EC Council ECES. Cryptography Certification

I couldnt find anything in the forums on this cert, so starting this thread. Ive been studying cryptography for 3 months or so for WGU and CISSP. Just took the UVC2 assessment and passed today. So with all this crypto information rummaging in my brain the last few months, I was thinking to strike while its hot. Was searching for a dedicated crypto cert and came across EC Councila ECES, encryption specialist. Anyone have any experiences with this and can comment? Thanks.

Find more posts tagged with

Comments

roninkai

Wow, 86 views and not one reply? I can't find much about this cert other than it's available. Is there any other reputable cryptography cert out there?

beads

This cert sounds like a solution looking for a problem is why. Very few people have any practical hands on experience with encryption past installing a certificate or at least knowing what the encryption mode in use is by strength and family. Occasionally administrators dive a little deeper into the steps of encryption handshake but for the most part it all happens at layer 6 when installed and the user doesn't really need to know much else about how it works.

Oh and lets not for decryption and breaking of various sorts. I don't need to know anything about the encryption family to run Passware or Elmcomsoft to break encryption. Just comfortable with the GUI.

Much of it is interesting but not terribly practical in its own sense.

- b/eads

636-555-3226

I have no experience with the cert & can't comment. My experience with EC-Council's other materials aren't positive, though, and based off of those experiences I'd say you could probably teach yourself the same material by watching YouTube & searching https://www.google.co.in for "cryptography." This is my own opinion, however, and may not be reflective of others' experience.

beads

Having taken and been taken by EC-Council exams I can hardly say I am a fan myself. If you need a course to teach yourself how to use BitLocker or PGP key, setup a basic VPN, etc. Well, good luck to ya.

- b/eads

cyberguypr

I had no knowledge of this cert until I read this post. "solution looking for a problem" was my exact first thought. At a basic crypto level, something like CISSP would cover it. If you deal with hardcore crypto there's a good change certs do not matter and have near zero weight.

P.S. I hate EC Council!

ibeers

Hi there,

I noticed that you added the ECES cert to your list of credential since your original post. I was curious how you found the content of the test, and if you felt any study materials were more helpful than others. I had purchased this voucher along with the CHFI which I just passed in hope to prep my cryptography skills for the CISSP which will be next. Any feedback would be sincerely appreciated.

Best regards,

-Ian

ParadiseLost

ibeers wrote: »

Hi there,

I noticed that you added the ECES cert to your list of credential since your original post. I was curious how you found the content of the test, and if you felt any study materials were more helpful than others. I had purchased this voucher along with the CHFI which I just passed in hope to prep my cryptography skills for the CISSP which will be next. Any feedback would be sincerely appreciated.

Best regards,

-Ian

Hi Ian,

I took the exam (and passed) several months ago. I have filed multiple complaints with EC-Council, mainly focused on the terrible course material, which is riddled with grave errors. Since I have already passed the CISSP and ISSAP exams many years ago, I decided to take a shot at E|CES only for my CPEs. I bought the course material and the exam voucher (several hunderd dollars, which is a scam in the first place) and started reading. The first couple of pages are fairly straight-forward and are actually written by the author himself, so I looked forward to the rest of the booklet. Then, the misery started:

(1) Every page contains spelling errors. I don't exaggerate when I say that there is at least 1 error per page. Sometimes the count goes up to 4 or 5. This can be tricky, especially when the writer mixes up 2n with 2^n, which is a big deal in cryptography.
(2) Most of the content has been literally copied from Wikipedia. In most cases, only a handful of words are changed (maybe due to copyright reasons, who can tell).
(3) The copy and paste exercise wasn't always executed properly. At one time, I came across a paragraph that simply did not make any sense whatsoever in the context of the material presented. It had to do with children showing signs of neglect or something. Looking up the exact phrase through a Google search led me to a Wikipedia article and to another EC-Council course. Not very professional.
(4) There are many, many serious flaws in the course material. This is my primary concern. People new to the field of cryptography will actually believe the nonsense that is provided. I filed a complaint that went like this:

<intro, which I will skip>
I have read the course material cover to cover and I am rather shocked by the errors that appear in the book. I don't mean typos or unclear explanations, I mean false information, which will confuse readers not versed in the field of cryptography. To give you a couple of examples:

(1) Module 03, page 147, regarding the birthday paradox: "If you have an encryption algorithm with a key space of 32 bits, you can generate sqrt(4,294,967,295) random keys or 65,535 keys and have a high chance of one of them being the right key." No, you only have a high chance of equal keys in this set of 65,535 keys. When you think about it, it also doesn't make sense. It would mean that AES-128 would have roughly the same strength as DES?! The author confuses probabilities involved in finding collisions for hash functions versus the probabilities involved in a brute-force key search, which is a serious flaw.
(2) Module 03, page 152, regarding the Lehmer PRNG: "This PRNG is of a class of PRNGs referred to as twisted generalized feedback shift registers". No it is not. It's a subset of the linear congruential generators.
(3) Module 03, page 154, regarding the Lagged Fibonacci Generator (LFG): "The basic formula is: y = x^k + x^j + 1". No. The formula provided is related to the maximum period of an LFG generator. The LFG formula looks completely different.
(4) Module 03, page 154, regarding the multiplicative LFG: it looks like "y = x^k * x^j + 1". No. The MLFG looks nothing like this.
(5) Module 04, page 234, regarding common cryptographic mistakes: "Using a standard modulus in RSA (modulus e = 2^16 + 1) ... This small modulus makes cryptanalysis easier." First of all, "2^16 + 1" is not the modulus in RSA. The modulus is the result of the multiplication of the two primes. He is talking about the public key exponent. Second, the public key exponent of 2^16 + 1 is not small. It's actually the default value.

