Introduction to Cryptography

Cryptography, or the art and science of encrypting sensitive information, was once exclusive to the realms of government, academia, and the military. However, with recent technological advancements, cryptography has begun to permeate all facets of everyday life.

Everything from your smartphone to your banking relies heavily on cryptography to keep your information safe and your livelihood secure.

And unfortunately, due to the inherent complexities of cryptography, many people assume that this is a topic better left to black hat hackers, multi-billion dollar conglomerates, and the NSA.

But nothing could be further from the truth.

With the vast amounts of personal data circulating the Internet, it is more important now than ever before to learn how to successfully protect yourself from individuals with ill intentions.

In this article, I am going to present you with a simple beginners guide to cryptography.

My goal is to help you understand exactly what cryptography is, how its, how its used, and how you can apply it to improve your digital security and make yourself hacker-proof. Heres table of contents:

Since the dawn of human civilization, information has been one of our most treasured assets.

Our species ability (or inability) to keep secrets and hide information has eliminated political parties, shifted the tide of wars, and toppled entire governments.

Lets go back to the American Revolutionary War for a quick example of cryptography in practice.

Suppose that a valuable piece of information regarding the British Armys plan to attack an American encampment was intercepted by local militia.

Since this is 1776 and therefore pre-iPhone, General Washington couldnt just shoot a quick text to the commanding officers at the encampment in question.

He would have to send a messenger who would either transport some form of written correspondence, or keep the message locked away in their head.

And heres where the Founding Fathers would have hit a snag.

The aforementioned messenger must now travel through miles and miles of enemy territory risking capture and death in order to relay the message.

And If he was intercepted? It spelled bad news for team USA.

The British captors could have simply killed the messenger on sight, putting an end to the communication.

They could have persuaded him to share the contents of the message, which would then render the information useless.

Or, if the messenger was a friend of Benedict Arnolds, they could have simply bribed the messenger to spread false information, resulting in the deaths of thousands of American militia.

However, with the careful application of cryptography, Washington could have applied an encryption method known as a cipher (more on this in a second) to keep the contents of the message safe from enemy hands.

Assuming that he entrusted the cipher to only his most loyal officers, this tactic would ensure that even if the message was intercepted, the messenger would have no knowledge of its contents. The data would therefore be indecipherable and useless to the enemy.

Now lets look at a more modern example, banking.

Every day, sensitive financial records are transmitted between banks, payment processors, and their customers. And whether you realize it or not, all of these records have to be stored at some point in a large database.

Without cryptography, this would be a problem, a very big problem.

If any of these records were stored or transmitted without encryption, it would be open season for hackers and your bank account would quickly dwindle down to $0.

However, the banks know this and have gone through an extensive process to apply advanced encryption methods to keep your information out of the hands of hackers and food on your table.

So now that you have a 30,000-foot view of cryptography and how it has been used, lets talk about some of the more technical details surrounding this topic.

*Note: For the purposes of this article, I will refer to messages in an easily readable format as plaintext and encrypted or unreadable messages as ciphertext. Please note that the words encryption and cryptography will also be used interchangeably*

Cryptography, at its most fundamental level, requires two steps: encryption and decryption. The encryption process uses a cipher in order to encrypt plaintext and turn it into ciphertext. Decryption, on the other hand, applies that same cipher to turn the ciphertext back into plaintext.

Heres an example of how this works.

Lets say that you wanted to encrypt a the simple message, Hello.

So our plaintext (message) is Hello.

We can now apply one of the simplest forms of encryption known as Caesars Cipher (also known as a shift cipher) to the message.

With this cipher, we simply shift each letter a set number of spaces up or down the alphabet.

So for example, the image below shows a shift of 3 letters.

Meaning that:

By applying this cipher, our plaintext Hello turns into the ciphertext Khoor

To the untrained eye Khoor looks nothing like Hello. However, with knowledge of Caesars cipher, even the most novice cryptographer could quickly decrypt the message and uncover its contents.

Before we continue, I want to touch on a more advanced topic known as polymorphism.

While the intricacies of this topic stretch far beyond the realm of this guide, its increasing prevalence mandates that I include a brief explanation.

Polymorphism is basically a cipher that changes itself with each use. Meaning that each time it is used, it produces a different set of results. So, if you encrypted the exact same set of data twice, each new encryption would be different from the previous one.

Lets go back to our original example with the plaintext Hello. While the first encryption would result in Khoor, with the application of a polymorphic cipher, the second encryption could result in something like Gdkkn (where each letter is shifted down a rung of the alphabet)

Polymorphism is most commonly used in cipher algorithms to encrypt computers, software, and cloud-based information.

I want to preface the rest of this article with a warning.

Throughout the rest of this article, I will be explaining exactly how cryptography works and how it is applied today. In doing so, I will have to employ a significant amount of technical jargon that may feel tedious at times.

But bear with me and pay attention. Understanding how all of the pieces fit together will ensure that you are able to maximize your personal security and keep your information out of the wrong hands.

So before I go full blast, explaining symmetric and asymmetric cryptography, AES, and MD5, I want to explain, in Laymans terms, why this matters and why you should care.

For starters, lets discuss the only real alternative to cryptography, obfuscation. Obfuscation is defined as The act of making something unclear, obscure, or unintelligible. It means that, in order to transmit a secure message, you must hold back some of the information required to understand the message.

Which, by default, means it would only take one person with knowledge of the original message to divulge the missing pieces to the public.

With cryptography, a specific key and numerous calculations are required. Even if someone knew the encryption method used, they wouldnt be able to decrypt the message without the corresponding key, making your information much more secure.

