[Cisspstudy] cisspstudy Digest, Vol 19, Issue 18
Holland, Brandon
hollandb at frmaint.com
Wed Jan 20 15:06:11 EST 2010
That's what stinks about a lot of these questions... because you can
understand everything there is to know about the keys and types of keys
and still can miss it because you didn't know how the question author
wanted you to interpret the question... but this is great is at least
whether or not u get this question wrong, it will help to concrete the
underlying concepts in your head (the actual important thing, much
better than getting a question right on a test)
Saying all this, I think this is a little over-blown... over
analyzed... I think the author put "fully" not for you to ensure you
count the same key each time it's used, but to make sure you really know
asymmetric and don't use the symmetric key formula on it instead... you
only need 20 keys in total to fully communicate to every person, no
matter how many times those keys are used. Also, it says how many keys
are 'required' not how many times they are 'used'
-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org] On Behalf Of gerritsjs
Sent: Wednesday, January 20, 2010 12:07 PM
To: 'The CISSP Study Mailing list'
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 18
Tom;
Let us put it in perspective. Let us assume that you have made two
keys
to your house (i.e one public key and one private key).... that is two.
You
plan to take a vacation for nine/ten days. You have asked 9 friends of
yours
to watch the house, while you are away. You have given your public key
to a
trusted entity (i.e., your aunt/uncle) and told her that you have
identified
9 friends to watch your house while you are away and that she is to
provide
your friends with the public key to your house.
To use the asymmetric logic, the trusted entity must not duplicate the
key
and that the "trusted" person who is responsible for watching the house
returns the key to the trusted entity upon completion of his/her watch,
so
that the next "trusted" person can obtain the key and watch the house
for
you. Using this logic, I agree that the number of keys is still 2.
When reading the question, it appears that each of your 9 friends has
the
key to your house (even though they are duplicates), while you are away.
And that, let us say, your condo is in New York and that your friends
are
scattered throughout the United States, and you entrusted them with your
condo of $2 Million in New York. That is, your friends are in Chicago,
Washington D.C., Ann Arbor, Dallas, Miami, etc. The trusted entity is
in
Los Angeles. Question: Is the asymmetric logic still applicable?
jonus
-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org]
On Behalf Of twitwicki at hannaford.com
Sent: Wednesday, January 20, 2010 6:20 AM
To: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 18
Janus,
Thank you for adding your explanation of the question. I can see the
logic
and your formula makes it easy to understand, but should the public keys
be
counted as separate for each participant? Aren't they really just the
same
public key used by the 10 participants? The fact that Asymmetric
encryption is described as more scalable than symmetric also points to
this. If the were a symmetric case, the keys needed would be 45 .
There
is a also an example in the ISC2 guide which supports the approach which
leads to the answer of 20.
Tom Witwicki, CIPP
Director, Information Security
Hannaford Bros. Co.
207-885-2073
Join me on Linkedin!
http://www.linkedin.com/in/tomwitwicki
cisspstudy-reques
t at cccure.org
Sent by:
To
cisspstudy-bounce cisspstudy at cccure.org
s at cccure.org
cc
Subject
01/19/2010 05:53 cisspstudy Digest, Vol 19, Issue
18
PM
Please respond to
cisspstudy at cccure
.org
Send cisspstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."
Today's Topics:
1. Re: cisspstudy Digest, Vol 19, Issue 16 (gerritsjs)
2. Re: cisspstudy Digest, Vol 19, Issue 16 (Saurabh Bhargava)
----------------------------------------------------------------------
Message: 1
Date: Tue, 19 Jan 2010 14:02:56 -0800
From: "gerritsjs" <gerritsjs at gmail.com>
To: "'The CISSP Study Mailing list'" <cisspstudy at cccure.org>,
"'Nimal
Gunarathna'" <ng949 at yahoo.com>
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
Message-ID: <4b562c14.0c07560a.29a4.ffffa51a at mx.google.com>
Content-Type: text/plain; charset="us-ascii"
Nimal, Tom;
The question is "fully" communicated. Within a community of 10 users,
each user will have one private key. So we have 10 private keys.
