# CISSP PRACTICE QUESTIONS – 20210531

Which of the following is an incorrect statement about cryptographic functions? (Wentz QOTD)
A. Collision makes a one-way function vulnerable and reversible.
B. The confusion property of a cipher reduces occurrences of key clustering.
C. A key schedule is an algorithm calculating round keys from the key in a product cipher.
D. Manually rotating a key typically occurs when the key is subject to being compromised.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Collision makes a one-way function vulnerable and reversible.

Collision makes a one-way function vulnerable, but a one-way function, e.g., hashing, is always irreversible. We cannot restore the original message from the hash value computed from the hash function.

## Confusion and Key Clustering

“In cryptography, confusion and diffusion are two properties of the operation of a secure cipher identified by Claude Shannon in his 1945 classified report A Mathematical Theory of Cryptography. These properties, when present, work to thwart the application of statistics and other methods of cryptanalysis.” (Wikipedia)

In cryptography, “key clustering” refers to the situation when two different keys generate the same ciphertext from the same plaintext, using the same cipher algorithm. The confusion property of a cipher complicates the relationship between the key and the ciphertext, reducing the occurrence of key clustering.

## Round Keys (Subkeys) and Key Schedule

Modern ciphers, or the so-called product ciphers, complicate ciphertext by confusing its relationship with the encryption key and diffusing the relationship with the plaintext through multiple rounds of processing of substitution and permutation, where each round may use a specific round key. A key schedule is an algorithm that calculates all the round keys from the key.

In cryptography, a product cipher combines two or more transformations in a manner intending that the resulting cipher is more secure than the individual components to make it resistant to cryptanalysis. The product cipher combines a sequence of simple transformations such as substitution (S-box), permutation (P-box), and modular arithmetic. The concept of product ciphers is due to Claude Shannon, who presented the idea in his foundational paper, Communication Theory of Secrecy Systems.

Source: Wikipedia

## Key Rotation

For symmetric encryption, periodically and automatically rotating keys is a recommended security practice. Some industry standards, such as Payment Card Industry Data Security Standard (PCI DSS), require the regular rotation of keys.

Cloud Key Management Service does not support automatic rotation of asymmetric keys. See Considerations for asymmetric keys below.

We recommend that you rotate keys automatically on a regular schedule. A rotation schedule defines the frequency of rotation, and optionally the date and time when the first rotation occurs. The rotation schedule can be based on either the key’s age or the number or volume of messages encrypted with a key version.

Some security regulations require periodic, automatic key rotation. Automatic key rotation at a defined period, such as every 90 days, increases security with minimal administrative complexity.

You should also manually rotate a key if you suspect that it has been compromised, or when security guidelines require you to migrate an application to a stronger key algorithm. You can schedule a manual rotation for a date and time in the future. Manually rotating a key does not pause, modify, or otherwise impact an existing automatic rotation schedule for the key.