How Can We Help?
CompTIA Section 8 – Cryptographic Solutions
Cryptographic Solutions – Detailed Study Revision Guide
Core Objectives
- Explain and distinguish between symmetric and asymmetric encryption algorithms.
- Understand key management lifecycle and its impact on secure communications.
- Evaluate hashing algorithms and their application in integrity assurance.
- Understand the structure and purpose of digital signatures and PKI.
- Compare data protection mechanisms at rest, in transit, and in use.
- Identify and explain cryptographic vulnerabilities and related attacks.
1. Cryptographic Fundamentals
Symmetric Encryption
- Uses one key for both encryption and decryption.
- Examples: AES (standard), DES (deprecated), Blowfish, ChaCha20
- Efficient for bulk data encryption.
- Drawback: Requires secure key exchange method.
Asymmetric Encryption
- Uses key pairs (public/private).
- Examples: RSA (widespread), ECC (efficient), Diffie-Hellman (key exchange)
- Enables digital signatures and non-repudiation.
- Slower than symmetric but critical for secure negotiation.
2. Hashing Algorithms
- Converts data into a fixed-length hash value.
- One-way: cannot be decrypted.
- Common algorithms: MD5 (obsolete), SHA-1 (insecure), SHA-256 (recommended)
- Applications: Password storage, digital signatures, file integrity verification
- Properties: Deterministic, collision-resistant, fast computation
3. Digital Signatures
- Hash of message is encrypted with sender’s private key.
- Recipient uses sender’s public key to verify authenticity.
- Ensures integrity, authenticity, and non-repudiation.
- Often used in software distribution and secure email.
4. Public Key Infrastructure (PKI)
- Framework for managing digital certificates and key pairs.
- Key components:
- Certificate Authority (CA) – issues certificates
- Registration Authority (RA) – verifies identities
- Certificate Revocation List (CRL)
- Online Certificate Status Protocol (OCSP)
- Trust model: Hierarchical vs. Web of Trust
5. Encryption Use Cases
Data at Rest
- Protects stored data (e.g., disk, file, database encryption)
- Tools: BitLocker, VeraCrypt, FDE solutions
Data in Transit
- Protects data moving across networks
- Protocols: TLS/SSL, IPSec, SSH, HTTPS
Data in Use
- Protects data while being processed
- Tools: Encrypted memory, HSMs
6. Cryptographic Attacks
- Birthday Attack – exploits hash collisions
- Replay Attack – retransmits captured data
- Man-in-the-Middle – intercepts and alters communications
- Known-plaintext / Ciphertext-only – targets algorithm weaknesses
- Downgrade Attack – forces use of weaker protocol
- Implementation Flaws – e.g., weak random number generators
Study Strategy
Tool | Action |
---|---|
Flashcards | Define terms and algorithm characteristics |
Diagrams | Visualize asymmetric encryption and PKI flow |
Practice Questions | Run 10–15 quiz questions per sub-topic |
Summary Sheets | Create 1-page summary for each subsection |
Exam Tips
- Watch for keywords: “shared key” = symmetric, “pair” = asymmetric
- Always consider purpose: encryption, hashing, signing
- PKI questions often test role of CA and OCSP
- Distinguish between data states: rest, transit, use