<I'll stop here, you get the idea>

I hoped for a proper reply, and actually got one. The Technical Review Team would contact me. Unfortunately, no one ever contacted me. So I decided to send them another complaint, which went like this:

<into deleted>
In my previous message I provided you with errors related to the mathematical constructs underlying the many cryptographic algorithms, hinting that the author didn’t properly grasp the core concepts. Unfortunately the problem is not contained to the mathematics. Take e.g. the theory of the Point to Point Tunneling Protocol (PPTP). Multiple errors appear on only two pages:

(1) Module 4, page 222, regarding the use of PTTP: “It adds the features of encrypting packets and authenticating users to the older PPP protocol.” Not true. Those features were already present. Encryption was already possible using the Encryption Control Protocol (ECP) as described in RFC1968 (https://tools.ietf.org/html/rfc1968 ). Authentication was already taken care of through the Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP) alternatives. Both of them are covered in RFC1334 (https://tools.ietf.org/html/rfc1334), dated ‘1992’.
(2) Module 4, page 223, regarding the types of authentication protocols: “PPTP offers two different methods of authenticating the user: Extensible Authentication Protocol (EAP) and Challenge Handshake Authentication Protocol (CHAP).” The author forgets to mention PAP, so there are (at least) three.
(3) Module 4, page 223, regarding MPPE: “MPPE is actually a version of DES.” No, it is not. From the RFC3078 (https://tools.ietf.org/html/rfc3078): “MPPE uses the RSA RC4 [3] algorithm to provide data confidentiality.” RC4 is something completely different than DES. Maybe the author confuses MPPE as used in PPTP with DES-E as used in PPP and described in RFC1969 (https://tools.ietf.org/html/rfc1969). Regardless, it’s a serious flaw.

<cut>

I will not bother you with the rest of the e-mails I sent them, or with other issues that I have with EC-Council and that popped up before and after my unfortunate E|CES adventure. I passed the exam and I never heard from them again. And that is good, because they will never hear from me again. The course material reminded me of v5 of their CEH certification, which I passed 9 years or so ago. Crappy, 0 educational value, lousy copy-and-pasted pages including the typos on the original web pages, overpriced and a poor excuse for a hacker training.

If you really want to take a shot at this exam, just make a list of all the core concepts that you need to know to pass (a list might be found on their website) and start reading the corresponding Wikipedia articles. You will fail some questions on the exam if you take this approach though. The trick is that the course material booklet contains out of place information, copied from other resources, that you will not find in the Wikipedia articles. That's not a major concern though. There are 50 questions on the exam and failing a handful will result in a passing score anyways.

My honest advice: stay away from this certification/ this company and focus your attention on a certification that actually has value. The E|CES certificate is never asked by employers and the content is far below acceptable. If you really want to put something on your resume and want to put effort in passing an exam, look elsewhere. There is enough to choose from.

roninkai

I completely agree with the post above. Crap cert, crap course material. I simply did it since I had a WGU course in crypto and wanted something to "certify" on this, and there wasn't much out there. EC-Council certs are garbage for the most part. Stay far away and save your money!

Triggerious

Been a bit, but wanted to follow up as I’m going through this *great and exciting* cert now. Just wanted to see how the WGU material is vs what’s on the test, and, if there are any new tips. The material they have is hard to read. It reads like an incomplete idea or generalized thoughts of a 10 year old. I’m doing the BS in IA/CS, so there’s no skipping it. I mainly want to be through it and pass the test, just a bit worried so far about the course material being lack luster.

Triggerious

In case others come looking, I wanted to share these links:

https://quizlet.com/248983351/ec-council-ces-flash-cards/
https://quizlet.com/287292196/eces-certified-encryption-specialist-flash-cards/
https://quizlet.com/248974341/certified-encryption-specialist-flash-cards/

Also, I've voiced my disgruntled thoughts on how the course has absolutely no review options to check knowledge as you progress. I questioned what the actual course instructors/professors are doing exactly. I'm not very impressed with WGU on this one, but will trudge on through. For $85 a month, ITPRO.tv has an ECES course which WGU uses heavily. I almost think that may be the better option rather than using their varied content mixture of official EC-Council material, another book, and the ITPRO videos. Often times I find that you'll read through one section, it'll have you go to the EC material, read a page or two, then you'll come back and watch a video that literally tells you everything you've just read over again.

