Going neck-to-neck against Cryptography

Just as I thought I knew crypto well, I realized I didn't. So I've gone back to the whiteboard. The beast is beatable if you get down to details without overwhelming yourself with non-CISSP content.

What really gets me are attack types on cryptop (known plaintext, chosen plaintext, etc) and minute details of algorithms. Good news is I understand the logic, but hate memorizing facts; for example for AES how many rounds of encryption takes place when key is 192 bits? Answer is 10!

I gave up thinking which part is hard; I'm just going to learn it well. How do you deal with crypto?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

chickenlicken09

I read here at one stage the cissp for dummies book has good crypto explanations. Might be worth a look.

cyberguypr

You may be overthinking it. I never bothered to memorize rounds and and have gone through many certs just fine. For CISSP purposes know your crypto at a high level. There's no need to dive in that deep.

dustervoice

Stick to high level concepts for CISSP ... Go deeper for personal knowledge.

binarysoul

Thanks guys for the feedback. I'm not going to dive too deep into it.
I did a bit of intensive studying and it has really helped me understand it at high level.

beads

Agree. Don't over think crypto for this exam. The CISSP isn't the RSA exam and vice-verse. Everything you need for the cryptology portion of this exam you can find on the crypto classic mind map: http://www.mindcert.com/resources/MindCert_CISSP_Cryptography_MindMap.pdf or similar. These are high level concepts more akin to: Which of these cryptography examples utilizes synchronous transport... rather than count the number of chains in the following example. The CISSP-ISSAP can get deeper into the crypto weeds but that's a completely different animal all together. Final thought. Cryptography is hard because its cryptic in nature. - beads

Spin Lock

I put these tables together to help me keep the known/chosen attacks clear.
Standard disclaimer: This is just my interpretation of the facts, so mistakes are possible. Validate this for yourself.

Known vs Chosen.jpg

H3||scr3am

As others have stated, the CISSP is a mile wide, but an inch deep, it covers a broad spectrum of information, but not very in depth, know them at a high level, understand which are secure, which are symmetric and asymmetric, and such, and you'll do fine.

Robertf969

For the crypto section I just used flash cards until I didn't even have to think about it anymore. If thats too hard just Memorize which are Symmetric, which are Asymmetric, which are used in what types of scenarios. For example Diffie-Helman is Asymmetric and often used for Symmetric key exchange. Know what makes WEP weak. Understand PKI, Digital Signatures, and Digital Certificates. Remember the CISSP is a management exam. Good luck!

beads

Robertf969 wrote: »

For the crypto section I just used flash cards until I didn't even have to think about it anymore. If thats too hard just Memorize which are Symmetric, which are Asymmetric, which are used in what types of scenarios. For example Diffie-Helman is Asymmetric and often used for Symmetric key exchange. Know what makes WEP weak. Understand PKI, Digital Signatures, and Digital Certificates. Remember the CISSP is a management exam. Good luck!

If your going down that route. Remember that symmetric is almost always machine to machine (internal, set it and forget it). While Asymmetric is almost always visible to the end user (SSL and sub-components, hashes, etc.).

Depends on how and what you remember easiest, doesn't it?

- beads

mahynour

Dear All,

I have +7 years experience in cryptography.if you need any help don't hesitate to ask.