cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
stacicore
Newcomer I

Steganography vs concealment ciper

I've been studying for quite some  time and I keep seeing a question pop up on the "All in One" Shon Harris Exam Prep Tests (I know, I know, its not my only source but this is bothering me).

The question is:

Hiding messages within the text of this question would be considered what type of encryption method?

A. Steganography

B. Running key cipher

C.Concealment cipher

D. Frequency analysis

 

I feel like the answer is "A" but when I chose that the exam tells me the answer is "C"; I'm hoping someone can clarify WHY the answer would be "C" and not "A" or if the prep question has the wrong answer (Making "A" the correct choice).

Thanks for any input!

11 Replies
CraginS
Defender I


@stacicore wrote:

I've been studying for quite some  time and I keep seeing a question pop up on the "All in One" Shon Harris Exam Prep Tests (I know, I know, its not my only source but this is bothering me).

The question is:

Hiding messages within the text of this question would be considered what type of encryption method?

A. Steganography

B. Running key cipher

C.Concealment cipher

D. Frequency analysis

 

I feel like the answer is "A" but when I chose that the exam tells me the answer is "C"; I'm hoping someone can clarify WHY the answer would be "C" and not "A" or if the prep question has the wrong answer (Making "A" the correct choice).

Thanks for any input!


I am mystified myself why the Harris book would select C, cipher. Stego is about hiding data in other data, such that if you can figure out how to pull the data out, you can understand it. Using a cipher is about encryption to modify the data so it is not usable until decrypted. I would have selected A, also.

Since Shon is no longer with us, we cannot ask for her logic there. .Is anyone at All-in-One books maintaining her book? 

Of course, using stego to hide encrypted text is a good two-layer way to transmit surreptitiously and protect data.

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
ericgeater
Community Champion

If this is a book, and not an online tool, check with the publisher's website for errata on your title.  Corrections can appear there.  I don't think the CBK had an errata, but Chapple's 8E for CISSP definitely did -- and to my everlasting shame, so did "CISSP for Dummies".

-----------
A claim is as good as its veracity.
rslade
Influencer II

> stacicore (Viewer) edited a topic in Exam Preparation on 10-21-2020 12:47 PM in the (ISC)² Community :

> I've been studying for quite some  time and I keep seeing a question pop up
> on the "All in One" Shon Harris Exam Prep Tests (I know, I know, its not my
> only source but this is bothering me).

Generally, I refuse to answer *ANY* question that starts out, "Shon Harris says,"
but ...

> The question is: Hiding messages
> within the text of this question would be considered what type of encryption
> method? A. Steganography B. Running key cipher C.Concealment cipher
> D. Frequency analysis   I feel like the answer is "A" but when I chose
> that the exam tells me the answer is "C"; I'm hoping someone can clarify WHY
> the answer would be "C" and not "A" or if the prep question has the wrong
> answer (Making "A" the correct choice). Thanks for any input!

Shon (bless her pointed little text) was extremely found of explaining things she
didn't actually understand. I strongly suspect that this question is an example. It's
wrong. Somebody (probably Shon, but I don't know which version you are using,
and her name has been used since she died) is making a false distinction between
stego and concealment cipher, when they are basically synonyms. I can see where
some people would use the widely quoted examples of steganography in graphics
(for example) to insist that steganography *only* refers to those types of
abstruse and technical concealment, and to say that a simple anagram or "every
five words" cipher is not stego. I can't think of any major crypto text that makes
such a distinction. (Well, to be honest, most major crypto texts don't think much
of anagram or cover sheet ciphers, so they aren't widely discussed.) I would say
that this is an example of someone trying to make a question "harder" by simply
adding trivia. (I further suspect you could take it to a crypto conference and start
a good argument in the bar afterwards.)

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
Know that I am The Accountant. And Know, Moreover, the this
Child has signed a Compact with Me, to enter My Apprenticeship
and be My Servant. And in return for Services Rendered, I, THE
ACCOUNTANT, am teaching him the Damnation of Souls, by means of
ensnaring them in a cursed web of Figures, Forms, Torts, and
Reprisals.
J.K. Rowling must have read `The Accountant,' by Robert Sheckley
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
stacicore
Newcomer I

Thank you!
I do believe that this edition (8th) was written with out her and there are some annotations as to some things that have changed so, yes, I believe they are maintaining the book.
stacicore
Newcomer I

Thank you so much for answering mine then!
I have read (a few times) your post with example questions and that, honestly, is what made me ask here. I wondered if I wasn't reading the question in the correct way (if there is one).
I've found a few questions on the test prep for the 8th Ed. All in One that seem ...not great to put it mildly. I quit using the learningtree test prep when I got the same question twice (same exact); selected the same answer both times and one was wrong. I've learned that these "test" exams aren't for memorizing exact answers but the understanding of the questions; but when I see things like my post it makes me questions if my knowledge is some how faulty.
stacicore
Newcomer I

Thanks for telling me, I did not know. I'll go see if I can find the errata for All in one.
MarkWeldon
Newcomer II

I did some Googling for my own edification and it seems that A & C are correct. Furthermore, I cannot seem to find a distinction that makes one more correct than the other (in the CISSP sense of exam difficulty).

 

Here's an explanation that supports @rslade 's response:

https://www.geeksforgeeks.org/null-cipher/

 

The FBI calls it a cipher in this case:

https://www.fbi.gov/news/stories/breaking-codes-to-stop-crime-part-1

Of course, their use of one term over another does not prove anything necessarily; just an interesting case study.

 

Then there is this for fun (I think it's remains unsolved):

https://www.fbi.gov/news/stories/help-solve-an-open-murder-case-part-2

 

... and finally, there is this organization that might help make a distinction:

https://www.cryptogram.org/

 

I think @rslade is correct when he states that the terms are synonyms.


Mark Weldon
Sr. Cybersecurity Systems Engineer | Florida, USA
(ISC)² CSSLP | CompTIA Security+ CE
US Navy Veteran
PuettK
Newcomer III

you missed the key word "encryption"  Steganography is not encryption but concealment.

rslade
Influencer II

> PuettK (Newcomer II) posted a new reply in Exam Preparation on 10-23-2020 04:29 PM in the (ISC)² Community :

> you missed the key word "encryption"  Steganography is not encryption but concealment.

I do rather think you could start another good argument at a crypto conference
bar with that assertion ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
[N]o one goes downhill head-first on a cafeteria tray better than
Canadians ... If you've got something really dangerous and not
terribly smart planned for an Olympic sport, the sort of thing
that two guys out drinking heavily one night at the top of the
bobsled run probably thought up, we're in.
- Cam Cole, Vancouver Sun, 20060218
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468