiality and prevents unauthorized disclosure.
- Encryption techniques encrypt plain text data and create cipher text data that can’t be read unless it can be decrypted.
- Common encryption techniques include both symmetric and asymmetric encryption.
- Symmetric encryption uses a single key for both encryption and decryption.
- Asymmetric encryption uses two keys (public and private keys) for encryption and decryption.
Pass the First Time
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Hashing enforces integrity and ensures data is not modified.
- Hashing algorithms provide message digests or hashes (or more simply, a number) when executed against a file or message.
- A hash will always be the same as long as the data is the same.
- The hash is created at two times and as long as the hash is the same both times, the original data is the same (and has not lost integrity)
HTTPS uses SSL to encrypt traffic using both symmetric and asymmetric encryption.
- SSL uses asymmetric encryption to privately share a session key
- SSL uses symmetric encryption to encrypt session data
Digital signatures provide authentication, integrity, and non-repudiation
- A digital signature starts by hashing a message
- The hash is encrypted with the sender’s private key
- The encrypted hash is sent with the message
- If the recipient can decrypt the hash with the sender’s public key, it verifies the sender
Master Security+ Performance Based Questions Video
If these topics are clear to you and make sense, you’re probably well prepared for the many the deeper cryptography questions in the Security+ exam. However, if they’re still a little fuzzy, you may want to dig a little deeper. If you want to dig in a little deeper, check out these videos on YouTube. I created them to help readers understand these topics, and many instructors around the country are using them in the classroom when teaching Security+ topics to their students.
Encryption (6 minutes)
Hashing (6 minutes)
HTTPS and SSL (5 minutes)
Digital Signatures (5 minutes)
Other Security+ Study Resources
- Security+ blogs organized by categories
- Security+ blogs with free practice test questions
- Security+ blogs on new performance-based questions
- Mobile Apps: Apps for mobile devices running iOS or Android
- Audio Files: Learn by listening with over 6 hours of audio on Security+ topics
- Flashcards: 494 Security+ glossary flashcards, 222 Security+ acronyms flashcards and 223 Remember This slides
- Quality Practice Test Questions: Over 300 quality Security+ practice test questions with full explanations
- Full Security+ Study Packages: Quality practice test questions, audio, and Flashcards