Overview
Cryptography is the science of securing information through mathematical techniques, forming the backbone of modern information security. This study guide covers the core concepts tested on the CompTIA Security+ exam, including encryption methods, hashing, public key infrastructure, cryptographic protocols, and common attacks. Mastering these fundamentals is essential for understanding how confidentiality, integrity, authentication, and non-repudiation are achieved in real-world systems.
---
Encryption Fundamentals
Symmetric vs. Asymmetric Encryption
| Feature | Symmetric | Asymmetric |
|---|---|---|
| Keys used | One shared key | Public/private key pair |
| Speed | Fast | Slower |
| Key distribution | Problematic | Solved via public key |
| Use case | Bulk data encryption | Key exchange, signatures |
• Symmetric encryption: The same key encrypts and decrypts data. Examples: AES, DES, 3DES.
• Asymmetric encryption: Uses mathematically related key pairs — the public key encrypts, the private key decrypts. Examples: RSA, ECC.
• Key distribution problem: Symmetric encryption's core weakness — you must securely share the secret key before communicating. Asymmetric encryption solves this.
AES – The Gold Standard Symmetric Cipher
• Type: Symmetric block cipher
• Block size: 128 bits
• Key lengths: 128, 192, or 256 bits
• Widely used for file encryption, TLS, disk encryption (BitLocker)
Block Ciphers vs. Stream Ciphers
| Type | How It Works | Example |
|---|---|---|
| Block cipher | Encrypts fixed-size chunks (e.g., 128 bits) | AES |
| Stream cipher | Encrypts one bit/byte at a time | RC4 (deprecated) |
Encryption Modes
• ECB (Electronic Codebook): ❌ Weak — identical plaintext blocks → identical ciphertext blocks, revealing data patterns. Never use ECB.
• CBC (Cipher Block Chaining): Each block XORed with the previous ciphertext block before encryption. Requires an IV.
• CTR (Counter) Mode: Converts a block cipher into a stream cipher by encrypting an incrementing counter value, then XORing with plaintext. Highly parallelizable.
• GCM (Galois/Counter Mode): CTR mode + authentication tag. Provides both encryption and integrity.
Initialization Vector (IV)
• A random or pseudo-random value added to the first block of encryption.
• Ensures identical plaintext → different ciphertext across messages.
• Must be unique (and often random) per encryption operation, but does not need to be secret.
Key Terms – Encryption
• Plaintext: Unencrypted data
• Ciphertext: Encrypted data
• Key: The secret value controlling encryption/decryption
• Block cipher: Operates on fixed-size data chunks
• Stream cipher: Operates on data one bit/byte at a time
• IV (Initialization Vector): Random value preventing pattern repetition
• ECB: Weak mode — never use
• CTR mode: Block cipher operating as a stream cipher
⚠️ Watch Out For
• ECB mode is a common exam trap — it is always the wrong choice for secure encryption.
• AES is symmetric, even though it appears in TLS (which uses asymmetric for key exchange).
• CTR mode uses XOR — it does not directly call the block cipher decryption function on ciphertext.
---
Hashing and Integrity
What Is a Cryptographic Hash Function?
A hash function takes an arbitrary-length input and produces a fixed-length output (digest). It is a one-way function — you cannot reverse the process to retrieve the original input.
Core properties:
• One-way (pre-image resistance): Cannot reverse a hash to find the original input
• Collision resistance: Computationally infeasible to find two different inputs with the same hash output
• Deterministic: Same input always → same output
• Avalanche effect: Small input change → drastically different hash
Common Hash Algorithms
| Algorithm | Output Size | Status |
|---|---|---|
| MD5 | 128-bit | ❌ Broken (collisions found) |
| SHA-1 | 160-bit | ❌ Deprecated (weak) |
| SHA-256 | 256-bit | ✅ Secure |
| SHA-3 | Variable | ✅ Secure |
| bcrypt | Variable | ✅ Password hashing |
HMAC (Hash-based Message Authentication Code)
• Combines a cryptographic hash + secret key
• Provides both data integrity (message not altered) and authentication (confirms sender identity)
• Does not provide non-repudiation (shared key = either party could have created it)
• Formula concept: `HMAC = Hash(key + message)`
Defending Passwords: Salting and Key Stretching
Salting:
• Adds a unique random value (salt) to each password before hashing
• Defeats rainbow table attacks (precomputed hash lookups)
• Ensures two users with the same password have different stored hashes
Key stretching:
• Applies a hash function thousands of times iteratively
• Makes brute-force and dictionary attacks much slower
• Algorithms: bcrypt, PBKDF2, Argon2
Key Terms – Hashing
• Hash digest: The fixed-length output of a hash function
• Collision: Two different inputs producing the same hash
• Collision resistance: Property making collisions computationally infeasible
• Rainbow table: Precomputed table of hashes used to crack passwords
• Salt: Random value added to password before hashing
• Key stretching: Repeated hashing to slow brute-force attacks
• HMAC: Hash + secret key → integrity + authentication
⚠️ Watch Out For
• Hashing is not encryption — it is one-way and cannot be decrypted.
• MD5 and SHA-1 are broken for security use — exams test that you know this.
• HMAC provides authentication, but not non-repudiation — for non-repudiation you need digital signatures (private key).
• Salting defeats rainbow tables, but does not prevent brute force entirely — that's what key stretching addresses.
---
Asymmetric Cryptography & PKI
Digital Signatures
Digital signatures use asymmetric cryptography in reverse compared to encryption:
| Operation | Key Used |
|---|---|
| Signing (creating signature) | Sender's private key |
| Verifying (checking signature) | Sender's public key |
• Provides non-repudiation: Only the private key owner could have signed the message.
• Provides integrity: Any alteration breaks the signature.
• Process: Hash the message → encrypt the hash with private key → attach as signature.
Public Key Infrastructure (PKI)
Certificate Authority (CA):
• A trusted third party that issues, manages, and revokes digital certificates
• Binds a public key to an entity's verified identity
• Creates the chain of trust
PKI Hierarchy:
• Root CA: Top of the trust hierarchy; self-signed certificate
• Intermediate CA: Issues end-entity certificates; signed by Root CA
• End-entity certificate: The certificate used by a website, user, or device
Certificate Signing Request (CSR):
• Sent by an applicant to a CA
• Contains: applicant's public key + identity information
• CA verifies identity, then signs and returns a digital certificate
Certificate Revocation
| Method | How It Works | Drawback |
|---|---|---|
| CRL (Certificate Revocation List) | Periodically published list of revoked certs | Can be outdated between publications |
| OCSP (Online Certificate Status Protocol) | Real-time query for a single certificate's status | Requires live connection; privacy concern |
Certificate Types
• Wildcard certificate (`*.example.com`): Secures a domain and all first-level subdomains. Cannot cover multiple levels (e.g., `sub.sub.example.com`).
• SAN (Subject Alternative Name): Lists multiple specific domain names on one certificate.
• Self-signed certificate: Signed by the entity itself, not a CA. Not trusted by browsers.
• Certificate pinning: Associates a host with a specific expected public key/certificate. Prevents MITM attacks using fraudulent CA-signed certificates.
Key Asymmetric Algorithms
| Algorithm | Purpose | Notes |
|---|---|---|
| RSA | Encryption, digital signatures | Large key sizes (2048+ bits) |
| Diffie-Hellman (DH) | Key exchange only | Not used for encryption or signatures |
| ECDH / ECDHE | Key exchange (elliptic curve variant) | ECDHE provides PFS |
| ECC | Encryption, signatures | Smaller keys, same strength as RSA |
| DSA | Digital signatures only | Government standard |
ECC vs. RSA:
• ECC achieves equivalent security with much smaller key sizes
• 256-bit ECC ≈ 3072-bit RSA in strength
• Faster, less power consumption → ideal for mobile and IoT devices
Diffie-Hellman:
• Designed exclusively for key exchange over untrusted channels
• Allows two parties to independently derive the same shared secret
• Does not encrypt data or create signatures
Key Terms – PKI
• CA (Certificate Authority): Issues and manages digital certificates
• Certificate: Digitally signed document binding public key to identity
• CSR: Request to CA for certificate issuance
• CRL: List of revoked certificates
• OCSP: Real-time certificate revocation check
• Chain of trust: Root CA → Intermediate CA → End-entity cert
• Non-repudiation: Cannot deny having signed; provided by private key signing
• Certificate pinning: Hardcoded expected certificate/key to prevent MITM
• Wildcard cert: Covers `*.domain.com` (first-level subdomains only)
⚠️ Watch Out For
• Private key signs; public key verifies — this is the reverse of encryption (public encrypts, private decrypts).
• Diffie-Hellman is for key exchange only — not encryption, not signatures.
• Wildcard certs cover `*.example.com` but not `sub.sub.example.com`.
• A CA-signed certificate can still be fraudulent without certificate pinning.
• OCSP is real-time; CRL can be stale.
