Explain the importance of using appropriate cryptographic solutions

Cryptography is the backbone of confidentiality, integrity, authentication, and non-repudiation. The exam expects you to know when to use each type, not how to implement the math.

Symmetric Encryption

One key encrypts and decrypts. Both parties must share the same secret key.

Algorithms:

• AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys (Advanced Encryption Standard) — The standard. 128, 192, or 256-bit keys. AES-256Advanced Encryption Standard 256-bit — AES with 256-bit key length is the gold standard for data at rest.
• 3DESTriple Data Encryption Standard — DES applied three times, being phased out (Triple DESData Encryption Standard — Legacy symmetric cipher, replaced by AES) — Legacy. Applies DESData Encryption Standard — Legacy symmetric cipher, replaced by AES three times. Being phased out — slower and weaker than AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys.
• ChaCha20 — Stream cipher alternative to AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys. Used in TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3 and WireGuard. Performs well on devices without AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys hardware acceleration.

Strengths: Fast, efficient for bulk data encryption. Weakness: Key distribution problem — how do you securely share the key? This is what asymmetric crypto solves.

Use cases: Disk encryption (BitLocker, LUKS), database encryption, VPNVirtual Private Network — Encrypted tunnel over public networks tunnels, TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit session encryption (after key exchange).

Asymmetric Encryption

Two mathematically related keys: public key (shared openly) and private key (kept secret).

• Encrypt with public key → only private key can decrypt (confidentiality)
• Sign with private key → anyone with public key can verify (authentication, non-repudiation)

Algorithms:

• RSARivest, Shamir, Adleman — Asymmetric encryption algorithm — Most widely deployed. Key sizes: 2048-bit minimum, 4096-bit recommended. Used for key exchange and digital signatures.
• ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA (Elliptic Curve Cryptography) — Shorter keys for equivalent strength (256-bit ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA ≈ 3072-bit RSARivest, Shamir, Adleman — Asymmetric encryption algorithm). Preferred for mobile/IoTInternet of Things — Connected devices (cameras, sensors, appliances) where compute is limited.
• Diffie-Hellman (DHDiffie-Hellman — Key exchange protocol) — Key exchange protocol, not encryption. Allows two parties to establish a shared secret over an insecure channel. ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 (Elliptic Curve Diffie-Hellman Ephemeral) is the modern variant used in TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit.

Strengths: Solves the key distribution problem. Enables digital signatures. Weakness: Slow — never used for bulk data. Used to exchange symmetric keys, which then do the heavy lifting.

Hashing

One-way function that produces a fixed-length digest from any input. Cannot be reversed.

Algorithms:

• SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-256 (SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-2 family) — Current standard. 256-bit digest. Used in certificates, integrity verification, blockchain.
• SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-3 — Alternative to SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-2, different internal design. Not a replacement — a backup if SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-2 is ever broken.
• MD5Message Digest 5 — Broken hash algorithm, do not use for security — Broken. Collision attacks are trivial. Never use for security — only for non-security checksums.
• SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-1 — Deprecated. Collision demonstrated in 2017. Legacy systems still use it but it’s not acceptable for new deployments.

Use cases:

• File integrity verification (compare hash before and after transfer)
• Password storage (hash + salt, never plaintext)
• Digital signatures (sign the hash, not the full document)

Key Concepts

• Collision: Two different inputs producing the same hash. Fatal for a hash algorithm’s security.
• Salt: Random value added to input before hashing. Prevents rainbow table attacks on password hashes. Each password gets a unique salt.
• Key stretching: Deliberately slow hashing (PBKDF2Password-Based Key Derivation Function 2 — Key stretching algorithm for password hashing, bcrypt, Argon2) to make brute-force attacks expensive.

Digital Signatures

Combine hashing and asymmetric encryption to prove integrity and authenticity:

1. Sender hashes the message
2. Sender encrypts the hash with their private key (this is the signature)
3. Recipient decrypts the signature with sender’s public key
4. Recipient independently hashes the message and compares

If hashes match: message is authentic (came from the signer) and has integrity (wasn’t modified).

PKI (Public Key Infrastructure)

The trust system that makes asymmetric crypto work at scale.

