Topic 3A in the 701 course uses "encoding" and "encryption" as synonyms. I think students should understand the difference between the two terms.
I would appreciate knowing what other instructors think about these terms. Does encoding = encryption?
I would also appreciate feedback from a CompTIA SME. What is CompTIA's definition of encoding, and CompTIA's definition of encryption?
My notes on the use of "encoding" in Topic 3A [edited 2/15/2024 to distinguish my opinions from the CompTIA course content]:
The Official CompTIA Security+ Instructor Guide (Exam SY0-701)
Lesson 3: Explain Cryptographic Solutions, Topic 3A, Slide 4
CompTIA content:
"Cryptographic Concepts
Encryption and decryption—encoding and decoding
Plaintext is the unencoded message
Ciphertext is the coded message"
I think this content is misleading, unhelpful, or inaccurate because:
Students need to learn the difference between encoding and encryption. This slide should not confuse encryption and decryption with encoding and decoding. If encoding is mentioned at all, the slide should point out that encoding is not cryptography or encryption.
Lesson 3: Explain Cryptographic Solutions, Topic 3A, Page 38, first paragraph
CompTIA content:
“A cryptographic algorithm is the particular operations performed to encode or decode data.”
I think this content is not accurate because:
Encoding is not the same as
encrypting.
Encryption uses a cryptographic key as one of the inputs to a cryptographic algorithm. Encoding does not use a cryptographic algorithm or require the use of a cryptographic key.
Geeks for Geeks has an explanation of the difference.
One example of encoding is the use of ASCII codes to represent letters of the alphabet. No cryptographic algorithm or cryptographic key is used.
Page 38, second paragraph:
CompTIA content:
‘Cryptography, which literally means “secret writing,” is the art of making information secure by encoding it. ‘
I think this content is not accurate because:
Cryptography is “transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification.” Encryption and hashing can provide this confidentiality or integrity, however encoding does not.
Using ASCII or Morse code are examples of encoding; however they are not examples of cryptography.
Lesson 11: Enhance Application Security Capabilities | Topic 11A, page 317,
Question 2
CompTIA content:
“the session key does the actual data encoding”
I think this content is not accurate because:
First, the answer should say “encryption,” not “encoding.”
Second, the key does not do the actual encryption. The encryption algorithm does the encryption, using the key as one of the inputs.