Ars Technica looks at asymmetric enryption

Ars Technica posted an overview of asymmetric encryption recently.

This is a good introductory look at encryption, specifically, asymmetric encryption. It’s not everything you need to know, but I think it’s very helpful to read and understand articles like this one before tackling the CBK chapter on crypto.

Cryptography is something that nearly everyone uses and relies on–it’s what protects your credit card information any time you make an online purchase–but it’s not something most people have to know a lot about. It’s possible to pass the CISSP while only having a superficial knowledge of cryptography, but even that superficial knowledge probably puts you in the 90th percentile as far as public awareness of it.

One of my former coworkers used to do CISSP workshops to help others get certified, and crypto was the chapter that more people had trouble with than any other. Unfortunately, explaining crypto to a group of people is like playing whack-a-mole–you’ll explain it until one person gets it, but then someone who already understood it gets confused.

If you want to have an easier time of it than I had, I recommend going into the chapter first seeking a firm understanding of what symmetric and asymmetric encryption are, as well as what hashing is. Read about it elsewhere if possible. Once you know what they are and what people use them for, then read the portions of the chapter that talk about how they work. Compartmentalizing like that certainly helped me, and I saw test questions of both varieties. In the real world, the average security professional spends a lot more time dealing with when to use which–and explaining why–than diving into the intricate details of how they work.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux