Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [CISSP-D] Symmetric Key and authentication.

from [Rand] Network Security [Permanent Link]
Subject: Re: [CISSP-D] Symmetric Key and authentication.
Date: Fri, 20 May 2005 11:07:28 -0400 
I agree with Doug. I have found many contradictions in several of the books 
I've read and I've had to spend a lot of time finding the right answer. To 
find the right answer: GO TO THE SOURCE. The source would be the NIST docs, 
the Common Criteria, the ISO 17799, the BS7799, etc (quick link: 
http://www.cccure.org/modules.php?name=Downloads&d_op=viewdownload&cid=67 )
 Yes,more reading, more time spent, but at least you'll get a solid 
foundation and understanding of the principles that you need for the exam.
Rand

 On 5/20/05, Doug Landoll <dlandoll@veridyn.com> wrote: 


Be careful this is a bad approach to preparing for the CISSP exam. 
The CISSP prep books out there are a great tool for CISSP candidates 
and the books consolidate a lot of information. However, they are 
not free of errors. Do not rely on an answer just because it is in a 
book.

Symmetric encryption can provide authentication but only to the 
other party in the transaction. i.e., if you and I share a key and i 
receive a message encrypted in that key, then I KNOW it came from 
you. However, I cannot take that message and show it to someone else 
and convince them that the message came from you (since either you 
OR I could have encrypted it.)

This second type of authentication is called non-repudiation and can 
only be performed through asymetric encryption.

Note: Not all asymetric encryption can enforce non-repudiation. For 
example, Diffie-Hellman algorithm was designed for key exchange only 
and does not provide non-repudiation. (It was the El Gamal algorithm 
that extended D-H to provide non-repudiation.











--- In CISSP-Discuss@yahoogroups.com, Vijay Kumar <vijaychhipa@y...> 
wrote:

Manish

Your comments are in-line with what is logical. However the Shon 

Harris 

book mentioned that authentication can not be had with Symmetric 

only encryption.





------------------------------
*Yahoo! Groups Links*

   - To visit your group on the web, go to:
   http://groups.yahoo.com/group/CISSP-Discuss/
   - To unsubscribe from this group, send an email to:
   
CISSP-Discuss-unsubscribe@yahoogroups.com<CISSP-Discuss-unsubscribe@yahoogroups.com?subject=Unsubscribe>
   - Your use of Yahoo! Groups is subject to the Yahoo! Terms of 
   Service <http://docs.yahoo.com/info/terms/>. 





-- 
----------------------
Rand
~~~~~~~~~~~
Four wheels move the body. Two wheels move the soul.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [CISSP-D] Digest Number 628, Thomas Falter
Next by Date:  Re: [CISSP-D] book review, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  Re: [CISSP-D] Symmetric Key and authentication., Doug Landoll
Next by Thread:  [CISSP-D] Contest, lallo_62
Indexes:  [Date] [Thread] [Top] [All Lists]