Certificate Authority (CACertificate Authority — Entity that issues and signs digital certificates) — Trusted entity that issues digital certificates. Vouches for the binding between a public key and an identity.

Certificate chain:

• Root CACertificate Authority — Entity that issues and signs digital certificates (self-signed, offline, highly protected)
• Intermediate CACertificate Authority — Entity that issues and signs digital certificates (signs end-entity certs, protects root)
• End-entity cert (your server’s cert)

Certificate types:

• DVDomain Validation — Basic certificate type, proves domain ownership only (Domain Validation) — CACertificate Authority — Entity that issues and signs digital certificates verified domain ownership. Quick, cheap.
• OVOrganization Validation — Certificate type, CA verifies the organization (Organization Validation) — CACertificate Authority — Entity that issues and signs digital certificates verified the organization exists. More trust.
• EVExtended Validation — Highest trust certificate type (Extended Validation) — Thorough vetting. Used for high-trust sites.
• Wildcard — Covers *.domain.com. Convenient but single point of failure if compromised.
• SANSubject Alternative Name — Certificate extension for multiple domain names (Subject Alternative Name) — Single cert for multiple specific domains.
• Self-signed — Not issued by a CACertificate Authority — Entity that issues and signs digital certificates. Used internally (lab environments, testing). Browsers don’t trust them.

Certificate lifecycle:

• Issuance → Usage → Renewal → Revocation
• CRLCertificate Revocation List — Published list of revoked certificates (Certificate Revocation List) — Published list of revoked certs. Can be stale.
• OCSPOnline Certificate Status Protocol — Real-time certificate revocation checking (Online Certificate Status Protocol) — Real-time revocation checking. Faster than CRLCertificate Revocation List — Published list of revoked certificates.
• OCSPOnline Certificate Status Protocol — Real-time certificate revocation checking Stapling — Server fetches its own OCSPOnline Certificate Status Protocol — Real-time certificate revocation checking response and presents it during TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit handshake. Reduces latency, improves privacy.

Block Cipher Modes

How a block cipher processes data beyond a single block. CompTIA tests these — know the differences and when each is appropriate.

Mode	How It Works	Strengths	Weaknesses
ECBElectronic Codebook — Weakest block cipher mode, identical blocks produce identical output (Electronic Codebook)	Each block encrypted independently with same key	Simple, parallelizable	Insecure — identical plaintext blocks produce identical ciphertext. Patterns preserved. Never use for real data.
CBCCipher Block Chaining — Block cipher mode, each block XORed with previous ciphertext (Cipher Block Chaining)	Each block XORed with previous ciphertext block before encryption. Uses IVInitialization Vector — Random value ensuring unique ciphertext for identical plaintext.	Hides patterns. Widely used.	Sequential (can’t parallelize encryption). Padding oracle attacks if implemented poorly.
CTR (Counter)	Encrypts a counter value, XORs result with plaintext. Turns block cipher into stream cipher.	Parallelizable, no padding needed.	Nonce reuse is catastrophic — reveals plaintext.
GCMGalois/Counter Mode — Authenticated encryption mode (encryption + integrity) (Galois/Counter Mode)	CTR mode + authentication tag. Provides both encryption and integrity.	AEAD — authenticated encryption. Fast, parallelizable, tamper-evident.	Nonce reuse catastrophic (same as CTR).

AEAD (Authenticated Encryption with Associated Data): Encryption that provides confidentiality AND integrity/authenticity in one operation. GCMGalois/Counter Mode — Authenticated encryption mode (encryption + integrity) is the primary example. This is what TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3 requires.

Exam tip: If a question asks about encrypting data where you also need to verify it wasn’t tampered with, the answer is GCMGalois/Counter Mode — Authenticated encryption mode (encryption + integrity) (or any AEAD mode). If the question shows identical ciphertext blocks, the answer is “ECB is being used and that’s the problem.”

Perfect Forward Secrecy (PFS)

PFSPerfect Forward Secrecy — Compromised long-term key doesn't expose past sessions ensures that compromising a long-term key doesn’t compromise past session keys.

