[Cisspstudy] Questions about 10 users to fully communicate

Yann Petiot outsider73 at gmail.com
Wed Jan 20 09:12:59 EST 2010 

Hi,

Question 1:
In my opinion to "fully" communicate - and I think the important word here
is fully - you would need none of the answers but 100. Let me explain. Yes
you need to generate a total of 20 keys (10 public and 10 private), but this
is not enough to communicate with each other if nobody owns the public key
of the others.
Each user keeps his private key. Total = 10 for now.
Then, if you have ever worked with Linux servers and SSH connections, you
know that you need to copy the public key of the remote server to your local
server to work correctly. And if you want to automate more, you need to copy
the local public key to the remote server. So for me, this is the same,
there is no central repository here, each user has to send his public key to
the 9 other users. 10 users sending to 9 users = 90. Total = 10 + 90 = 100
Each user does not need to keep his own public key (the private key is the
only one important in our case) when completed, so the 10 users can get rid
of it. Total remains 100.

Question 2:
I was thinking, answer D, none of the answers.
As Clement Dupuis said you need Asymmetric and Digital Signature to ensure
the 3 options: Integrity, Authenticity, Non-Repudiation. Digital Signature
is using a hashing function and since hashing is a separate answer I would
have said answer D as Asymmetric crypto by itself doesn't seem enough.

Now my question: are all the questions at the CISSP exam of this kind?
meaning the answer depends of how you understand the question??

Thanks
Yann

>
> Message: 1
> Date: Wed, 20 Jan 2010 21:08:10 +0800 (CST)
> From: "yaling.lu" <yaling.lu at 163.com>
> To: cisspstudy at cccure.org
> Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 19
> Message-ID:
>        <5480199.757011263992890977.JavaMail.coremail at bj163app70.163.com>
> Content-Type: text/plain; charset="gbk"
>
> Hi,all
> I agree with Tom
> #1, it should be 20.
> For the 10+10*10, the public key to everyone should be same, it should be
> correct to 10+10=20.
>
>
> #2,I am not clear, would some explain in detail?
> I think intergrity is protected by HASH, authenticicity and non-repudiation
> are protected by Asymmetric.
>
> Please discuss.
>
> 2010-01-20
> yaling.lu
> Sales Engineer,  McAfee
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100120/2c34c25c/attachment.html>

More information about the cisspstudy mailing list