Going neck-to-neck against Cryptography

binarysoulbinarysoul Posts: 993Member
Just as I thought I knew crypto well, I realized I didn't. So I've gone back to the whiteboard. The beast is beatable if you get down to details without overwhelming yourself with non-CISSP content.

What really gets me are attack types on cryptop (known plaintext, chosen plaintext, etc) and minute details of algorithms. Good news is I understand the logic, but hate memorizing facts; for example for AES how many rounds of encryption takes place when key is 192 bits? Answer is 10!

I gave up thinking which part is hard; I'm just going to learn it well. How do you deal with crypto?

Comments

  • chickenlicken09chickenlicken09 Senior Member Posts: 518Member ■■■■□□□□□□
    I read here at one stage the cissp for dummies book has good crypto explanations. Might be worth a look.
  • cyberguyprcyberguypr Senior Member Posts: 6,844Mod Mod
    You may be overthinking it. I never bothered to memorize rounds and and have gone through many certs just fine. For CISSP purposes know your crypto at a high level. There's no need to dive in that deep.
  • dustervoicedustervoice Posts: 877Member ■■■■□□□□□□
    Stick to high level concepts for CISSP ... Go deeper for personal knowledge.
  • binarysoulbinarysoul Posts: 993Member
    Thanks guys for the feedback. I'm not going to dive too deep into it.
    I did a bit of intensive studying and it has really helped me understand it at high level.
  • beadsbeads Posts: 1,442Member ■■■■■■■■□□
    Agree. Don't over think crypto for this exam. The CISSP isn't the RSA exam and vice-verse. Everything you need for the cryptology portion of this exam you can find on the crypto classic mind map: http://www.mindcert.com/resources/MindCert_CISSP_Cryptography_MindMap.pdf or similar. These are high level concepts more akin to: Which of these cryptography examples utilizes synchronous transport... rather than count the number of chains in the following example. The CISSP-ISSAP can get deeper into the crypto weeds but that's a completely different animal all together. Final thought. Cryptography is hard because its cryptic in nature. - beads
  • Spin LockSpin Lock Posts: 142Member
    I put these tables together to help me keep the known/chosen attacks clear.
    Standard disclaimer: This is just my interpretation of the facts, so mistakes are possible. Validate this for yourself.

  • H3||scr3amH3||scr3am Posts: 564Member ■■■■□□□□□□
    As others have stated, the CISSP is a mile wide, but an inch deep, it covers a broad spectrum of information, but not very in depth, know them at a high level, understand which are secure, which are symmetric and asymmetric, and such, and you'll do fine.
  • Robertf969Robertf969 Posts: 190Member
    For the crypto section I just used flash cards until I didn't even have to think about it anymore. If thats too hard just Memorize which are Symmetric, which are Asymmetric, which are used in what types of scenarios. For example Diffie-Helman is Asymmetric and often used for Symmetric key exchange. Know what makes WEP weak. Understand PKI, Digital Signatures, and Digital Certificates. Remember the CISSP is a management exam. Good luck!
  • beadsbeads Posts: 1,442Member ■■■■■■■■□□
    Robertf969 wrote: »
    For the crypto section I just used flash cards until I didn't even have to think about it anymore. If thats too hard just Memorize which are Symmetric, which are Asymmetric, which are used in what types of scenarios. For example Diffie-Helman is Asymmetric and often used for Symmetric key exchange. Know what makes WEP weak. Understand PKI, Digital Signatures, and Digital Certificates. Remember the CISSP is a management exam. Good luck!

    If your going down that route. Remember that symmetric is almost always machine to machine (internal, set it and forget it). While Asymmetric is almost always visible to the end user (SSL and sub-components, hashes, etc.).

    Depends on how and what you remember easiest, doesn't it?

    - beads
  • mahynourmahynour Posts: 24Member ■□□□□□□□□□
    Dear All,

    I have +7 years experience in cryptography.if you need any help don't hesitate to ask.
Sign In or Register to comment.