A Beginner’s Guide to Cryptography & Some Useful Resources

Published by on August 30, 2016 in Information Security


attr -- https://www.flickr.com/photos/mikecogh/8192314996
Cryptography is the art of changing a message from a readable format, referred to as “plaintext”, into an unreadable one, or “ciphertext”. This process is referred to as “encrypting” the message. In most cases, there needs to be a way to change it back to a readable format, or “decrypting” it, but not always. There are three main types of cryptography in use today.

Hashing

Hashing is changing a message into an unreadable string not for the purpose of hiding the message, but more for verifying the contents of the message. This is most commonly used in the transmission of software or large files where the publisher offers the program and it’s hash for download. A user downloads the software, runs the downloaded file through the same hashing algorithm and compares the resulting hash to the one provided by the publisher. If they match then the download is complete and uncorrupted.

In essence it proves that the file received by the user is an exact copy of the file provided by the publisher. Even the smallest change to the downloaded file, by either corruption or intentional intervention, will change the resulting hash drastically. Two common hashing algorithms are MD5 and SHA.

Symmetric cryptography

Symmetric cryptography uses a single key to encrypt a message and also to then decrypt it after it has been delivered. The trick here is to find a secure way of delivering your crypto key to the recipient for decrypting your message to them. Of course, if you already have a secure way to deliver the key, why not use it for the message as well? Because encryption and decryption with a symmetric key is quicker then with asymmetric key pairs.

It is more commonly used to encrypt hard drives using a single key and a password created by the user. The same key and password combination are then used to decrypt data on the hard drive when needed.

Asymmetric cryptography

Asymmetric cryptography uses two seperate keys. The public key is used to encrypt messages and a private key is used to then decrypt them. The magic part is that the public key cannot be used to decrypt an encrypted message. Only the private key can be used for that. Neat, huh?

This is most commonly used in transmitting information via email using SSL, TLS or PGP, remotely connecting to a server using RSA or SSH and even for digitally signing PDF file. Whenever you see an URL that starts with “https://”, you are looking at an example of asymmetric cryptography in action.

An extreme example of how all three can be used goes something like this: your company’s accounting officer needs to get a budget approval from the CEO. She uses her symmetric private key to encrypt the message to the CEO. She then runs a hash on the encrypted message and includes the hash result in the second layer of the overall message along with the symmetric key. She then encrypts the second layer (made up of the encrypted message, the hash result and the symmetric key) using the CEO’s asymmetric public key. She then sends the message to the CEO. Upon receipt, the CEO’s asymmetric private key is used to decrypt the outer most layer of the message. He then runs the encrypted message through the same hashing process to get a hash result. That result is compared to the now decrypted hash result in the message. If they match, showing that the message has not been altered, then the symmetric key can be used to decrypt the original message.

Of course, that would all happen automatically, behind the scenes, by the email programs and the email server. Neither party would actually see any of this sort of thing happening on their computer screen.

Obviously, there is a lot of math involved in converting a message, like an email, into an encrypted signal that can be sent over the internet. To fully understand cryptography requires quite a bit of research. Below are some of the most often referenced websites, books and papers on the subject of cryptography. Some of these resources have been in active use for close to 20 years and they are still relevant.

Newsgroups

Newsgroups are community-generated feeds hosted on Usenet. To view them, you’ll need a newsreader app. Read more about how to get set up with Usenet here and see our roundup of the best Usenet providers here.

  • sci.crypt – Possibly the first newsgroup dedicated to cryptography. Please take with a grain of salt as anything that has been around as long as sci.crypt has been is bound to attract nuts, hoaxes and trolls.
  • sci.crypt.research – This newsgroup is moderated and not as prone to hoaxes as some others
  • sci.crypt.random-numbers – This newsgroup was created to discuss the generation of cryptographically secure random numbers
  • talk.politics.crypto – This newsgroup was created to get all the political discussions off of sci.crypt
  • alt.security.pgp – And this newsgroup was created to discuss PGP way back in 1992

And a bonus Google group:

Websites and organizations

People of Note

FAQs

Newsletters

  • Crypto-Gram by Bruce Schneier
  • Cryptobytes – The full archive of RSA Labs newsletter on cryptography – last published in Winter 2007 – Vol 8 No. 1

Books

Papers

Binary Business” by mikecogh — Licensed under CC-SA 2.0

Leave a Reply

Your email address will not be published. Required fields are marked *