Very important topic for #CISSP. Following two tables are very important and the video in the end explains the table in detail.
First a comparison table outlining the differences, advantages, and disadvantages of Encryption Algorithm Type, which is 1. stream ciphers and 2. block ciphers:
| Algorithm Type | Stream Cipher | Block Cipher |
|---|---|---|
| Definition | Encrypts data bit-by-bit or byte-by-byte | Encrypts data in fixed-size blocks (e.g., 64 or 128 bits) |
| Encryption Process | Operates on individual bits or bytes | Operates on fixed-size blocks of plaintext |
| Key Length | Typically uses shorter key lengths | Can use longer key lengths |
| Speed | Generally faster than block ciphers | May be slower compared to stream ciphers |
| Parallelism | Well-suited for parallel processing | May require sequential processing of blocks |
| Random Access | Supports random access to encrypted data | Does not support random access to encrypted data |
| Error Propagation | Errors propagate more quickly in stream ciphers | Errors are limited to the affected block in block ciphers |
| Encryption Modes | Typically used in stream cipher modes like CFB, OFB, and CTR | Used in various modes like ECB, CBC, CFB, OFB, and CTR |
| Security Strength | Generally considered less secure compared to block ciphers | Can offer higher security strength with larger key sizes and proper modes of operation |
| Example Algorithms | RC4, Salsa20, ChaCha20 | AES (Advanced Encryption Standard), DES (Data Encryption Standard), Triple DES (3DES), Blowfish |
Second a comprehensive table outlining the differences, advantages, disadvantages, and practical use of various Encryption Algorithms Modes
| Algorithm Modes | Mode | Advantages | Disadvantages | Practical Use |
|---|---|---|---|---|
| ECB | Electronic Codebook | – Simple and easy to implement | – Vulnerable to pattern recognition attacks as identical plaintext blocks encrypt to the same ciphertext | Older systems, educational purposes |
| CBC | Cipher Block Chaining | – Provides better security compared to ECB | – Slower due to sequential processing of blocks | File encryption, VPNs, SSL/TLS |
| CFB | Cipher Feedback | – Converts block ciphers into stream ciphers, providing real-time encryption/decryption | – Requires synchronization between sender and receiver, slower compared to ECB and CBC | Real-time data encryption, secure communications over unreliable networks |
| OFB | Output Feedback | – Converts block ciphers into stream ciphers, providing real-time encryption/decryption | – Vulnerable to bit-flipping attacks if the same keystream is reused | Real-time data encryption, secure communications over unreliable networks |
| CTR | Counter | – Converts block ciphers into stream ciphers, providing real-time encryption/decryption | – Does not provide encryption authentication, requires additional measures to ensure data integrity | Real-time data encryption, secure communications over unreliable networks |
| GCM | Galois/Counter Mode | – Provides authenticated encryption with high throughput and parallelism | – Limited support in older systems, may require specialized hardware for optimal performance | Secure communications over high-speed networks, cloud storage, wireless networks |
| CCM | Counter with CBC-MAC | – Provides both encryption and authentication in a single algorithm, efficient use of resources | – Limited support in older systems, complexity may lead to implementation errors | Secure communications over constrained networks, IoT devices, wireless networks |
Practical Use Key:
- Older systems: Legacy systems that may not support modern encryption standards.
- File encryption: Encrypting files or storage devices to protect data at rest.
- VPNs: Virtual Private Networks for secure remote access or site-to-site communication.
- SSL/TLS: Secure Sockets Layer/Transport Layer Security for securing web traffic.
- Real-time data encryption: Encrypting data streams in real-time applications.
- Secure communications over unreliable networks: Protecting data transmission over networks with potential for packet loss or errors.
- Secure communications over high-speed networks: Ensuring security for data transmission over high-speed networks with high throughput requirements.
- Cloud storage: Encrypting data stored in cloud services to maintain confidentiality.
- Wireless networks: Securing data transmission over wireless communication channels.
- Secure communications over constrained networks: Protecting data transmission in environments with limited resources, such as IoT devices or low-power networks.
Keep in mind that the choice of encryption algorithm and mode depends on various factors such as security requirements, performance considerations, and the specific application context. It’s essential to evaluate these factors carefully before selecting an encryption scheme.
Following table is the outcome of video discussion and very important for CISSP exams.
| Cryptographic Mode | Nature | Error Propagation | Initialization Vector | Offering | Key Application in Real Life |
|---|---|---|---|---|---|
| ECB | Block | No | No | Confidentiality | Basic encryption for small data sets, often found in database cells |
| CBC | Block | Yes | Yes | Confidentiality | Widely used for data encryption in protocols like TLS |
| CFB | Stream | Yes | Yes | Confidentiality | Stream cipher, often used in protocols like OpenPGP |
| OFB | Stream | No | Yes | Confidentiality | Stream cipher, used in VPNs and disk encryption |
| CTR | Stream | No | Yes | Confidentiality | Suitable for parallel computing, often used in IPsec |
| GCM | Stream | No | Yes | Confidentiality + Authenticity | Authenticated encryption, used in protocols like TLS 1.3 |
| CCM | Block | No | Yes | Confidentiality + Authenticity | Authenticated encryption, suitable for constrained environments |
CISSP Made Easy 