Public
keys are as follows:
For each user, there are 10 public keys. 10 users imply 100 public
keys.
This makes a total of 110 keys.
Think of a Mesh Technology.
Jonus
-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org]
On Behalf Of twitwicki at hannaford.com
Sent: Tuesday, January 19, 2010 1:23 PM
To: Nimal Gunarathna
Cc: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
Hi Nimal,
I followed the same logic as you on this question. In order to
get
to the 110 answer each public key would have to be counted each time
it's
used which doesn't make sense. I've come across other examples from
this
book that are very questionable, which leads me to believe that the
questions and answers have not been thouroughly vetted. Thank you for
the
reply.
Tom Witwicki, CIPP
Director, Information Security
Hannaford Bros. Co.
207-885-2073
Join me on Linkedin!
http://www.linkedin.com/in/tomwitwicki
Nimal Gunarathna
<ng949 at yahoo.com>
To
01/19/2010 04:07 cisspstudy at cccure.org
PM
cc
twitwicki at hannaford.com
Subject
Re: cisspstudy Digest, Vol 19,
Issue 16
Hi Tom,
This question puzzles me..
In an asymmetric system how many keys are required for 10 users to
fully
communicate?
Every user has a one private and a one public key. I can send my same
public
key to all others. For 10 people, 20 keys are needed.. I am not sure
how
110 come from?
Is this a private com session or just a different comm session with
each
pair?
Thanks,
Nimal Gunarathna
--- On Tue, 1/19/10, cisspstudy-request at cccure.org
<cisspstudy-request at cccure.org> wrote:
From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
Subject: cisspstudy Digest, Vol 19, Issue 16
To: cisspstudy at cccure.org
Date: Tuesday, January 19, 2010, 11:00 AM
Send cisspstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."
Today's Topics:
1. cisspstudy - Cryptography questions (twitwicki at hannaford.com)
2. Re: New to CISSP Cert (Mark Price)
3. Re: New to CISSP Cert (jack wang)
4. Re: New to CISSP Cert (Jeronimo Zucco)
----------------------------------------------------------------------
Message: 1
Date: Mon, 18 Jan 2010 14:48:26 -0500
From: twitwicki at hannaford.com
To: cisspstudy at cccure.org
Subject: [Cisspstudy] cisspstudy - Cryptography questions
Message-ID:
<
OF8F407D94.BBDB76DE-ON852576AF.006B4314-852576AF.006CCD97 at hannaford.com>
Content-Type: text/plain; charset=US-ASCII
Hello all,
I'd like your thoughts on these questions from Michael Gregg's
CISSP
Practice questions:
In an asymmetric system how many keys are required for 10 users to
fully
communicate?
A. 10
B. 20
C. 45
D 110
The answer states D. 110 - "Each user would have his private, phus
his
public key, plus each of the nine other public keys"
Shouldn't the answer be B. 20 because the public keys is only couned
once
for each private/public pair? This also seems consistent with the
formula
for symmetric keys: N(N-1)/2 where N is the number of users needing to
communicate. In this case the secret key is only counted once even if
it's
shared between users.
Here's another question that has me puzzled:
Which cryptographic system can be used for integrity, authenticity and
non-repudiation?
A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. None of the above
The answers states A. Asymmetric. Shouldn't the answer be D. None of
the
above because Hashing is needed for integrity?
Your thoughts will be much appreciated.
Tom Witwicki, CIPP
Director, Information Security
Hannaford Bros. Co.
