Cryptography is a technique of encrypting and decrypting messages. When the text is encrypted, it is unreadable by humans. When the text is decrypted, it is readable by the humans. The terms used in cryptography are as follows: Plain text: This text can be read by a user. Cipher text: This text can be converted to a non-readable format. Encryption: It is the process of creating a cipher text from a plain text. Decryption: It is the process of converting a cipher text to a plain text. Cipher: It is an algorithm that is used to encrypt and decrypt text. Key: Keys are the elements that are used in the technology of encrypting and decrypting text. For more information read Cryptographic attack

Cryptographic attacks are methods of evading the security of a cryptographic system by finding weaknesses in such areas as the code, cipher, cryptographic protocol or key management scheme in the cryptographic algorithm. The following are the cryptographic attacks usually performed by an attacker: Known plaintext attack: In a known plaintext attack, an attacker should have both the plaintext and…copy of it with the encrypted data. This is used to find patterns in the cryptographic output that might uncover a vulnerability or reveal a cryptographic key.Chosen ciphertext attack: In this type of attack, an attacker can choose the ciphertext to be decrypted and can then analyze the plaintext output of the event. The early versions of RSA used in SSL were actually vulnerable to this attack.

This centaury stands on the edge of new modern methods of attacks and advancement in the speed of computation, which taken over the best known secure secret-key algorithm such as DES, Digital Encryption Standard conquered the world of cryptography for centuries. A 40 bit version of the DES algorithm can be easily cracked by any modern computer and a 56 bit can be broken by any cheaply available Super Computer or by a simple beo-wulf cluster. That poses a security threat and people have developed, developing various other algorithms like 3DES also known as Triple DES etc, The NIST and NSA plays an important role in deciding the algorithms. They analyze and recommend the algorithm for usage.

The latest trends have opened for the AES Advanced Encryptions Standards and many algorithms have been submitted for the review. Some of them approved and under analysis. They are IDEA, RC5, RC6 Rjindael, MARS, Two-fish, Blowfish, Diamond, Sapphire etc. The inventions grow as the need increases. As per the truth, the importance of cryptography as given has a big response from scientific and legal bodies. Today, by the invention of high speed machines and high bandwidth transmission rates, people are planning to go further. The famous formula of energy mass relationship by Einstein e=mc2 has stepped into cryptography also. The Japanese have undertaken the improvement and implementation of quantum cryptography which uses the properties of the atoms and its inner particles for data integrity, which off course has a long way to go. The first commercially available quantum-cryptographic product is expected to be release
around 2040. In the future versions of this draft, we will go in more details about platform and operating system specific measures that can be carried to protect, various products that are available for each platoforms. More on snake-oil algorithms, choosing of secure products, various advanced cryptoanalytic methods, and details about steganography – the other facet of cryptography which uses the commonly available formats like gifs, jpegs, wavs, bmps file formats to hide secret data and retrieve them without affecting the quality of the used format.

What is Cryptography?

Is CISSP certification is easy?

This is pretty controversial topic, some people think that it is easy but most of the people find it real hard. You should have experience of at least 3 years in IT security before you apply for the exam. You are required to come up with an extremely wide area of IT security such as physical security, very few people will have any experience in. And you will be expected to do enough reading and studying to get through CISSP certification exam: 250 questions to be answered in 6 hours. Hard to keep upwith much fun.

Get certified, sit back and enjoy.

The answer is big NO. After you pass the exam you are expected to earn CPE credits in order to keep your certification active. If you don’t then you are required to resit the exam after 3 years to keep the certification. Getting CPEs is fairly straightforward: if you publish papers, attend seminars, do some presentations, and basically remain active in the IT security arena then you should have no problem here. But it takes a little work: this isn’t a get-it and forget-it sort of certification.

You will get more money/better job/more recognition.

In actual fact, you probably won’t. I have found that many employers and even employment agencies have no idea what a CISSP is. They tend to think in terms of the product-certifications; you know, the Cisco CCNA and Checkpoint CCSE sort of thing. They have no idea that you need 3 years of experience to get a CISSP, and they have no idea that it is an ongoing professional-level certification like a CPA (Chartered Accountant). Ergo, you probably won’t get a better job or more money from waving your CISSP certificate around.

So, why would you want a CISSP? Its not easy to get, it takes maintenance, and may not gain you much. Why would you want to go through all that hassle? Here’s some good reasons:

1. To expand your knowledge in security concepts and practices.
2. To show a dedication to the security discipline.
3. To meet a growing demand for security professionals, and to work in a thriving field.
4. To join a professional organisation and to link up with like-minded individuals.

If you’re genuinely interested in IT security (cryptography, practices, ethics, etc), and you feel you need a driver to learn more then the CISSP is for you. Book the exam, then start learning as much as possible. On the other hand, if you just want a better job/more money then get an MCSE or CCNA