Symmetric · Asymmetric
Hashing · PKI & Digital Signatures

Model: Hybrid (Asymmetric + Symmetric + Hashing + PKI)

When your browser connects to https://bank.com:

1. Certificate Validation (PKI): The server sends its X.509 certificate. Your browser verifies the CA signature and checks CRL/OCSP to confirm it's not revoked.

2. Key Exchange (Asymmetric — ECDHE): Browser and server perform an ephemeral Diffie-Hellman exchange to establish a shared session key. Neither side sends the key — they compute it independently. This provides Perfect Forward Secrecy.

3. Bulk Data Encryption (Symmetric — AES-256-GCM): All actual page content is encrypted using the negotiated symmetric key. AES-GCM provides both confidentiality AND integrity (it's an AEAD cipher).

CISSP takeaway: TLS is the canonical example of hybrid encryption. If asked why we don't just use asymmetric for everything: it's too slow for bulk data.

Model: Hashing (with salt + key stretching)

Websites should never store your plaintext password — or even an encrypted version.

Correct approach: Generate a random salt for each user → concatenate salt + password → run through a slow hash function (bcrypt, scrypt, or Argon2) → store only the salt + hash.

Why not encryption? If the encryption key is compromised, all passwords are exposed. A hash has no key to steal. Even with the hash, the attacker must brute-force each password individually.

Why is MD5/SHA-1 wrong for passwords? They're fast — which helps attackers (billions of guesses per second). bcrypt is intentionally slow (configurable cost factor).

CISSP takeaway: "How should passwords be stored?" → Hashed with salt using an adaptive (slow) function like bcrypt. "Encrypt them" is wrong.

Model: Symmetric (AES-128 or AES-256)

BitLocker (Windows) and FileVault (macOS) encrypt entire disk volumes using AES symmetric encryption.

Key management: The Volume Master Key (VMK) is protected by a Key Protector — which may be a TPM chip, a PIN, a recovery key, or a combination. The key hierarchy means the actual AES key is never directly exposed.

Why symmetric? Encrypting hundreds of gigabytes in real-time requires the speed of AES. Asymmetric encryption would be thousands of times too slow for disk I/O.

CISSP takeaway: "Encrypt 2TB of data at rest" → Symmetric (AES). The speed requirement and data volume are the giveaways.

Model: Asymmetric (RSA or Ed25519)

SSH key authentication replaces passwords with a public/private key pair:

Setup: You generate a key pair. Your public key is placed on the server (in ~/.ssh/authorized_keys). Your private key stays on your machine — never shared.

Authentication: The server challenges you with a random number encrypted with your public key. You decrypt it with your private key and return it. If successful, you're authenticated — without ever transmitting your private key.

This provides authentication (proves your identity) but NOT non-repudiation in the legal sense — SSH doesn't log who used the private key, and private keys can be shared (though inadvisable).

CISSP takeaway: SSH keys → asymmetric. RSA-2048 or Ed25519 (ECC) recommended. No password = better security (can't be phished or brute-forced).

Model: Digital Signatures / PKI (SHA-256 + RSA or ECDSA)

When a software vendor publishes an installer, they sign it:

1. Vendor hashes the installer binary (SHA-256) → gets a digest.
2. Vendor signs the digest with their private key (issued by a Code Signing CA) → creates the digital signature.
3. The signature + vendor's certificate are embedded in or alongside the installer.

When you download it: Your OS decrypts the signature using the vendor's public key (from the certificate), independently hashes the downloaded file, and compares. If they match — the file is authentic and unmodified.

This catches: Tampering in transit (supply chain attack), malware injected into the installer, unauthorized distributors.

CISSP takeaway: Code signing → digital signatures (PKI). Provides integrity + authentication + non-repudiation. Windows SmartScreen, Apple Gatekeeper, and Linux package managers all use this.

Model: Hybrid (Symmetric + Asymmetric + Digital Signature)

PGP (Pretty Good Privacy) and S/MIME both use a hybrid approach for email:

Encryption (confidentiality):
1. Generate a random one-time symmetric session key (AES).
2. Encrypt the email body with the session key (fast symmetric).
3. Encrypt the session key with the recipient's public key (RSA/ECC).
4. Send both together. Only the recipient can decrypt the session key, then decrypt the email.

Signature (authentication + non-repudiation):
1. Hash the email → sign the hash with your private key.
2. Attach the signature. Recipient verifies with your public key.

CISSP takeaway: PGP/S-MIME demonstrates all four primitives working together. If a question asks about securing email with both confidentiality AND non-repudiation, you need both encryption (asymmetric key exchange + symmetric body) AND a digital signature.