| 🏠 Back to Exam Syllabus | 📺 RooCloud on YouTube | 🌐 RooCloud Practice Exams |
CISSP 6.1 - Cryptographic Foundations (Part 3 of 3)
This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series completes the Domain 3 cryptographic foundations by meeting the classic ciphers themselves — the historical techniques that form the DNA of every modern algorithm, and the fundamental properties that decide whether a cipher stands strong or quietly falls apart.
What this episode covers
- Codes vs ciphers — codes swap whole words and phrases; ciphers always conceal and work on characters and bits.
- Transposition and substitution — the two fundamental moves: rearrange the pieces or replace them.
- Frequency analysis — simple fixed-shift substitutions fall to letter counting, and even polyalphabetic keywords leak.
- One-time pads — theoretically unbreakable only when the key is random, secret, single-use, and message-length.
- Running key ciphers — a shared book supplies the key, so nothing secret needs to be smuggled.
- Block vs stream ciphers — encrypting a fixed-size chunk at once, or one character or bit at a time.
- Confusion and diffusion — substitution tangles the key link while transposition spreads every change widely.
Watch the full episode above for the worked examples and detailed explanations of each concept.
Frequently Asked Questions
How is a code different from a cipher?
A code swaps whole words or phrases for other symbols, and it is not always meant to hide meaning — think of the shorthand radio phrases emergency crews use, where a single number stands for a full sentence. A cipher is always meant to conceal, and it works on the smallest units: individual characters, bits, or fixed blocks. An easy anchor is that codes handle words and phrases, while ciphers handle characters and bits.
What are the two basic ways to scramble a message?
Transposition rearranges the pieces you already have without changing them, so reversing the letters turns apple into elppa. Substitution swaps each piece for a different one, like shifting every letter a fixed number of places down the alphabet, so with a shift of 3, A becomes D. Picture a deck of cards: transposition shuffles the order, while substitution replaces each card with a different one.
What makes a one-time pad theoretically unbreakable?
A one-time pad uses a different random substitution for every single letter, so no pattern ever survives to be attacked, and done exactly right it cannot be cracked even in theory. But the conditions are strict: the key must be truly random, kept physically secret, used only once, and at least as long as the message. Break any one of those rules and the whole guarantee collapses.
What is a running key cipher, and why use one?
A running key cipher, also called a book cipher, solves the pad’s biggest headache: distributing long keys. Both sides agree on a shared text, say a specific chapter of a well-known novel starting at a set point, and draw as many characters as the message needs straight from that book to serve as the key. There is nothing secret to smuggle, only an agreement about where to begin reading.
What two properties make a modern cipher strong?
Confusion and diffusion working together. Confusion means the link between the key and the ciphertext is so tangled that tweaking the input teaches an attacker nothing about the key, while diffusion means a single change in the plaintext ripples out and alters many parts of the ciphertext. A well-built algorithm layers both, using substitution to create confusion and transposition to create diffusion.
📚 Master the ISC2 CISSP Exam!
Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.
Reference: This article is based on concepts discussed in CISSP 6.1 - Cryptographic Foundations (Part 3 of 3).