aboutsummaryrefslogtreecommitdiff
path: root/content/blog/2020-02-09-cryptography-basics.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/blog/2020-02-09-cryptography-basics.md')
-rw-r--r--content/blog/2020-02-09-cryptography-basics.md283
1 files changed, 135 insertions, 148 deletions
diff --git a/content/blog/2020-02-09-cryptography-basics.md b/content/blog/2020-02-09-cryptography-basics.md
index dee2174..9df1549 100644
--- a/content/blog/2020-02-09-cryptography-basics.md
+++ b/content/blog/2020-02-09-cryptography-basics.md
@@ -7,174 +7,161 @@ draft = false
# Similar Article Available
-If you haven\'t already, feel free to read my post on [AES
+If you haven't already, feel free to read my post on [AES
Encryption](../aes-encryption/).
# What is Cryptography?
-In layman\'s terms, cryptography is a process that can change data from
-a readable format into an unreadable format (and vice-versa) through a
-series of processes and secrets. More technically, this is the Internet
-Security Glossary\'s definition:
-
-> \[Cryptography is\] the mathematical science that deals with
-> transforming data to render its meaning unintelligible (i.e., to hide
-> its semantic content), prevent its undetected alteration, or prevent
-> its unauthorized use. If the transformation is reversible,
-> cryptography also deals with restoring encrypted data to an
-> intelligible form.
+In layman's terms, cryptography is a process that can change data from a
+readable format into an unreadable format (and vice-versa) through a series of
+processes and secrets. More technically, this is the Internet Security
+Glossary's definition:
+
+> [Cryptography is] the mathematical science that deals with transforming data
+> to render its meaning unintelligible (i.e., to hide its semantic content),
+> prevent its undetected alteration, or prevent its unauthorized use. If the
+> transformation is reversible, cryptography also deals with restoring encrypted
+> data to an intelligible form.
>
-> - [Internet Security Glossary
-> (2000)](https://tools.ietf.org/html/rfc2828)
+> - [Internet Security Glossary (2000)](https://tools.ietf.org/html/rfc2828)
-Cryptography cannot offer protection against the loss of data; it simply
-offers encryption methods to protect data at-rest and data in-traffic.
-At a high-level, encrypted is when plaintext data is encrypted to
-ciphertext (a secure form of text that cannot be understood unless
-decrypted back to plaintext). The encryption process is completed
-through the use of a mathematical function that utilizes one or more
-values called keys to encrypt or decrypt the data.
+Cryptography cannot offer protection against the loss of data; it simply offers
+encryption methods to protect data at-rest and data in-traffic. At a high-level,
+encrypted is when plaintext data is encrypted to ciphertext (a secure form of
+text that cannot be understood unless decrypted back to plaintext). The
+encryption process is completed through the use of a mathematical function that
+utilizes one or more values called keys to encrypt or decrypt the data.
# Key Elements of Cryptographic Systems
-To create or evaluate a cryptographic system, you need to know the
-essential pieces to the system:
-
-- **Encryption Algorithm (Primitive):\*** A mathematical process that
- encrypts and decrypts data.
-- **Encryption Key:\*** A string of bits used within the encryption
- algorithm as the secret that allows successful encryption or
- decryption of data.
-- **Key Length (Size):\*** The maximum number of bits within the
- encryption key. It\'s important to remember that key size is
- regulated in many countries.
-- **Message Digest:\*** A smaller, fixed-size bit string version of
- the original message. This is practically infeasible to reverse,
- which is why it\'s commonly used to verify integrity.
+To create or evaluate a cryptographic system, you need to know the essential
+pieces to the system:
+
+- **Encryption Algorithm (Primitive):** A mathematical process that encrypts
+ and decrypts data.
+- **Encryption Key:** A string of bits used within the encryption algorithm as
+ the secret that allows successful encryption or decryption of data.
+- **Key Length (Size):** The maximum number of bits within the encryption key.
+ It's important to remember that key size is regulated in many countries.
+- **Message Digest:** A smaller, fixed-size bit string version of the original
+ message. This is practically infeasible to reverse, which is why it's
+ commonly used to verify integrity.
# Symmetric Systems (Secret Key Cryptography)
-Symmetric cryptography utilizes a secret, bidirectional key to perform
-both encryption and decryption of the data. The most common
-implementation of symmetric cryptography is the Advanced Encryption
-Standard, which uses keys that are 128 bits to 256 bits in size. This
-standard came after the National Institute of Standards and Technology
-(NIST) decided to retire the Data Encryption Standard (DES) in 2001.
-
-Since brute force attacks strongly correlate with key length, the 56-bit
-key length of DES was considered insecure after it was publicly broken
-in under 24 hours. However, there is a modern implementation of DES
-called Triple DES where the DES method is applied three times to each
-data block.
-
-The main advantages to symmetric systems are the ease of use, since only
-one key is required for both encryption and decryption, and the
-simplicity of the algorithms. This helps with bulk data encryption that
-may unnecessarily waste time and power using asymmetric systems.
