Security+ Domain 5.0: Risk Management: Chapter 26

  1. Security+ Certification
  2. Security+: Definitions and Catchwords
  3. Security+ Domain 1.0: Threats, Attacks and Vulnerabilities
  4. Security+ Domain 2.0: Technologies and Tools, Chapter 6
  5. Security+ Domain 2.0: Technologies and Tools, Chapter 7
  6. Security+ Domain 2.0: Technologies and Tools, Chapter 8
  7. Security+ Domain 2.0: Technologies and Tools, Chapter 9
  8. Security+ Domain 2.0: Technologies and Tools, Chapter 10
  9. Security+ Domain 3.0: Architecture and Design: Chapter 11
  10. Security+ Domain 3.0: Secure Systems Design and Deployment: Chapter 12
  11. Security+ Domain 3.0: Secure Systems Design and Deployment: Chapter 12 cont’d
  12. Security+ Domain 3.0: Architecture and Design: Chapter 13: Embedded Systems
  13. Security+ Domain 3.0: Architecture and Design: Chapter 14: Application Development
  14. Security+ Domain 3.0: Architecture and Design: Chapter 15: Cloud and Virtualization
  15. Security+ Domain 3.0: Architecture and Design: Chapter 16: Resiliency and Automation
  16. Security+ Domain 3.0: Architecture and Design: Chapter 17: Physical Security
  17. Security+ Domain 4.0: Identity and Access Management: Chapter 18
  18. Security+ Domain 4.0: Identity and Access Management: Chapter 19
  19. Security+ Domain 4.0: Identity and Access Management: Chapter 20
  20. Security+ Domain 5.0: Risk Management: Chapter 21
  21. Security+ Domain 5.0: Risk Management: Chapter 22
  22. Security+ : Sample Questions
  23. Security+ Domain 5.0: Risk Management: Chapter 23
  24. bastion.inf
  25. Security+ Domain 5.0: Risk Management: Chapter 24
  26. Security+ Domain 5.0: Risk Management: Chapter 25
  27. Security+ Domain 5.0: Risk Management: Chapter 26
  28. Security+ Domain 5.0: Risk Management: Chapter 27
  29. Security+ Domain 5.0: Risk Management: Chapter 28
  30. Security+ Domain 5.0: Risk Management: Chapter 29
  31. Security+: My Favorite Free Tools

Chapter 26: Cryptography and PKI

Professor Messer covers a huge amount of this ground. See these search results:

https://www.youtube.com/results?search_query=comptia+security%2B+crypto

Here’s a good start:

Symmetric and Asymmetric Encryption

In Linux, you can do it at the command line:

Hashing

Again, in Linux, native utilities give you command-line access to hash functions.

sha

md5sum filename.txt

Salts, IVs, nonces

ECC

Digital Signatures

Note the use of Bob and Alice as the example subject names. This is common in crypto lit.

Key Exchange

Alice and Bob are joined by Eve in a smokin’ hot example:

Steganography

Obfuscation

Session Keys

 

Symmetric Cyphers
Type Block or Stream Key Rounds Details
DES 64 bit block 56 bit 16 Used in the electronic payment industry.
3DES/TDES/3TDES 64 bit block 56 bit 16 x up to 3 different keys TDES is used in commercial data transfers.
AES (Rijndael – “Rhine doll”) 128 bit block 128/192/256 bit 10/12/14 Java, OpenSSL, FIPS (Federal Information Protection Standard 140-2, specifically)
Blowfish (Open Source courtesy of Bruce Schneier) 64 bit block 0 – 2040 0 – 255 SSH
IDEA (International Data Encryption Algorythm) 64 bit block 128 bit 8.5 Patented but free in most cases.
RC5 32/64/128 0 – 2040 0 – 255 OpenSSL
RC6 A submission for AES.
One Time Pad Same length as message; one-time use An alphabet-rotation cypher in which each character is rotated by a different number.
Asymmetric Cyphers: Public Key Cryptography
Type Method Details
Eliptic Curve Two points along an eliptic curve become the public and private keys. Used in OpenSSL, Java, .NET. Resistant to brute-force attacks. Shorter keys are more secure than longer RSA keys.
RSA (Rivest/Shamir/Adleman) Public and private keys are generated through the multiplication of two large prime numbers. Very commonly used in PKI. Vulnerable to brute-force and man-in-the-middle attacks.
Diffie-Hellman IKEA
(Internet Key Exchange Algorythm)
Uses public key cryptography to transfer a shared key for a symmetric cryptography session. Session keys are used once only, but Diffie-Hellman is still vulnerable to man-in-the-middle attacks.
El Gamal Generates public and private keys using cyclic-group mathematics. Used in PGP and GPG.
DSA (Digital Signature Algorythm) Public key digital signing. The federal government standard for signatures. Developed by NIST (National Institute of Standards and Technology).