SecurITyCerts dot Org

       Navigating Security Certifications

Cryptography Basics

CISSP, GIAC GSEC, Security+ Review

Cryptography is any technique used for hiding data. It comes from the Greek words "crypto" meaning "hidden" and "graphy" meaning writing, so it's "hidden writing." Trust me, with a name like Ted Demopoulos I know Greek!

Cryptography is used for four basic purposes:

Confidentiality and integrity pertain to the data in a message, whereas authentication pertains to the sender or creator of the message and the recipient, and non-repudiation pertains to the sender or creator of the message. We'll go into more detail on upcoming pages, but briefly:

Privacy/Confidentiality: Ensuring that data cannot be revealed to unauthorized entities. This involves full encryption of the user data. Those  who can't decrypt the message see only gibberish.

Integrity: Ensuring that data has not been modified or corrupted. It is  typically verified using cryptographic data checksums, which is a less expensive operation than full encryption of data. The data isn't secret - anyone can see/read it, but it can't be modified without detection.

Authentication: Securely proving entities are who they claim they are, so that they may trust each other. For example, a user must trust a printer service before sending it confidential information - a phony printer service could collect the information and transmit it to a competitor.

Nonrepudiation: Preventing an entity who took part in a communication from later denying all or part of that communication. As in, "No, it wasn't me. I didn't buy those 5000 shares of IBM yesterday before it tanked."