-
-However, symmetric systems have disadvantages to keep in mind. Since the
-key is private, it can be difficult to safely distribute keys to
-communication partners. Additionally, the key cannot be used to sign
-messages since it\'s necessary to keep the key private.
+Symmetric cryptography utilizes a secret, bidirectional key to perform both
+encryption and decryption of the data. The most common implementation of
+symmetric cryptography is the Advanced Encryption Standard, which uses keys that
+are 128 bits to 256 bits in size. This standard came after the National
+Institute of Standards and Technology (NIST) decided to retire the Data
+Encryption Standard (DES) in 2001.
+
+Since brute force attacks strongly correlate with key length, the 56-bit key
+length of DES was considered insecure after it was publicly broken in under 24
+hours. However, there is a modern implementation of DES called Triple DES where
+the DES method is applied three times to each data block.
+
+The main advantages to symmetric systems are the ease of use, since only one key
+is required for both encryption and decryption, and the simplicity of the
+algorithms. This helps with bulk data encryption that may unnecessarily waste
+time and power using asymmetric systems.
+
+However, symmetric systems have disadvantages to keep in mind. Since the key is
+private, it can be difficult to safely distribute keys to communication
+partners. Additionally, the key cannot be used to sign messages since it's
+necessary to keep the key private.
# Asymmetric Systems (Public Key Cryptography)
-Asymmetric cryptography utilizes two keys within the system: a secret
-key that is privately-held and a public key that can be distributed
-freely. The interesting aspect of asymmetric cryptography is that either
-key can be used to encrypt the data, there\'s no rule that dictates
-which key must be used for encryption. Once one key is used to encrypt
-the data, only the other key can be used to decrypt the data. This means
-that if the private key encrypts the data, only the public key can
-decrypt the data.
-
-An advantage of this system is that if you successfully decrypt data
-using one of the keys, you can be sure of the sender since only the
-other key could have encrypted the data.
-
-One of the major implementations of an asymmetric system is a digital
-signature. A digital signature can be generated using the sender\'s
-private key, or a one-way hash function and is used to provide assurance
-for the integrity and authenticity of the message. A couple common
-message digest algorithms are SHA-256 and SHA-512, which securely
-compress data and produce a 128-bit message digest.
-
-It should be noted that man-in-the-middle attacks are one of the risks
-with digital signatures and public keys. To combat this, applications
-often use a public key infrastructure (PKI) to independently
-authenticate the validity of signatures and keys.
+Asymmetric cryptography utilizes two keys within the system: a secret key that
+is privately-held and a public key that can be distributed freely. The
+interesting aspect of asymmetric cryptography is that either key can be used to
+encrypt the data, there's no rule that dictates which key must be used for
+encryption. Once one key is used to encrypt the data, only the other key can be
+used to decrypt the data. This means that if the private key encrypts the data,
+only the public key can decrypt the data.
+
+An advantage of this system is that if you successfully decrypt data using one
+of the keys, you can be sure of the sender since only the other key could have
+encrypted the data.
+
+One of the major implementations of an asymmetric system is a digital signature.
+A digital signature can be generated using the sender's private key, or a
+one-way hash function and is used to provide assurance for the integrity and
+authenticity of the message. A couple common message digest algorithms are
+SHA-256 and SHA-512, which securely compress data and produce a 128-bit message
+digest.
+
+It should be noted that man-in-the-middle attacks are one of the risks with
+digital signatures and public keys. To combat this, applications often use a
+public key infrastructure (PKI) to independently authenticate the validity of
+signatures and keys.
Due to the large key size and [inefficient mathematical
-functions](https://crypto.stackexchange.com/a/591) of asymmetric
-encryption, elliptical curve cryptography (ECC) is often used to
-increase security while using fewer resources.
+functions](https://crypto.stackexchange.com/a/591) of asymmetric encryption,
+elliptical curve cryptography (ECC) is often used to increase security while
+using fewer resources.
# Applications of Cryptographic Systems
-There are quite a few implementations of cryptographic systems around
-the world. Here are a few popular examples:
-
-**Transport Layer Security (TLS):\*** One of the most famous
-cryptographic solutions created is TLS, a session-layered or
-connection-layered internet protocol that allows for secure
-communications between browsers and servers. Using handshakes, peer
-negotiation, and authentication allows TLS to prevent eavesdropping and
-malicious transformation of data. The major reason for TLS popularity is
-that a major vulnerability was found in the SSL protocol in 2014.
-Instead of SSL, TLS can be used with HTTP to form HTTPS and is the
-preferred method for modern web development due to its increased
-security.
-
-**Secure Hypertext Transfer Protocol (HTTPS):\*** An application layer
-protocol that allows for secure transport of data between servers and
-web clients. One of the unique parts of HTTPS is that it uses a secured
-port number instead of the default web port address.
