2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	178/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 174 175 176 177 178 179 180 181 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Protecting Data with Symmetric Encryption
Advanced Encryption Standard

Data Protection Methods
One of the primary methods of protecting the confidentiality of data is encryption. Chapter 6,
“Cryptography and Symmetric Key Algorithms,” and Chapter 7, “PKI and Cryptographic
Applications,” cover cryptographic algorithms in more depth. However, it’s worth pointing
out the differences between algorithms used for data at rest and data in transit.
As an introduction, encryption converts cleartext data into scrambled ciphertext.
Anyone can read the data when it is in cleartext format. However, when strong encryption
algorithms are used, it is almost impossible to read the scrambled ciphertext.
Protecting Data with Symmetric Encryption
Symmetric encryption uses the same key to encrypt and decrypt data. In other words, if an
algorithm encrypted data with a key of 123, it would decrypt it with the same key of 123.
Symmetric algorithms don’t use the same key for different data. For example, if it encrypted
one set of data using a key of 123, it might encrypt the next set of data with a key of 456.
The important point here is that a file encrypted using a key of 123 can only be decrypted
using the same key of 123. In practice, the key size is much larger. For example, AES uses key
sizes of 128 bits or 192 bits and AES 256 uses a key size of 256 bits.

Identify and Classify Assets
177
The following list identifies some of the commonly used symmetric encryption algo-
rithms. Although many of these algorithms are used in applications to encrypt data at rest,
some of them are also used in transport encryption algorithms discussed in the next sec-
tion. Additionally, this is by no means a complete list of encryption algorithms, but
Chapter 6 covers more of them.
Advanced Encryption Standard
The Advanced Encryption Standard (AES) is one of the
most popular symmetric encryption algorithms. NIST selected it as a standard replacement
for the older Data Encryption Standard (DES) in 2001. Since then, developers have steadily
been implementing AES into many other algorithms and protocols. For example, Microsoft’s
BitLocker (a full disk encryption application used with a Trusted Platform Module) uses
AES. The Microsoft Encrypting File System (EFS) uses AES for file and folder encryption.
AES supports key sizes of 128 bits, 192 bits, and 256 bits, and the U.S. government has
approved its use to protect classified data up to top secret. Larger key sizes add additional
security, making it more difficult for unauthorized personnel to decrypt the data.
Triple DES
Developers created Triple DES (or 3DES) as a possible replacement for DES.
The first implementation used 56-bit keys but newer implementations use 112-bit or 168-bit
keys. Larger keys provide a higher level of security. Triple DES is used in some implementa-
tions of the MasterCard, Visa (EMV), and Europay standard for smart payment cards. These
smart cards include a chip and require users to enter a personal identification number (PIN)
when making a purchase. The combination of a PIN and 3DES (or another secure algorithm)
provides an added layer of authentication that isn’t available without the PIN.
Blowfish
Security expert Bruce Schneier developed Blowfish as a possible alternative to
DES. It can use key sizes of 32 bits to 448 bits and is a strong encryption protocol. Linux
systems use bcrypt to encrypt passwords, and bcrypt is based on Blowfish. Bcrypt adds 128
additional bits as a salt to protect against rainbow table attacks.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 174 175 176 177 178 179 180 181 ... 881