Essential Cryptography Concepts
A brief look into different kinds of Cryptography Techniques
5 min read
Everything and everyone is connected today. We need strong security measures to help safeguard our data. Various methods keep our data secure over the Internet and we are looking at some of the most basic concepts of cryptography that everyone should be aware of.
What is it in simple words?
Consider that you have to send a message to your friend. Now, you need to make sure that no one else gets your message and it should reach the receiver safely. To ensure that no one else can intercept your data without permission or read/write on it, we use specific security techniques. They are known as cryptography methods in the digital world.
You take your data -> to apply some math and create a secret -> send the data -> the receiver can read it by applying their math -> data remains safe and secure because only those with the secret code can decipher it.
Well, there is math involved. We use algorithms and protocols to encrypt and decrypt our data. Encryption is making sure that no one else can read the data by encoding it using some form of key and decryption is the reverse process. Decryption is the process of using a special key to read the data.
Let us see some of the most essential cryptography concepts:
Good Old Hashing
A hash is a mathematical function that takes a variable-length input and produces a fixed-length output.
The same input produces the same output. This means the machine can't find two inputs giving the same output. Hence, very secure.
Hash maintains the integrity of the original data.
An example could be storing passwords in a database. We do not store the password directly in the database.
We create Hash for it, so the hacker needs to crack the Hash to get the original password.
Some of the most widely used hash functions include SHA-256, SHA-3, and MD5.
A pinch of Salt
Hash alone is not enough, hence we use something called Salt.
Since the hash function always returns the same value for the same input, it becomes predictable.
If two people have the same password, their hashes would also be the same.
This makes it easier to just use a table of pre-computed hashes(rainbow table) and determine the original message.
Rainbow tables are large lookup databases that consist of pre-computed password-hash combinations which correlate plaintext passwords with their hashes.
A salt is a random value that is added to the password before it is hashed.
Hash-Based Message Authentication Code
HMAC adds another layer on top of the hash.
Now a shared key is required to decrypt the hash.
The person might have the same hash signature but they must have the same key as well.
An HMAC is similar to a digital signature, but it is created using a symmetric key, which means that the same key is used to create the HMAC as is used to verify it.
An example is JSONWebToken.
A JWT typically consists of three parts: a header, a payload, and a signature. The header and payload are JSON objects, which contain the information being transmitted.
The signature is used to verify the integrity of the information and to ensure that it has not been tampered with.
First, the data is hashed to create a digest, then hashed with the secret key.
Both items are sent.
Then the receiver needs to create the digest using the same hash function and secret key and then compares the hash. If they are the same, the message has not been tampered with.
Well Known Encryption
Take your message -> to create cipher text (unreadable) -> create key or password -> receiver using that key or password to decrypt.
It is also randomized so each time you encrypt, it is an entirely different cipher text even if the key and message are the same.
There are many different encryption algorithms, including symmetric-key algorithms like AES and DES, and asymmetric-key algorithms like RSA and ECC.
They are different from hashing algorithms.
A shared password exists that both the sender and receiver will need.
The sender and receiver must share the password. For this, we again use mathematical algorithms and something called the public-key cryptosystem.
Instead of one key, this uses a public key and a private key.
Anyone can send a message to a customer support portal using a public key.
But only the person who has the private key can access all of those requests.
This works every time we visit a website using HTTPS.
Message -> encrypted using cipher text and public key -> decrypted using the private key.
The browser looks for a public key in the SSL certificate. This is used to encrypt the outgoing data.
But how to make sure the data comes from an authentic source?
Here comes the concept of Signing.
This is used to ensure authenticity.
The sender will use the private key to sign the hash of the original message.
The private key ensures that it is authentic.
The hash guarantees that the message cannot be tampered with. Otherwise, it will produce an entirely different signature.
The receiver can use the public key to validate the authenticity.
And that compeletes the most used and essential cryptography concepts for you. If you liked the article, make sure to react and follow me on Twitter (Amay@BrajBliss) for more updates.
Did you find this article valuable?
Support Amay Jain by becoming a sponsor. Any amount is appreciated!