Effective CISSP Questions

Which of the following cryptographic algorithms can ensure confidentiality with the shortest key length? (Wentz QOTD)
A. Factoring modulus
B. RSA Public key encryption
C. Elliptic curve
D. Hash

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Elliptic curve.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

NIST Recommendation for Key Management
NIST Recommendation for Key Management (Source: keylengt)

Modular arithmetic is commonly used in asymmetric cryptography, such as the prime factoring-based RSA or Diffie-Hellman for key exchange. Factoring modulus implies the RSA public-key encryption, which uses a key longer than 2048 bits nowadays.

Elliptic curve-based asymmetric cryptography uses a much shorter key than RSA but renders the same work factor for cryptanalysis. As you can see in the table above, the elliptic curve uses 256 bits and it is equivalent to a 3072-bit factoring modulus.

Hash doesn’t need a key and enforces integrity instead of confidentiality.

RSA (cryptosystem)

RSA is a public-key cryptosystem, published in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. A public key is generated based on two large prime numbers. Even though the public key is shared publicly, the two large prime numbers shall be kept secret.

Public and Private Key Generation

1. Select p = 7, q = 17 where p and q are prime numbers
2. Calculate n = 7 x 17 = 119
3. Calculate phi(n) = (7-1) x (17-1) = 96

Public Key = {e, n} = {5, 119} given gcd(96, e) = 1 and 1 < e < 96.
Private Key: {d, n} = {77, 119} d ≡ 5^-1 mod 96 ⇒ d x 5 ≡ 1 mod 96
*gcd: greatest common divisor

Encryption: Plaintext = 19, Ciphertext = 66 = 19^5 mod 119 (e = 5, n = 119)
Decryption: Ciphertext = 66, Plaintext = 19 = 66^77 mod 119 (d = 77, n = 119)

The RSA Algorithm
The RSA Algorithm (Image Credit: Shihab A. Shawkat)
Greek Alphabet and Symbols
Greek Alphabet and Symbols (Source: GreekBoston)

In a public-key cryptosystem, the encryption key is public and distinct from the decryption key, which is kept secret (private). An RSA user creates and publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers are kept secret. Messages can be encrypted by anyone, via the public key, but can only be decoded by someone who knows the prime numbers.

The security of RSA relies on the practical difficulty of factoring the product of two large prime numbers, the “factoring problem”. Breaking RSA encryption is known as the RSA problem. Whether it is as difficult as the factoring problem is an open question. There are no published methods to defeat the system if a large enough key is used.

RSA is a relatively slow algorithm. Because of this, it is not commonly used to directly encrypt user data. More often, RSA is used to transmit shared keys for symmetric key cryptography, which are then used for bulk encryption-decryption.

Source: Wikipedia


以下哪種密碼學演算法可以使用最短的金鑰長度來確保機密性? (Wentz QOTD)
A. 分解模數
B. RSA公鑰加密
C. 橢圓曲線
D. 哈希

Leave a Reply