cissp study cryptology

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Good afternoon!

I am studying for the CISSP exam, and I just started the cryptology

Do I really have to learn how symetric and asymmetric keys work in

Do I really have to learn the number of bytes I have to use etc.?

I already have so much to learn for the exam, what parts should I spend
less time?

Many thanks

Re: cissp study cryptology

Quoted text here. Click to load it

A CISSP is supposed to be a person who "does security -right-".

In my opinion, anyone who does -not- know how symmetric and asymmetric
keys work, or about relative key strengths, is doomed to repeat the
security mistakes of the past, and would not deserve a CISSP designation.

Quoted text here. Click to load it

CISSP is intended to be one of the hardest certificates around,
because there are so many -wrong- ways to do security. When someone
who wants to be a CISSP asks a question such as you asked, I am
led to wonder whether the person is the right kind of person to be
a CISSP, or at least whether they are trying for the CISSP before
having as much practical experience as would be appropriate for a CISSP.

Re: cissp study cryptology

Thank you for your quick reply.

I understand cryptology is important in security, but I am pretty sure
the day I will have to create a program using BlowFish I will look it
up, and probably not remember it EXACTLY as it is in my book.

So YES it is important, and I guess the fact that asking specific
question like this makes it a difficult exam that will draw a line
between people who can memorize stuff by heart, and those who cannot.

Re: cissp study cryptology

Quoted text here. Click to load it

The exam attempts to "draw the line" between those who have
lived with the subject matter  and those who attempt to cram-study.

To answer your earlier question, you need to study the
domains that you have not "lived" a bit more than those
that should be familiar from experience.


Re: cissp study cryptology

Quoted text here. Click to load it

I work with security professionals daily.  I've not yet taken the
CISSP exam, but I can offer that those who have say that it's not
nearly the hard core specific technical cert test as, say, something
like SANS GIAC certifications would be.

I'd say if you couldn't give a very good fairly detailed explanation
of how public key crptography differs from private key crytography and
what the benefits and detriments are of each, study more.  

If you don't know details of blowfish encryption or 3DES, don't sweat

Todd H. /

Re: cissp study cryptology

Real CISSP exam is a lot different from what is potrayed in the books.
CISSP is not a technical exam. maybe 15% of the questions are
technical. Other 85% of the question require broad
knowledge and analytical skills. This is something the books will not
teach you. You need to read a lot of good security articles, and have
real-life experience. So I personally think that if you have real-life
experience, and keep upto date with recent security related published
articles, you will do good on the exam.

Don't spend too much time going through a book page by page and fussing
over  key size of DES vs AES etc. You will find that useless on the day
of the exam. Just fimiliarize yourself with the key concepts. If you
understand how asymetric cryptography is different from symetric
cryptography, and which one should be used in what situation you are

I have compiled a list of Core CISSP principles after talking to many
CISSP gurus. It is available at:

If you understand well each of the concepts, you should easily pass the

In Peace,
Saqib Ali, CISSP

Re: cissp study cryptology

Quoted text here. Click to load it

I agree that one can spend too much time worrying about
the technical aspects and neglect the others for the exam.

Nice site.

The domains referring to physical and personnel security
are worth mentioning as well...

The online self assessment at

is a definate help for identifying areas that need study.

Claude #32940

Site Timeline