confidentiality Vs authentication

escissorshandescissorshand Member Posts: 5 ■□□□□□□□□□
This 2 terms seemed to overlap:
I come across a practise question which said:
File Encryption using symmetric cryptography is a security requirement of
Confidentiality
authentication
rest of choice make no sense.

Anyone like to add on to this.

The answer is authentcation but it could be as well confidentiality.

Comments

  • /usr/usr Member Posts: 1,768
    Where did that practice question come from? It seems that confidentiality would be the answer, but it is a bit strange.


    Authentication is the process of proving you are who you say you are.

    Confidentiality is in place to make sure no one else can see the information.
  • WebmasterWebmaster Admin Posts: 10,292 Admin
    The answer is obviously confidentiality; symmetric file encrytion is used to keep the file private/confidential. Symmetric file encryption doesn't provide authentication because more than one person can have the key.

    ie. if I give you a file that is encrypted with a symmetric key only, you need the same key to decrypt it. So when you are able to decrypt it, it doesn't authenticate me because I'm not necessarily the only one with the symmetric key (unlike a private key in assymetric encryption, which would belong only to me, hence if I encrypt a file with it and you are able to decrypt it using my public key, you know it is me that sent it (I authenticated myself) and I can't deny sending it (non-repudiation).

    Check out the following for more examples:
    icon_arrow.gifwww.techexams.net/technotes/securityplus/emailsecurity.shtml
  • Ten9t6Ten9t6 Member Posts: 691
    This 2 terms seemed to overlap:
    I come across a practise question which said:
    File Encryption using symmetric cryptography is a security requirement of
    Confidentiality
    authentication
    rest of choice make no sense.

    Anyone like to add on to this.

    The answer is authentcation but it could be as well confidentiality.

    think of it like this.....if it is encrypted....it would look something like this:

    1g2g1h3jj3jk1hh2hk2kj1h234g1g1g1
    1gl1kjgh54lkgh1g1l2k3jg4lkh1g235k3
    5lkahpqoih5pqoihwe5ph6441ph;qpqq

    you can't read the "Contents" of the document...so it would be confidential. :D

    by the way...between me and you...this is confidential....the above encrypted statement says, "Good luck on the test"..... icon_wink.gif
    Kenny

    A+, Network+, Linux+, Security+, MCSE+I, MCSE:Security, MCDBA, CCNP, CCDP, CCSP, CCVP, CCIE Written (R/S, Voice),INFOSEC, JNCIA (M and FWV), JNCIS (M and FWV), ENA, C|EH, ACA, ACS, ACE, CTP, CISSP, SSCP, MCIWD, CIWSA
  • escissorshandescissorshand Member Posts: 5 ■□□□□□□□□□
    Ten9t6 wrote:

    think of it like this.....if it is encrypted....it would look something like this:

    1g2g1h3jj3jk1hh2hk2kj1h234g1g1g1
    1gl1kjgh54lkgh1g1l2k3jg4lkh1g235k3
    5lkahpqoih5pqoihwe5ph6441ph;qpqq

    you can't read the "Contents" of the document...so it would be confidential. :D

    by the way...between me and you...this is confidential....the above encrypted statement says, "Good luck on the test"..... icon_wink.gif


    49 18 5C 60 B8 D7 8E E6 94 F8 06 F8 81 F8 95 F8

    Using IDEA 128bit key of all '0'

    'Thank you' !!!!
    Yah im more confident of the test now... but also i starting to find security very interesting!

    Anyway for people who are interested i used CrypTool to encrypt the message
    cryptool.org
  • BinaryBagboyBinaryBagboy Member Posts: 10 ■□□□□□□□□□
    I come across a practise question which said:

    I gotta concur with what everyone else is stating. My concern would be the study material you are using which gave you this question. Most pratice tests that I've seen, usually have an explanation associated w/ the question. What was their explanation.

    And if you have this 1 question which seems to be apparently wrong/misleading, then can you be so sure that this is the only one..?? Can you say now that you still trust this material..??[/b]
  • hfismrm1hfismrm1 Member Posts: 8 ■□□□□□□□□□
    I think the answer is Authentication based of the face that in order to decipher symetric encryption you have to already have the symetric key, thus you are authenticated or at the very least authorized.
  • /usr/usr Member Posts: 1,768
    I think the answer is Authentication based of the face that in order to decipher symetric encryption you have to already have the symetric key, thus you are authenticated or at the very least authorized.

    It is confidentiality. icon_wink.gif

    Authentication would be "something you have, something you know, etc" Encrypting a file has nothing to do with authenticating. Confidentiality is the concept of keeping data private, which is what encryption is supposed to accomplish.
  • hfismrm1hfismrm1 Member Posts: 8 ■□□□□□□□□□
    Im not saying I agree with Authentication but it seems to be the answer CompTIA wants. The what you have could be the encryption key or the something you know could be the encryption key???
  • /usr/usr Member Posts: 1,768
    He said the answer was authentication. I'm not sure his practice test said it was. Even if it did, it is just that, a practice test. I would be surprised if CompTIA would accept authentication for an answer...it is wrong.
  • hfismrm1hfismrm1 Member Posts: 8 ■□□□□□□□□□
    There could be an argument made for both answers. On the surface confidentiality seems to be the right answer, after all encryption is supposed to keep someone from reading the contents of a message. But when you look deeper there is also an argument for authentication. After all encryption does play a row in authentication as in the case of digital signatures. It is assumed that if user A digitally signs a message with his/her private key (something you have) and user B decrypts the message with user A's public key the message had to come from user A. Which equals user A authentication. I'm not trying to stir the pot here but the answer could possibly be authentication.
  • /usr/usr Member Posts: 1,768
    Digital signatures and encryption are not the same thing.

    You're reading into the questions far too deep and bringing up examples which aren't even hinted at in the questions. If you do that on an exam, you'll get into trouble.
  • hfismrm1hfismrm1 Member Posts: 8 ■□□□□□□□□□
    Well were all entitled to our own opinions. Best of luck to you.

    And by the way I did just fine on the test...deep thoughts and all.
  • RussSRussS Member Posts: 2,068 ■■■□□□□□□□
    No arguments - confidentiality.
    www.supercross.com
    FIM website of the year 2007
  • chriselvisschriselviss Registered Users Posts: 3 ■□□□□□□□□□
  • dou2bledou2ble Member Posts: 160
    /usr wrote: »
    Digital signatures and encryption are not the same thing.

    You're reading into the questions far too deep and bringing up examples which aren't even hinted at in the questions. If you do that on an exam, you'll get into trouble.

    Agreed on both points. Very dangerous to read too far into the questions. Might not be too damaging on S+ but it'll definitely get you in the CISSP.
    2015 Goals: Masters in Cyber Security
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Respawn! If they haven't figured out the difference in 10 years, there's somethig very wrong going on.
  • BurnsieBurnsie Member Posts: 84 ■■□□□□□□□□
    cyberguypr wrote: »
    Respawn! If they haven't figured out the difference in 10 years, there's somethig very wrong going on.

    It seems like there have been several posts being revived from the dead recently. Google must be digging deep into the TE interweb.

    B
Sign In or Register to comment.