CDPSE · Question #24
Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?
The correct answer is B. It minimizes the risk if the cryptographic key is compromised.. The principle of cryptographic key separation (one key per purpose) is a risk-containment strategy. If a key used for multiple functions is compromised, all functions it supports are simultaneously exposed. By limiting a key to a single purpose, a compromise only impacts that spe
Question
Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?
Options
- AIt eliminates cryptographic key collision.
- BIt minimizes the risk if the cryptographic key is compromised.
- CIt is more practical and efficient to use a single cryptographic key.
- DEach process can only be supported by its own unique key management process.
How the community answered
(35 responses)- A3% (1)
- B91% (32)
- C6% (2)
Explanation
The principle of cryptographic key separation (one key per purpose) is a risk-containment strategy. If a key used for multiple functions is compromised, all functions it supports are simultaneously exposed. By limiting a key to a single purpose, a compromise only impacts that specific function, minimizing the blast radius. Key collision is a different cryptographic concept unrelated to key reuse. Using one key for everything is actually less practical and efficient from a security management perspective. While different processes may require different key management policies, that is a secondary consideration - the primary driver is limiting exposure upon compromise.
Topics
Community Discussion
No community discussion yet for this question.