TelePenguin

Triggerious,
I'm also doing the BS in CS/IA from WGU and was wondering how the ECES exam turned out for you. I'm starting this course right now and would love not to have to purchase additional materials for this course. Do you think the provided course material is sufficient to pass without needing to go the ITPRO.tv route?

(FYI - I got a 70% on the pre-assessment and have already done Sec+, A+, Net+, Linux+, and CIW Web Security so I don't feel like I'm starting from scratch.)

greengeek

TL;DR

Don't take this test if you want to learn the subject. It won't guarantee you pass the test. Instead just memorize the official ECES text book (picture book). It is 336 pages, but really condenses down to only about 50 pages. Memorize everything, including errors. The same grammar that is in the book is on the test. A good practice exam can be found at https://quizlet.com/248983351/ec-council-ces-flash-cards/

Full Text

Just finished this. Had to take it as it was part of a class for WGU. While I really enjoy WGU and the certs one gets, I really wish they didn't use a first edition cert, specially one from ec-council which is notorious for taking at least 5 revisions until the cert at least is understandable (I am looking at you CEH v5 and lower).

The Certified Encryption Specialist is one of your standard type ec-council certs. Really cool names and marketing, but useless certification. It follows the standard path of the majority of ec-council certifications as well. They have their official book written by non primary English speakers, and even worse non subject matter specialists. It was very evident that the book was written by someone(s) that did not have a good understanding of the English language nor had really any experience in computers. Most of the official book is setup much like their other books. Book is 336 pages, but done in the power point / slide style with their default clipart graphics they use for all their courses. Very cutsie, but it really is only about 50 to 75 pages of material. Typically each page contains a slide and then the text of the slide on the bottom half of the page in duplicate. Wouldn't be so bad, but the digital versions are designed in such a way that the words don't stay in order when you highlight them. This makes screen readers or copy and pasting material not possible. The content of this book appeared to be mainly copy/paste from different Wikipedia pages and as others have stated grammar and spelling errors on nearly every page.

The test is basically exact copy and pastes from their official text book. Grammar and errors included. Not just copying of key points, summaries, or bold text, but any sentence in the book is fair game, even how minor or unimportant. Again the tests seem to be sourced similar to the book, so its full of questions that might not really make sense and one might spend more time thinking on what the question is actually answering then on the answer of the question.

As far as studying goes, I watched all 13 hours of the ITPro.TV and found it very informative. The SME, Adam Gordon, is very long winded, but entertaining and teaches the subject well. One will get a very good understanding of how encryption and cryptography work by watching these videos. HOWEVER, and this a BIG HOWEVER, the test does not test on ones understanding of cryptography. I took it the first time and only got 50% and this is with a background in security and half a dozen certs under my belt.

The second time I took the test I just memorized summaries and key points from the official book. This time I barely failed the test.

The third time, and after a $250 retake fee, I passed the test with ease. This time I spent a few days just creating notes and memorizing only the official ECES book, errors and all. This is really the only thing that is needed. The best Quizlet I found for this test that matched the book (only 3 questions I found were not in the book) is this one, https://quizlet.com/248983351/ec-council-ces-flash-cards/

TelePenguin

Just took the exam this morning. 50 questions in 13 minutes. Passed with 94%. Most of the test was trivia about the details. In my opinion, if you memorize the 30 pages of show notes from the ITPro.tv video series as well as the flashcards greengeek linked (https://quizlet.com/248983351/ec-cou...s-flash-cards/), this should be enough to pass the exam (70% is passing score). I'm not saying this will guarantee a pass, but it will get you most of the way there. The test questions are taken word for word out of the official ECES book and the ITPro.tv show notes are pretty close, just condensed.

On another note, this was my first EC-Council exam and I'm not impressed. I tried finding the objectives for the exam online and all I found was EC-Council pages trying to sell me products. It really seems like ECC is just out for the money and doesn't really care about actually training IT people in skills useful in today's marketplace.

On a third note, it's a good business model - Create certifications on unnecessary topics, convince people they need them, charge them for training materials, and then charge them again to take the exam. I think I'll offer a certification in the history of North American fruit bat migration patterns... Average salary of someone with this certification is $167,098/year.

drakhan2002

Disappointing to read these horror stories. I am considering taking the exam for CISSP CPEs..I will probably do it anyway and use Wikipedia/ITProTV/Quizlet, not the official material.

Pmorgan2

Eep. I was just thinking about changing my WGU degree path from IT to CS/IA and this course was the only one I was questionable on. This thread does not make me feel better, haha.

roninkai

Yep stay far far away from EC-Council and especially this cert. What a waster of time and money!

Pmorgan2

dragonsden said:

Yep stay far far away from EC-Council and especially this cert. What a waster of time and money!

Too bad the Western Governors University Bachelors and Masters programs both have a raging hard-on for EC Council. I have ECIH, ECES, CHFI, and C|EH ahead of me over the next two years...