How It Works

• Without PFSPerfect Forward Secrecy — Compromised long-term key doesn't expose past sessions: Server uses its long-term RSARivest, Shamir, Adleman — Asymmetric encryption algorithm key for key exchange. If that key is later stolen, an attacker who captured encrypted traffic can retroactively decrypt all of it.
• With PFSPerfect Forward Secrecy — Compromised long-term key doesn't expose past sessions: Each session uses ephemeral (temporary) Diffie-Hellman keys for key exchange. Session keys are generated, used, and discarded. Even if the server’s long-term key is compromised, past sessions remain encrypted.

Ephemeral vs. Non-Ephemeral

Key Exchange	Ephemeral?	Forward Secrecy?
RSARivest, Shamir, Adleman — Asymmetric encryption algorithm key exchange	No	No — same key decrypts all sessions
DHEDiffie-Hellman Ephemeral — DH with ephemeral keys for forward secrecy (Diffie-Hellman Ephemeral)	Yes	Yes — new key per session
ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 (Elliptic Curve DHEDiffie-Hellman Ephemeral — DH with ephemeral keys for forward secrecy)	Yes	Yes — new key per session, more efficient
Static DHDiffie-Hellman — Key exchange protocol	No	No — reused DHDiffie-Hellman — Key exchange protocol parameters

TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3 mandates PFSPerfect Forward Secrecy — Compromised long-term key doesn't expose past sessions. Only ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 and DHEDiffie-Hellman Ephemeral — DH with ephemeral keys for forward secrecy are allowed for key exchange — RSARivest, Shamir, Adleman — Asymmetric encryption algorithm key exchange was removed entirely. This is one of the major security improvements over TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.2.

Certificate Formats

CompTIA tests these. Know the format, encoding, and what’s inside.

Format	Encoding	Contains	Common Use
PEMPrivacy Enhanced Mail — Base64-encoded certificate/key file format (.pem, .crt, .cer)	Base64 (text)	Cert, key, or chain. Starts with -----BEGIN CERTIFICATE-----	Linux/Apache/Nginx. Most common format.
DERDistinguished Encoding Rules — Binary certificate file format (.der, .cer)	Binary	Single certificate	Java, Windows. Binary version of PEMPrivacy Enhanced Mail — Base64-encoded certificate/key file format.
PFXPersonal Information Exchange — Certificate file format bundling cert + private key/PKCS#12 (.pfx, .p12)	Binary	Certificate + private key + chain (bundled, password-protected)	Windows/IIS. Exporting certs with keys.
P7BPKCS #7 — Certificate chain format without private key/PKCS#7 (.p7b, .p7c)	Base64 or Binary	Certificates and chain only (no private key)	Windows, Java. Certificate chain distribution.

Exam tip: If the question involves exporting a certificate WITH its private key, the answer is PFXPersonal Information Exchange — Certificate file format bundling cert + private key/PKCS#12. If it’s just the certificate chain without the key, it’s P7BPKCS #7 — Certificate chain format without private key.

Certificate Pinning and Transparency

Certificate Pinning

• Application hardcodes or remembers which certificate (or public key) belongs to a specific server
• Prevents MITMMan-in-the-Middle — Attacker intercepts communication between two parties attacks using fraudulently issued certificates — even if an attacker gets a valid cert from a compromised CACertificate Authority — Entity that issues and signs digital certificates, the pin won’t match
• HPKP (HTTPHypertext Transfer Protocol — Port 80. Web protocol (unencrypted) Public Key Pinning) was the web standard but is now deprecated — too easy to brick your site if you lose the pinned key
• Still used in mobile apps (custom trust stores) and internal applications

Certificate Transparency (CT)

• Public, append-only logs of all certificates issued by participating CAs
• Allows domain owners to monitor for unauthorized certificate issuance
• How it works: CAs submit certificates to CT logs → monitors watch for unexpected certs → domain owner gets alerted if someone issues a cert for their domain without authorization
• Google Chrome requires CT compliance for all publicly trusted certificates
• This is what powers crt.sh — the tool we use for subdomain enumeration in ASM

Certificate Lifecycle Operations

Operation	What Changes	When
Renewal	Extends expiration date. Same key, same identity info.	Before expiration. Routine maintenance.
Rekeying	New key pair generated. Same identity info. New cert issued.	Key compromise suspected, or key rotation policy.
Reissuance	New certificate with potentially different attributes (new domain, new org info). New key optional.	Domain change, org name change, CACertificate Authority — Entity that issues and signs digital certificates migration.
Revocation	Certificate invalidated before expiration. Published to CRLCertificate Revocation List — Published list of revoked certificates / OCSPOnline Certificate Status Protocol — Real-time certificate revocation checking.	Key compromise confirmed, employee departure, domain loss.

