cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JoeBuilder
Newcomer I

Does Cryptography support Availability?

This is one of the review questions in the official study guide by Sybex.

 

My initial thinking was no, cryptography supports confidentiality, and integrity.

 

But the answer yes, cryptography supports availability.  I could not find anything online to support this answer.

 

Let's hear your thoughts.

 

Can we get feedback from the author?

2 Replies
Steve-Wilme
Advocate II

Cryptography supports availability in the sense that the encrypted information is accessible to authorized users only and not to unauthorised users.  So although that sounds like confidentiality the 'accessible to authorised users' is part of the definition of availability, so crypto 'supports' it, even if it doesn't directly support system uptime.

 

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
CISOScott
Community Champion

So I would ask, what is the MAIN purpose of cryptography? It would be to ensure confidentiality. You use cryptography because you do not want other people to view your data. You can also argue that it supports availability (can you get to your data) and Integrity (if no one can see it, then no one can change it).  Having your data encrypted or not DOES NOT affect availability of the data, the data is there in either encrypted or unencrypted form. A hacker can steal encrypted data. However, Crypto can AFFECT Accessibility of reading your data. SO if ransomware encrypts your data (not what encryption was intended for) then it CAN Affect availability. SO I have just addressed how it can be argued both ways that it either does or does not affect availability. 

 

In your studies know what the main purpose of crypto was designed for and also consider how it can be misused. Hopefully this shows you how cryptography, when misused, can affect availability. Also it sucks if you lose the encryption keys to your own data. I have seen that happen too.