Cryptography is an important topic related to IT security, especially if you’re studying for Security+, or even other security certifications such as the SSCP. While the basics are straight forward, there is a lot of depth within the concepts. For example, it should be very clear that encryption enforces confidentiality, and hashing enforces integrity. However, how this works behind the scenes has a lot of depth. If you’re preparing for Security+, you should know these concepts:
Encryption enforces confidentiality and prevents unauthorized disclosure.
- Encryption techniques encrypt plain text data and create cipher text data that can’t be read unless it can be decrypted.
- Common encryption techniques include both symmetric and asymmetric encryption.
- Symmetric encryption uses a single key for both encryption and decryption.
- Asymmetric encryption uses two keys (public and private keys) for encryption and decryption.
Pass the First Time
CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide
Hashing enforces integrity and ensures data is not modified.
- Hashing algorithms provide message digests or hashes (or more simply, a number) when executed against a file or message.
- A hash will always be the same as long as the data is the same.
- The hash is created at two times and as long as the hash is the same both times, the original data is the same (and has not lost integrity)
HTTPS uses SSL to encrypt traffic using both symmetric and asymmetric encryption.
- SSL uses asymmetric encryption to privately share a session key
- SSL uses symmetric encryption to encrypt session data
Digital signatures provide authentication, integrity, and non-repudiation
- A digital signature starts by hashing a message
- The hash is encrypted with the sender’s private key
- The encrypted hash is sent with the message
- If the recipient can decrypt the hash with the sender’s public key, it verifies the sender
Master Security+ Performance Based Questions Video
If these topics are clear to you and make sense, you’re probably well prepared for the many the deeper cryptography questions in the Security+ exam. However, if they’re still a little fuzzy, you may want to dig a little deeper. If you want to dig in a little deeper, check out these videos on YouTube. I created them to help readers understand these topics, and many instructors around the country are using them in the classroom when teaching Security+ topics to their students.
Encryption (6 minutes)
Hashing (6 minutes)
HTTPS and SSL (5 minutes)
Digital Signatures (5 minutes)
Hi,
In your book, the answer to the assessment Q93 is CRL (option A), but in the answers, option C is provided but with CRL in the explanation. Guess this was a typo.
Thanks
Yes. It seems like no matter how hard we try to ensure the books don’t have any errors, some always creep in.
This page is the errata sheet for the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
The Kindle version has been updated.
Great primer!
But there is one rather strange thing that has been bugging me. I read somewhere that there are 3 forms or types of encryption Symmetric, Asymmetric and hashing.
That sounds completely wrong in my mind as one of the features of encryption is that given the right key you should be able to reverse the encryption process and convert the cipher-text to plain-text. Hashing is by definition a one-way function that cannot be reversed! So how is hashing a type of encryption? Even hackers (from my knowledge) do reverse hashes, they usually brute-force or perform dictionary attacks until the hashes match.
So the way i understand this, hashing is NOT encryption, but it is often used in cryptography has a way to verify file integrity, message integrity, message authentication (via MAC) and the like.
Am I wrong? Could you please help?
You’re correct that symmetric and asymmetric encryption algorithms support both encryption and decryption. Hashing functions do not support decryption, but hashing is often referred to as an encryption process though this does introduce some of the complexity of cryptography topics.
As you mention, encryption converts plain-text to cipher-text.
Decryption converts cipher-text to plain-text.
Symmetric and asymmetric algorithms support bother encryption and decryption because they can convert both ways.
Hashing converts plain-text to cipher-text which is the definition of encryption. This is one-way and hashing doesn’t support decryption.
From a basic perspective (needed for Security+):
– the purpose of symmetric and asymmetric encryption is to enforce confidentiality.
– the purpose of hashing is to verify integrity.
Thanks very much, its good to get an authoritative view on this matter!