CRYPTOGRAPHY; IS THAT ON THE TEST?

One of the favorite things to learn about (at least for most cyber security professionals) is cryptography. It’s a word that many people have heard about before, some people know what it is but can’t explain it. Many of you actually use it on a daily basis without realizing it. If you use email at work and you choose to “encrypt’ before sending and when you logon to your work computers you might be using asymmetric key encryption (this will be covered briefly). So what is cryptography exactly? The actual word “cryptography” comes from the Greek word “kryptos” that translates to secret. One of the most famed segments of cryptography is called steganography where you can hide messages within photographs which would require an encrypted key to open it. Within the early days of steganography a Greek by the name of Histaiaeus formed a revolt against the king of Persia. He would shave the heads of the slaves and tattoo a message to pass along once their hair grew back in. In the world of cyber security there are three words to live by; confidentiality, integrity and availability. This is the model that guides the way in order to conduct policies for information security inside an organization. · Confidentiality: The information can’t be understood by those that it’s not meant for. · Integrity: That same information can’t be changed while it’s sent to wherever it’s going, how does that saying go; “Lost in translation”? · Availability: shows us that the information is available to those that are authorized to receive it. You can jump online and find some pretty compelling studies covering cryptography if you would like to know more. What you are guaranteed to see on the CompTIA Security+ exam is the difference between symmetric and asymmetric encryption. Just keep this in mind; one key versus two keys. With symmetric encryption there’s always going to be one single key involved and that same key is shared with people that are required to view a particular file or message. In dealing with asymmetric encryption you have two keys; one key is the private key and the other key is the public key. The public key exists for anyone that needs to send a message to someone else, just think “public equals anyone”. The other and most important key is the private key. The message sent using a public key is decrypted with the private key, the message encrypted with a private key can only be decrypted using a public key. There are quite a few ways to study cryptography, there are many people out there that like to find out how algorithms are made to perform encryption and how all the mathematical procedures make that possible. You do not need to know that part on the test but know this; only those that receive encrypted data using cryptography are the ones actually intended to read and process the data. More information can be found at these cited resources: https://www.networkworld.com/article/2870165/the-history-of-steganography.html#slide4 https://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-three-components-of-the-cia-triad/