Certified in Risk and Information Systems Control (CRISC) Practice Test

Symmetric key cryptography does not inherently support non-repudiation. Non-repudiation refers to the assurance that someone cannot deny the valid receipt of a message. In symmetric key systems, the same key is used for both encryption and decryption, making it difficult to attribute a message to a specific sender. Since both parties share the same key, either party could produce the encrypted message, leading to uncertainty about who actually sent it.

In contrast, non-repudiation is typically achieved through the use of asymmetric key cryptography, where each party has a unique key pair (a public key and a private key). By using their private key to sign a message and the corresponding public key for verification, it becomes possible to prove the authenticity of the source and establish non-repudiation.

While it is possible to add additional protocols or mechanisms to symmetric systems to help provide some aspects of non-repudiation, this is not a standard feature of symmetric encryption itself. This explains why the conclusion is that symmetric key cryptography does not support non-repudiation on its own.