THE FOLLOWING COMPTIA SECURITY+ EXAM OBJECTIVES ARE COVERED IN THIS CHAPTER:
5.1 Explain general cryptography concepts.
Key management
Steganography
Symmetric key
Asymmetric key
Confidentiality
Integrity and availability
Non-repudiation
Comparative strength of algorithms
Digital signatures
Trusted Platform Module (TPM)
Single vs. Dual sided certificates
Use of proven technologies
5.2 Explain basic hashing concepts and map various algorithms to appropriate applications.
SHA
MD5
LANMAN
NTLM
5.3 Explain basic encryption concepts and map various algorithms to appropriate applications.
DES
3DES
RSA
PGP
Elliptic curve
AES
AES256
One time pad
Transmission encryption (WEP TKIP, etc.)
5.4 Explain and implement protocols.
SSL/TLS
S/MIME
PPTP
HTTP vs. HTTPS vs. SHTTP
L2TP
IPSEC
SSH
5.5 Explain core concepts of public key cryptography.
Public Key Infrastructure (PKI)
Recovery Agent
Public key
Private keys
Certificate Authority (CA)
Registration
Key escrow
Certificate Revocation List (CRL)
Trust Models
5.6 Implement PKI and certificate management.
Public Key Infrastructure (PKI)
Recovery Agent
Public key
Private keys
Certificate Authority (CA)
Registration
Key escrow
Certificate Revocation List (CRL)
Cryptography is the art of concealing information. As data becomes more valuable, and more important, it is an area of high interest to governments, to businesses, and increasingly to individuals. People want privacy when it comes to their personal and other sensitive information. Corporations want—and need—to protect financial records, trade secrets, customer lists, and employee information. The government uses cryptography to help ensure the safety and well-being of its citizens. Entire governmental agencies have been created to help ensure secrecy, and millions of dollars have been spent trying to protect national secrets and attempting to learn the secrets of other countries.
Individuals who specialize in the development and making of codes are referred to as cryptographers. Individuals who specialize in breaking codes are called cryptanalysts. Many of these professionals are geniuses with strong backgrounds in math and computer science.
This chapter discusses the various forms of cryptography and how they are used in the computer field, and examines cryptography standards. Your private information must be protected from unauthorized access and exploitation. Your data must be protected. The primary method of protecting your data from prying eyes is cryptography.
In addition to a brief overview of cryptography, this chapter discusses some of the more common algorithms used, how encryption is used today, Public Key Infrastructure (PKI), and some of the attacks to which cryptographic systems are vulnerable. It also discusses standards, key management, and the key life cycle.
13.58.197.26