To understand why cryptography really matters you need look no further than something we all know and love, the Internet.

By design, the Internet was created to relay messages from one person to another, in a similar manner to the postal service. The Internet delivers packets from the sender to the recipient, and without the various forms of cryptography that we will discuss in a moment, anything that you sent would be visible to the general populace.

Those private messages you meant to send to your spouse? The whole world could see them. Your banking information?

Anybody with a router could intercept your funds and redirect them to their own account. Your work emails discussing sensitive company secrets? You might as well package those up and ship them to your competitors.

Luckily, we do have cryptographic algorithms that actively protect almost all of our personal data.

However, this does not mean that you are completely secure.

You need to look no further than recent attacks on companies like AdultFriendFinder and Anthem Inc. to realize that large corporations do not always implement the necessary systems required to protect your information.

Your personal security is your responsibility, no one elses.

And the sooner that you can develop a strong understanding of the systems in place, the sooner you will be able to make informed decisions about how you can protect your data.

So with that out of the way, lets get to the good stuff.

There are four primary types of cryptography in use today, each with its own unique advantages and disadvantages.

They are called hashing, symmetric cryptography, asymmetric cryptography, and key exchange algorithms.

Hashing is a type of cryptography that changes a message into an unreadable string of text for the purpose of verifying the messages contents, not hiding the message itself.

This type of cryptography is most commonly used to protect the transmission of software and large files where the publisher of the files or software offers them for download. The reason for this is that, while it is easy to calculate the hash, it is extremely difficult to find an initial input that will provide an exact match for the desired value.

For example, when you download Windows 10, you download the software which then runs the downloaded file through the same hashing algorithm. It then compares the resulting hash with the one provided by the publisher. If they both match, then the download is completed.

However, if there is even the slightest variation in the downloaded file (either through the corruption of the file or intentional intervention from a third party) it will drastically change the resulting hash, potentially nullifying the download.

Currently, the most common hashing algorithms are MD5 and SHA-1, however due to these algorithms multiple weaknesses, most new applications are transitioning to the SHA-256algorithm instead of its weaker predecessors.

Symmetric Cryptography, likely the most traditional form of cryptography, is also the system with which you are probably most familiar.

This type of cryptography uses a single key to encrypt a message and then decrypt that message upon delivery.

Since symmetric cryptography requires that you have a secure channel for delivering the crypto key to the recipient, this type of cryptography is all but useless for transmitting data (after all, if you have a secure way to deliver the key, why not deliver the message in the same manner?).

As such, its primary application is the protection of resting data (e.g. Hard Drives and data bases)

In the Revolutionary War example that I mentioned earlier, Washingtons method for transmitting information between his officers would have relied on a symmetric cryptography system. He and all of his officers would have had to meet in a secure location, share the agreed upon key, and then encrypt and decrypt correspondence using that same key.

Most modern symmetric cryptography relies on a system known as AES or Advanced Encryption Standards.

While the traditional DES models were the industry norm for many years, DES was publicly attacked and broken in 1999 causing the National Institute of Standards and Technology to host a selection process for a stronger and more updated model.

After an arduous 5-year competition between 15 different ciphers, including MARS from IBM, RC6 from RSA Security, Serpent, Twofish, and Rijndael, the NIST selected Rijndael as the winning cipher.

It was then standardized across the country, earning the name AES or Advanced Encryption Standards. This cipher is still widely used today and is even implemented by the NSA for the purposes of guarding top secret information.

Asymmetric cryptography (as the name suggests) uses two different keys for encryption and decryption, as opposed to the single key used in symmetric cryptography.

The first key is a public key used to encrypt a message, and the second is a private key which is used to decrypt them. The great part about this system is that only the private key can be used to decrypt encrypted messages sent from a public key.

While this type of cryptography is a bit more complicated, you are likely familiar with a number of its practical applications.

It is used when transmitting email files, remotely connecting to servers, and even digitally signing PDF files. Oh, and if you look in your browser and you notice a URL beginning with https://, thats a prime example of asymmetric cryptography keeping your information safe.

Although this particular type of cryptography isnt particularly applicable for individuals outside of the cyber-security realm, I wanted to briefly mention to ensure you have a full understanding of the different cryptographic algorithms.

A key exchange algorithm, like Diffie-Hellman, is used to safely exchange encryption keys with an unknown party.

Unlike other forms of encryption, you are not sharing information during the key exchange. The end goal is to create an encryption key with another party that can later be used with the aforementioned forms of cryptography.

Heres an example from the Diffie-Hellman wiki to explain exactly how this works.

Lets say we have two people, Alice and Bob, who agree upon a random starting color. The color is public information and doesnt need to be kept secret (but it does need to be different each time). Then Alice and Bob each selects a secret color that they do not share with anyone.

Now, Alice and Bob mix the secret color with the starting color, resulting in their new mixtures. They then publicly exchange their mixed colors. Once the exchange is made, they now add their own private color into the mixture they received from their partner, and the resulting in an identical shared mixture.

So now that you understand a little bit more about the different types of cryptography, many of you are probably wondering how it is applied in the modern world.

There are four primary ways that cryptography is implemented in information security. These four applications are called cryptographic functions.

When we use the right cryptographic system, we can establish the identity of a remote user or system quite easily. The go-to example of this is the SSL certificate of a web server which provides proof to the user that they are connected to the right server.

The identity in question is not the user, but rather the cryptographic key of that user. Meaning that the more secure the key, the more certain the identity of the user and vice versa.

Heres an example.

See the original post here:
Introduction to Cryptography: Simple Guide for Beginners ...