Compare cert salaries and plan your next career move
s2008 wrote: » In page 219 of ISC2 book it says it does not:Official (ISC)2 Guide to the CISSP CBK - Google Books While in in page 226 it says it does! Can someone clarify that for me, does Cryptography support CIA or not?
slinuxuzer wrote: » I could be wrong, but in my opinion Cryptography is only for Confidentiality and Integrity. There may be some implementations that can feasibly be said to support availability, but for the exam I would stick with this answer.
knwminus wrote: » I would have agreed with you on the integrity but I would say that would be something like hashing. Your the CISSP though, I only studied for the S+ lol.
broc wrote: » Just to confirm, hashing is part of cryptography.
knwminus wrote: » Sorry. I should mention that I was taking Cryptography and making it encryption. My mistake. Also yea I know they are all one big happy family lol.
s2008 wrote: » Cryptography supports "Authenticity" through: - Hash functions. - Digital signatures. - MAC (Message Authentication Codes), (aka., Checksum).
knwminus wrote: » But that isn't part of the CIA triad, technically correct?
s2008 wrote: » What I understand so far that Cryptography supports Integrity, Confidentiality, and Authenticity but does not support "Availability", so technically speaking Cryptography does not fully support CIA (Confidentiality, Integrity, Availability).
slinuxuzer wrote: » Authenticity and integrity are pretty much the same thing, integrity meaning the messeage has not been tampered with, authentic meaning it is an actual communication from the expected source. If a real or "authentic" communication originates from a trusted source and is then altered there by compromising it's integrity, it is no longer the original or authentic message. I send 123ABC authentic and integral and it's altered to 1233ABC it's no longer authentic or integral.
JDMurray wrote: » Will removing cryptographic capabilities from a system possibly affect the system's availability? If so, crypto supports the concept of Availability. I vote
wastedtime wrote: » While I agree with the above posts. I just wanted to add a bit of real world experience where the lack of confidentiality/authenticity/integrity leads to a lack of availability. I have been in areas that a lack of an encryption device or proper keys for it will lead to no network access or no communication. While it isn't direct relationship, one does lead to the other.
dynamik wrote: » keep in mind that it's not likely you'll get a question asking something like, "Does cryptography facilitate availability?" There aren't many trivia-style questions on this exam. You'll more than likely be presented with a scenario that you'll have to apply your knowledge too. I could see the answer going either way depending on the circumstances.
s2008 wrote: » what I understand so far that Cryptography Authenticity is done through the control of the keys, the secret key in case of the symmetric ciphers, and the public/private keys in case of Asymmetric ciphers. Cryptography Integrity is done through hash functions, digital signatures, and MACs.
slinuxuzer wrote: » Authenticity and integrity are pretty much the same thing, integrity meaning the messeage has not been tampered with, authentic meaning it is an actual communication from the expected source.
JDMurray wrote: » You mean to say that an inauthentic (forged, spoofed) message can't have integrity? And that a message proved to have integrity is also proved to be authentic? Apples and oranges it would seem; not the same things at all.
slinuxuzer wrote: » Yes, you found a way to explain it better than I did, but that was the point I was trying to make. Thanks JD.
novaterriers wrote: » cryptography provides confidentiality, integrity and "NON-REPUDIATION". It does not provide availability
novaterriers wrote: » cryptography provides confidentiality, integrity and "NON-REPUDIATION".
novaterriers wrote: » It does not provide availability because crypto does not care if you get the message or not, it only cares about one of the three above.
novaterriers wrote: » digital signatures provide non-repudiation because once someone digitally signs an email, then can not deny sending the email. and they sign it using their private key which no one should have access to except the owner. If bob sends alice an email and bob wants ONLY alice to read the email, he should encrypt it when alice's public key so only alice can unencrypt with her private key. if bob sends alice an email and alice wants to make sure bob was the only person who sent the email and not an imposter, then bob should digitally sign the email to provide non-repudiation.
JDMurray wrote: » Non-repudiation is part of integrity. Crypto doesn't "care" about anything, including C-I-A. Crypto is a tool that is used to achieve C-I-A. I control telecommunication systems that would be impossible to keep available if it weren't for the crypto used in their authentication and transport systems. They would simply be too easy to compromise, and they would be. None of this supports your assertion that crypto does not support availability.
novaterriers wrote: » omg, what terrible advise....
Compare salaries for top cybersecurity certifications. Free download for TechExams community.
