You are developing a client/server-based application where clients shall communicate with peer clients and the server based on the public key infrastructure. There are ten clients on the network. Which of the following is the required number of secret keys among clients and the server? (Source: Wentz QOTD)
A. 11
B. 22
C. 55
D. 77
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. 55.
The question is asking about the required number of “secret keys” for a network of 11 hosts: 10 clients, and one server. The secret key implies the symmetric encryption, so the formula can be applied: N (N-1) / 2.
11 (11-1) / 2 = 55.
This question is designed to highlight some essential concepts:
- Symmetric encryption and asymmetric encryption are NOT mutually exclusive; they complement each other and work together as a cryptographic solution. Symmetric encryption has good performance for encrypting data, while asymmetric encryption is typically implemented for key exchange and digital signature.
- Cryptographic keys are keys used in the symmetric ciphers and asymmetric ciphers. Symmetric ciphers use the secret key to encrypt the plaintext and decrypt the ciphertext, while asymmetric ciphers use the public key to encrypt the plaintext and the private key to decrypt the ciphertext.
Key Taxonomy
- Symmetric Keys
- Secret Key: It implies symmetric encryption.
- Preshared/Shared Key: This implies the secret key is manually configured.
- Session Key: It implies the secret key is used in secure network transmission.
- Asymmetric Keys
- Public Key: used to encrypt the plaintext.
- Private Key: used to decrypt the ciphertext or used for digital signature.
Reference
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
您正在開發一個主從架構的應用程式,其中客戶端是透過公開金密基礎設施與其它客戶端及伺服器進行加密的通訊。 若網路上有十個客戶端,下列哪個是客戶端和伺務器之間所需的密鑰數量?
A. 11
B. 22
C. 55
D. 77
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
How can it be determined from the question that “secret key” doesn’t mean private key?
Good question! Thank you for your feedback. A secret key can refer to the private key in the sense of secrecy. However, it’s more common for people to imply the symmetric key when they use the term, secret key. It’s generally accepted but not a axiom.