207-885-2073
Join me on Linkedin!
http://www.linkedin.com/in/tomwitwicki
------------------------------
Message: 2
Date: Mon, 18 Jan 2010 21:47:45 +0000
From: "Mark Price" <prinext at gmail.com>
To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Message-ID:
<
1180962559-1263851266-cardhu_decombobulator_blackberry.rim.net-147941822
-
@bda153.bisx.prod.on.blackberry>
Content-Type: text/plain
I have heard each edition is an update of the previous plus more of
the
latest technology and or standards.
I have the 4th and the DVD set, they plus cccure.org worked for me.
V/r,
Mark Price
PRINEXT
c:240-743-7654
mprice at prinext.com
www.prinext.com
-----Original Message-----
From: Cert Prep <bugtraq.mailbox at gmail.com>
Date: Mon, 18 Jan 2010 13:22:40
To: The CISSP Study Mailing list<cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Thanks Jeronimo. I will listen to it.
I have Shon Harris Second Edition which I bought many years back. I
have heard that 5th edition is about to come. Is it ok to prepare from
second edition until 5th edition is out? Does anybody know the
differences between 2nd and 4th? I am sure there will be many but are
those drastic to the extent that I will have to revise the stuff,
which I have already gone through using second edition, from 5th
edition once it is published?
Any help would be appreciated.
Thanks.
Adam
On Mon, Jan 18, 2010 at 12:51 PM, Jeronimo Zucco <jczucco at gmail.com>
wrote:
> 2010/1/18 Cert Prep <bugtraq.mailbox at gmail.com>:
>> Hi Folks,
>>
>> I am planning to prepare for CISSP Cert and would like to know
which
>> book or material is best for the preparations.
>
>
> http://www.cccure.org/flash/intro/player.html
>
>
>
> --
> Jeronimo Zucco
> http://jczucco.blogspot.com
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
------------------------------
Message: 3
Date: Tue, 19 Jan 2010 20:05:00 +0800
From: jack wang <windjie at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Message-ID:
<3c43566f1001190405t2bfd204as4a953dd160a5b92b at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Shon Harris Second Edition,plus www.cccure.org,they are enough
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100119/0
d
0b7b8f/attachment-0001.html>
------------------------------
Message: 4
Date: Tue, 19 Jan 2010 10:34:19 -0200
From: Jeronimo Zucco <jczucco at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Message-ID:
<2d6b298c1001190434i6f1eb72ct1157b63b80fe9301 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
All-in_one edition 5:
http://www.amazon.com/CISSP-All-One-Guide-Fifth/dp/0071602178/ref=sr_1_2
?
ie=UTF8&s=books&qid=1263898897&sr=8-2
I always recommend the last edition, because of updates and
corretions. Or you can read all erratas for your edition.
2010/1/19 jack wang <windjie at gmail.com>:
> ?Shon Harris Second Edition,plus www.cccure.org,they are enough
>
--
Jeronimo Zucco
http://jczucco.blogspot.com
------------------------------
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of cisspstudy Digest, Vol 19, Issue 16
******************************************
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
------------------------------
Message: 2
Date: Wed, 20 Jan 2010 04:23:33 +0530 (IST)
From: Saurabh Bhargava <catchbhargava at yahoo.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
Message-ID: <804072.93709.qm at web94803.mail.in2.yahoo.com>
Content-Type: text/plain; charset="utf-8"
Jonus, here is the catch.
you say " For each user, there are 10 public keys. 10 users imply 100
public keys" - but ALL these public keys are the same for all 10 users,
they aren't different so 10 users still will imply 10 Public keys , even
though author says "fully" communicate/Mesh technology.
Tom, I would select the answers you've chosen for both the questions.
Cheers, SB
________________________________
From: gerritsjs <gerritsjs at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>; Nimal
Gunarathna
<ng949 at yahoo.com>
Sent: Tue, 19 January, 2010 22:02:56
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
Nimal, Tom;
The question is "fully" communicated. Within a community of 10 users,
each user will have one private key. So we have 10 private keys.
Public
keys are as follows:
For each user, there are 10 public keys. 10 users imply 100 public
keys.
This makes a total of 110 keys.
