---

@stacicore wrote:

I've been studying for quite some  time and I keep seeing a question pop up on the "All in One" Shon Harris Exam Prep Tests (I know, I know, its not my only source but this is bothering me).

The question is:

Hiding messages within the text of this question would be considered what type of encryption method?

A. Steganography

B. Running key cipher

C.Concealment cipher

D. Frequency analysis

 

I feel like the answer is "A" but when I chose that the exam tells me the answer is "C"; I'm hoping someone can clarify WHY the answer would be "C" and not "A" or if the prep question has the wrong answer (Making "A" the correct choice).

Thanks for any input!

---

I am mystified myself why the Harris book would select C, cipher. Stego is about hiding data in other data, such that if you can figure out how to pull the data out, you can understand it. Using a cipher is about encryption to modify the data so it is not usable until decrypted. I would have selected A, also.

Since Shon is no longer with us, we cannot ask for her logic there. .Is anyone at All-in-One books maintaining her book? 

Of course, using stego to hide encrypted text is a good two-layer way to transmit surreptitiously and protect data.

 

Craig

 

If this is a book, and not an online tool, check with the publisher's website for errata on your title.  Corrections can appear there.  I don't think the CBK had an errata, but Chapple's 8E for CISSP definitely did -- and to my everlasting shame, so did "CISSP for Dummies".

> stacicore (Viewer) edited a topic in Exam Preparation on 10-21-2020 12:47 PM in the (ISC)² Community :

> I've been studying for quite some  time and I keep seeing a question pop up
> on the "All in One" Shon Harris Exam Prep Tests (I know, I know, its not my
> only source but this is bothering me).

Generally, I refuse to answer *ANY* question that starts out, "Shon Harris says,"
but ...

> The question is: Hiding messages
> within the text of this question would be considered what type of encryption
> method? A. Steganography B. Running key cipher C.Concealment cipher
> D. Frequency analysis   I feel like the answer is "A" but when I chose
> that the exam tells me the answer is "C"; I'm hoping someone can clarify WHY
> the answer would be "C" and not "A" or if the prep question has the wrong
> answer (Making "A" the correct choice). Thanks for any input!

Shon (bless her pointed little text) was extremely found of explaining things she
didn't actually understand. I strongly suspect that this question is an example. It's
wrong. Somebody (probably Shon, but I don't know which version you are using,
and her name has been used since she died) is making a false distinction between
stego and concealment cipher, when they are basically synonyms. I can see where
some people would use the widely quoted examples of steganography in graphics
(for example) to insist that steganography *only* refers to those types of
abstruse and technical concealment, and to say that a simple anagram or "every
five words" cipher is not stego. I can't think of any major crypto text that makes
such a distinction. (Well, to be honest, most major crypto texts don't think much
of anagram or cover sheet ciphers, so they aren't widely discussed.) I would say
that this is an example of someone trying to make a question "harder" by simply
adding trivia. (I further suspect you could take it to a crypto conference and start
a good argument in the bar afterwards.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Know that I am The Accountant. And Know, Moreover, the this
Child has signed a Compact with Me, to enter My Apprenticeship
and be My Servant. And in return for Services Rendered, I, THE
ACCOUNTANT, am teaching him the Damnation of Souls, by means of
ensnaring them in a cursed web of Figures, Forms, Torts, and
Reprisals.
J.K. Rowling must have read `The Accountant,' by Robert Sheckley
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

I did some Googling for my own edification and it seems that A & C are correct. Furthermore, I cannot seem to find a distinction that makes one more correct than the other (in the CISSP sense of exam difficulty).

 

Here's an explanation that supports @rslade 's response:

https://www.geeksforgeeks.org/null-cipher/

 

The FBI calls it a cipher in this case:

https://www.fbi.gov/news/stories/breaking-codes-to-stop-crime-part-1

Of course, their use of one term over another does not prove anything necessarily; just an interesting case study.

 

Then there is this for fun (I think it's remains unsolved):

https://www.fbi.gov/news/stories/help-solve-an-open-murder-case-part-2

 

... and finally, there is this organization that might help make a distinction:

https://www.cryptogram.org/

 

I think @rslade is correct when he states that the terms are synonyms.

you missed the key word "encryption"  Steganography is not encryption but concealment.