---
Cryptographic Protocols & Use Cases
TLS and SSL
| Protocol | Status |
|---|---|
| SSL 2.0 / 3.0 | ❌ Deprecated and insecure |
| TLS 1.0 / 1.1 | ❌ Deprecated |
| TLS 1.2 | ✅ Acceptable |
| TLS 1.3 | ✅ Preferred |
• TLS (Transport Layer Security) is the modern successor to SSL
• TLS protects data in transit (e.g., HTTPS)
• TLS 1.3 removes weak cipher suites and mandates Perfect Forward Secrecy
Perfect Forward Secrecy (PFS)
• Generates a unique session key for each session using ephemeral (temporary) key exchange
• Key exchange algorithms: ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) or DHE
• If the server's long-term private key is compromised, previously recorded sessions cannot be decrypted
• PFS is a key feature of TLS 1.3
Steganography vs. Encryption
| Feature | Encryption | Steganography |
|---|---|---|
| What it hides | The content of a message | The existence of a message |
| Detectable? | Yes — ciphertext is visible | No — hidden in carrier file |
| Example | AES-encrypted file | Text hidden in image pixels |
Special Encryption Techniques
Homomorphic Encryption:
• Allows computations on encrypted data without decrypting it
• Third-party processes data while it remains confidential
• Use case: Cloud computing with sensitive data
TPM (Trusted Platform Module):
• Hardware chip for secure key generation, storage, and management
• Enables features like BitLocker full-disk encryption
• Keys stored in hardware → resistant to software-based extraction
• Provides hardware root of trust
Non-Repudiation
• Provided by digital signatures (private key signing)
• The signer cannot deny signing because only their private key could have produced the signature
• Encryption alone does not provide non-repudiation
Key Terms – Protocols & Use Cases
• TLS: Secure transport protocol (successor to SSL)
• PFS (Perfect Forward Secrecy): Session keys not derived from long-term key
• ECDHE: Elliptic curve ephemeral key exchange enabling PFS
• Steganography: Hiding data's existence within another file
• Homomorphic encryption: Computing on encrypted data without decryption
• TPM: Hardware-based secure key storage chip
• Non-repudiation: Proof of origin that cannot be denied
⚠️ Watch Out For
• SSL is completely deprecated — never recommend SSL; always recommend TLS 1.2 or 1.3.
• PFS protects past sessions — it is specifically about protecting previously recorded traffic from future key compromise.
• Steganography is not encryption — the data is not scrambled, just hidden.
• Non-repudiation requires private key signing (asymmetric) — symmetric keys like HMAC do not provide non-repudiation.
---
Cryptographic Attacks & Weaknesses
Common Attack Types
| Attack | Target | Description |
|---|---|---|
| Ciphertext-only | Encrypted data | Attacker has only ciphertext; uses statistical analysis or brute force |
| Known-plaintext | Cipher algorithm | Attacker has some plaintext + corresponding ciphertext |
| Chosen-plaintext | Cipher algorithm | Attacker can choose plaintexts and observe ciphertext |
| Birthday attack | Hash functions | Exploits birthday paradox to find hash collisions |
| Downgrade attack | Protocols | Forces use of older, weaker protocol version |
| Brute force | Keys/passwords | Tries all possible keys/passwords |
| Rainbow table | Password hashes | Uses precomputed hash table to reverse hashes |
Birthday Attack
• Exploits the birthday paradox: In a group, it takes far fewer than expected elements before two share the same property
• Used to find hash collisions (two inputs with the same hash)
• Targets the collision resistance property of hash functions
• Larger hash output sizes reduce this risk (SHA-256 is far more resistant than MD5)
Downgrade Attack
• Attacker tricks parties into negotiating a weaker/older protocol (e.g., TLS 1.3 → SSL 3.0)
• Example: POODLE attack exploited SSL 3.0 downgrade
• Defense: Disable all deprecated protocol versions on servers
Quantum Computing Threat
| Vulnerable Algorithm | Why Vulnerable |
|---|---|
| RSA | Based on integer factoring — solved by Shor's algorithm |
| ECC | Based on elliptic curve discrete log — solved by Shor's algorithm |
| Diffie-Hellman | Based on discrete logarithm — solved by Shor's algorithm |
| AES-128 | Weakened (but not broken) by Grover's algorithm |
Post-Quantum Cryptography (PQC):
• Developing new algorithms resistant to quantum attacks
• NIST is standardizing PQC algorithms (e.g., CRYSTALS-Kyber, CRYSTALS-Dilithium)
• AES-256 is considered quantum-resistant with current estimates
Key Terms – Attacks
• Ciphertext-only attack: Only ciphertext available to attacker
• Birthday attack: Finding hash collisions via birthday paradox
• Collision: Two different inputs with the same hash