🏠 Back to Exam Syllabus 📺 RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 6.3 - Symmetric Cryptography (Part 1 of 2)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series gets concrete with Domain 3’s symmetric cryptography, covering how block ciphers actually run and the named algorithms every candidate must recognize. It shows how to read a cryptographic configuration and judge whether it is sound or dangerously dated — a skill that turns up in real settings screens and audit findings.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What is a block cipher mode of operation?

It is the recipe for how a cipher processes data block after block. The same core algorithm can be run in different modes, and each mode changes how much protection you actually get. Some modes simply encrypt each chunk in isolation, while others weave chunks together so patterns cannot show through.

Why is the simplest mode also the weakest?

Because Electronic Codebook mode encrypts every identical block into the exact same output. An eavesdropper who sees repeated ciphertext knows the underlying plaintext repeated too, and can slowly assemble a codebook of patterns. So this mode is safe only for very short items, like encrypting a single key.

How do the chaining and streaming modes improve on it?

They break the predictability by mixing each block with something that changes. Cipher Block Chaining combines each block with the previous ciphertext using exclusive or, plus a random starting value, so repeats vanish, while Cipher Feedback and Output Feedback apply the same idea to real-time data. Counter mode uses a simple incrementing counter, which lets it encrypt many blocks in parallel for speed.

What extra do the authenticated modes provide?

They add proof that the data was not tampered with, not just kept secret — the plain modes only deliver confidentiality, so they are called unauthenticated. Galois Counter mode and the counter with chaining message authentication code mode attach an authentication tag to the ciphertext. That tag lets the recipient confirm both secrecy and integrity in one step.

Which older symmetric algorithms should you recognize?

The Data Encryption Standard (DES) processes 64-bit blocks with a 56-bit key across 16 rounds and is now considered broken, while Triple DES runs the same core three times and is itself being phased out. The International Data Encryption Algorithm uses 64-bit blocks with a 128-bit key and once powered a popular secure email tool, Blowfish is a fast 64-bit block cipher with flexible key lengths common for secure shell connections, and SKIPJACK used an 80-bit key with a key escrow feature that made the wider community distrust it.

📚 Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 6.3 - Symmetric Cryptography (Part 1 of 2).