Skip to content

Cryptography

Cryptography secures everything in modern computing
From HTTPS to SSH to disk encryption to blockchain , cryptographic primitives provide confidentiality , integrity , authentication , and non-repudiation. Understanding them is non-negotiable for security work

The Four Goals of Cryptography

  1. Confidentiality - Only authorized parties can read the data
  2. Integrity - Data hasn't been tampered with
  3. Authentication - Verify the identity of the sender
  4. Non-repudiation - Sender cannot deny sending the message

Terminology

  • Plaintext - Original readable data
  • Ciphertext - Encrypted unreadable data
  • Cipher - Algorithm that performs encryption/decryption
  • Key - Secret value that controls the cipher
  • Initialization Vector (IV) - Random value to ensure ciphertext uniqueness
  • Salt - Random value added to passwords before hashing

Cryptographic Failures

Most security breaches involving cryptography aren't breaking the algorithm -- they're implementation failures:

  • Weak key generation (predictable random seeds)
  • Hardcoded keys in source code
  • Outdated algorithms (DES, RC4, MD5)
  • Improper mode usage (ECB leaking patterns)
  • Certificate validation bypass
  • Padding oracle attacks
  • Side-channel leakage (timing , power analysis)

The Crypto vs Security Fallacy

Strong encryption doesn't make you secure
You can use AES-256-GCM perfectly but if you store the key in a config file next to the encrypted data you wasted your time. Cryptography is one tool in the security toolbox not a magic wand

Real-World Crypto Operations

# OpenSSL - Swiss army knife
openssl enc -aes-256-cbc -salt -in file.txt -out file.enc
openssl enc -d -aes-256-cbc -in file.enc -out file.txt
openssl genrsa -out private.pem 2048
openssl rsa -pubout -in private.pem -out public.pem

# GPG - File encryption
gpg --encrypt --recipient keyid file.txt
gpg --decrypt file.txt.gpg
gpg --gen-key

Kerckhoff's Principle

A cryptosystem should be secure even if everything about the system except the key is public knowledge. Security through obscurity is not security. Your algorithm being secret adds nothing if your keys are compromised