Key Derivation

Expanding on key stretching from the hashing section — CompTIA may test the comparison:

Algorithm	Approach	Strength	Weakness
PBKDF2Password-Based Key Derivation Function 2 — Key stretching algorithm for password hashing	Iterated HMACHash-based Message Authentication Code — Combines hash with secret key for integrity + authentication-SHA. Configurable iterations.	NISTNational Institute of Standards and Technology — US standards body, publishes CSF and SP 800 series approved. Widely supported.	GPUGraphics Processing Unit — Processor for parallel computation and graphics-friendly (attackers can parallelize).
bcrypt	Blowfish-based. Cost factor parameter.	Memory-hard (harder to parallelize on GPUGraphics Processing Unit — Processor for parallel computation and graphics). Mature.	Fixed 72-byte input limit.
Argon2	Memory-hard + CPUCentral Processing Unit — Main processor in a computer-hard. Configurable memory, time, parallelism.	Best current option. Won Password Hashing Competition. Resistant to GPUGraphics Processing Unit — Processor for parallel computation and graphics/ASIC attacks.	Newer, less universal support.

Decision logic: If the question asks for the most secure password hashing, Argon2 > bcrypt > PBKDF2Password-Based Key Derivation Function 2 — Key stretching algorithm for password hashing. If it asks what’s NISTNational Institute of Standards and Technology — US standards body, publishes CSF and SP 800 series-approved, PBKDF2Password-Based Key Derivation Function 2 — Key stretching algorithm for password hashing (though Argon2 is gaining acceptance).

Key Management

The hardest part of crypto isn’t the algorithm — it’s managing the keys.

• Key generation: Use cryptographically secure random number generators. Never reuse keys across systems.
• Key storage: HSMs (Hardware Security Modules), TPMs, key vaults. Never in plaintext config files.
• Key rotation: Regular replacement of keys. Limits the window of exposure if a key is compromised.
• Key escrow: Third party holds a copy of the key. Controversial — creates a trust dependency.
• Key destruction: Crypto-shred: destroy the key and the encrypted data becomes unrecoverable. Used for secure data disposal.

Cryptographic Use Cases

Need	Solution
Data at rest	AES-256Advanced Encryption Standard 256-bit — AES with 256-bit key length (symmetric)
Data in transit	TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3 (ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 for key exchange, AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys/ChaCha20 for encryption)
Email signing	S/MIMESecure/Multipurpose Internet Mail Extensions — Standard for encrypted and signed email or PGPPretty Good Privacy — Encryption program for email and files (asymmetric + hashing)
File integrity	SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-256 hash comparison
Password storage	bcrypt/Argon2 (salted + stretched hash)
VPNVirtual Private Network — Encrypted tunnel over public networks	IPSecInternet Protocol Security — Network-layer VPN protocol suite (IKEInternet Key Exchange — Protocol for establishing IPSec security associations for key exchange, ESPEncapsulating Security Payload — IPSec protocol providing encryption + integrity for encryption) or WireGuard (ChaCha20)
Code signing	RSARivest, Shamir, Adleman — Asymmetric encryption algorithm/ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA digital signature on hash of binary
Disk encryption	AES-256Advanced Encryption Standard 256-bit — AES with 256-bit key length via BitLocker (Windows), LUKS (Linux), FileVault (macOS)

