Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:01
greetings and welcome to Siberia is Camp Tear Certified Van Security Practitioners Certification Preparation course.
00:10
This is marginal, before which is titled Applied Photography.
00:15
These are the limit objectives and they are as follows understanding apply fundamental concepts of photography,
00:21
understanding, requirements for photography,
00:24
understand support, secure protocols, operating implement cryptographic A LL systems
00:30
and last night cities which we're gonna have a key takeaway title. Apply photography.
00:36
So, without further ado, let's begin by taking a look at Section one Understanding apply fundamental concepts of photography. These are the lender objectives that encompass this particular section. We'll be discussing hashing, salting, symmetric as well as asymmetric encryption,
00:53
digital signatures and last but not so news of which
00:56
non repudiation.
00:58
Let's begin by taking a look at a pre assessment question. And the question is, as follow non repudiates of my message to ensure that the message is that eight can be a tribute to a particular author. Be is always sent to the intendant recipient. See
01:12
can be a tribute to a particular recipient or D is all received by the intended recipient.
01:19
The correct answer should have been a
01:23
So as we begin this process, we need to begin by first are taking a look at photography. From a historical perspective, human beings from age of had to inherent needs to communicate and share information and to communicate selectively.
01:37
These two knees gave rise to the outer coating the message in such a way that only intended people could have access to the information.
01:44
Otherwise, people could I extract any information even if this Graham Mrs fell in their hands. So really, the roots of photography have found in Roman Egyptian civilizations. The work cryptography was corn by combining two Greek words kryptos, meaning hitting and graphing meeting writing
02:01
and the Egyptians. They used this encryption to create mystery an amusement, and the room was used it to send secret messages.
02:08
When you encrypt the password, what happens? Essentially, you pass some sort of algorithm, which is simply scram. Zit up encryption has been around for an awful long time. The art and science of concealing messages to introduce secrecy and security is recognized as photography,
02:28
so is used to protect data at rest, data emotion from being compromised or misuse. It is sure it's confidential integrity of the data, but texutil communication on visible by other individuals and verify that the data has not been altered or corrupted
02:45
if advice. Also the Billy Fourth dedication. Other words. It verified the identity of the participants.
02:51
Now, when you look at photography, obviously has a number of different benefits that we gonna highlight here. One of the benefits encryption provides security for dad at all times. Encrypted data maintains that integrity. The encryption protects the privacy as well. Encryption is part of the compliance, and encryption protects the data across the devices.
03:12
You know, when you look at a house function, it is a one way mathematical operation that reduces a message data file into a smaller fixed link output or has value by comparing the has value computed by the center with the has value computed by the receiver over the original file Unauthorised change, the file can be detected,
03:30
assuming they both use the same hash function.
03:34
Idella, that should never be more than one. Unique has forgiven input, and one has exclusively for a given input.
03:45
Salting, essentially is a random data is used as additional input to a one way function that hashes a password
03:52
password hash. It is a process off. She's curing your password hash is from something called a rainbow table attack. The problem with a nun started password that won't that they do not have a property that is unique to themselves.
04:05
That is, if someone had a pre comm, pre computer rainbow table off common password hash is, they could easily compared to a database and see who had used which common password.
04:17
So a rainbow table is a pre generated list of ashes and put toe output to quickly be able to look up and input in this case, a password from his hash. However, a rainbow table attack, it's only possible because the output of ash mantra is always the same with the same input.
04:36
So how do we make such has passwords
04:40
unique? We asked something called a salt to the input of the has value. A salt is basically some random data that's unique to each user's that it saved with their password and news in the hash and process off both storing and verifying the password
04:59
symmetric key algorithm or algorithms for photography that used the same cryptographic, all keys, other words, they use the same key for both encrypt in plain text, as was decryption offsay protects the keys. Maybe identical. That may be a simple transformation to go between the two keys.
05:18
So this is great symmetric encryption, This particular chart here
05:23
there are five components of a symmetric encryption,
05:26
and we're gonna discuss them here. Briefly, we have playing text. Now when you think about playing takes, it refers to the reason mess it has created and sent into the encryption method. We also encryption algorithm that essentially take the plain text and converts into an unreadable format.
05:43
A key is a decoding wring. The secret of scram attacks cannot be cannot be read without the key. Cy Protects is a text that you that is now scrambled and ready to be sent decryption algorithm. It's a secret key. The decoder ring is which is applied to the Cyprus text.
06:00
It converse it back to plain text, basically performing encryption in reverse,
06:08
that basis to now asymmetric encryption. Then this is a form of encryption where keys come in pairs. What what one can Crips? Only the other key can decrypt
06:19
freak, Really, but not necessarily. The keys are interchangeable in a sense that if
06:25
Kiai encrypts amiss, then be can decrypt it. And if being Crips the messes than a can decrypt it,
06:35
digital signatures are like Elektronik fingerprints
06:40
in the form of a coded message. The digital signal securely associate a signer with a document in the recorded transaction. Disappear signals use what we call it a standard except for Matt and provides the highest level security and universal acceptance.
06:56
They are a specific signature technology implementation off electronic signature. Other words, e signatures.
07:02
The
07:03
actually, when you think about the digital signal, guarantee the authenticity of an electron and document on message and physical communication, and it used encryption techniques to provide proof off origin of originality and unmodified documentation.
07:21
Steganography is a hidden hiding of information and innocent looking objects, and it's part of what we call cryptography.
07:30
Steggall means hidden graphene means right. Since the arrival digital files for image and sound, Stegen Ivy has known as enormous rival
07:42
hot and messages is something that's our we did that already occur in ancient time. For example, you had a lot of time in the past. You had the Greeks utilizing this to hide them, hide their messages when so in this case the message contained a warning for the Greek, in this case about the about a planned invasion by Persia
08:00
when their hair grew back. The information was hitting for the outside world and could become visible again by shaving the head so that you lies this process for hiding
08:09
information in the past, not steganography algorithm, and close the text message by modifying the the East significant bit of various pit pixels. Within that photography,
08:24
non repudiation is ability to prove or disprove something happen, such as a financial transaction or binding signature on a legal agreement. It has his roots and legal processes intended prevent entities from claiming that they didn't do something or sign a document
08:41
in modern form. It's both illegal and technology concern.
08:48
Then we look at notary is a common for the Sunday of legal documents to be witnessed by a licensed notary.
08:56
Then we have forensic science is a handwriting expert maybe used by legal service, as it means I'm non repudiation off signatures.
09:05
Then we have a dedication, basically before usable form of financial transaction. What happens it makes it makes it difficult because you realize this process or not infuse makes it different for that person to come back and say I didn't engage in a transaction because you actually have proof that they did.
09:24
The next item we have is called an audit trail.
09:26
Basically, financial website maintains a detailed record of each pace visit, including information such as the A P address. This everything can be used and digital for his improved the authenticity of the user's action.
09:41
Then we have digital signatures,
09:43
basically e commerce retailers, except in forces from a supply electronically utilizing again digital signatures.
09:54
This brings us to our post assessment question, and the question is as follows physical signatures is used for Which of the following is it, eh? It's use. Determine the authenticity of a document of somewhere. Or is it be remote access for PCs? See mirroring traffic on a switch or D video Compton for PCs
10:16
It's just like that, eh? You absolutely correct, because it's used a term of the authenticity of the document or software.
10:22
During this particular section here, we took a look at and discuss hashing. We discussed salting as well, a symmetric asymmetric encryption digital signatures as well as a term non repudiation
10:33
and our upcoming video presentation. We re moving on a Section three discussing understanding requirements for photography. Look for to seeing unit next video

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor