topic Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition. in Cloud Security

Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

BeepPleep — Mon, 09 Oct 2023 10:22:16 GMT

Either this picture has an massive error or I am to stupid 😄

Can someone confirm one or the other?

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

dcontesti — Fri, 25 Nov 2022 18:27:07 GMT

So Encryption is not my strong suit but I would say the Diagram is WRONG.

From my trainings, I have always been told not to share my PRIVATE key with anyone.

I believe this should be escalate to the training material development team for verification. @Kaity would be kind enough to pass along.and quite possibility see if there is an errata for this.

My take would be:

Proof of Origin:

Message - signed by sender's private key - using the sender's public key to validate the sender.

Confidentiality:

Message - encrypted using the receiver's public key and decrypted using the receiver's private key.

Others?

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

denbesten — Sat, 26 Nov 2022 02:06:00 GMT

Yes, an error. As you note, the first action is done with "private key of sender". The general idea of public-key encryption is that everyone keeps their private key confidential and gives their public key to everyone. So, only the sender can use the sender's private key and only the receiver can use the receiver's private key.

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

BeepPleep — Sat, 26 Nov 2022 10:01:46 GMT

Many thanks, for a moment I thought I am really going nuts 😄

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

denbesten — Sat, 26 Nov 2022 15:59:36 GMT

Upon reflection, it is also important to know that it is called a public-private keypair because the two work in tandem, with the public key undoing whatever the private key did. Similarly, the private key undoes whatever the public key does.

The keys cannot "undo" their own actions. Using the same key twice (as the diagram shows) would put you further away from the original cleartext. This one little detail is what makes Public-key (asymmetric) encryption substantially different than shared-secret (symmetric) encryption.

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

Caute_cautim — Sat, 26 Nov 2022 22:01:00 GMT

Hi all

Well as the federal government state get prepare for your post quantum encryption, because Public Key encryption will be dead as a door nail, as other nations are collecting as much encryption traffic as they can, so they can decrypt it when they have sufficient quantum encryption and related computing available to them.

Quantum computers pose a serious threat to today's digital security due to their ability to factor numbers into primes much faster than their classical counterparts. Shor's and Grover's algorithms provide the mathematical foundations for quantum computers' threat to current encryption.

Regards

Caute_Cautim

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

ericgeater — Sun, 27 Nov 2022 13:48:19 GMT

Was this found here at (ISC)2's online learning portal? Or was this on another site? That wasn't made clear.

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

Caute_cautim — Sun, 27 Nov 2022 21:21:14 GMT

Hi Eric- General reading and collection of information, but if you want references:

https://www.weforum.org/agenda/2022/09/organizations-protect-quantum-computing-threat-cybersecurity/#:~:text=The%20potential%20of%20quantum%20computers,and%20break%20certain%20cryptocurrency%20encryption.

https://www.forbes.com/sites/forbestechcouncil/2022/01/11/the-quantum-threat-to-cryptography-dont-panic-but-prepare-now/?sh=5293cce5713a

https://www.enisa.europa.eu/news/enisa-news/post-quantum-cryptography-anticipating-threats-and-preparing-the-future

https://post-quantum.com/the-quantum-threat/index.html

https://cybersecurity.att.com/blogs/security-essentials/how-quantum-computing-will-effect-cryptography-why-we-need-post-quantum-cryptography

Regards

Caute_Cautim

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

ericgeater — Mon, 28 Nov 2022 14:04:41 GMT

Thank you, Caute, I'm very grateful for your thorough response! But I was responding to the original poster, as I did not know the source of their image snip. I've now surmised that it's from an online student guide, assuming it's apparently managed by (ISC)2 or a publishing partner.

Which is to say, @AndreaMoore it's difficult to follow replies on this forum. A thread becomes somewhat difficult to follow, if I can't determine if a new response follows the post or a subsequent reply. Am I missing something?

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

AndreaMoore — Mon, 28 Nov 2022 14:55:07 GMT

@ericgeater

If you want to reply to someone specific use the @ symbol and you can also reply to a specific message/post and also to make it clear you are commenting on a specific part of the message use the "quote" button. I've just used the " button and since I'm replying to your post it quoted yours. I also edited which part I quoted of yours so you know I'm only responding to the part I'm referring to.

I hope this helps. But yes, it can be confusing when people just reply and responses overlap - using the @ symbol and the " button would help.

@ericgeater wrote:

Which is to say, @AndreaMoore it's difficult to follow replies on this forum. A thread becomes somewhat difficult to follow, if I can't determine if a new response follows the post or a subsequent reply. Am I missing something?

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

ericgeater — Mon, 28 Nov 2022 15:00:02 GMT

@AndreaMoorethen that may be what's required! Maybe others will also adopt this, so that their threads will be easier to follow

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

dcontesti — Mon, 28 Nov 2022 17:03:52 GMT

@AndreaMooreSo not to lose my original request on this one. Can someone check our materials and ensure that this has been corrected or an errata issued on it?

Many thanks,

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

AndreaMoore — Mon, 28 Nov 2022 17:39:31 GMT

Here is a link to the errata form to fill out:

https://forms.monday.com/forms/69fb227889bb5158e4b3e43d8fe3f547?r=use1

@BeepPleep can you please fill it out since you know the source? Thanks!

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

BeepPleep — Mon, 28 Nov 2022 22:06:49 GMT

In the 5th edition of the course book.

Re: Asymmetric Encryption - Quality of Material? CCSP Course 5th Edition.

divide-by-zero — Fri, 09 Dec 2022 23:35:43 GMT

I concur, the private key should always remain with the receiver in this diagram.