🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 6.1 - Cryptographic Foundations (Part 3 of 3)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series completes the Domain 3 cryptographic foundations by meeting the classic ciphers themselves — the historical techniques that form the DNA of every modern algorithm, and the fundamental properties that decide whether a cipher stands strong or quietly falls apart.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

How is a code different from a cipher?

A code swaps whole words or phrases for other symbols, and it is not always meant to hide meaning — think of the shorthand radio phrases emergency crews use, where a single number stands for a full sentence. A cipher is always meant to conceal, and it works on the smallest units: individual characters, bits, or fixed blocks. An easy anchor is that codes handle words and phrases, while ciphers handle characters and bits.

What are the two basic ways to scramble a message?

Transposition rearranges the pieces you already have without changing them, so reversing the letters turns apple into elppa. Substitution swaps each piece for a different one, like shifting every letter a fixed number of places down the alphabet, so with a shift of 3, A becomes D. Picture a deck of cards: transposition shuffles the order, while substitution replaces each card with a different one.

What makes a one-time pad theoretically unbreakable?

A one-time pad uses a different random substitution for every single letter, so no pattern ever survives to be attacked, and done exactly right it cannot be cracked even in theory. But the conditions are strict: the key must be truly random, kept physically secret, used only once, and at least as long as the message. Break any one of those rules and the whole guarantee collapses.

What is a running key cipher, and why use one?

A running key cipher, also called a book cipher, solves the pad’s biggest headache: distributing long keys. Both sides agree on a shared text, say a specific chapter of a well-known novel starting at a set point, and draw as many characters as the message needs straight from that book to serve as the key. There is nothing secret to smuggle, only an agreement about where to begin reading.

What two properties make a modern cipher strong?

Confusion and diffusion working together. Confusion means the link between the key and the ciphertext is so tangled that tweaking the input teaches an attacker nothing about the key, while diffusion means a single change in the plaintext ripples out and alters many parts of the ciphertext. A well-built algorithm layers both, using substitution to create confusion and transposition to create diffusion.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 6.1 - Cryptographic Foundations (Part 3 of 3).