confidentiality Vs authentication

This 2 terms seemed to overlap:
I come across a practise question which said:
File Encryption using symmetric cryptography is a security requirement of
Confidentiality
authentication
rest of choice make no sense.

Anyone like to add on to this.

The answer is authentcation but it could be as well confidentiality.

Find more posts tagged with

Comments

/usr

Where did that practice question come from? It seems that confidentiality would be the answer, but it is a bit strange.

Authentication is the process of proving you are who you say you are.

Confidentiality is in place to make sure no one else can see the information.

Webmaster

The answer is obviously confidentiality; symmetric file encrytion is used to keep the file private/confidential. Symmetric file encryption doesn't provide authentication because more than one person can have the key.

ie. if I give you a file that is encrypted with a symmetric key only, you need the same key to decrypt it. So when you are able to decrypt it, it doesn't authenticate me because I'm not necessarily the only one with the symmetric key (unlike a private key in assymetric encryption, which would belong only to me, hence if I encrypt a file with it and you are able to decrypt it using my public key, you know it is me that sent it (I authenticated myself) and I can't deny sending it (non-repudiation).

Check out the following for more examples:

www.techexams.net/technotes/securityplus/emailsecurity.shtml

Ten9t6

escissorshand wrote:

This 2 terms seemed to overlap:
I come across a practise question which said:
File Encryption using symmetric cryptography is a security requirement of
Confidentiality
authentication
rest of choice make no sense.

Anyone like to add on to this.

The answer is authentcation but it could be as well confidentiality.

think of it like this.....if it is encrypted....it would look something like this:

1g2g1h3jj3jk1hh2hk2kj1h234g1g1g1
1gl1kjgh54lkgh1g1l2k3jg4lkh1g235k3
5lkahpqoih5pqoihwe5ph6441ph;qpqq

you can't read the "Contents" of the document...so it would be confidential.

by the way...between me and you...this is confidential....the above encrypted statement says, "Good luck on the test".....

escissorshand

Ten9t6 wrote:

think of it like this.....if it is encrypted....it would look something like this:

1g2g1h3jj3jk1hh2hk2kj1h234g1g1g1
1gl1kjgh54lkgh1g1l2k3jg4lkh1g235k3
5lkahpqoih5pqoihwe5ph6441ph;qpqq

you can't read the "Contents" of the document...so it would be confidential.

by the way...between me and you...this is confidential....the above encrypted statement says, "Good luck on the test".....

49 18 5C 60 B8 D7 8E E6 94 F8 06 F8 81 F8 95 F8

Using IDEA 128bit key of all '0'

'Thank you' !!!!
Yah im more confident of the test now... but also i starting to find security very interesting!

Anyway for people who are interested i used CrypTool to encrypt the message
cryptool.org

BinaryBagboy

escissorshand wrote:

I come across a practise question which said:

I gotta concur with what everyone else is stating. My concern would be the study material you are using which gave you this question. Most pratice tests that I've seen, usually have an explanation associated w/ the question. What was their explanation.

And if you have this 1 question which seems to be apparently wrong/misleading, then can you be so sure that this is the only one..?? Can you say now that you still trust this material..??[/b]

hfismrm1

I think the answer is Authentication based of the face that in order to decipher symetric encryption you have to already have the symetric key, thus you are authenticated or at the very least authorized.

/usr

I think the answer is Authentication based of the face that in order to decipher symetric encryption you have to already have the symetric key, thus you are authenticated or at the very least authorized.

It is confidentiality.

Authentication would be "something you have, something you know, etc" Encrypting a file has nothing to do with authenticating. Confidentiality is the concept of keeping data private, which is what encryption is supposed to accomplish.

hfismrm1

Im not saying I agree with Authentication but it seems to be the answer CompTIA wants. The what you have could be the encryption key or the something you know could be the encryption key???

/usr

He said the answer was authentication. I'm not sure his practice test said it was. Even if it did, it is just that, a practice test. I would be surprised if CompTIA would accept authentication for an answer...it is wrong.

hfismrm1

There could be an argument made for both answers. On the surface confidentiality seems to be the right answer, after all encryption is supposed to keep someone from reading the contents of a message. But when you look deeper there is also an argument for authentication. After all encryption does play a row in authentication as in the case of digital signatures. It is assumed that if user A digitally signs a message with his/her private key (something you have) and user B decrypts the message with user A's public key the message had to come from user A. Which equals user A authentication. I'm not trying to stir the pot here but the answer could possibly be authentication.

/usr

Digital signatures and encryption are not the same thing.

You're reading into the questions far too deep and bringing up examples which aren't even hinted at in the questions. If you do that on an exam, you'll get into trouble.

hfismrm1

Well were all entitled to our own opinions. Best of luck to you.

And by the way I did just fine on the test...deep thoughts and all.

RussS

No arguments - confidentiality.

/usr

Ok.

chriselviss

Try this.....Difference between Authentication and Authorization

Chris

dou2ble

/usr wrote: »

Digital signatures and encryption are not the same thing.

You're reading into the questions far too deep and bringing up examples which aren't even hinted at in the questions. If you do that on an exam, you'll get into trouble.

Agreed on both points. Very dangerous to read too far into the questions. Might not be too damaging on S+ but it'll definitely get you in the CISSP.

cyberguypr

Respawn! If they haven't figured out the difference in 10 years, there's somethig very wrong going on.

Burnsie

cyberguypr wrote: »

Respawn! If they haven't figured out the difference in 10 years, there's somethig very wrong going on.

It seems like there have been several posts being revived from the dead recently. Google must be digging deep into the TE interweb.

B