Cryptographic Decision Logic

Algorithm Selection

If the scenario says…	Choose…	Because…
”Encrypt large amounts of data quickly”	AES-256Advanced Encryption Standard 256-bit — AES with 256-bit key length	Symmetric, fast for bulk data
”Exchange keys over an insecure channel”	ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 / Diffie-Hellman	Key agreement without pre-shared secret
”Digitally sign a document”	RSARivest, Shamir, Adleman — Asymmetric encryption algorithm or ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA signature	Asymmetric, provides non-repudiation
”Verify file integrity”	SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-256	Hash comparison
”Store passwords”	Argon2 or bcrypt	Salted, stretched, intentionally slow
”Encrypt data in transit”	TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3 (ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 + AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys-GCM)	Key exchange + authenticated encryption
”Need encryption + integrity in one operation”	AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys-GCM (AEAD)	Authenticated encryption
”Low-power / IoTInternet of Things — Connected devices (cameras, sensors, appliances) device”	ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA	Shorter keys, less compute than RSARivest, Shamir, Adleman — Asymmetric encryption algorithm
”Need forward secrecy”	ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3	Ephemeral keys, each session unique

”Which is MOST secure?” Cheat Sheet

Category	Most Secure	Acceptable	Deprecated/Broken
Symmetric	AES-256Advanced Encryption Standard 256-bit — AES with 256-bit key length	AESAdvanced Encryption Standard — Symmetric block cipher, 128/192/256-bit keys-128, ChaCha20	DESData Encryption Standard — Legacy symmetric cipher, replaced by AES, 3DESTriple Data Encryption Standard — DES applied three times, being phased out, RC4Rivest Cipher 4 — Deprecated stream cipher, used in WEP and old TLS
Asymmetric	ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA-384, RSARivest, Shamir, Adleman — Asymmetric encryption algorithm-4096	ECCElliptic Curve Cryptography — Asymmetric crypto with shorter keys than RSA-256, RSARivest, Shamir, Adleman — Asymmetric encryption algorithm-2048	RSARivest, Shamir, Adleman — Asymmetric encryption algorithm-1024, DSADigital Signature Algorithm — Federal standard for digital signatures
Hashing	SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-3, SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-256	SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-512, SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-384	MD5Message Digest 5 — Broken hash algorithm, do not use for security, SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-1
Key exchange	ECDHEElliptic Curve Diffie-Hellman Ephemeral — Modern key exchange used in TLS 1.3 (PFSPerfect Forward Secrecy — Compromised long-term key doesn't expose past sessions)	DHEDiffie-Hellman Ephemeral — DH with ephemeral keys for forward secrecy (PFSPerfect Forward Secrecy — Compromised long-term key doesn't expose past sessions)	Static RSARivest, Shamir, Adleman — Asymmetric encryption algorithm, static DHDiffie-Hellman — Key exchange protocol
Password hashing	Argon2	bcrypt	PBKDF2Password-Based Key Derivation Function 2 — Key stretching algorithm for password hashing (acceptable but GPUGraphics Processing Unit — Processor for parallel computation and graphics-friendly), MD5Message Digest 5 — Broken hash algorithm, do not use for security, SHASecure Hash Algorithm — Family of hash functions (SHA-1, SHA-256, SHA-3)-1
Block cipher mode	GCMGalois/Counter Mode — Authenticated encryption mode (encryption + integrity) (AEAD)	CBCCipher Block Chaining — Block cipher mode, each block XORed with previous ciphertext (with HMACHash-based Message Authentication Code — Combines hash with secret key for integrity + authentication)	ECBElectronic Codebook — Weakest block cipher mode, identical blocks produce identical output (never)
TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit version	TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.3	TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.2	TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.0, TLSTransport Layer Security — Port 443 (HTTPS). Encryption protocol for data in transit 1.1, SSLSecure Sockets Layer — Deprecated predecessor to TLS (all)

Blockchain and Steganography

Blockchain — Distributed, immutable ledger using chained hashes. Each block contains the hash of the previous block. Relevant to security for immutable audit logs and certificate transparency.

Steganography — Hiding data within other data (images, audio, video). Not encryption — the data is hidden, not scrambled. Exam questions will test whether you can distinguish steganography from encryption.

Offensive Context

Crypto fails at the implementation, not the math. Attackers don’t break AES-256Advanced Encryption Standard 256-bit — AES with 256-bit key length — they steal the key from a misconfigured environment variable, exploit a padding oracle, force a protocol downgrade to a weaker cipher suite, or intercept the key exchange. Understanding these attack paths is what makes your crypto deployment decisions meaningful. When the exam asks you to choose the “most secure” option, it’s testing whether you know where the real weaknesses are.