🏠 Back to Exam Syllabus πŸ“Ί RooCloud on YouTube 🌐 RooCloud Practice Exams

CISSP 6.3 - Symmetric Cryptography (Part 2 of 2)

This episode of the ISC2 Certified Information Systems Security Professional (CISSP) exam prep series finishes Domain 3’s symmetric algorithm lineup and then turns to the discipline that makes or breaks it all: key management. It covers where the remaining named ciphers stand today and the habits that keep secret keys exchanged, stored, and recovered without handing attackers an easy win.

What this episode covers

Watch the full episode above for the worked examples and detailed explanations of each concept.

Frequently Asked Questions

What are the Rivest ciphers, and where do they stand?

They are a family of related algorithms with very different fates. RC4, a stream cipher once baked into old wireless and web security protocols, was made insecure by a run of attacks and is now retired. RC5 is a block cipher with flexible sizes that stood up to a brute-force cracking effort that took years to break just one message, and RC6 was offered as a candidate for the next national standard but lost that contest and never caught on.

Why is the Advanced Encryption Standard the gold standard?

Because it was chosen through open competition to replace the aging DES, and it has held up ever since. Built on an algorithm called Rijndael, it became the mandated standard for protecting sensitive government data. It works on 128-bit blocks, lets you pick a key of 128, 192, or 256 bits, and performs more rounds of scrambling with longer keys β€” 10, 12, or 14.

How do you exchange a secret key securely?

There are three main answers. Offline distribution physically hands over the key on paper or a device, which is simple but clumsy and easy to intercept. Public key encryption opens a secure channel first and then passes the fast symmetric key through it, and the Diffie-Hellman algorithm lets two parties agree on a shared secret even over an open line with no prior contact.

Where should encryption keys be stored?

Never right beside the data they protect. Software-based storage keeps keys as files on the system, which is easy but exposed if that system is compromised; hardware-based storage uses dedicated devices, from personal smartcards up to enterprise hardware security modules; and cloud-based storage runs that same hardware module approach inside a provider’s data center. For the most sensitive keys, split them between two people so neither can act alone.

How does key escrow and recovery work safely?

Escrow means a copy of a key is held so it can be recovered later under strict conditions β€” useful inside a company when someone leaves and their encrypted files are still needed, or when a key is simply lost. The people trusted to recover keys are recovery agents, and that is enormous power. To keep any one of them honest, organizations use M of N control, requiring at least M agents out of a group of N to cooperate before a key can be pulled.

πŸ“š Master the ISC2 CISSP Exam!

Ready to test your knowledge? Access chapter-specific Multiple Choice Questions (MCQs) and full-length practice exams for the ISC2 CISSP certification at RooCloud.com. Solve the chapter-wise questions to reinforce this lesson before moving to the next episode.


Reference: This article is based on concepts discussed in CISSP 6.3 - Symmetric Cryptography (Part 2 of 2).