Security+ Domain 5.0: Risk Management: Chapter 26

Chapter 26: Cryptography and PKI

Professor Messer covers a huge amount of this ground. See these search results:

Here’s a good start:

Symmetric and Asymmetric Encryption

In Linux, you can do it at the command line:


Again, in Linux, native utilities give you command-line access to hash functions.


md5sum filename.txt

Salts, IVs, nonces


Digital Signatures

Note the use of Bob and Alice as the example subject names. This is common in crypto lit.

Key Exchange

Alice and Bob are joined by Eve in a smokin’ hot example:



Session Keys


Symmetric Cyphers
Type Block or Stream Key Rounds Details
DES 64 bit block 56 bit 16 Used in the electronic payment industry.
3DES/TDES/3TDES 64 bit block 56 bit 16 x up to 3 different keys TDES is used in commercial data transfers.
AES (Rijndael – “Rhine doll”) 128 bit block 128/192/256 bit 10/12/14 Java, OpenSSL, FIPS (Federal Information Protection Standard 140-2, specifically)
Blowfish (Open Source courtesy of Bruce Schneier) 64 bit block 0 – 2040 0 – 255 SSH
IDEA (International Data Encryption Algorythm) 64 bit block 128 bit 8.5 Patented but free in most cases.
RC5 32/64/128 0 – 2040 0 – 255 OpenSSL
RC6 A submission for AES.
One Time Pad Same length as message; one-time use An alphabet-rotation cypher in which each character is rotated by a different number.
Asymmetric Cyphers: Public Key Cryptography
Type Method Details
Eliptic Curve Two points along an eliptic curve become the public and private keys. Used in OpenSSL, Java, .NET. Resistant to brute-force attacks. Shorter keys are more secure than longer RSA keys.
RSA (Rivest/Shamir/Adleman) Public and private keys are generated through the multiplication of two large prime numbers. Very commonly used in PKI. Vulnerable to brute-force and man-in-the-middle attacks.
Diffie-Hellman IKEA
(Internet Key Exchange Algorythm)
Uses public key cryptography to transfer a shared key for a symmetric cryptography session. Session keys are used once only, but Diffie-Hellman is still vulnerable to man-in-the-middle attacks.
El Gamal Generates public and private keys using cyclic-group mathematics. Used in PGP and GPG.
DSA (Digital Signature Algorythm) Public key digital signing. The federal government standard for signatures. Developed by NIST (National Institute of Standards and Technology).