Think of a Mesh Technology.
Jonus
-----Original Message-----
From: cisspstudy-bounces at cccure.org
[mailto:cisspstudy-bounces at cccure.org]
On Behalf Of twitwicki at hannaford.com
Sent: Tuesday, January 19, 2010 1:23 PM
To: Nimal Gunarathna
Cc: cisspstudy at cccure.org
Subject: Re: [Cisspstudy] cisspstudy Digest, Vol 19, Issue 16
Hi Nimal,
I followed the same logic as you on this question. In order to
get
to the 110 answer each public key would have to be counted each time
it's
used which doesn't make sense. I've come across other examples from
this
book that are very questionable, which leads me to believe that the
questions and answers have not been thouroughly vetted. Thank you for
the
reply.
Tom Witwicki, CIPP
Director, Information Security
Hannaford Bros. Co.
207-885-2073
Join me on Linkedin!
http://www.linkedin.com/in/tomwitwicki
Nimal Gunarathna
<ng949 at yahoo.com>
To
01/19/2010 04:07 cisspstudy at cccure.org
PM
cc
twitwicki at hannaford.com
Subject
Re: cisspstudy Digest, Vol 19,
Issue 16
Hi Tom,
This question puzzles me..
In an asymmetric system how many keys are required for 10 users to fully
communicate?
Every user has a one private and a one public key. I can send my same
public
key to all others. For 10 people, 20 keys are needed.. I am not sure how
110 come from?
Is this a private com session or just a different comm session with each
pair?
Thanks,
Nimal Gunarathna
--- On Tue, 1/19/10, cisspstudy-request at cccure.org
<cisspstudy-request at cccure.org> wrote:
From: cisspstudy-request at cccure.org <cisspstudy-request at cccure.org>
Subject: cisspstudy Digest, Vol 19, Issue 16
To: cisspstudy at cccure.org
Date: Tuesday, January 19, 2010, 11:00 AM
Send cisspstudy mailing list submissions to
cisspstudy at cccure.org
To subscribe or unsubscribe via the World Wide Web, visit
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
or, via email, send a message with subject or body 'help' to
cisspstudy-request at cccure.org
You can reach the person managing the list at
cisspstudy-owner at cccure.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of cisspstudy digest..."
Today's Topics:
1. cisspstudy - Cryptography questions (twitwicki at hannaford.com)
2. Re: New to CISSP Cert (Mark Price)
3. Re: New to CISSP Cert (jack wang)
4. Re: New to CISSP Cert (Jeronimo Zucco)
----------------------------------------------------------------------
Message: 1
Date: Mon, 18 Jan 2010 14:48:26 -0500
From: twitwicki at hannaford.com
To: cisspstudy at cccure.org
Subject: [Cisspstudy] cisspstudy - Cryptography questions
Message-ID:
<
OF8F407D94.BBDB76DE-ON852576AF.006B4314-852576AF.006CCD97 at hannaford.com>
Content-Type: text/plain; charset=US-ASCII
Hello all,
I'd like your thoughts on these questions from Michael Gregg's
CISSP
Practice questions:
In an asymmetric system how many keys are required for 10 users to
fully
communicate?
A. 10
B. 20
C. 45
D 110
The answer states D. 110 - "Each user would have his private, phus
his
public key, plus each of the nine other public keys"
Shouldn't the answer be B. 20 because the public keys is only couned
once
for each private/public pair? This also seems consistent with the
formula
for symmetric keys: N(N-1)/2 where N is the number of users needing to
communicate. In this case the secret key is only counted once even if
it's
shared between users.
Here's another question that has me puzzled:
Which cryptographic system can be used for integrity, authenticity and
non-repudiation?
A. Asymmetric encryption
B. Symmetric encryption
C. Hashing
D. None of the above
The answers states A. Asymmetric. Shouldn't the answer be D. None of
the
above because Hashing is needed for integrity?
