Friday, September 03, 2010

CISSP® Study Guide sample chapter posted

Elsevier posted a sample chapter from CISSP Study Guide. Chapter 4, Domain 3: Cryptography: http://www.elsevierdirect.com/samplechapters/9781597495639/02~Chapter_4.pdf

Here's a small section:


Digital Signatures

Digital signatures are used to cryptographically sign documents. Digital signatures provide nonrepudiation, which includes authentication of the identity of the signer, and proof of the document’s integrity (proving the document did not change). This means the sender cannot later deny (or repudiate) signing the document.

Roy wants to send a digitally signed email to Rick. Roy writes the email, which is the plaintext. He then uses the SHA-1 hash function to generate a hash value of the plaintext. He then creates the digital signature by encrypting the hash with his RSA private key. Figure 4.13 shows this process. Roy then attaches the signature to his plaintext email and hits send.

Figure 4.13, Creating a digital signature
Rick receives Roy’s email and generates his own SHA-1 hash value of the plaintext email. Rick then decrypts the digital signature with Roy’s RSA public key, recovering the SHA-1 hash Roy generated. Rick then compares his SHA-1 hash with Roy’s. Figure 4.14 shows this process.

Figure 4.14, verifying a digital signature

If the two hashes match, Rick knows a number of things:

  1. Roy must have sent the email (only Roy knows his private key). This authenticates Roy as the sender.
  2. The email did not change. This proves the integrity of the email.

If the hashes match, Roy cannot later deny having signed the email. This is nonrepudiation. If the hashes do not match, Rick knows either Roy did not send it, or that the email’s integrity was violated.

I took many of the photos from this chapter at the National Cryptologic Museum in Fort Meade, Maryland. I highly recommend this museum, for old and young cryptographers alike.

Tuesday, August 17, 2010

Ben Rothke Reviews The CISSP® Study Guide

Ben Rothke reviews the CISSP® Study Guide:

Quoting from Ben's review:
The common wisdom is to choose two study guides when preparing for the CISSP exam.  For those that are serious about passing, the CISSP Study Guide should be one of them.
https://365.rsaconference.com/blogs/securityreading/2010/08/17/cissp-study-guide

Monday, August 09, 2010

500 Free CISSP® Practice Questions

Syngress has posted 500 free CISSP® practice questions:

http://booksite.elsevier.com/companion/conrad/

Two full CISSP® practice exams.  These questions were put together in support of the CISSP® Study Guide.

Friday, July 09, 2010

The CISSP® Study Guide has been sent to the printer!!!

The final PDFs for the Syngress CISSP® Study Guide were completed today, and sent to the printer!! It's due out next month. You can pre-order on Amazon.

Monday, May 24, 2010

Security 560 in Brisbane, Australia

I'm in Brisbane, Australia teaching Security 560: Network Penetration Testing and Ethical Hacking this week. Having an awesome time so far. It will take me awhile to get used to saying "D M Zed."

Here's a link to my talk tonight: Look Out! Open Source Extrusion Detection

Monday, March 22, 2010

CISSP Study Guide due out August 6th

Just a quick note to say The CISSP Study Guide is due out on Syngress August 6th.  You can pre-order on Amazon. The Eleventh Hour CISSP is due out on August 29th.