-
-**Virtual Private Network (VPN):\*** VPNs are made to securely extend a
-private network across public networks by utilizing an encrypted layered
-tunneling protocol paired with an authentication method, such as
-usernames and passwords. This technology originally allowed remote
-employees to access their company\'s data but have evolved into one of
-the top choices for anyone who wishes to mask their sensitive personal
-data.
-
-**Internet Protocol Security (IPSec):\*** This protocol suite
-facilitates communication between two or more hosts or subnets by
-authenticating and encrypting the data packets. IPSec is used in a lot
-of VPNs to establish the VPN connection through the transport and tunnel
-mode encryption methods. IPSec encrypts just the data portion of packets
-in the transport methods, but it encrypts both the data and headers in
-the tunnel method (introducing an additional header for authentication).
-
-**Secure Shell (SSH):\*** SSH is another network protocol used to
-protect network services by authenticating users through a secure
-channel. This protocol is often used for command-line (shell) functions
-such as remote shell commands, logins, and file transfers.
-
-**Kerberos:\*** Developed by MIT, Kerberos is a computer-network
-authentication protocol that works on the basis of tickets to allow
-nodes communicating over a non-secure network to prove their identity to
-one another securely. This is most commonly used in business
-environments when used as the authentication and encryption method for
-Windows Active Directory (AD).
+There are quite a few implementations of cryptographic systems around the world.
+Here are a few popular examples:
+
+**Transport Layer Security (TLS):** One of the most famous cryptographic
+solutions created is TLS, a session-layered or connection-layered internet
+protocol that allows for secure communications between browsers and servers.
+Using handshakes, peer negotiation, and authentication allows TLS to prevent
+eavesdropping and malicious transformation of data. The major reason for TLS
+popularity is that a major vulnerability was found in the SSL protocol in 2014.
+Instead of SSL, TLS can be used with HTTP to form HTTPS and is the preferred
+method for modern web development due to its increased security.
+
+**Secure Hypertext Transfer Protocol (HTTPS):** An application layer protocol
+that allows for secure transport of data between servers and web clients. One of
+the unique parts of HTTPS is that it uses a secured port number instead of the
+default web port address.
+
+**Virtual Private Network (VPN):** VPNs are made to securely extend a private
+network across public networks by utilizing an encrypted layered tunneling
+protocol paired with an authentication method, such as usernames and passwords.
+This technology originally allowed remote employees to access their company's
+data but have evolved into one of the top choices for anyone who wishes to mask
+their sensitive personal data.
+
+**Internet Protocol Security (IPSec):** This protocol suite facilitates
+communication between two or more hosts or subnets by authenticating and
+encrypting the data packets. IPSec is used in a lot of VPNs to establish the VPN
+connection through the transport and tunnel mode encryption methods. IPSec
+encrypts just the data portion of packets in the transport methods, but it
+encrypts both the data and headers in the tunnel method (introducing an
+additional header for authentication).
+
+**Secure Shell (SSH):** SSH is another network protocol used to protect
+network services by authenticating users through a secure channel. This protocol
+is often used for command-line (shell) functions such as remote shell commands,
+logins, and file transfers.
+
+**Kerberos:** Developed by MIT, Kerberos is a computer-network authentication
+protocol that works on the basis of tickets to allow nodes communicating over a
+non-secure network to prove their identity to one another securely. This is most
+commonly used in business environments when used as the authentication and
+encryption method for Windows Active Directory (AD).
# Cybersecurity Controls
-If you\'re someone who needs solutions on how to control risks
-associated with utilizing a crytograhpic system, start with a few basic
-controls:
-
-- **Policies:\*** A policy on the use of cryptographic controls for
- protection of information is implemented and is in accordance with
- organizational objectives.
-- **Key management:\*** A policy on the use, protection and lifetime
- of cryptographic keys is implemented through the entire application
- lifecycle.
-- **Key size:\*** The organization has researched the optimal key size
- for their purposes, considering national laws, required processing
- power, and longevity of the solution.
-- **Algorithm selection:\*** Implemented algorithms are sufficiently
- appropriate for the business of the organization, robust, and align
- with recommended guidelines.
-- **Protocol configuration:\*** Protocols have been reviewed and
- configured suitable to the purpose of the business.
+If you're someone who needs solutions on how to control risks associated with
+utilizing a crytograhpic system, start with a few basic controls:
+
+- **Policies:** A policy on the use of cryptographic controls for protection
+ of information is implemented and is in accordance with organizational
+ objectives.
+- **Key management:** A policy on the use, protection and lifetime of
+ cryptographic keys is implemented through the entire application lifecycle.
+- **Key size:** The organization has researched the optimal key size for their
+ purposes, considering national laws, required processing power, and longevity
+ of the solution.
+- **Algorithm selection:** Implemented algorithms are sufficiently appropriate
+ for the business of the organization, robust, and align with recommended
+ guidelines.
+- **Protocol configuration:** Protocols have been reviewed and configured
+ suitable to the purpose of the business.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-15 21:33:20 +0000