Your thoughts will be much appreciated.
Tom Witwicki, CIPP
Director, Information Security
Hannaford Bros. Co.
207-885-2073
Join me on Linkedin!
http://www.linkedin.com/in/tomwitwicki
------------------------------
Message: 2
Date: Mon, 18 Jan 2010 21:47:45 +0000
From: "Mark Price" <prinext at gmail.com>
To: "The CISSP Study Mailing list" <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Message-ID:
<
1180962559-1263851266-cardhu_decombobulator_blackberry.rim.net-147941822
-
@bda153.bisx.prod.on.blackberry>
Content-Type: text/plain
I have heard each edition is an update of the previous plus more of
the
latest technology and or standards.
I have the 4th and the DVD set, they plus cccure.org worked for me.
V/r,
Mark Price
PRINEXT
c:240-743-7654
mprice at prinext.com
www.prinext.com
-----Original Message-----
From: Cert Prep <bugtraq.mailbox at gmail.com>
Date: Mon, 18 Jan 2010 13:22:40
To: The CISSP Study Mailing list<cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Thanks Jeronimo. I will listen to it.
I have Shon Harris Second Edition which I bought many years back. I
have heard that 5th edition is about to come. Is it ok to prepare from
second edition until 5th edition is out? Does anybody know the
differences between 2nd and 4th? I am sure there will be many but are
those drastic to the extent that I will have to revise the stuff,
which I have already gone through using second edition, from 5th
edition once it is published?
Any help would be appreciated.
Thanks.
Adam
On Mon, Jan 18, 2010 at 12:51 PM, Jeronimo Zucco <jczucco at gmail.com>
wrote:
> 2010/1/18 Cert Prep <bugtraq.mailbox at gmail.com>:
>> Hi Folks,
>>
>> I am planning to prepare for CISSP Cert and would like to know
which
>> book or material is best for the preparations.
>
>
> http://www.cccure.org/flash/intro/player.html
>
>
>
> --
> Jeronimo Zucco
> http://jczucco.blogspot.com
>
> _______________________________________________
> cisspstudy mailing list
> cisspstudy at cccure.org
> http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
>
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
------------------------------
Message: 3
Date: Tue, 19 Jan 2010 20:05:00 +0800
From: jack wang <windjie at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Message-ID:
<3c43566f1001190405t2bfd204as4a953dd160a5b92b at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Shon Harris Second Edition,plus www.cccure.org,they are enough
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100119/0
d
0b7b8f/attachment-0001.html>
------------------------------
Message: 4
Date: Tue, 19 Jan 2010 10:34:19 -0200
From: Jeronimo Zucco <jczucco at gmail.com>
To: The CISSP Study Mailing list <cisspstudy at cccure.org>
Subject: Re: [Cisspstudy] New to CISSP Cert
Message-ID:
<2d6b298c1001190434i6f1eb72ct1157b63b80fe9301 at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
All-in_one edition 5:
http://www.amazon.com/CISSP-All-One-Guide-Fifth/dp/0071602178/ref=sr_1_2
?
ie=UTF8&s=books&qid=1263898897&sr=8-2
I always recommend the last edition, because of updates and
corretions. Or you can read all erratas for your edition.
2010/1/19 jack wang <windjie at gmail.com>:
> ?Shon Harris Second Edition,plus www.cccure.org,they are enough
>
--
Jeronimo Zucco
http://jczucco.blogspot.com
------------------------------
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of cisspstudy Digest, Vol 19, Issue 16
******************************************
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <
http://cccure.org/pipermail/cisspstudy_cccure.org/attachments/20100120/6
b681
638/attachment.html
>
------------------------------
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
End of cisspstudy Digest, Vol 19, Issue 18
******************************************
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
_______________________________________________
cisspstudy mailing list
cisspstudy at cccure.org
http://cccure.org/mailman/listinfo/cisspstudy_cccure.org
More information about the cisspstudy
mailing list